last executing test programs:

10.546141206s ago: executing program 1 (id=2669):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xa)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}}, 0x84)
r3 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80141, 0x0)
ftruncate(r3, 0x200004)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
syz_emit_ethernet(0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6064cdd800100000fe000000000000", @ANYRESOCT=0x0], 0x0)
r5 = socket(0x2, 0x805, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x24, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

10.250453896s ago: executing program 3 (id=2672):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0)
read$midi(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r2, 0x5100)
read$midi(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mknod$loop(0x0, 0x3ed238d32da7c388, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x3c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0xffff, @rand_addr=' \x01\x00'}, 0x1c)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

8.360104705s ago: executing program 1 (id=2675):
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
openat$vim2m(0xffffff9c, 0x0, 0x2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x9, 0x4, 0x7ffc0002}]})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
brk(0x20ffc004)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x8b72, 0x1000000, 0x0, 0x40c}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000c40)={0x1, 0x10, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000c1ace26e0000000000000000b7080000000000007b8af8ff000000009408048000001700"], &(0x7f00000002c0)='syzkaller\x00', 0xc, 0x0, 0x0, 0x41100}, 0x94)
memfd_create(&(0x7f00000000c0)='syzkaller\x00', 0x4)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
syz_open_dev$sndmidi(0x0, 0x3, 0x400641)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
bpf$OBJ_GET_PROG(0x9, &(0x7f0000000600)=@generic={0x0, 0x24, 0x10}, 0xc)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000280)={0xfffffff8, 0xfffffffa, 0x1, 0x8, 0xd0, "04419600", 0x81, 0x200})
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$FIONREAD(r1, 0x541b, &(0x7f00000001c0))
getpid()
ioctl$PPPIOCSACTIVE(0xffffffffffffffff, 0x40087446, &(0x7f0000000040)={0x4, &(0x7f0000000000)=[{0x7, 0x5, 0x0, 0x3}, {0x9, 0x6, 0xe, 0x96a}, {0x0, 0x7, 0x8a, 0x40}, {0x9, 0x9, 0x59, 0x1}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$EVIOCSREP(0xffffffffffffffff, 0x40084503, 0x0)

8.333609281s ago: executing program 3 (id=2676):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000021c0)=0x1, 0x4)
setsockopt(r0, 0x1, 0x10000000000009, &(0x7f0000000100)="0100ddff", 0x507b420f2d51f971)
r1 = socket$caif_stream(0x25, 0x1, 0x2)
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000040)=<r2=>0x0)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f00000000c0)=r2)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0xfffc, 0x1, @empty, 0x200}, 0x1c)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x15)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x10})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000140)={{&(0x7f0000ffe000/0x1000)=nil, 0x1000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r3, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
syz_io_uring_setup(0xefe, &(0x7f0000000140)={0x0, 0xcc19, 0x10806}, &(0x7f0000000000), &(0x7f00000000c0))
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x6}]})
socket$inet6(0x10, 0x3, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x101040, 0x0)
ioctl$KVM_GET_MSRS_sys(r5, 0xc008ae88, &(0x7f00000003c0)={0x1, 0x0, [{0x489, 0x0, 0xec}]})
close_range(r4, 0xffffffffffffffff, 0x0)
setsockopt(r0, 0x1, 0x9, &(0x7f0000000040), 0x29)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0)

7.726027362s ago: executing program 0 (id=2678):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x6, &(0x7f0000000380)={0x1, 0x1, 0x800002, 0x3})
syz_emit_ethernet(0x32, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb08004500002400000000001190780000000000000000000017c1bb45842f00109078c721149c102295c3bb2ac45ac394daa4c843b43a1fb1b10ba6f4320defbd0ad964e462ac6825d91da96910c93c7008f0b5c6da87c2598377dfaf542a"], 0x0)
fcntl$lock(r1, 0x7, &(0x7f0000002200)={0x2, 0x1, 0xe, 0x3})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x4, 0x9, 0xfffffffe, 0x9, 0x4}, 0x36, 0x1, 0x1, 0x5, 0xf, 0xc, 0x4, 0x18, 0x1, 0x9, {0x6, 0x4, 0x7, 0x4, 0xa4, 0x20}}}}]}, 0x78}}, 0x4000)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket$unix(0x1, 0x5, 0x0)
r7 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
r8 = socket$tipc(0x1e, 0x5, 0x0)
r9 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001500)="130000004e007f049e3ab018a75ab611b87647", 0x13}], 0x1}, 0x0)
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10)
r10 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r10, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10)
sendmsg$tipc(r10, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0)
r11 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r11, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be)
r12 = dup2(r10, r6)
ioctl$sock_inet_sctp_SIOCINQ(r12, 0x541b, &(0x7f00000001c0))
sendmsg$tipc(r10, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44010}, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newtfilter={0x98, 0x2c, 0xd2b, 0x0, 0x0, {0x0, 0x0, 0x0, r13, {0xb, 0x3}, {}, {0x1, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x6c, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0x7, 0x6, 0x0, 0x9, 0x401, 0x1000, 0x8a0, 0xd5}}, @TCA_U32_ACT={0x54, 0x7, [@m_skbmod={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x20, 0x2, {{0x4cc0, 0x3, 0x4, 0x7, 0x400000}, 0xc}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x81}, 0x800)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={@map=r1, r1, 0x5, 0x0, r12, @void, @value=r1}, 0x20)
syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r2)

7.468942971s ago: executing program 0 (id=2681):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYRES64], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
syz_usb_connect$cdc_ncm(0x0, 0x87, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x2, 0x1, 0x8, 0x30, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x6, 0x24, 0x6, 0x0, 0x1, ']'}, {0x5, 0x24, 0x0, 0x10}, {0xd, 0x24, 0xf, 0x1, 0x5, 0x3, 0x7f, 0x1}, {0x6, 0x24, 0x1a, 0x5, 0x10}, [@network_terminal={0x7, 0x24, 0xa, 0x7, 0xc, 0x75, 0x5b}, @call_mgmt={0x5}, @dmm={0x7, 0x24, 0x14, 0xcf, 0x465}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x5}]}, {{0x9, 0x5, 0x81, 0x3, 0x68, 0x7, 0x79, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0x9, 0x0, 0xfe}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x9, 0x5a, 0x40}}}}}}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x300, 0xc, 0x0, 0x71, 0x10, 0x9}, 0x13, &(0x7f0000000540)={0x5, 0xf, 0x13, 0x2, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x0, 0x18, 0x9, 0xfa, 0x5}]}, 0x4, [{0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x2c0a}}, {0xcd, &(0x7f00000005c0)=@string={0xcd, 0x3, "7f375eb37b59e4d4a29f4b41f32779df412de60a8a69f4a770d3f0b96aaeb1d095b83ba8d8a74df1bbca21266e11949c123fbfa4f8e982c685261854a5166ed91742fe173ac22925431979962bb4dc91d5ebd3ff90b6acaf2d3a6cf0702778366a9744ee20b44e75db18a88bc9a3d28f4bcc8af7dccdc6029acdee6cc668d0827caf79add6899e6ca5fc4837a129b89ca69a6d522cba1d6955e701ea9eba4a6e1449c267c7668f137b2772fbc1d67662039b29b998aeba8a48f7da9480fb1f8e8ea01d58c9e14f79d6a815"}}, {0x88, &(0x7f00000006c0)=@string={0x88, 0x3, "b3c4e9fcd51eedc72269fd6f3764bbb91af1cafb35b0c0e837e20ea0f12214cd675ea03a1cb76b02daa10993a5d0aa43a5226ff674f68f1191400ff0acaeb6740af316713938ecc3f73c90c24dd3e9d47c0b1f31611a4d4890f34fb54f90ae23467163779480a8533b774aedc1d05367ad49a67bd5569c9a701187a823c42104af81c1a399a4"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x405}}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x10000, 0xc, 0xff, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x1, 0x1000, 0xc, 0x9, 0x4, 0xc4, 0x0, 0x5, 0x6a, 0x3, 0x0, 0xfc}, {0x1, 0xd000, 0x6, 0x0, 0x1, 0x0, 0x9, 0x0, 0x8, 0x4, 0x4}, {0x6000, 0xffff1000, 0xf, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x0, 0x2, 0x0, 0x40, 0xfe, 0x5}, {0x0, 0xeeee8000, 0x0, 0x6, 0x4, 0x2, 0xa1, 0x22}, {0x2000, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x3, 0x2}, {0x80a0000, 0x3}, {0xdddd1000, 0xfffe}, 0xddf8ffdb, 0x0, 0x0, 0x122, 0x0, 0x800, 0x0, [0x80000001, 0x0, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

7.369085029s ago: executing program 1 (id=2682):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x9}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r3, 0x0, 0x20008040)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r4, &(0x7f0000000c40), 0x12)
unshare(0x22020600)
r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r7, 0x4068aea3, &(0x7f0000000000)={0xc0, 0x0, 0x10000})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x8)
ioctl$KVM_RESET_DIRTY_RINGS(r7, 0xaec7)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000100)=ANY=[@ANYRES16=r0, @ANYRES64=r7, @ANYRESHEX=r5, @ANYRESDEC=r2], 0x50)
mmap(&(0x7f00000fe000/0xd000)=nil, 0xd000, 0x1000005, 0xd2952, 0xffffffffffffffff, 0xfffff000)
bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffdba)

7.290268125s ago: executing program 3 (id=2683):
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x9}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r2, 0x0, 0x20008040)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r3 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000c40), 0x12)
r4 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)

6.909834357s ago: executing program 4 (id=2685):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1, 0x0, {}, 0xfd}, 0x18)
connect$can_j1939(r0, &(0x7f0000000080)={0x1d, r1, 0x2000000000, {0x0, 0xff, 0x6}, 0xfe}, 0x18)
sendmsg$can_j1939(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0)

6.679995186s ago: executing program 4 (id=2686):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xa)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}}, 0x84)
r3 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80141, 0x0)
ftruncate(r3, 0x200004)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
syz_emit_ethernet(0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6064cdd800100000fe0000000000007bae020000c0bd0000000000000000", @ANYRESOCT=0x0], 0x0)
r5 = socket(0x2, 0x805, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x24, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.640740945s ago: executing program 3 (id=2689):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, &(0x7f0000000040)={0x6, 0x1700, "778d8ce72aa8f35457c8617739b4948e07180be64604d3a5", {0x9, 0x8}, 0x2})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000000))
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f00000000c0))
syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', 0x0})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1, 0x9, 0x8, 0x0, 0x3}, 0x0)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r8, &(0x7f0000000580)=ANY=[@ANYBLOB="370200007d02000005f600000000000005830000000008000000000000000000404100000000e0e5000005000000000000001b00046e6f6465767b65766f6f7e0545c60005080037d94f8b920000003300704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb1403f196a51cd5157adc8103b494e13700cfc36d07c500f04cd85f2a70f5e9930e5e989cd5ef4d51f60da7582c4a05c8f828f68dc1774d5de2e820862381f6686dd1bb8fd70000003e00f8f669fb716dcf315ecaf385409ac65b9408678c3c3b9e1d52c36cde7ba4a400b4b077dc74000000000000000007ec21cabff20f9c0089f90600000000002c01ebbbb9ca18ce8a602300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1372d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc62684a70796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/555, @ANYRES32=0x0, @ANYRES32=0x0], 0x237)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x801, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

5.475628307s ago: executing program 1 (id=2690):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, &(0x7f0000000040)={0x6, 0x1700, "778d8ce72aa8f35457c8617739b4948e07180be64604d3a5", {0x9, 0x8}, 0x2})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000000))
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f00000000c0))
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', 0x0})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1, 0x9, 0x8, 0x0, 0x3}, 0x0)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r8, &(0x7f0000000580)=ANY=[@ANYBLOB="370200007d02000005f600000000000005830000000008000000000000000000404100000000e0e5000005000000000000001b00046e6f6465767b65766f6f7e0545c60005080037d94f8b920000003300704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb1403f196a51cd5157adc8103b494e13700cfc36d07c500f04cd85f2a70f5e9930e5e989cd5ef4d51f60da7582c4a05c8f828f68dc1774d5de2e820862381f6686dd1bb8fd70000003e00f8f669fb716dcf315ecaf385409ac65b9408678c3c3b9e1d52c36cde7ba4a400b4b077dc74000000000000000007ec21cabff20f9c0089f90600000000002c01ebbbb9ca18ce8a602300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1372d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc62684a70796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/555, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x237)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x801, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x0)

5.026817039s ago: executing program 4 (id=2691):
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = gettid()
process_vm_writev(r2, &(0x7f0000000440)=[{&(0x7f00000000c0)=""/23, 0x25}, {&(0x7f0000000d40)=""/4096, 0x1000}, {&(0x7f0000000280)=""/196, 0xcc}, {&(0x7f0000002d40)=""/4110, 0x100e}, {&(0x7f0000000380)=""/155, 0x9b}], 0x5, &(0x7f0000000180)=[{&(0x7f0000000180), 0xfefb}, {&(0x7f00000001c0)=""/28}], 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0xffffffff, r2, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000340)=0x1, 0x4)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x40001}, 0x8000)
getdents(0xffffffffffffffff, &(0x7f0000000140)=""/177, 0xb1)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/mem_sleep', 0xa0502, 0x49)
sched_setattr(r2, &(0x7f0000000200)={0x38, 0x0, 0x1000006a, 0x101, 0x0, 0x55262545, 0x8, 0x7, 0x2, 0x1}, 0x0)
io_setup(0x1, &(0x7f00000016c0)=<r7=>0x0)
r8 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r8, 0x84, 0x25, &(0x7f0000000000), 0x20000010)
io_submit(r7, 0x1, &(0x7f0000000140)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x8, r6, &(0x7f0000000180)="282fa8c2", 0x4, 0x5}])
sendfile(r4, r5, 0x0, 0x20000023896)

4.880807478s ago: executing program 2 (id=2692):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001c0001"], 0x14}}, 0x0)

4.809780254s ago: executing program 2 (id=2693):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = getpgid(0x0)
lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0})
sendmsg$nl_generic(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000300)={&(0x7f0000000100)={0x200, 0x16, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@nested={0x18, 0xbb, 0x0, 0x1, [@typed={0x13, 0x10d, 0x0, 0x0, @str='\x00,$@{\xf2}$-}}\xd2\x19-\x00'}]}, @nested={0x141, 0xff, 0x0, 0x1, [@nested={0x4, 0x49}, @generic="d330550e16c95435b53c939e2c437bf7ffdc", @typed={0x8, 0x23, 0x0, 0x0, @pid=r1}, @typed={0x8, 0x40, 0x0, 0x0, @ipv4=@multicast1}, @nested={0x4, 0x16}, @typed={0x8, 0xbc, 0x0, 0x0, @uid=r2}, @nested={0x4, 0xe9}, @nested={0x4, 0x93}, @generic="584b1760acbd1daecb4ac654924284003b4648c386a31b8c2abfe7ad71ef7bea0f3122f8d53edff22f5dba5089f66d0c3922d7a366fa22e7fdf96deddf4ce2ba0e7a2eeec06560ab7deea9f1c758dd7261205a8d8af4a79b43d79e49ef241667eb88322c5eb3e7fef83d5a9f7526891b96e9ab88d39a893f81b04af7312e0db168767b66551b8197f72ec5c3f1ed35da9f03dba230c70d1e985e28d29d43935bd68fab8e1f4b5e354b976b79670193395865b80fe926419d587674bc133581ac21bac3c09d3d76365af3a692a7993696a5541c1d8326376eb5d383fe1aa6856af35a7d5d18fc2070b94fc70758ab06c2cf8401de0ba0e6307293bca2511762", @nested={0x4, 0xa4}]}, @typed={0xc, 0x3a, 0x0, 0x0, @u64=0x7}, @nested={0x4, 0xfa}, @nested={0x7c, 0x96, 0x0, 0x1, [@generic="0f797feb6e2a59ebf954e0edfb936908b0118f5478e59f317e7b6f8233cc57f18953a235c8cf1b38d96d3128adc2dbb0591f49d1e96541", @generic="9aec86ec9efb82af0ed6551a7033d91349b66020ef6ef80539d906626fd18bba459806cf7e806d6e0313dabb0ab7d0dd0559b47220e3c2620e8cee40703929ed82"]}, @typed={0x4, 0x122}]}, 0x200}, 0x1, 0x0, 0x0, 0x4001}, 0x84)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000480)={'erspan0\x00', &(0x7f00000003c0)={'gretap0\x00', <r4=>0x0, 0x7800, 0x8, 0x4, 0x954, {{0x20, 0x4, 0x0, 0x8, 0x80, 0x64, 0x0, 0x9, 0x4, 0x0, @broadcast, @private=0xa010100, {[@timestamp_prespec={0x44, 0x44, 0x1f, 0x3, 0x5, [{@dev={0xac, 0x14, 0x14, 0x35}, 0x5}, {@multicast2, 0x2b}, {@local, 0x3}, {@rand_addr=0x64010100, 0x6}, {@multicast2}, {@private=0xa010101, 0x4}, {@dev={0xac, 0x14, 0x14, 0xe}, 0x4}, {@multicast1, 0x80000000}]}, @timestamp={0x44, 0x28, 0xf9, 0x0, 0x5, [0x5, 0xb, 0x6, 0x0, 0xd6, 0x3, 0x6, 0x947, 0x3]}]}}}}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=@newae={0x4c, 0x1e, 0x10, 0x70bd29, 0x25dfdbfc, {{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x41}}, 0x4d3, 0x2, 0x33}, @in=@empty, 0x4, 0x3505}, [@offload={0xc, 0x1c, {r4, 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40010}, 0x44004)
r5 = syz_mount_image$fuse(&(0x7f00000005c0), &(0x7f0000000600)='./file0\x00', 0x800028, &(0x7f0000000640)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r3}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x2}}, {@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x82}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x80000001}}], [{@flag='rw'}]}}, 0x0, 0x0, &(0x7f0000000780)="4d96ea919dbb80d348fff70d36fb20347c17e625c03623c8fc8c1ee61937834db3c1d8045cd1c66bebe78ff25734d32f8f4a6c61e3d6e97d5ef795197297c30c8c3b78ea1bba8f3a4443df7bbedefc43961529eaeb77f8a45c93e44cbdee083b")
mkdirat(r5, &(0x7f0000000800)='./file0\x00', 0x4)
setxattr$incfs_id(&(0x7f0000000840)='./file0\x00', &(0x7f0000000880), &(0x7f00000008c0)={'0000000000000000000000000000000', 0x30}, 0x20, 0x3)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$sock_timeval(r6, 0x1, 0x42, &(0x7f0000000900), 0x8)
ioctl$FS_IOC_READ_VERITY_METADATA(r5, 0xc0286687, &(0x7f0000000a40)={0x1, 0x6, 0xf9, &(0x7f0000000940)=""/249})
r7 = gettid()
r8 = openat2(r5, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000ac0)={0x48001, 0x4, 0xa}, 0x18)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x401, &(0x7f0000000b00)=""/74)
write$sndseq(r8, &(0x7f0000000b80)=[{0x6, 0x2, 0x41, 0x8, @tick=0x1ff, {0xa, 0x3}, {0x39, 0xfc}, @addr={0x40, 0x6}}], 0x1c)
getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r8, 0x84, 0x1e, &(0x7f0000000bc0), &(0x7f0000000c00)=0x4)
ioctl$BTRFS_IOC_SPACE_INFO(r6, 0xc0109414, &(0x7f0000000c40)={0xab5, 0x2, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
bpf$OBJ_GET_MAP(0x7, &(0x7f0000010dc0)=@generic={&(0x7f0000010d80)='./file0\x00'}, 0x14)
r9 = getpgrp(r1)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r9, 0x2, 0x5001)
ioctl$SNDRV_TIMER_IOCTL_STOP(r8, 0x54a1)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, &(0x7f0000010e00)=@v={0x93, 0xe, 0x90, 0x2, @MIDI_NOTEON=@special, 0x0, 0xb1})
mq_notify(r8, &(0x7f0000010e40)={0x0, 0x11, 0x4, @tid=r7})
syz_open_procfs$userns(r9, &(0x7f0000010e80))
socket$inet6(0xa, 0x1, 0xffffffff)
openat2(r5, &(0x7f0000010ec0)='./file0\x00', &(0x7f0000010f00)={0x101080, 0x140, 0x21}, 0x18)
sendmsg$NFQNL_MSG_VERDICT(r8, &(0x7f0000011180)={&(0x7f0000010f40)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000011140)={&(0x7f0000010f80)={0x1b8, 0x1, 0x3, 0x201, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFQA_CT={0x78, 0xb, 0x0, 0x1, [@CTA_SEQ_ADJ_REPLY={0x24, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xe000000}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x6}]}, @CTA_PROTOINFO={0x40, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x3c, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x7, 0x6}}, @CTA_PROTOINFO_TCP_FLAGS_ORIGINAL={0x6, 0x4, {0x8, 0x6}}, @CTA_PROTOINFO_TCP_FLAGS_ORIGINAL={0x6, 0x4, {0xc0, 0x8}}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0x4}, @CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5, 0x2, 0x5}, @CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x4}, @CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5, 0x2, 0x3}]}}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x6}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x3}]}, @NFQA_CT={0x2c, 0xb, 0x0, 0x1, [@CTA_PROTOINFO={0x28, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x24, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x9, 0xe}}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0x3}, @CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x4}, @CTA_PROTOINFO_TCP_FLAGS_REPLY={0x6, 0x5, {0x5, 0x3}}]}}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x5}, @NFQA_VERDICT_HDR={0xc, 0x2, {0x0, 0xffff7fff}}, @NFQA_PAYLOAD={0xbe, 0xa, "dfc055bf514fddd9ddddf341958ce24bcee248f674a5f7676a487190f71dcd361de4ec3fb64c418e09db81488c3d6b73c29f709c6edb2e2e8bf867b4af2e4c3134238efff6b22e6bd94c0b61cbf35df7a1bc9c824cb0350198562138c8e98f468ea73da3e0b1c93950c5582d525c05c3e51ff367f4efa6777f56c9ea27d3513108aa123fb4ee454b24341af1540a7ff9be64ab6712317a7da805393cb6b8bc989cead57ca4b70be6e09117657eaf47cf1739323cb75db5fa7e18"}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xffffffff}, @NFQA_VLAN={0x24, 0x13, 0x0, 0x1, [@NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x88a8}, @NFQA_VLAN_PROTO={0x6, 0x1, 0x1, 0x0, 0x8100}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x101}, @NFQA_VLAN_TCI={0x6, 0x2, 0x1, 0x0, 0x1042}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x8801}, 0x4000)
syz_io_uring_setup(0x4646, &(0x7f00000111c0)={0x0, 0x78c3, 0x20, 0x2, 0x305, 0x0, r8}, &(0x7f0000011240)=<r10=>0x0, &(0x7f0000011280))
syz_io_uring_submit(r10, 0x0, &(0x7f0000011300)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x22, 0x0, r6, 0x0, &(0x7f00000112c0), 0x0, 0x40000000})

4.537632362s ago: executing program 2 (id=2694):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee3, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='limits\x00')
lseek(r0, 0x6, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
rt_sigpending(0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@ipv6_getaddrlabel={0x30, 0x4a, 0x1, 0x70bd2a, 0x25dfdbfb, {0xa, 0x0, 0x80, 0x0, 0x0, 0xf}, [@IFAL_ADDRESS={0x14, 0x1, @mcast1}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)

4.275153546s ago: executing program 0 (id=2695):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x800000}, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a0, 0x0, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x2d0, 0x20a, 0x278, 0x2d0, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [0x0, 0xffffff00], [0x0, 0x0, 0xffffffff], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6, 0xfe}, 0x0, 0x198, 0x1c0, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [0x0, 0xffff], 0x0, 0x0, 0x2, 0xe}}, @common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "6d93eb04697dfa39de04767f46614613a407abbf4ed2e83a63b484dbb3bf6b2a850e79009e2905d2f98ba19f91f3c9faee6d3686e9bee067f4e77d9ad66238750c4100d7ee97ec7646259d90edece6e9787a97bc956c01754c34c5c9518c46178ed5f9194454980e579c80eca35a58dc47d1d5e4ff6e216c724e88c702448587", 0x28}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @mcast2, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x22000, 0x0)
io_uring_setup(0x5bde, &(0x7f0000000380)={0x0, 0x5f41, 0x80, 0x0, 0xac})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
sendmsg$ETHTOOL_MSG_WOL_GET(r0, &(0x7f0000000680)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xfc, 0x0, 0x1, 0x70bd2a, 0x25dfdbfb, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}]}, @HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_macvtap\x00'}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gretap0\x00'}]}]}, 0xfc}}, 0x4008094)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f00000001c0))
r5 = socket(0x840000000002, 0x3, 0xff)
sendmmsg$inet(r5, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB], 0x110}}], 0x1, 0x2404c0e4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32=r8, @ANYBLOB="14000100ff05000000000000dfce00000000000108000800026e"], 0x34}}, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3400000015"], 0x34}, 0x1, 0x0, 0x0, 0x41c1}, 0x4040800)

3.481058452s ago: executing program 2 (id=2696):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8947, &(0x7f00000002c0)={'bond0\x00', @random="d8b30100"}) (fail_nth: 1)

3.321206872s ago: executing program 3 (id=2697):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, &(0x7f0000000040)={0x6, 0x1700, "778d8ce72aa8f35457c8617739b4948e07180be64604d3a5", {0x9, 0x8}, 0x2})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000000))
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f00000000c0))
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', 0x0})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1, 0x9, 0x8, 0x0, 0x3}, 0x0)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r8, &(0x7f0000000580)=ANY=[@ANYBLOB="370200007d02000005f600000000000005830000000008000000000000000000404100000000e0e5000005000000000000001b00046e6f6465767b65766f6f7e0545c60005080037d94f8b920000003300704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb1403f196a51cd5157adc8103b494e13700cfc36d07c500f04cd85f2a70f5e9930e5e989cd5ef4d51f60da7582c4a05c8f828f68dc1774d5de2e820862381f6686dd1bb8fd70000003e00f8f669fb716dcf315ecaf385409ac65b9408678c3c3b9e1d52c36cde7ba4a400b4b077dc74000000000000000007ec21cabff20f9c0089f90600000000002c01ebbbb9ca18ce8a602300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1372d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc62684a70796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/555, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x237)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x801, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x0)

2.791647563s ago: executing program 4 (id=2698):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=@ipv4_newrule={0x28, 0x20, 0x301, 0x0, 0x8000, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2}, [@FRA_TUN_ID={0xc, 0xc, 0x1, 0x0, 0x468}]}, 0x28}}, 0x44004)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x439, 0x3ec, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x3c}}, 0x0)

2.527863513s ago: executing program 2 (id=2699):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$VIDIOC_ENUMSTD(0xffffffffffffffff, 0xc0485619, &(0x7f0000000040)={0x6, 0x1700, "778d8ce72aa8f35457c8617739b4948e07180be64604d3a5", {0x9, 0x8}, 0x2})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000000))
r4 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r4, 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_GET_MP_STATE(r7, 0x8004ae98, &(0x7f00000000c0))
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000003c0)={'syztnl2\x00', 0x0})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x1, 0x9, 0x8, 0x0, 0x3}, 0x0)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r8, &(0x7f0000000580)=ANY=[@ANYBLOB="370200007d02000005f600000000000005830000000008000000000000000000404100000000e0e5000005000000000000001b00046e6f6465767b65766f6f7e0545c60005080037d94f8b920000003300704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb1403f196a51cd5157adc8103b494e13700cfc36d07c500f04cd85f2a70f5e9930e5e989cd5ef4d51f60da7582c4a05c8f828f68dc1774d5de2e820862381f6686dd1bb8fd70000003e00f8f669fb716dcf315ecaf385409ac65b9408678c3c3b9e1d52c36cde7ba4a400b4b077dc74000000000000000007ec21cabff20f9c0089f90600000000002c01ebbbb9ca18ce8a602300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1372d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc62684a70796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/555, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x237)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0x801, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x0)

2.505317312s ago: executing program 1 (id=2700):
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x9}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r2, 0x0, 0x20008040)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0)
unshare(0x22020600)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)

2.49338025s ago: executing program 4 (id=2701):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fspick(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0xa)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x2, @ipv4={'\x00', '\xff\xff', @remote}, 0x1}}}, 0x84)
r3 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80141, 0x0)
ftruncate(r3, 0x200004)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
syz_emit_ethernet(0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6064cdd800100000fe0000000000007bae020000c0bd0000000000000000", @ANYRESOCT=0x0], 0x0)
r5 = socket(0x2, 0x805, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x24, 0x0, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x21, &(0x7f00000005c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.342249047s ago: executing program 0 (id=2702):
r0 = socket(0x80000000000000a, 0x2, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0x55b4e85f}, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r6, 0x40046103, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r5, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r5, 0x0, 0x30, &(0x7f0000000300)=ANY=[@ANYBLOB="020000000000000002000002e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000027dabfc54c2c0e1f532d95a1a200000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000200000002004e030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e22ac1414bb00"/400], 0x18c)
r7 = openat$sysfs(0xffffff9c, &(0x7f00000002c0)='/sys/power/sync_on_suspend', 0x14000, 0x87)
unlinkat(r7, &(0x7f00000012c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
unshare(0x70000000)
semget$private(0x0, 0x4000, 0x0)
semctl$SETALL(0x0, 0x0, 0x14, 0x0)
ioctl$TCSETS(r2, 0x5402, 0x0)
write$UHID_INPUT(r2, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b5b09094bf70e0dd038e7ff7fc6e5539b324c078b089b3438076d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b32310d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e01000000138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12d3099dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f6dc7bcbf2a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509301815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827466cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d951061ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153bdf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033095563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db87195358bfee2916580dacae008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2df086dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36ffffffff00000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817b97c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000f4ff000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000300)={0x191, 0x140, 0xa0, 0x40, 0x8, 0x1, 0x20, 0x0, {}, {0x0, 0xffffffff, 0x1}, {0x0, 0x0, 0xfffffffd}, {0x6, 0x4}, 0x0, 0x100, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x6, 0x6, 0xfffffffd, 0x0, 0x8, 0x4, 0x0, 0x2, 0xa})
semctl$SETVAL(0x0, 0x2, 0x10, 0x0)
semctl$IPC_STAT(0x0, 0x0, 0x2, &(0x7f00000004c0)=""/88)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f00000005c0)='enc=', 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x3, 0x0, @mcast1={0xff, 0x7}, 0x8a}}, {{0xa, 0x0, 0x10001, @local}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x7abd, {{0xa, 0xfffe, 0x0, @empty, 0x3}}, {{0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x2}}}, 0x104)

855.199473ms ago: executing program 4 (id=2703):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$audio1(0xffffff9c, &(0x7f0000000300), 0x30600, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r6, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
ioctl$sock_proto_private(r6, 0x89e0, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@gettclass={0x24, 0x2a, 0x8, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7, 0x7}, {0x2}, {0xfff2, 0xfff1}}, ["", "", ""]}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=@newtfilter={0x2c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x6, 0xc}, {}, {0x7, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014)
socket$inet6_sctp(0xa, 0x801, 0x84)
close(0xffffffffffffffff)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000)
ptrace(0x11, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x106, 0x6000003f)
ioctl$PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, &(0x7f0000000040)=0xfffffbff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000000c0))

515.683932ms ago: executing program 3 (id=2704):
socket$kcm(0x2d, 0x2, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000e, 0x204031, 0xffffffffffffffff, 0xd0c6f000)
socket$inet6_udplite(0xa, 0x2, 0x88)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, &(0x7f0000000080)={0x10000, 0x80000000})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x400000000a882, 0x0)
r5 = dup(r4)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
read$snddsp(r5, &(0x7f0000000300)=""/57, 0x39)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
gettid()
timer_create(0x0, 0x0, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)

415.972755ms ago: executing program 0 (id=2705):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x2)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x200, 0x80, 0x20000, 0x0, 0x0, 0x8}, 0x1c)
mremap(&(0x7f0000000000/0x9000)=nil, 0xa00000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
mmap(&(0x7f0000568000/0x2000)=nil, 0x1000000, 0x0, 0x11, r0, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000cc0)=@in6={0x21, 0x2800, 0x2, 0x1c, {0xa, 0x1b59, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x4}}, 0x24)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000a80)={'syz1\x00', {0x0, 0x0, 0x0, 0x1000}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2], [0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xe43, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4], [0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x400000, 0x0, 0x4, 0xfffffffe, 0x0, 0x0, 0xd, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x1, 0xfffffffd, 0x0, 0x0, 0x401, 0x0, 0x0, 0x7fffffff, 0x0, 0x10000000, 0x0, 0x4, 0x0, 0xfffffffe]}, 0x45c)
recvmsg$unix(r3, &(0x7f0000000700)={&(0x7f0000000200)=@abs, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000040)=""/28, 0x1c}, {&(0x7f0000000280)=""/143, 0x8f}, {&(0x7f0000001780)=""/4096, 0x1000}, {&(0x7f0000000500)=""/129, 0x81}, {&(0x7f00000005c0)=""/83, 0x53}, {&(0x7f0000002780)=""/4096, 0x1000}, {&(0x7f0000000640)=""/170, 0xaa}], 0x7, &(0x7f0000000400)=[@cred={{0x18}}], 0x18}, 0x40000022)
ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x8)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x2)
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x1)
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_DESTROY(r4, 0x5502)
r5 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)

306.471438ms ago: executing program 2 (id=2706):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
syz_io_uring_setup(0x304, &(0x7f0000000300)={0x0, 0x8006d85, 0x400, 0x2, 0x200118}, &(0x7f00000000c0), 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r2=>0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', 0xe02, 0x1c0)
write$binfmt_format(r3, &(0x7f0000000000)='-1\x00', 0x3)
ioctl$RTC_IRQP_READ(r3, 0x8004700b, &(0x7f0000000180))
io_submit(r2, 0x1, &(0x7f0000000980)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0xa, r1, 0x0}])
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000200)=[<r4=>0x0], 0x1})
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x100000}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x6a9}, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_ID={0x8, 0x6}, @NHA_FDB={0x4}]}, 0x24}}, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000040)={r4, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r6, 0x0, 0x0, 0x1f5, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000008dfff00"}})
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r0, 0x1, 0x87)
quotactl_fd$Q_QUOTAON(r7, 0xffffffff80000201, 0xee01, 0x0)
r8 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
fcntl$addseals(r8, 0x409, 0x3f)
r9 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0)
write$binfmt_register(r9, &(0x7f0000000300)={0x3a, 'syz2', 0x3a, 'M', 0x3a, 0x8, 0x3a, '/dev/loo\\', 0x3a, '', 0x3a, './file0'}, 0x30)

91.738732ms ago: executing program 1 (id=2707):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x6}]})
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r1 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0x5d17, 0x0, 0x2, 0x40})
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000280)=[{&(0x7f0000002c40)=""/4111, 0x100f}, {&(0x7f0000000200)=""/31, 0x1f}], 0x2)
sendto(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r4})
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000300)={r6, <r7=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(r5, 0xc010640b, &(0x7f0000000140)={r7})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c64d2, &(0x7f0000000040)={r6})
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 0 (id=2708):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80383, 0x0)
read$midi(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r2, 0x5100)
read$midi(0xffffffffffffffff, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mknod$loop(0x0, 0x3ed238d32da7c388, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x3c)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0xffff, @rand_addr=' \x01\x00'}, 0x1c)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4000, 0x0, @remote, 0x5}, 0x1c)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

kernel console output (not intermixed with test programs):

ered promiscuous mode
[  689.921127][T13716] syzkaller0: entered allmulticast mode
[  691.104373][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  691.112984][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  691.198379][T13733] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  691.205180][T13733] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  691.215295][T13733] vhci_hcd vhci_hcd.0: Device attached
[  691.295107][    T9] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  691.405798][ T5824] usb 5-1: USB disconnect, device number 30
[  691.540860][ T5952] usb 38-1: SetAddress Request (2) to port 0
[  691.555010][ T5952] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  691.613471][    T9] usb 1-1: Using ep0 maxpacket: 16
[  691.644350][    T9] usb 1-1: config 0 has an invalid interface number: 115 but max is 0
[  691.681573][    T9] usb 1-1: config 0 has no interface number 0
[  691.710781][    T9] usb 1-1: config 0 interface 115 has no altsetting 0
[  691.748527][T13734] vhci_hcd: connection reset by peer
[  691.756252][    T9] usb 1-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=fb.74
[  691.798629][ T1167] vhci_hcd: stop threads
[  691.803248][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.819395][ T1167] vhci_hcd: release socket
[  691.846090][    T9] usb 1-1: Product: syz
[  691.856353][ T1167] vhci_hcd: disconnect device
[  691.864912][    T9] usb 1-1: Manufacturer: syz
[  691.869571][    T9] usb 1-1: SerialNumber: syz
[  691.918163][    T9] usb 1-1: config 0 descriptor??
[  691.954360][T13743] loop6: detected capacity change from 0 to 524287999
[  692.139473][T13747] binder: 13741:13747 ioctl c018620c 80000100 returned -1
[  692.191479][T13732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2355'.
[  692.266119][T13732] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2355'.
[  692.297268][ T5824] usb 1-1: USB disconnect, device number 35
[  694.748630][ T5921] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  694.948898][T13776] FAULT_INJECTION: forcing a failure.
[  694.948898][T13776] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  694.965390][T13778] FAULT_INJECTION: forcing a failure.
[  694.965390][T13778] name failslab, interval 1, probability 0, space 0, times 0
[  694.993105][T13778] CPU: 1 UID: 0 PID: 13778 Comm: syz.2.2364 Not tainted syzkaller #0 PREEMPT(full) 
[  694.993127][T13778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  694.993137][T13778] Call Trace:
[  694.993143][T13778]  <TASK>
[  694.993149][T13778]  dump_stack_lvl+0x189/0x250
[  694.993175][T13778]  ? __pfx____ratelimit+0x10/0x10
[  694.993196][T13778]  ? __pfx_dump_stack_lvl+0x10/0x10
[  694.993216][T13778]  ? __pfx__printk+0x10/0x10
[  694.993242][T13778]  should_fail_ex+0x414/0x560
[  694.993269][T13778]  should_failslab+0xa8/0x100
[  694.993289][T13778]  __kmalloc_cache_noprof+0x6f/0x6f0
[  694.993309][T13778]  ? __sctp_v6_cmp_addr+0x1dc/0x510
[  694.993329][T13778]  ? sctp_v6_cmp_addr+0x15/0xd0
[  694.993347][T13778]  ? sctp_add_bind_addr+0x8c/0x370
[  694.993372][T13778]  sctp_add_bind_addr+0x8c/0x370
[  694.993394][T13778]  sctp_copy_local_addr_list+0x30b/0x4e0
[  694.993417][T13778]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  694.993436][T13778]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  694.993457][T13778]  ? sctp_v6_is_any+0x64/0x80
[  694.993479][T13778]  ? sctp_copy_one_addr+0x93/0x360
[  694.993501][T13778]  sctp_bind_addr_copy+0xb3/0x3c0
[  694.993521][T13778]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  694.993541][T13778]  sctp_connect_new_asoc+0x2e0/0x690
[  694.993558][T13778]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  694.993571][T13778]  ? __local_bh_enable_ip+0x12d/0x1c0
[  694.993593][T13778]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  694.993609][T13778]  ? security_sctp_bind_connect+0x7e/0x2e0
[  694.993629][T13778]  sctp_sendmsg+0x155c/0x2810
[  694.993652][T13778]  ? __pfx_sctp_sendmsg+0x10/0x10
[  694.993669][T13778]  ? aa_sk_perm+0x81e/0x950
[  694.993692][T13778]  ? __pfx_aa_sk_perm+0x10/0x10
[  694.993715][T13778]  ? sock_rps_record_flow+0x19/0x410
[  694.993740][T13778]  ? inet_sendmsg+0x2f4/0x370
[  694.993756][T13778]  __sock_sendmsg+0x19c/0x270
[  694.993779][T13778]  __sys_sendto+0x3bd/0x520
[  694.993795][T13778]  ? __pfx___sys_sendto+0x10/0x10
[  694.993806][T13778]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  694.993838][T13778]  ? __fget_files+0x3a0/0x420
[  694.993861][T13778]  ? ksys_write+0x22a/0x250
[  694.993880][T13778]  ? exc_page_fault+0x82/0x100
[  694.993901][T13778]  ? __pfx_ksys_write+0x10/0x10
[  694.993925][T13778]  __ia32_sys_sendto+0xdd/0x100
[  694.993941][T13778]  __do_fast_syscall_32+0xb6/0x2b0
[  694.993964][T13778]  ? lockdep_hardirqs_on+0x9c/0x150
[  694.993987][T13778]  do_fast_syscall_32+0x34/0x80
[  694.994009][T13778]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  694.994027][T13778] RIP: 0023:0xf6ffd539
[  694.994040][T13778] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  694.994053][T13778] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  694.994068][T13778] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240
[  694.994078][T13778] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000080000140
[  694.994087][T13778] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  694.994101][T13778] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  694.994110][T13778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  694.994132][T13778]  </TASK>
[  695.316476][T13776] CPU: 1 UID: 0 PID: 13776 Comm: syz.0.2363 Not tainted syzkaller #0 PREEMPT(full) 
[  695.316505][T13776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  695.316517][T13776] Call Trace:
[  695.316525][T13776]  <TASK>
[  695.316532][T13776]  dump_stack_lvl+0x189/0x250
[  695.316564][T13776]  ? __pfx____ratelimit+0x10/0x10
[  695.316589][T13776]  ? __pfx_dump_stack_lvl+0x10/0x10
[  695.316615][T13776]  ? __pfx__printk+0x10/0x10
[  695.316646][T13776]  should_fail_ex+0x414/0x560
[  695.316680][T13776]  _copy_to_user+0x31/0xb0
[  695.316707][T13776]  simple_read_from_buffer+0xe1/0x170
[  695.316740][T13776]  proc_fail_nth_read+0x1b3/0x220
[  695.316768][T13776]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  695.316795][T13776]  ? rw_verify_area+0x2a6/0x4d0
[  695.316822][T13776]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  695.316848][T13776]  vfs_read+0x200/0xa30
[  695.316879][T13776]  ? __pfx_poll_select_finish+0x10/0x10
[  695.316910][T13776]  ? __pfx_vfs_read+0x10/0x10
[  695.316936][T13776]  ? set_compat_user_sigmask+0xc1/0x1b0
[  695.316959][T13776]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  695.316980][T13776]  ? kmem_cache_free+0x19b/0x690
[  695.317034][T13776]  ksys_read+0x145/0x250
[  695.317066][T13776]  ? __pfx_ksys_read+0x10/0x10
[  695.317095][T13776]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  695.317127][T13776]  ? lockdep_hardirqs_on+0x9c/0x150
[  695.317158][T13776]  __do_fast_syscall_32+0xb6/0x2b0
[  695.317190][T13776]  ? lockdep_hardirqs_on+0x9c/0x150
[  695.317221][T13776]  do_fast_syscall_32+0x34/0x80
[  695.317251][T13776]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  695.317276][T13776] RIP: 0023:0xf7f11539
[  695.317292][T13776] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  695.317309][T13776] RSP: 002b:00000000f5406590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  695.317330][T13776] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f5406620
[  695.317344][T13776] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000
[  695.317356][T13776] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  695.317368][T13776] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  695.317379][T13776] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  695.317410][T13776]  </TASK>
[  695.591476][ T5921] usb 2-1: Using ep0 maxpacket: 16
[  695.599193][ T5921] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  695.620165][ T5921] usb 2-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25
[  695.629381][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.641324][ T5921] usb 2-1: Product: syz
[  695.645878][ T5921] usb 2-1: Manufacturer: syz
[  695.654088][ T5921] usb 2-1: SerialNumber: syz
[  695.661759][ T5921] usb 2-1: config 0 descriptor??
[  695.768954][ T5921] uvcvideo 2-1:0.0: probe with driver uvcvideo failed with error -22
[  695.850134][T13783] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2367'.
[  695.896612][T13318] usb 2-1: USB disconnect, device number 31
[  696.125180][T13801] netlink: 196 bytes leftover after parsing attributes in process `syz.2.2370'.
[  696.179853][T13801] netdevsim netdevsim2: Direct firmware load for ..� failed with error -2
[  696.179920][T13801] netdevsim netdevsim2: Falling back to sysfs fallback for: ..�
[  696.554211][ T5834] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11
[  696.624222][ T5952] usb 38-1: device descriptor read/8, error -110
[  696.747230][T13806] fuse: Bad value for 'user_id'
[  696.760137][T13806] fuse: Bad value for 'user_id'
[  697.081169][ T5952] usb usb38-port1: attempt power cycle
[  697.098278][T13814] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2375'.
[  697.211547][    T9] hid (null): report_id 24797 is invalid
[  697.218348][T13814] veth0_to_bond: entered allmulticast mode
[  697.236583][    T9] hid_parser_main: 1 callbacks suppressed
[  697.236608][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x1
[  697.293137][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.308161][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.323272][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.333334][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.343628][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.376591][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.397076][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.415003][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.448165][    T9] hid-generic 0002:0004:0009.0007: unknown main item tag 0x0
[  697.477939][    T9] hid-generic 0002:0004:0009.0007: report_id 24797 is invalid
[  697.545295][    T9] hid-generic 0002:0004:0009.0007: item 0 2 1 8 parsing failed
[  697.601194][    T9] hid-generic 0002:0004:0009.0007: probe with driver hid-generic failed with error -22
[  697.721316][ T5952] usb usb38-port1: unable to enumerate USB device
[  698.103475][T13838] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2379'.
[  699.067209][ T5920] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  699.101646][T13853] netlink: 'syz.2.2382': attribute type 1 has an invalid length.
[  699.250837][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  699.259708][ T5920] usb 5-1: config 0 has no interfaces?
[  699.271882][ T5920] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  699.298140][ T5920] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  699.308648][ T5920] usb 5-1: Manufacturer: syz
[  699.319401][ T5920] usb 5-1: config 0 descriptor??
[  699.480826][    T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  699.581104][T13847] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  699.664783][T13847] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2381'.
[  699.741670][    T9] usb 2-1: device descriptor read/64, error -71
[  699.811573][ T5920] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  699.858348][T13867] FAULT_INJECTION: forcing a failure.
[  699.858348][T13867] name failslab, interval 1, probability 0, space 0, times 0
[  699.911532][T13867] CPU: 1 UID: 0 PID: 13867 Comm: syz.0.2386 Not tainted syzkaller #0 PREEMPT(full) 
[  699.911562][T13867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  699.911575][T13867] Call Trace:
[  699.911592][T13867]  <TASK>
[  699.911602][T13867]  dump_stack_lvl+0x189/0x250
[  699.911637][T13867]  ? __pfx____ratelimit+0x10/0x10
[  699.911666][T13867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  699.911694][T13867]  ? __pfx__printk+0x10/0x10
[  699.911733][T13867]  should_fail_ex+0x414/0x560
[  699.911771][T13867]  should_failslab+0xa8/0x100
[  699.911794][T13867]  __kmalloc_cache_noprof+0x6f/0x6f0
[  699.911825][T13867]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  699.911852][T13867]  ? sctp_add_bind_addr+0x8c/0x370
[  699.911887][T13867]  sctp_add_bind_addr+0x8c/0x370
[  699.911920][T13867]  sctp_copy_local_addr_list+0x30b/0x4e0
[  699.911952][T13867]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  699.911979][T13867]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  699.912010][T13867]  ? sctp_v4_is_any+0x35/0x60
[  699.912038][T13867]  ? sctp_copy_one_addr+0x93/0x360
[  699.912070][T13867]  sctp_bind_addr_copy+0xb3/0x3c0
[  699.912099][T13867]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  699.912128][T13867]  sctp_connect_new_asoc+0x2e0/0x690
[  699.912153][T13867]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  699.912172][T13867]  ? __local_bh_enable_ip+0x12d/0x1c0
[  699.912203][T13867]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  699.912226][T13867]  ? security_sctp_bind_connect+0x7e/0x2e0
[  699.912255][T13867]  sctp_sendmsg+0x155c/0x2810
[  699.912289][T13867]  ? __pfx_sctp_sendmsg+0x10/0x10
[  699.912313][T13867]  ? aa_sk_perm+0x81e/0x950
[  699.912348][T13867]  ? __pfx_aa_sk_perm+0x10/0x10
[  699.912381][T13867]  ? sock_rps_record_flow+0x19/0x410
[  699.912416][T13867]  ? inet_sendmsg+0x2f4/0x370
[  699.912440][T13867]  __sock_sendmsg+0x19c/0x270
[  699.912472][T13867]  __sys_sendto+0x3bd/0x520
[  699.912495][T13867]  ? __pfx___sys_sendto+0x10/0x10
[  699.912511][T13867]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  699.912557][T13867]  ? __fget_files+0x3a0/0x420
[  699.912597][T13867]  ? ksys_write+0x22a/0x250
[  699.912625][T13867]  ? exc_page_fault+0x82/0x100
[  699.912655][T13867]  ? __pfx_ksys_write+0x10/0x10
[  699.912690][T13867]  __ia32_sys_sendto+0xdd/0x100
[  699.912714][T13867]  __do_fast_syscall_32+0xb6/0x2b0
[  699.912747][T13867]  ? lockdep_hardirqs_on+0x9c/0x150
[  699.912781][T13867]  do_fast_syscall_32+0x34/0x80
[  699.912812][T13867]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  699.912838][T13867] RIP: 0023:0xf7f11539
[  699.912855][T13867] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  699.912873][T13867] RSP: 002b:00000000f540655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  699.912895][T13867] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[  699.912910][T13867] RDX: 0000000000034000 RSI: 00000000040048c4 RDI: 00000000800000c0
[  699.912929][T13867] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000
[  699.912947][T13867] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  699.912959][T13867] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  699.912991][T13867]  </TASK>
[  700.001051][    T9] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  700.002258][    C1] vkms_vblank_simulate: vblank timer overrun
[  700.033254][ T5920] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  700.035293][    C1] vkms_vblank_simulate: vblank timer overrun
[  700.040825][ T5920] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  700.046408][    C1] hrtimer: interrupt took 125744640 ns
[  700.146520][    C1] vkms_vblank_simulate: vblank timer overrun
[  700.284820][    C1] vkms_vblank_simulate: vblank timer overrun
[  700.408467][    T9] usb 2-1: device descriptor read/64, error -71
[  700.531304][ T5920] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  700.545184][ T5920] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  700.555814][ T5920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.601708][    T9] usb usb2-port1: attempt power cycle
[  700.673627][ T5920] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  700.684876][ T5920] usb 4-1: invalid MIDI out EP 0
[  700.842923][T13860] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  700.951060][    T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  700.971382][    T9] usb 2-1: device descriptor read/8, error -71
[  701.074162][ T5920] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  701.084494][T10159] udevd[10159]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such device
[  701.211885][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  701.241721][    T9] usb 2-1: device descriptor read/8, error -71
[  701.351767][    T9] usb usb2-port1: unable to enumerate USB device
[  701.602331][    T9] usb 5-1: USB disconnect, device number 31
[  702.493865][T13886] QAT: failed to copy from user.
[  704.712196][T13911] FAULT_INJECTION: forcing a failure.
[  704.712196][T13911] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  704.754014][T13911] CPU: 1 UID: 0 PID: 13911 Comm: syz.4.2397 Not tainted syzkaller #0 PREEMPT(full) 
[  704.754043][T13911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  704.754056][T13911] Call Trace:
[  704.754064][T13911]  <TASK>
[  704.754072][T13911]  dump_stack_lvl+0x189/0x250
[  704.754115][T13911]  ? __pfx____ratelimit+0x10/0x10
[  704.754145][T13911]  ? __pfx_dump_stack_lvl+0x10/0x10
[  704.754173][T13911]  ? __pfx__printk+0x10/0x10
[  704.754209][T13911]  should_fail_ex+0x414/0x560
[  704.754248][T13911]  _copy_to_user+0x31/0xb0
[  704.754278][T13911]  simple_read_from_buffer+0xe1/0x170
[  704.754316][T13911]  proc_fail_nth_read+0x1b3/0x220
[  704.754348][T13911]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  704.754377][T13911]  ? rw_verify_area+0x2a6/0x4d0
[  704.754405][T13911]  ? __lock_acquire+0xab9/0xd20
[  704.754423][T13911]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  704.754452][T13911]  vfs_read+0x200/0xa30
[  704.754480][T13911]  ? fdget_pos+0x247/0x320
[  704.754505][T13911]  ? __pfx___mutex_lock+0x10/0x10
[  704.754538][T13911]  ? __pfx_vfs_read+0x10/0x10
[  704.754569][T13911]  ? __fget_files+0x2a/0x420
[  704.754594][T13911]  ? __fget_files+0x3a0/0x420
[  704.754612][T13911]  ? __fget_files+0x2a/0x420
[  704.754641][T13911]  ksys_read+0x145/0x250
[  704.754668][T13911]  ? exc_page_fault+0x82/0x100
[  704.754698][T13911]  ? __pfx_ksys_read+0x10/0x10
[  704.754731][T13911]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  704.754764][T13911]  ? lockdep_hardirqs_on+0x9c/0x150
[  704.754797][T13911]  __do_fast_syscall_32+0xb6/0x2b0
[  704.754830][T13911]  ? lockdep_hardirqs_on+0x9c/0x150
[  704.754865][T13911]  do_fast_syscall_32+0x34/0x80
[  704.754897][T13911]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  704.754922][T13911] RIP: 0023:0xf702d539
[  704.754941][T13911] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  704.754959][T13911] RSP: 002b:00000000f541d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  704.754982][T13911] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f541d620
[  704.754995][T13911] RDX: 000000000000000f RSI: 00000000f73c6ff4 RDI: 0000000000000000
[  704.755008][T13911] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  704.755020][T13911] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  704.755032][T13911] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  704.755065][T13911]  </TASK>
[  705.000677][    C1] vkms_vblank_simulate: vblank timer overrun
[  705.115795][ T5824] usb 4-1: USB disconnect, device number 33
[  706.104941][T13909] netlink: 750 bytes leftover after parsing attributes in process `syz.2.2396'.
[  706.290832][    T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  706.345682][T13939] fuse: Unknown parameter '
'
[  707.992103][T13953] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2407'.
[  708.080318][ T5920] hid (null): report_id 24797 is invalid
[  708.082316][ T5920] hid_parser_main: 1 callbacks suppressed
[  708.082330][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x1
[  708.082355][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082375][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082394][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082413][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082433][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082452][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082471][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082490][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082511][ T5920] hid-generic 0002:0004:0009.0008: unknown main item tag 0x0
[  708.082537][ T5920] hid-generic 0002:0004:0009.0008: report_id 24797 is invalid
[  708.082549][ T5920] hid-generic 0002:0004:0009.0008: item 0 2 1 8 parsing failed
[  708.082999][ T5920] hid-generic 0002:0004:0009.0008: probe with driver hid-generic failed with error -22
[  708.870799][ T5920] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  709.022715][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  709.024656][ T5920] usb 5-1: config 0 has no interfaces?
[  709.027001][ T5920] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  709.027024][ T5920] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  709.027039][ T5920] usb 5-1: Manufacturer: syz
[  709.029352][ T5920] usb 5-1: config 0 descriptor??
[  709.405624][T13977] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2408'.
[  709.451043][T13962] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  709.460414][T13962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  709.462659][T13962] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  709.621043][T13318] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  709.786639][T13318] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  709.786687][T13318] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  709.786708][T13318] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  709.786738][T13318] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  709.786755][T13318] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.795019][T13318] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  709.795764][T13318] usb 3-1: invalid MIDI out EP 0
[  709.898295][ T5830] udevd[5830]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  709.925385][T13318] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  710.022023][T13973] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  710.330468][T13984] FAULT_INJECTION: forcing a failure.
[  710.330468][T13984] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  710.330495][T13984] CPU: 0 UID: 0 PID: 13984 Comm: syz.0.2413 Not tainted syzkaller #0 PREEMPT(full) 
[  710.330511][T13984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  710.330520][T13984] Call Trace:
[  710.330525][T13984]  <TASK>
[  710.330531][T13984]  dump_stack_lvl+0x189/0x250
[  710.330555][T13984]  ? __pfx____ratelimit+0x10/0x10
[  710.330575][T13984]  ? __pfx_dump_stack_lvl+0x10/0x10
[  710.330595][T13984]  ? __pfx__printk+0x10/0x10
[  710.330627][T13984]  should_fail_ex+0x414/0x560
[  710.330668][T13984]  _copy_to_user+0x31/0xb0
[  710.330696][T13984]  simple_read_from_buffer+0xe1/0x170
[  710.330748][T13984]  proc_fail_nth_read+0x1b3/0x220
[  710.330769][T13984]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  710.330790][T13984]  ? rw_verify_area+0x2a6/0x4d0
[  710.330810][T13984]  ? __lock_acquire+0xab9/0xd20
[  710.330823][T13984]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  710.330842][T13984]  vfs_read+0x200/0xa30
[  710.330861][T13984]  ? fdget_pos+0x247/0x320
[  710.330878][T13984]  ? __pfx___mutex_lock+0x10/0x10
[  710.330901][T13984]  ? __pfx_vfs_read+0x10/0x10
[  710.330922][T13984]  ? __fget_files+0x2a/0x420
[  710.330939][T13984]  ? __fget_files+0x3a0/0x420
[  710.330951][T13984]  ? __fget_files+0x2a/0x420
[  710.330971][T13984]  ksys_read+0x145/0x250
[  710.330992][T13984]  ? __pfx_ksys_read+0x10/0x10
[  710.331015][T13984]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  710.331038][T13984]  ? lockdep_hardirqs_on+0x9c/0x150
[  710.331060][T13984]  __do_fast_syscall_32+0xb6/0x2b0
[  710.331083][T13984]  ? lockdep_hardirqs_on+0x9c/0x150
[  710.331107][T13984]  do_fast_syscall_32+0x34/0x80
[  710.331128][T13984]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  710.331146][T13984] RIP: 0023:0xf7f11539
[  710.331158][T13984] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  710.331170][T13984] RSP: 002b:00000000f5406590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  710.331185][T13984] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5406620
[  710.331195][T13984] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000
[  710.331204][T13984] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  710.331212][T13984] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  710.331220][T13984] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  710.331242][T13984]  </TASK>
[  711.237475][    T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  711.381520][    T9] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  711.382483][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.382520][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.382540][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.383557][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.383597][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.383617][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.384525][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.384563][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.384602][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.386642][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.386836][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.386865][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.389499][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.389541][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.389560][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.392515][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.392558][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.392578][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.393761][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.393797][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.393817][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.395153][    T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  711.395187][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  711.395207][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  711.398759][    T9] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  711.398781][    T9] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  711.398797][    T9] usb 4-1: Product: syz
[  711.398808][    T9] usb 4-1: Manufacturer: syz
[  711.398820][    T9] usb 4-1: SerialNumber: syz
[  711.409314][    T9] usb 4-1: config 0 descriptor??
[  711.428419][    T9] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  711.443892][    T9] usb 5-1: USB disconnect, device number 32
[  712.054594][T14004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  712.054941][T14004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  712.129148][T13996] vlan2: entered promiscuous mode
[  712.682553][T13996] team0: entered promiscuous mode
[  713.061424][T14008] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2421'.
[  713.175741][    T9] hid (null): report_id 24797 is invalid
[  713.197015][    T9] hid_parser_main: 1 callbacks suppressed
[  713.197033][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x1
[  713.210979][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.221425][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.229066][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.239615][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.247352][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.254386][ T5952] usb 3-1: USB disconnect, device number 26
[  713.255475][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.308595][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.344085][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.396584][    T9] hid-generic 0002:0004:0009.0009: unknown main item tag 0x0
[  713.455081][    T9] hid-generic 0002:0004:0009.0009: report_id 24797 is invalid
[  713.463863][    T9] hid-generic 0002:0004:0009.0009: item 0 2 1 8 parsing failed
[  713.506229][    T9] hid-generic 0002:0004:0009.0009: probe with driver hid-generic failed with error -22
[  713.604902][T14023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2425'.
[  713.646010][T14023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2425'.
[  713.679139][T14023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2425'.
[  713.720778][T14023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2425'.
[  713.895068][T14028] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2426'.
[  714.299196][T14035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2428'.
[  714.334555][T14035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2428'.
[  714.604618][T13318] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  714.720543][    T9] usb 4-1: USB disconnect, device number 34
[  714.733276][    T9] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  714.762745][T13318] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  714.795443][T13318] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  714.822840][T13318] usb 3-1: config 1 has no interface number 1
[  714.838513][T13318] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  714.875023][T13318] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  714.923387][T13318] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  714.933271][T13318] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.941731][T13318] usb 3-1: Product: syz
[  714.946117][T13318] usb 3-1: Manufacturer: syz
[  714.951729][T13318] usb 3-1: SerialNumber: syz
[  714.966470][T14035] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  715.290332][T14047] QAT: failed to copy from user.
[  715.520799][ T5952] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  715.680995][ T5952] usb 1-1: Using ep0 maxpacket: 16
[  715.743218][ T5952] usb 1-1: config 0 has no interfaces?
[  715.853280][ T5952] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  715.907779][ T5952] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  715.933867][ T5952] usb 1-1: Manufacturer: syz
[  716.101850][ T5952] usb 1-1: config 0 descriptor??
[  716.480038][T14045] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  716.542641][T14045] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  716.555225][T14045] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.945062][T14058] QAT: failed to copy from user.
[  717.070962][T13318] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  717.087803][T13318] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  717.195016][T13318] usb 3-1: USB disconnect, device number 27
[  717.485967][ T6956] udevd[6956]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  717.734379][T14066] QAT: failed to copy from user.
[  717.910829][T13318] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  718.023163][ T5824] usb 1-1: USB disconnect, device number 36
[  718.139018][T13318] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  718.139077][T13318] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  718.149142][T13318] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  718.149185][T13318] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.149208][T13318] usb 4-1: Product: syz
[  718.149224][T13318] usb 4-1: Manufacturer: syz
[  718.149240][T13318] usb 4-1: SerialNumber: syz
[  718.183334][T13318] cdc_mbim 4-1:1.0: skipping garbage
[  718.441235][T14065] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  718.822458][    T9] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  718.972874][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  718.984594][    T9] usb 3-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00
[  719.045456][T14065] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  719.072171][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.080498][T13318] cdc_mbim 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  719.089472][T13318] cdc_mbim 4-1:1.0: setting rx_max = 2048
[  719.096333][    T9] usb 3-1: config 0 descriptor??
[  719.332934][T13318] cdc_mbim 4-1:1.0: setting tx_max = 184
[  719.363327][T13318] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device
[  719.396918][T13318] wwan wwan0: port wwan0mbim0 attached
[  719.433783][T13318] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, fe:d3:04:bd:86:44
[  719.514620][T13318] usb 4-1: USB disconnect, device number 35
[  719.532279][    T9] hid_parser_main: 1 callbacks suppressed
[  719.532299][    T9] playstation 0003:054C:0BA0.000A: unknown main item tag 0x0
[  719.565491][T13318] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM
[  719.590043][    T9] playstation 0003:054C:0BA0.000A: hidraw0: USB HID v0.00 Device [HID 054c:0ba0] on usb-dummy_hcd.2-1/input0
[  719.862814][T14095] netlink: 'syz.2.2437': attribute type 11 has an invalid length.
[  719.957653][T14096] xt_hashlimit: size too large, truncated to 1048576
[  719.964775][T14092] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2441'.
[  720.051712][T14096] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  720.094548][ T5824] hid (null): report_id 24797 is invalid
[  720.123053][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x1
[  720.130520][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.184415][T13318] wwan wwan0: port wwan0mbim0 disconnected
[  720.244298][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.322607][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.402770][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.519629][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.683031][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.716309][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.738981][ T5824] hid-generic 0002:0004:0009.000B: unknown main item tag 0x0
[  720.751060][ T5824] hid-generic 0002:0004:0009.000B: report_id 24797 is invalid
[  720.758973][ T5824] hid-generic 0002:0004:0009.000B: item 0 2 1 8 parsing failed
[  720.771688][ T5824] hid-generic 0002:0004:0009.000B: probe with driver hid-generic failed with error -22
[  721.512095][T14119] netlink: 'syz.0.2444': attribute type 2 has an invalid length.
[  721.994074][    T9] playstation 0003:054C:0BA0.000A: Failed to retrieve feature with reportID 18: -71
[  722.027776][    T9] playstation 0003:054C:0BA0.000A: Failed to retrieve DualShock4 pairing info: -71
[  722.059157][T14124] openvswitch: netlink: Key type 31 is not supported
[  722.066236][    T9] playstation 0003:054C:0BA0.000A: Failed to get MAC address from DualShock4
[  722.099011][    T9] playstation 0003:054C:0BA0.000A: Failed to create dualshock4.
[  722.178054][    T9] playstation 0003:054C:0BA0.000A: probe with driver playstation failed with error -71
[  722.278867][    T9] usb 3-1: USB disconnect, device number 28
[  723.504436][   T30] kauditd_printk_skb: 36 callbacks suppressed
[  723.504455][   T30] audit: type=1326 audit(1762595195.633:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.543781][   T30] audit: type=1326 audit(1762595195.663:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.550066][T14168] sctp: [Deprecated]: syz.2.2454 (pid 14168) Use of int in maxseg socket option.
[  723.550066][T14168] Use struct sctp_assoc_value instead
[  723.569372][T14158] QAT: Invalid ioctl 21531
[  723.605561][   T30] audit: type=1326 audit(1762595195.703:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=196 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.628620][   T30] audit: type=1326 audit(1762595195.703:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.654283][   T30] audit: type=1326 audit(1762595195.703:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.726722][   T30] audit: type=1326 audit(1762595195.703:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.787186][   T30] audit: type=1326 audit(1762595195.703:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.813436][   T30] audit: type=1326 audit(1762595195.703:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  723.840418][   T30] audit: type=1326 audit(1762595195.703:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  724.023941][T14177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2455'.
[  724.034723][   T30] audit: type=1326 audit(1762595195.723:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14157 comm="syz.0.2452" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  724.096321][T14178] veth0_to_bond: entered allmulticast mode
[  724.458106][T14183] FAULT_INJECTION: forcing a failure.
[  724.458106][T14183] name failslab, interval 1, probability 0, space 0, times 0
[  724.541003][T14183] CPU: 1 UID: 0 PID: 14183 Comm: syz.0.2457 Not tainted syzkaller #0 PREEMPT(full) 
[  724.541034][T14183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  724.541047][T14183] Call Trace:
[  724.541054][T14183]  <TASK>
[  724.541063][T14183]  dump_stack_lvl+0x189/0x250
[  724.541098][T14183]  ? __pfx____ratelimit+0x10/0x10
[  724.541125][T14183]  ? __pfx_dump_stack_lvl+0x10/0x10
[  724.541154][T14183]  ? __pfx__printk+0x10/0x10
[  724.541180][T14183]  ? __pfx___might_resched+0x10/0x10
[  724.541201][T14183]  ? fs_reclaim_acquire+0x7d/0x100
[  724.541239][T14183]  should_fail_ex+0x414/0x560
[  724.541275][T14183]  should_failslab+0xa8/0x100
[  724.541297][T14183]  kmem_cache_alloc_node_noprof+0x77/0x710
[  724.541327][T14183]  ? __alloc_skb+0x112/0x2d0
[  724.541352][T14183]  __alloc_skb+0x112/0x2d0
[  724.541375][T14183]  alloc_skb_with_frags+0xca/0x890
[  724.541401][T14183]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  724.541430][T14183]  ? lockdep_hardirqs_on+0x9c/0x150
[  724.541464][T14183]  sock_alloc_send_pskb+0x84d/0x980
[  724.541509][T14183]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  724.541534][T14183]  ? kasan_save_track+0x4f/0x80
[  724.541571][T14183]  ? kasan_save_track+0x3e/0x80
[  724.541598][T14183]  ? __kasan_kmalloc+0x93/0xb0
[  724.541625][T14183]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[  724.541652][T14183]  ? ip_setup_cork+0x299/0x9a0
[  724.541678][T14183]  ? ip_make_skb+0x130/0x3f0
[  724.541703][T14183]  ? udp_sendmsg+0x1925/0x2170
[  724.541720][T14183]  ? udpv6_sendmsg+0xc1c/0x2510
[  724.541746][T14183]  ? __sock_sendmsg+0xe5/0x270
[  724.541771][T14183]  ? ____sys_sendmsg+0x52d/0x830
[  724.541790][T14183]  ? ___sys_sendmsg+0x21f/0x2a0
[  724.541809][T14183]  ? __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  724.541830][T14183]  ? __do_fast_syscall_32+0xb6/0x2b0
[  724.541859][T14183]  ? do_fast_syscall_32+0x34/0x80
[  724.541887][T14183]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  724.541916][T14183]  __ip_append_data+0x2ce8/0x40c0
[  724.541963][T14183]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  724.542006][T14183]  ? __kasan_kmalloc+0x93/0xb0
[  724.542042][T14183]  ? __pfx___ip_append_data+0x10/0x10
[  724.542095][T14183]  ? __asan_memcpy+0x40/0x70
[  724.542133][T14183]  ? ip_setup_cork+0x577/0x9a0
[  724.542161][T14183]  ip_make_skb+0x1de/0x3f0
[  724.542191][T14183]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  724.542218][T14183]  ? __pfx_ip_make_skb+0x10/0x10
[  724.542264][T14183]  udp_sendmsg+0x1925/0x2170
[  724.542298][T14183]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  724.542326][T14183]  ? __pfx_udp_sendmsg+0x10/0x10
[  724.542342][T14183]  ? __asan_memset+0x22/0x50
[  724.542380][T14183]  ? get_random_u32+0x155/0x940
[  724.542412][T14183]  ? register_lock_class+0x51/0x320
[  724.542430][T14183]  ? get_random_u32+0x155/0x940
[  724.542454][T14183]  ? __lock_acquire+0xab9/0xd20
[  724.542485][T14183]  udpv6_sendmsg+0xc1c/0x2510
[  724.542525][T14183]  ? udp_lib_get_port+0x164b/0x1b10
[  724.542554][T14183]  ? udp_lib_get_port+0x164b/0x1b10
[  724.542588][T14183]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  724.542621][T14183]  ? __lock_acquire+0xab9/0xd20
[  724.542655][T14183]  ? __local_bh_enable_ip+0x12d/0x1c0
[  724.542676][T14183]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  724.542703][T14183]  ? inet_send_prepare+0x1b9/0x270
[  724.542736][T14183]  ? inet_send_prepare+0x1b9/0x270
[  724.542769][T14183]  ? inet6_sendmsg+0xe4/0x120
[  724.542794][T14183]  __sock_sendmsg+0xe5/0x270
[  724.542825][T14183]  ____sys_sendmsg+0x52d/0x830
[  724.542853][T14183]  ? __pfx_____sys_sendmsg+0x10/0x10
[  724.542891][T14183]  ___sys_sendmsg+0x21f/0x2a0
[  724.542914][T14183]  ? __pfx____sys_sendmsg+0x10/0x10
[  724.542937][T14183]  ? __lock_acquire+0xab9/0xd20
[  724.542986][T14183]  ? __fget_files+0x2a/0x420
[  724.543004][T14183]  ? __fget_files+0x3a0/0x420
[  724.543030][T14183]  __sys_sendmmsg+0x28e/0x430
[  724.543056][T14183]  ? __pfx___sys_sendmmsg+0x10/0x10
[  724.543074][T14183]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  724.543129][T14183]  ? ksys_write+0x22a/0x250
[  724.543156][T14183]  ? exc_page_fault+0x82/0x100
[  724.543183][T14183]  ? __pfx_ksys_write+0x10/0x10
[  724.543218][T14183]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  724.543262][T14183]  __do_fast_syscall_32+0xb6/0x2b0
[  724.543295][T14183]  ? lockdep_hardirqs_on+0x9c/0x150
[  724.543328][T14183]  do_fast_syscall_32+0x34/0x80
[  724.543359][T14183]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  724.543383][T14183] RIP: 0023:0xf7f11539
[  724.543399][T14183] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  724.543416][T14183] RSP: 002b:00000000f540655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  724.543438][T14183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  724.543452][T14183] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  724.543464][T14183] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  724.543476][T14183] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  724.543487][T14183] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  724.543518][T14183]  </TASK>
[  725.325510][T14185] binder: 14180:14185 ioctl c018620c 80000100 returned -1
[  725.795833][T14195] FAULT_INJECTION: forcing a failure.
[  725.795833][T14195] name failslab, interval 1, probability 0, space 0, times 0
[  725.820026][T14195] CPU: 0 UID: 0 PID: 14195 Comm: syz.0.2460 Not tainted syzkaller #0 PREEMPT(full) 
[  725.820056][T14195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  725.820067][T14195] Call Trace:
[  725.820073][T14195]  <TASK>
[  725.820080][T14195]  dump_stack_lvl+0x189/0x250
[  725.820106][T14195]  ? __pfx____ratelimit+0x10/0x10
[  725.820132][T14195]  ? __pfx_dump_stack_lvl+0x10/0x10
[  725.820153][T14195]  ? __pfx__printk+0x10/0x10
[  725.820173][T14195]  ? __pfx___might_resched+0x10/0x10
[  725.820189][T14195]  ? fs_reclaim_acquire+0x7d/0x100
[  725.820218][T14195]  should_fail_ex+0x414/0x560
[  725.820244][T14195]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  725.820267][T14195]  should_failslab+0xa8/0x100
[  725.820283][T14195]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  725.820304][T14195]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[  725.820325][T14195]  ? alloc_inode+0x6a/0x1b0
[  725.820346][T14195]  ? __pfx_simple_start_creating+0x10/0x10
[  725.820363][T14195]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  725.820384][T14195]  alloc_inode+0x6a/0x1b0
[  725.820408][T14195]  new_inode+0x22/0x170
[  725.820425][T14195]  __debugfs_create_file+0x14d/0x4f0
[  725.820450][T14195]  debugfs_create_file_full+0x3f/0x60
[  725.820480][T14195]  ref_tracker_dir_debugfs+0x14e/0x270
[  725.820495][T14195]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  725.820531][T14195]  ? trace_kmalloc+0x1f/0xd0
[  725.820549][T14195]  ? __kvmalloc_node_noprof+0x5ed/0x910
[  725.820576][T14195]  ? __raw_spin_lock_init+0x45/0x100
[  725.820599][T14195]  alloc_netdev_mqs+0x272/0x11b0
[  725.820618][T14195]  ? __pfx_macvlan_setup+0x10/0x10
[  725.820647][T14195]  rtnl_create_link+0x31f/0xd10
[  725.820680][T14195]  rtnl_newlink_create+0x25c/0xb00
[  725.820705][T14195]  ? __lock_acquire+0xab9/0xd20
[  725.820729][T14195]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  725.820752][T14195]  ? __pfx___mutex_lock+0x10/0x10
[  725.820792][T14195]  ? ns_capable+0x8a/0xf0
[  725.820818][T14195]  rtnl_newlink+0x16e4/0x1c80
[  725.820851][T14195]  ? netlink_deliver_tap+0x19c/0x1b0
[  725.820884][T14195]  ? __pfx_rtnl_newlink+0x10/0x10
[  725.820933][T14195]  ? kasan_quarantine_put+0xdd/0x220
[  725.820953][T14195]  ? lockdep_hardirqs_on+0x9c/0x150
[  725.820978][T14195]  ? nlmon_xmit+0xb0/0x100
[  725.820995][T14195]  ? kmem_cache_free+0x19b/0x690
[  725.821023][T14195]  ? __local_bh_enable_ip+0x12d/0x1c0
[  725.821038][T14195]  ? lockdep_hardirqs_on+0x9c/0x150
[  725.821059][T14195]  ? __local_bh_enable_ip+0x12d/0x1c0
[  725.821075][T14195]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  725.821093][T14195]  ? __dev_queue_xmit+0x27b/0x3b50
[  725.821111][T14195]  ? __dev_queue_xmit+0x27b/0x3b50
[  725.821126][T14195]  ? __dev_queue_xmit+0x27b/0x3b50
[  725.821144][T14195]  ? __dev_queue_xmit+0x1d79/0x3b50
[  725.821159][T14195]  ? kasan_save_track+0x3e/0x80
[  725.821179][T14195]  ? __kasan_slab_alloc+0x6c/0x80
[  725.821203][T14195]  ? __lock_acquire+0xab9/0xd20
[  725.821236][T14195]  ? __pfx_rtnl_newlink+0x10/0x10
[  725.821257][T14195]  rtnetlink_rcv_msg+0x7cf/0xb70
[  725.821282][T14195]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  725.821304][T14195]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  725.821324][T14195]  ? ref_tracker_free+0x63a/0x7d0
[  725.821338][T14195]  ? __asan_memcpy+0x40/0x70
[  725.821356][T14195]  ? __pfx_ref_tracker_free+0x10/0x10
[  725.821369][T14195]  ? __skb_clone+0x63/0x7a0
[  725.821392][T14195]  netlink_rcv_skb+0x208/0x470
[  725.821416][T14195]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  725.821440][T14195]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  725.821479][T14195]  ? netlink_deliver_tap+0x2e/0x1b0
[  725.821499][T14195]  netlink_unicast+0x82f/0x9e0
[  725.821527][T14195]  ? __pfx_netlink_unicast+0x10/0x10
[  725.821550][T14195]  ? netlink_sendmsg+0x642/0xb30
[  725.821562][T14195]  ? skb_put+0x11b/0x210
[  725.821579][T14195]  netlink_sendmsg+0x805/0xb30
[  725.821600][T14195]  ? __pfx_netlink_sendmsg+0x10/0x10
[  725.821617][T14195]  ? __import_iovec+0x5d4/0x7f0
[  725.821634][T14195]  ? aa_sock_msg_perm+0xf1/0x1d0
[  725.821658][T14195]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  725.821672][T14195]  ? __pfx_netlink_sendmsg+0x10/0x10
[  725.821686][T14195]  __sock_sendmsg+0x21c/0x270
[  725.821709][T14195]  ____sys_sendmsg+0x505/0x830
[  725.821730][T14195]  ? __pfx_____sys_sendmsg+0x10/0x10
[  725.821758][T14195]  ___sys_sendmsg+0x21f/0x2a0
[  725.821776][T14195]  ? __pfx____sys_sendmsg+0x10/0x10
[  725.821819][T14195]  ? __fget_files+0x2a/0x420
[  725.821832][T14195]  ? __fget_files+0x3a0/0x420
[  725.821854][T14195]  __sys_sendmsg+0x164/0x220
[  725.821871][T14195]  ? __pfx___sys_sendmsg+0x10/0x10
[  725.821893][T14195]  ? __pfx_ksys_write+0x10/0x10
[  725.821916][T14195]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  725.821939][T14195]  ? lockdep_hardirqs_on+0x9c/0x150
[  725.821962][T14195]  __do_fast_syscall_32+0xb6/0x2b0
[  725.821985][T14195]  ? lockdep_hardirqs_on+0x9c/0x150
[  725.822008][T14195]  do_fast_syscall_32+0x34/0x80
[  725.822030][T14195]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  725.822048][T14195] RIP: 0023:0xf7f11539
[  725.822062][T14195] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  725.822075][T14195] RSP: 002b:00000000f540655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  725.822091][T14195] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000240
[  725.822101][T14195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  725.822109][T14195] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  725.822117][T14195] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  725.822125][T14195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  725.822148][T14195]  </TASK>
[  726.489549][T14195] debugfs: out of free dentries, can not create file 'netdev@ffff88807a658618'
[  726.824556][T14206] binder: 14205:14206 ioctl c0306201 80000440 returned -14
[  726.921071][ T5952] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  727.028460][T14214] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  727.046537][T14216] netlink: 'syz.3.2467': attribute type 30 has an invalid length.
[  727.097047][ T5952] usb 5-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  727.116238][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.131931][ T5952] usb 5-1: Product: syz
[  727.138675][ T5952] usb 5-1: Manufacturer: syz
[  727.139209][T14214] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2466'.
[  727.153768][ T5952] usb 5-1: SerialNumber: syz
[  727.162509][T14219] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2468'.
[  727.180359][ T5952] usb 5-1: config 0 descriptor??
[  727.199819][ T5952] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  727.229266][ T5952] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  727.248425][ T5952] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  727.258657][ T5952] usb 5-1: media controller created
[  727.278743][ T5952] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  727.290836][T14220] veth0_to_bond: entered allmulticast mode
[  727.363405][ T5952] DVB: Unable to find symbol mt352_attach()
[  727.449870][ T5952] DVB: Unable to find symbol nxt6000_attach()
[  727.457014][ T5952] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  727.473515][ T5952] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13
[  727.490410][ T5952] dvb-usb: schedule remote query interval to 1000 msecs.
[  727.499440][ T5952] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  727.515253][ T5952] dvb-usb: bulk message failed: -22 (7/0)
[  727.523010][ T5952] dvb-usb: bulk message failed: -22 (7/0)
[  727.536216][ T5952] usb 5-1: USB disconnect, device number 33
[  727.658285][ T5952] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  727.796105][T14227] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  727.810354][T14227] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  727.834648][T14227] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  727.853808][T14227] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  727.867170][T14227] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  727.875129][T14227] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  727.885263][T14227] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  727.892034][T14227] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  727.899751][T14227] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  727.906000][T14227] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  728.154124][T14240] batman_adv: batadv0: adding TT local entry ba:e1:05:00:07:00 to non-existent VLAN 1280
[  728.309319][T14244] vlan2: entered promiscuous mode
[  728.349386][T14244] bond0: entered promiscuous mode
[  728.421085][T13318] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  728.600862][T13318] usb 3-1: Using ep0 maxpacket: 16
[  728.648369][T13318] usb 3-1: config 0 has no interfaces?
[  728.710198][T13318] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  728.812875][T13318] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  728.841661][T13318] usb 3-1: Manufacturer: syz
[  728.918479][T13318] usb 3-1: config 0 descriptor??
[  729.037795][T14261] netlink: 'syz.1.2479': attribute type 12 has an invalid length.
[  729.101858][T14261] netlink: 'syz.1.2479': attribute type 29 has an invalid length.
[  729.142259][T14261] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2479'.
[  729.200116][T14261] netlink: 59 bytes leftover after parsing attributes in process `syz.1.2479'.
[  729.252059][T14264] trusted_key: syz.0.2480 sent an empty control message without MSG_MORE.
[  729.321637][T14241] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  729.321662][T14265] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2472'.
[  729.591953][T14241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.621046][T14241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.668840][T14269] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  729.820759][ T5834] Bluetooth: hci0: command 0x0406 tx timeout
[  729.851878][T14274] syzkaller0: entered promiscuous mode
[  729.861840][T14274] syzkaller0: entered allmulticast mode
[  729.873655][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  729.873673][   T30] audit: type=1326 audit(1762595201.943:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  729.902086][ T5834] Bluetooth: hci2: command 0x0406 tx timeout
[  729.908138][ T5834] Bluetooth: hci1: command 0x0406 tx timeout
[  729.914594][ T5834] Bluetooth: hci4: command 0x0406 tx timeout
[  729.920948][ T5834] Bluetooth: hci3: command 0x0406 tx timeout
[  729.931510][   T30] audit: type=1326 audit(1762595201.943:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  729.959242][T13318] IPVS: starting estimator thread 0...
[  730.008733][   T30] audit: type=1326 audit(1762595201.943:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.061336][T14275] IPVS: using max 30 ests per chain, 72000 per kthread
[  730.097880][   T30] audit: type=1326 audit(1762595201.953:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.169231][   T30] audit: type=1326 audit(1762595201.953:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.265609][   T30] audit: type=1326 audit(1762595201.953:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.516055][   T30] audit: type=1326 audit(1762595201.953:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.594324][T14281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2485'.
[  730.633665][   T30] audit: type=1326 audit(1762595201.953:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.674650][   T30] audit: type=1326 audit(1762595201.953:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.757018][   T30] audit: type=1326 audit(1762595201.953:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14273 comm="syz.0.2483" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7f11539 code=0x7ffc0000
[  730.917768][T14285] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  731.011305][ T5921] usb 3-1: USB disconnect, device number 29
[  731.290933][ T5952] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  731.405374][T14297] netlink: zone id is out of range
[  731.411099][T14297] netlink: zone id is out of range
[  731.426474][T14297] netlink: zone id is out of range
[  731.444875][T14297] netlink: zone id is out of range
[  731.458491][T14296] binder: 14291:14296 ioctl c018620c 80000100 returned -1
[  731.476377][T14297] netlink: zone id is out of range
[  731.515561][ T5952] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  731.532834][T14297] netlink: zone id is out of range
[  731.553711][ T5952] usb 4-1: config 0 has no interfaces?
[  731.566429][T14297] netlink: zone id is out of range
[  731.576328][ T5952] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  731.614531][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.637648][ T5952] usb 4-1: config 0 descriptor??
[  731.901008][T14276] Bluetooth: hci0: command 0x0406 tx timeout
[  731.991327][ T5836] Bluetooth: hci4: command 0x0406 tx timeout
[  731.997383][ T5836] Bluetooth: hci1: command 0x0406 tx timeout
[  732.003695][T14276] Bluetooth: hci3: command 0x0406 tx timeout
[  732.010161][T14276] Bluetooth: hci2: command 0x0406 tx timeout
[  732.920479][T14316] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  732.951498][T14316] syzkaller0: entered promiscuous mode
[  732.958655][T14316] syzkaller0: entered allmulticast mode
[  732.997296][T14315] tipc: Resetting bearer <eth:syzkaller0>
[  733.044262][T14315] tipc: Disabling bearer <eth:syzkaller0>
[  733.357285][T14322] net_ratelimit: 1 callbacks suppressed
[  733.357303][T14322] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  733.541462][T14322] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2495'.
[  734.243155][T14329] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2497'.
[  734.261745][T14331] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2498'.
[  734.283109][T14331] program syz.2.2498 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  734.715530][T14339] netdevsim netdevsim0: Firmware load for '/../file0' refused, path contains '..' component
[  734.895979][T14342] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2500'.
[  735.065670][ T5952] usb 4-1: USB disconnect, device number 36
[  735.347859][T14359] binder: 14349:14359 ioctl c018620c 80000100 returned -1
[  735.590789][    T9] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  735.753133][    T9] usb 4-1: config 5 has an invalid interface number: 123 but max is 0
[  735.777969][    T9] usb 4-1: config 5 has no interface number 0
[  735.818568][    T9] usb 4-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  735.851636][    T9] usb 4-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  735.863612][    T9] usb 4-1: config 5 interface 123 has no altsetting 0
[  735.874226][    T9] usb 4-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  735.886158][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  735.894889][    T9] usb 4-1: Product: syz
[  735.899248][    T9] usb 4-1: Manufacturer: syz
[  735.906456][    T9] usb 4-1: SerialNumber: syz
[  735.916712][T14360] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  736.041288][ T5952] usb 1-1: new low-speed USB device number 37 using dummy_hcd
[  736.051169][T14366] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2508'.
[  736.131768][T14360] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  736.230916][ T5952] usb 1-1: Invalid ep0 maxpacket: 64
[  736.380770][ T5952] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  736.580859][ T5952] usb 1-1: Invalid ep0 maxpacket: 64
[  736.587295][ T5952] usb usb1-port1: attempt power cycle
[  736.931452][ T5952] usb 1-1: new low-speed USB device number 39 using dummy_hcd
[  736.966694][T14374] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2510'.
[  736.978149][ T5952] usb 1-1: Invalid ep0 maxpacket: 64
[  737.046039][T12647] hid (null): report_id 24797 is invalid
[  737.114914][T12647] hid_parser_main: 2 callbacks suppressed
[  737.114937][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x1
[  737.133157][T14375] syzkaller1: entered promiscuous mode
[  737.133793][ T5952] usb 1-1: new low-speed USB device number 40 using dummy_hcd
[  737.138718][T14375] syzkaller1: entered allmulticast mode
[  737.165216][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.184750][ T5952] usb 1-1: Invalid ep0 maxpacket: 64
[  737.193551][ T5952] usb usb1-port1: unable to enumerate USB device
[  737.203253][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.231485][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.247181][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.288802][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.374150][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.387681][    T9] comedi comedi5: driver 'ni6501' has successfully auto-configured 'ni6501'.
[  737.401350][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.411767][    T9] usb 4-1: USB disconnect, device number 37
[  737.419031][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.436406][T12647] hid-generic 0002:0004:0009.000C: unknown main item tag 0x0
[  737.447469][T12647] hid-generic 0002:0004:0009.000C: report_id 24797 is invalid
[  737.456334][T12647] hid-generic 0002:0004:0009.000C: item 0 2 1 8 parsing failed
[  737.465257][T12647] hid-generic 0002:0004:0009.000C: probe with driver hid-generic failed with error -22
[  737.910383][T14380] fuse: Unknown parameter 'f-ǻY�|�"Ԙ^-�Gd��� R��"'
[  738.063419][T14391] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2515'.
[  738.462955][ T5952] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  738.755705][T14401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2518'.
[  738.772164][ T5952] usb 2-1: config 0 interface 0 altsetting 14 endpoint 0x81 has invalid wMaxPacketSize 0
[  738.790811][ T5952] usb 2-1: config 0 interface 0 has no altsetting 0
[  738.808297][ T5952] usb 2-1: New USB device found, idVendor=1532, idProduct=011d, bcdDevice= 0.00
[  738.832646][ T5952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.863677][ T5952] usb 2-1: config 0 descriptor??
[  739.286565][T14405] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2519'.
[  739.292028][ T5952] usbhid 2-1:0.0: can't add hid device: -71
[  739.312136][ T5952] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  739.327910][T14405] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2519'.
[  739.360585][ T5952] usb 2-1: USB disconnect, device number 36
[  739.394494][T14406] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2519'.
[  739.433656][T14406] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2519'.
[  739.601727][T14410] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2520'.
[  739.977443][T14416] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2522'.
[  739.997269][T14419] loop2: detected capacity change from 0 to 7
[  740.011428][T14419] Dev loop2: unable to read RDB block 7
[  740.041991][T14419]  loop2: unable to read partition table
[  740.094313][T14419] loop2: partition table beyond EOD, truncated
[  740.126106][T14419] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  740.202965][T14421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2525'.
[  740.289649][    T9] hid (null): report_id 24797 is invalid
[  740.341096][    T9] hid-generic 0002:0004:0009.000D: report_id 24797 is invalid
[  740.406836][T14424] syzkaller1: entered promiscuous mode
[  740.427903][    T9] hid-generic 0002:0004:0009.000D: item 0 2 1 8 parsing failed
[  740.449712][T14428] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  740.469167][T14424] syzkaller1: entered allmulticast mode
[  740.486760][    T9] hid-generic 0002:0004:0009.000D: probe with driver hid-generic failed with error -22
[  741.079961][T14434] delete_channel: no stack
[  741.210921][   T24] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[  741.357811][T14441] loop0: detected capacity change from 0 to 7
[  741.396292][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  741.437192][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.483282][   T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  741.494068][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.532025][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.543291][   T24] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  741.552981][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.561096][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  741.569738][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.578353][   T24] usb 3-1: Product: syz
[  741.665142][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.673406][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.684707][   T24] usb 3-1: Manufacturer: syz
[  741.689576][T14441] ldm_validate_partition_table(): Disk read failed.
[  741.697164][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.705936][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.714090][T14441] Buffer I/O error on dev loop0, logical block 0, async page read
[  741.722202][T14441] Dev loop0: unable to read RDB block 0
[  741.728087][T14441]  loop0: unable to read partition table
[  741.734231][T14441] loop0: partition table beyond EOD, truncated
[  741.740536][T14441] loop_reread_partitions: partition scan of loop0 (�被x������ڬ��dG�����ݡ�����
[  741.740536][T14441] 
) failed (rc=-5)
[  741.765980][   T24] usb 3-1: SerialNumber: syz
[  741.797520][   T24] usb 3-1: config 0 descriptor??
[  742.078220][    T9] usb 3-1: USB disconnect, device number 30
[  742.670139][T14459] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2535'.
[  742.998023][T14467] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2536'.
[  743.490208][   T24] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  743.700836][   T24] usb 1-1: Using ep0 maxpacket: 16
[  743.719672][   T24] usb 1-1: config 0 has no interfaces?
[  743.846468][   T24] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  743.934402][   T24] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  743.961138][   T24] usb 1-1: Manufacturer: syz
[  743.992581][   T24] usb 1-1: config 0 descriptor??
[  744.290916][T12647] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  744.395833][T14486] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2537'.
[  744.450795][T12647] usb 5-1: Using ep0 maxpacket: 16
[  744.513984][T12647] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  744.563962][T14488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  744.577539][T14488] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  744.594120][T12647] usb 5-1: config 0 interface 0 has no altsetting 0
[  744.636247][T12647] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d
[  744.650899][T12647] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.678981][   T24] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  744.690437][T12647] usb 5-1: Product: syz
[  744.722669][T12647] usb 5-1: Manufacturer: syz
[  744.742800][T12647] usb 5-1: SerialNumber: syz
[  744.791965][T12647] usb 5-1: config 0 descriptor??
[  744.812940][T12647] hub 5-1:0.0: bad descriptor, ignoring hub
[  744.823916][T12647] hub 5-1:0.0: probe with driver hub failed with error -5
[  745.302551][T12647] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  745.329356][ T3563] usb 5-1: Failed to submit usb control message: -71
[  745.373308][   T24] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  745.444626][ T3563] usb 5-1: unable to send the bmi data to the device: -71
[  745.460928][ T3563] usb 5-1: unable to get target info from device
[  745.470551][ T3563] usb 5-1: could not get target info (-71)
[  745.493358][ T3563] usb 5-1: could not probe fw (-71)
[  745.531546][T14471] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  745.558740][   T24] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  745.586102][   T24] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  745.612647][   T24] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  745.643227][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  745.827707][   T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  745.852586][   T24] usb 2-1: invalid MIDI out EP 0
[  746.045513][T14481] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  746.178863][   T24] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  746.343910][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  746.906897][T14474] delete_channel: no stack
[  747.059398][ T5920] usb 5-1: USB disconnect, device number 34
[  747.540216][    T9] usb 1-1: USB disconnect, device number 41
[  747.835964][T14514] FAULT_INJECTION: forcing a failure.
[  747.835964][T14514] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.849380][T14514] CPU: 0 UID: 0 PID: 14514 Comm: syz.0.2547 Not tainted syzkaller #0 PREEMPT(full) 
[  747.849408][T14514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  747.849421][T14514] Call Trace:
[  747.849430][T14514]  <TASK>
[  747.849439][T14514]  dump_stack_lvl+0x189/0x250
[  747.849473][T14514]  ? __pfx____ratelimit+0x10/0x10
[  747.849501][T14514]  ? __pfx_dump_stack_lvl+0x10/0x10
[  747.849530][T14514]  ? __pfx__printk+0x10/0x10
[  747.849564][T14514]  should_fail_ex+0x414/0x560
[  747.849603][T14514]  _copy_to_user+0x31/0xb0
[  747.849633][T14514]  simple_read_from_buffer+0xe1/0x170
[  747.849670][T14514]  proc_fail_nth_read+0x1b3/0x220
[  747.849701][T14514]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  747.849731][T14514]  ? rw_verify_area+0x2a6/0x4d0
[  747.849759][T14514]  ? __lock_acquire+0xab9/0xd20
[  747.849777][T14514]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  747.849805][T14514]  vfs_read+0x200/0xa30
[  747.849832][T14514]  ? fdget_pos+0x247/0x320
[  747.849856][T14514]  ? __pfx___mutex_lock+0x10/0x10
[  747.849887][T14514]  ? __pfx_vfs_read+0x10/0x10
[  747.849917][T14514]  ? __fget_files+0x2a/0x420
[  747.849941][T14514]  ? __fget_files+0x3a0/0x420
[  747.849959][T14514]  ? __fget_files+0x2a/0x420
[  747.849989][T14514]  ksys_read+0x145/0x250
[  747.850016][T14514]  ? exc_page_fault+0x82/0x100
[  747.850045][T14514]  ? __pfx_ksys_read+0x10/0x10
[  747.850077][T14514]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  747.850109][T14514]  ? lockdep_hardirqs_on+0x9c/0x150
[  747.850142][T14514]  __do_fast_syscall_32+0xb6/0x2b0
[  747.850175][T14514]  ? lockdep_hardirqs_on+0x9c/0x150
[  747.850208][T14514]  do_fast_syscall_32+0x34/0x80
[  747.850239][T14514]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  747.850272][T14514] RIP: 0023:0xf7f11539
[  747.850290][T14514] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  747.850308][T14514] RSP: 002b:00000000f5406590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  747.850330][T14514] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5406620
[  747.850344][T14514] RDX: 000000000000000f RSI: 00000000f73a6ff4 RDI: 0000000000000000
[  747.850356][T14514] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  747.850368][T14514] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  747.850380][T14514] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  747.850412][T14514]  </TASK>
[  748.356392][T12647] usb 2-1: USB disconnect, device number 37
[  748.432873][T14518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2549'.
[  748.682951][T14303] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11
[  748.802796][T14533] QAT: failed to copy from user.
[  750.770966][T12647] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  751.081011][T12647] usb 1-1: Using ep0 maxpacket: 16
[  751.091816][T12647] usb 1-1: config 0 has no interfaces?
[  751.142347][T12647] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  751.176089][T12647] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  751.226902][T12647] usb 1-1: Manufacturer: syz
[  751.268996][T12647] usb 1-1: config 0 descriptor??
[  751.612348][T14575] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2557'.
[  751.680942][T14553] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  751.790854][T14575] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  751.810159][T14575] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  752.183418][T12647] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  752.419513][T12647] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  752.441251][T12647] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  752.471323][T12647] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  752.499556][T12647] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  752.523693][T12647] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  752.550877][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  752.557646][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  752.583960][T12647] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  752.616946][T12647] usb 2-1: invalid MIDI out EP 0
[  752.712682][ T5830] udevd[5830]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  752.732813][T12647] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  752.825309][T14585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2564'.
[  752.840578][T14303] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11
[  752.850312][T14574] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  753.096679][T14589] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2565'.
[  753.294328][T12647] usb 1-1: USB disconnect, device number 42
[  753.358332][T14593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2567'.
[  753.371279][T14593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2567'.
[  753.383560][T14593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2567'.
[  753.407117][T14593] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2567'.
[  755.387660][ T5920] usb 2-1: USB disconnect, device number 38
[  756.614828][T14643] loop7: detected capacity change from 0 to 7
[  756.624523][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.633761][    C1] buffer_io_error: 9 callbacks suppressed
[  756.633774][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.670809][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.680918][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.690736][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.700028][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.708830][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.718058][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.730812][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.751914][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.761256][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.810150][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.819370][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.840701][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.849891][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.862047][ T5842] ldm_validate_partition_table(): Disk read failed.
[  756.890711][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.899894][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.908041][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  756.917330][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.927609][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  756.940998][ T5842] Dev loop7: unable to read RDB block 0
[  757.000849][ T5842]  loop7: unable to read partition table
[  757.007001][ T5842] loop7: partition table beyond EOD, truncated
[  757.062574][T14643] ldm_validate_partition_table(): Disk read failed.
[  757.097754][T14643] Dev loop7: unable to read RDB block 0
[  757.121992][T14643]  loop7: unable to read partition table
[  757.132597][T14643] loop7: partition table beyond EOD, truncated
[  757.150380][T14643] loop_reread_partitions: partition scan of loop7 (����ى���C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  757.491446][T14650] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2579'.
[  757.593483][T14652] netlink: 'syz.4.2580': attribute type 11 has an invalid length.
[  758.037935][T14659] random: crng reseeded on system resumption
[  759.526116][   T24] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  760.310779][   T24] usb 3-1: Using ep0 maxpacket: 32
[  760.317479][   T24] usb 3-1: too many configurations: 130, using maximum allowed: 8
[  760.394128][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[  760.404277][   T24] usb 3-1: can't read configurations, error -61
[  760.689099][   T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  760.890776][ T5920] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  760.890809][   T24] usb 3-1: Using ep0 maxpacket: 32
[  761.124245][   T24] usb 3-1: too many configurations: 130, using maximum allowed: 8
[  761.149901][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[  761.168059][   T24] usb 3-1: can't read configurations, error -61
[  761.184709][   T24] usb usb3-port1: attempt power cycle
[  761.359575][ T5920] usb 2-1: device descriptor read/64, error -71
[  761.530749][   T24] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  761.562903][   T24] usb 3-1: Using ep0 maxpacket: 32
[  761.568631][   T24] usb 3-1: too many configurations: 130, using maximum allowed: 8
[  761.592386][   T24] usb 3-1: unable to read config index 0 descriptor/start: -61
[  761.614090][   T24] usb 3-1: can't read configurations, error -61
[  761.620821][ T5920] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  761.770793][ T5920] usb 2-1: device descriptor read/64, error -71
[  761.787211][   T24] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  761.994024][   T24] usb 3-1: device descriptor read/8, error -71
[  762.101326][   T24] usb usb3-port1: unable to enumerate USB device
[  762.151087][ T5920] usb usb2-port1: attempt power cycle
[  762.510955][ T5920] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  762.541459][ T5920] usb 2-1: device descriptor read/8, error -71
[  762.573504][T14724] kvm: pic: non byte write
[  762.592088][T14724] kvm: pic: non byte write
[  762.604085][T14724] kvm: pic: non byte write
[  762.751484][T14724] kvm: pic: non byte write
[  762.761867][T14724] kvm: pic: non byte write
[  762.780192][T14724] kvm: pic: non byte write
[  762.808543][T14724] kvm: pic: non byte write
[  762.822274][T14724] kvm: pic: non byte write
[  762.833197][T14724] kvm: pic: non byte write
[  762.843928][T14724] kvm: pic: non byte write
[  762.860868][ T5920] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  762.886112][ T5920] usb 2-1: device descriptor read/8, error -71
[  763.022794][ T5920] usb usb2-port1: unable to enumerate USB device
[  763.046256][ T5824] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  763.110794][   T24] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  763.250856][ T5824] usb 1-1: Using ep0 maxpacket: 8
[  763.266981][ T5824] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  763.300818][ T5824] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.330831][   T24] usb 4-1: Using ep0 maxpacket: 32
[  763.336860][   T24] usb 4-1: too many configurations: 17, using maximum allowed: 8
[  763.355286][ T5824] usb 1-1: Product: syz
[  763.359519][ T5824] usb 1-1: Manufacturer: syz
[  763.374156][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.399690][ T5824] usb 1-1: SerialNumber: syz
[  763.407672][   T24] usb 4-1: config 0 has no interface number 0
[  763.428807][ T5824] usb 1-1: config 0 descriptor??
[  763.443180][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.491234][ T5824] gspca_main: se401-2.14.0 probing 047d:5003
[  763.497523][   T24] usb 4-1: config 0 has no interface number 0
[  763.532256][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.551090][   T24] usb 4-1: config 0 has no interface number 0
[  763.589746][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.628559][   T24] usb 4-1: config 0 has no interface number 0
[  763.674322][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.721098][   T24] usb 4-1: config 0 has no interface number 0
[  763.773910][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.795634][   T24] usb 4-1: config 0 has no interface number 0
[  763.822067][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.823573][T14737] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  763.836735][T14737] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  763.849982][   T24] usb 4-1: config 0 has no interface number 0
[  763.878530][   T24] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  763.896195][ T5824] gspca_se401: ExtraFeatures: 255
[  763.915920][ T5824] gspca_se401: Too many frame sizes
[  763.926035][   T24] usb 4-1: config 0 has no interface number 0
[  763.936081][T14737] vhci_hcd vhci_hcd.0: Device attached
[  763.965969][   T24] usb 4-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  763.983722][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.007164][   T24] usb 4-1: Product: syz
[  764.017876][   T24] usb 4-1: Manufacturer: syz
[  764.027394][   T24] usb 4-1: SerialNumber: syz
[  764.038179][   T24] usb 4-1: config 0 descriptor??
[  764.045295][   T24] etas_es58x 4-1:0.2: Starting syz syz (Serial Number syz)
[  764.111556][T14728] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2600'.
[  764.125140][T14744] delete_channel: no stack
[  764.150925][ T5952] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  764.155198][ T5920] usb 1-1: USB disconnect, device number 43
[  764.170925][    T9] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[  764.249725][   T24] etas_es58x 4-1:0.2: could not parse product info: '424242424242'
[  764.331095][ T5952] usb 2-1: Using ep0 maxpacket: 16
[  764.338227][ T5952] usb 2-1: config 0 has no interfaces?
[  764.344258][ T5952] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  764.365202][ T5952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.391524][ T5952] usb 2-1: config 0 descriptor??
[  764.630415][ T5920] usb 2-1: USB disconnect, device number 43
[  764.642737][T14738] vhci_hcd: connection closed
[  764.648172][   T37] vhci_hcd: stop threads
[  764.664609][   T37] vhci_hcd: release socket
[  764.677968][   T37] vhci_hcd: disconnect device
[  764.691388][    T9] vhci_hcd: vhci_device speed not set
[  764.699895][T14730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  764.716838][T14730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  764.731270][T14730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  764.745926][T14730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  764.784347][T12647] usb 4-1: USB disconnect, device number 38
[  764.836685][T12647] etas_es58x 4-1:0.2: Disconnecting syz syz
[  765.969561][T14786] xt_addrtype: both incoming and outgoing interface limitation cannot be selected
[  767.495104][T14303] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11
[  767.748135][T14807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2616'.
[  767.789495][T14807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2616'.
[  767.807851][T14807] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2616'.
[  767.913436][T14816] QAT: failed to copy from user.
[  768.007848][T14807] bridge_slave_1: left allmulticast mode
[  768.013847][T14807] bridge_slave_1: left promiscuous mode
[  768.019842][T14807] bridge0: port 2(bridge_slave_1) entered disabled state
[  768.036168][T14807] 
: left allmulticast mode
[  768.060465][T14807] 
: left promiscuous mode
[  768.076839][T14807] bridge0: port 1(
) entered disabled state
[  768.703973][ T5921] IPVS: starting estimator thread 0...
[  768.830578][T14831] IPVS: using max 37 ests per chain, 88800 per kthread
[  769.728012][T14844] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2620'.
[  770.580809][T13318] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  770.588505][    T9] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  770.760853][    T9] usb 1-1: Using ep0 maxpacket: 16
[  770.769445][T13318] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  770.800738][    T9] usb 1-1: config 0 has no interfaces?
[  770.853909][    T9] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  770.873281][T13318] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  770.931479][    T9] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  770.941617][T13318] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.949837][    T9] usb 1-1: Manufacturer: syz
[  770.968657][T13318] usb 4-1: Product: syz
[  770.975152][T13318] usb 4-1: Manufacturer: syz
[  770.982053][    T9] usb 1-1: config 0 descriptor??
[  770.999188][T13318] usb 4-1: SerialNumber: syz
[  771.014876][T13318] usb 4-1: config 0 descriptor??
[  771.278832][T14861] ipvlan1: entered promiscuous mode
[  771.316170][    T9] usb 4-1: USB disconnect, device number 39
[  771.356693][T14872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  771.380268][T14872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  771.466631][T14859] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  772.168165][T14885] FAULT_INJECTION: forcing a failure.
[  772.168165][T14885] name failslab, interval 1, probability 0, space 0, times 0
[  772.209377][T14885] CPU: 1 UID: 0 PID: 14885 Comm: syz.1.2629 Not tainted syzkaller #0 PREEMPT(full) 
[  772.209410][T14885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  772.209421][T14885] Call Trace:
[  772.209427][T14885]  <TASK>
[  772.209434][T14885]  dump_stack_lvl+0x189/0x250
[  772.209459][T14885]  ? __pfx____ratelimit+0x10/0x10
[  772.209479][T14885]  ? __pfx_dump_stack_lvl+0x10/0x10
[  772.209499][T14885]  ? __pfx__printk+0x10/0x10
[  772.209535][T14885]  should_fail_ex+0x414/0x560
[  772.209573][T14885]  should_failslab+0xa8/0x100
[  772.209596][T14885]  __kmalloc_cache_noprof+0x6f/0x6f0
[  772.209626][T14885]  ? __sctp_v6_cmp_addr+0x1dc/0x510
[  772.209655][T14885]  ? sctp_v6_cmp_addr+0x15/0xd0
[  772.209682][T14885]  ? sctp_add_bind_addr+0x8c/0x370
[  772.209707][T14885]  ? sctp_add_bind_addr+0xb0/0x370
[  772.209736][T14885]  sctp_add_bind_addr+0x8c/0x370
[  772.209759][T14885]  sctp_copy_local_addr_list+0x30b/0x4e0
[  772.209782][T14885]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  772.209802][T14885]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  772.209823][T14885]  ? sctp_v6_is_any+0x64/0x80
[  772.209845][T14885]  ? sctp_copy_one_addr+0x93/0x360
[  772.209867][T14885]  sctp_bind_addr_copy+0xb3/0x3c0
[  772.209888][T14885]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  772.209908][T14885]  sctp_connect_new_asoc+0x2e0/0x690
[  772.209925][T14885]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  772.209939][T14885]  ? __local_bh_enable_ip+0x12d/0x1c0
[  772.209967][T14885]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  772.209985][T14885]  ? security_sctp_bind_connect+0x7e/0x2e0
[  772.210007][T14885]  sctp_sendmsg+0x155c/0x2810
[  772.210034][T14885]  ? __pfx_sctp_sendmsg+0x10/0x10
[  772.210050][T14885]  ? aa_sk_perm+0x81e/0x950
[  772.210075][T14885]  ? __pfx_aa_sk_perm+0x10/0x10
[  772.210101][T14885]  ? sock_rps_record_flow+0x19/0x410
[  772.210127][T14885]  ? inet_sendmsg+0x2f4/0x370
[  772.210143][T14885]  __sock_sendmsg+0x19c/0x270
[  772.210166][T14885]  ____sys_sendmsg+0x505/0x830
[  772.210186][T14885]  ? __pfx_____sys_sendmsg+0x10/0x10
[  772.210214][T14885]  ___sys_sendmsg+0x21f/0x2a0
[  772.210231][T14885]  ? __pfx____sys_sendmsg+0x10/0x10
[  772.210279][T14885]  ? __fget_files+0x2a/0x420
[  772.210292][T14885]  ? __fget_files+0x3a0/0x420
[  772.210314][T14885]  __sys_sendmsg+0x164/0x220
[  772.210331][T14885]  ? __pfx___sys_sendmsg+0x10/0x10
[  772.210353][T14885]  ? __pfx_ksys_write+0x10/0x10
[  772.210376][T14885]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  772.210400][T14885]  ? lockdep_hardirqs_on+0x9c/0x150
[  772.210423][T14885]  __do_fast_syscall_32+0xb6/0x2b0
[  772.210446][T14885]  ? lockdep_hardirqs_on+0x9c/0x150
[  772.210469][T14885]  do_fast_syscall_32+0x34/0x80
[  772.210491][T14885]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  772.210510][T14885] RIP: 0023:0xf7fb2539
[  772.210523][T14885] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  772.210536][T14885] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  772.210552][T14885] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002dc0
[  772.210562][T14885] RDX: 00000000000000c9 RSI: 0000000000000000 RDI: 0000000000000000
[  772.210570][T14885] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  772.210578][T14885] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  772.210587][T14885] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  772.210609][T14885]  </TASK>
[  773.021956][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  773.021976][   T30] audit: type=1326 audit(1762595245.123:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.119791][   T30] audit: type=1326 audit(1762595245.133:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.207507][   T30] audit: type=1326 audit(1762595245.153:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.249184][   T30] audit: type=1326 audit(1762595245.153:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.274867][   T30] audit: type=1326 audit(1762595245.153:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.297664][   T30] audit: type=1326 audit(1762595245.183:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=239 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.320585][   T30] audit: type=1326 audit(1762595245.183:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.343336][   T30] audit: type=1326 audit(1762595245.183:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.377479][   T30] audit: type=1326 audit(1762595245.183:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.400328][   T30] audit: type=1326 audit(1762595245.183:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.2.2632" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffd539 code=0x7ffc0000
[  773.450773][T13318] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  773.600736][T13318] usb 2-1: Using ep0 maxpacket: 16
[  773.607704][T13318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  773.661158][T13318] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  773.683665][T13318] usb 2-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  773.703660][T13318] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.735061][T13318] usb 2-1: config 0 descriptor??
[  773.870880][ T5952] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  773.968801][ T5921] usb 1-1: USB disconnect, device number 44
[  774.002439][ T5952] usb 4-1: device descriptor read/64, error -71
[  774.182477][T13318] kye 0003:0458:5016.000E: control desc unexpectedly large
[  774.258369][T13318] input: HID 0458:5016 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5016.000E/input/input15
[  774.320977][ T5952] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  774.401353][T13318] input: HID 0458:5016 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0458:5016.000E/input/input16
[  774.486920][T14912] FAULT_INJECTION: forcing a failure.
[  774.486920][T14912] name failslab, interval 1, probability 0, space 0, times 0
[  774.491431][ T5952] usb 4-1: device descriptor read/64, error -71
[  774.502438][T14912] CPU: 0 UID: 0 PID: 14912 Comm: syz.0.2639 Not tainted syzkaller #0 PREEMPT(full) 
[  774.502471][T14912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  774.502486][T14912] Call Trace:
[  774.502496][T14912]  <TASK>
[  774.502507][T14912]  dump_stack_lvl+0x189/0x250
[  774.502548][T14912]  ? __pfx____ratelimit+0x10/0x10
[  774.502581][T14912]  ? __pfx_dump_stack_lvl+0x10/0x10
[  774.502613][T14912]  ? __pfx__printk+0x10/0x10
[  774.502654][T14912]  should_fail_ex+0x414/0x560
[  774.502696][T14912]  should_failslab+0xa8/0x100
[  774.502722][T14912]  __kmalloc_cache_noprof+0x6f/0x6f0
[  774.502754][T14912]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  774.502787][T14912]  ? sctp_add_bind_addr+0x8c/0x370
[  774.502833][T14912]  sctp_add_bind_addr+0x8c/0x370
[  774.502871][T14912]  sctp_copy_local_addr_list+0x30b/0x4e0
[  774.502908][T14912]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  774.502939][T14912]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  774.502973][T14912]  ? sctp_v6_is_any+0x64/0x80
[  774.503008][T14912]  ? sctp_copy_one_addr+0x93/0x360
[  774.503042][T14912]  sctp_bind_addr_copy+0xb3/0x3c0
[  774.503073][T14912]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  774.503107][T14912]  sctp_connect_new_asoc+0x2e0/0x690
[  774.503135][T14912]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  774.503160][T14912]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  774.503182][T14912]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  774.503204][T14912]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  774.503227][T14912]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  774.503253][T14912]  ? security_sctp_bind_connect+0x7e/0x2e0
[  774.503285][T14912]  sctp_sendmsg+0x155c/0x2810
[  774.503321][T14912]  ? __pfx_sctp_sendmsg+0x10/0x10
[  774.503348][T14912]  ? aa_sk_perm+0x81e/0x950
[  774.503386][T14912]  ? __pfx_aa_sk_perm+0x10/0x10
[  774.503421][T14912]  ? sock_rps_record_flow+0x19/0x410
[  774.503460][T14912]  ? inet_sendmsg+0x2f4/0x370
[  774.503479][T14912]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  774.503506][T14912]  __sock_sendmsg+0x19c/0x270
[  774.503543][T14912]  __sys_sendto+0x3bd/0x520
[  774.503568][T14912]  ? __pfx___sys_sendto+0x10/0x10
[  774.503587][T14912]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  774.503639][T14912]  ? __fget_files+0x3a0/0x420
[  774.503674][T14912]  ? ksys_write+0x22a/0x250
[  774.503706][T14912]  ? exc_page_fault+0x82/0x100
[  774.503739][T14912]  ? __pfx_ksys_write+0x10/0x10
[  774.503777][T14912]  __ia32_sys_sendto+0xdd/0x100
[  774.503809][T14912]  __do_fast_syscall_32+0xb6/0x2b0
[  774.503846][T14912]  ? lockdep_hardirqs_on+0x9c/0x150
[  774.503885][T14912]  do_fast_syscall_32+0x34/0x80
[  774.503920][T14912]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  774.503950][T14912] RIP: 0023:0xf7f11539
[  774.503972][T14912] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  774.503992][T14912] RSP: 002b:00000000f540655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171
[  774.504017][T14912] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[  774.504031][T14912] RDX: 0000000000000001 RSI: 00000000afa51cdd RDI: 0000000080000100
[  774.504047][T14912] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  774.504060][T14912] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  774.504073][T14912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  774.504109][T14912]  </TASK>
[  774.604370][T13318] kye 0003:0458:5016.000E: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.1-1/input0
[  775.161386][ T5952] usb usb4-port1: attempt power cycle
[  775.524907][ T5952] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  775.613254][    C1] kye 0003:0458:5016.000E: usb_submit_urb(ctrl) failed: -1
[  775.623617][ T5952] usb 4-1: device descriptor read/8, error -71
[  775.806866][    T9] usb 2-1: reset high-speed USB device number 44 using dummy_hcd
[  775.861688][ T5952] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  775.891878][ T5952] usb 4-1: device descriptor read/8, error -71
[  776.057587][ T5952] usb usb4-port1: unable to enumerate USB device
[  776.671273][T13318] usb 2-1: USB disconnect, device number 44
[  776.898008][T14937] FAULT_INJECTION: forcing a failure.
[  776.898008][T14937] name failslab, interval 1, probability 0, space 0, times 0
[  777.040811][T14937] CPU: 0 UID: 0 PID: 14937 Comm: syz.1.2645 Not tainted syzkaller #0 PREEMPT(full) 
[  777.040833][T14937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  777.040844][T14937] Call Trace:
[  777.040850][T14937]  <TASK>
[  777.040857][T14937]  dump_stack_lvl+0x189/0x250
[  777.040882][T14937]  ? __pfx____ratelimit+0x10/0x10
[  777.040903][T14937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.040923][T14937]  ? __pfx__printk+0x10/0x10
[  777.040941][T14937]  ? __lock_acquire+0xab9/0xd20
[  777.040961][T14937]  should_fail_ex+0x414/0x560
[  777.040987][T14937]  should_failslab+0xa8/0x100
[  777.041003][T14937]  kmem_cache_alloc_noprof+0x74/0x6e0
[  777.041024][T14937]  ? skb_clone+0x212/0x3a0
[  777.041044][T14937]  skb_clone+0x212/0x3a0
[  777.041063][T14937]  __netlink_deliver_tap+0x404/0x850
[  777.041087][T14937]  ? netlink_deliver_tap+0x2e/0x1b0
[  777.041101][T14937]  netlink_deliver_tap+0x19c/0x1b0
[  777.041116][T14937]  netlink_unicast+0x7fa/0x9e0
[  777.041144][T14937]  ? __pfx_netlink_unicast+0x10/0x10
[  777.041166][T14937]  ? netlink_sendmsg+0x642/0xb30
[  777.041178][T14937]  ? skb_put+0x11b/0x210
[  777.041194][T14937]  netlink_sendmsg+0x805/0xb30
[  777.041215][T14937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  777.041231][T14937]  ? __import_iovec+0x5d4/0x7f0
[  777.041248][T14937]  ? aa_sock_msg_perm+0xf1/0x1d0
[  777.041271][T14937]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  777.041285][T14937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  777.041300][T14937]  __sock_sendmsg+0x21c/0x270
[  777.041322][T14937]  ____sys_sendmsg+0x505/0x830
[  777.041342][T14937]  ? __pfx_____sys_sendmsg+0x10/0x10
[  777.041370][T14937]  ___sys_sendmsg+0x21f/0x2a0
[  777.041388][T14937]  ? __pfx____sys_sendmsg+0x10/0x10
[  777.041430][T14937]  ? __fget_files+0x2a/0x420
[  777.041442][T14937]  ? __fget_files+0x3a0/0x420
[  777.041464][T14937]  __sys_sendmsg+0x164/0x220
[  777.041480][T14937]  ? __pfx___sys_sendmsg+0x10/0x10
[  777.041502][T14937]  ? __pfx_ksys_write+0x10/0x10
[  777.041525][T14937]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  777.041549][T14937]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.041571][T14937]  __do_fast_syscall_32+0xb6/0x2b0
[  777.041601][T14937]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.041625][T14937]  do_fast_syscall_32+0x34/0x80
[  777.041647][T14937]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  777.041668][T14937] RIP: 0023:0xf7fb2539
[  777.041680][T14937] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  777.041692][T14937] RSP: 002b:00000000f54a655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  777.041707][T14937] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  777.041718][T14937] RDX: 0000000000000090 RSI: 0000000000000000 RDI: 0000000000000000
[  777.041726][T14937] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  777.041735][T14937] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  777.041743][T14937] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  777.041765][T14937]  </TASK>
[  777.575429][T14947] FAULT_INJECTION: forcing a failure.
[  777.575429][T14947] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  777.605245][T14947] CPU: 0 UID: 0 PID: 14947 Comm: syz.3.2646 Not tainted syzkaller #0 PREEMPT(full) 
[  777.605267][T14947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  777.605277][T14947] Call Trace:
[  777.605283][T14947]  <TASK>
[  777.605290][T14947]  dump_stack_lvl+0x189/0x250
[  777.605314][T14947]  ? __pfx____ratelimit+0x10/0x10
[  777.605335][T14947]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.605355][T14947]  ? __pfx__printk+0x10/0x10
[  777.605370][T14947]  ? __might_fault+0xb0/0x130
[  777.605399][T14947]  should_fail_ex+0x414/0x560
[  777.605425][T14947]  _copy_from_user+0x2d/0xb0
[  777.605445][T14947]  get_compat_msghdr+0xad/0x4a0
[  777.605465][T14947]  ? __pfx_get_compat_msghdr+0x10/0x10
[  777.605482][T14947]  ? ___sys_recvmsg+0x1c4/0x510
[  777.605497][T14947]  ? kfree+0x4d/0x6d0
[  777.605520][T14947]  ___sys_recvmsg+0x17f/0x510
[  777.605540][T14947]  ? __pfx____sys_recvmsg+0x10/0x10
[  777.605574][T14947]  ? __fget_files+0x3a0/0x420
[  777.605595][T14947]  do_recvmmsg+0x36a/0x770
[  777.605617][T14947]  ? __pfx_do_recvmmsg+0x10/0x10
[  777.605634][T14947]  ? ksys_write+0x1cb/0x250
[  777.605667][T14947]  ? __fget_files+0x3a0/0x420
[  777.605686][T14947]  __sys_recvmmsg+0x19d/0x280
[  777.605704][T14947]  ? __pfx___sys_recvmmsg+0x10/0x10
[  777.605720][T14947]  ? __pfx_ksys_write+0x10/0x10
[  777.605750][T14947]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[  777.605769][T14947]  __do_fast_syscall_32+0xb6/0x2b0
[  777.605793][T14947]  ? lockdep_hardirqs_on+0x9c/0x150
[  777.605817][T14947]  do_fast_syscall_32+0x34/0x80
[  777.605839][T14947]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  777.605856][T14947] RIP: 0023:0xf7f61539
[  777.605870][T14947] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  777.605882][T14947] RSP: 002b:00000000f543555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  777.605898][T14947] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080002440
[  777.605909][T14947] RDX: 00000000ffffff67 RSI: 0000000000000000 RDI: 0000000000000000
[  777.605917][T14947] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  777.605925][T14947] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  777.605934][T14947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  777.605955][T14947]  </TASK>
[  777.773238][T14949] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2647'.
[  778.353556][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  778.353603][   T30] audit: type=1326 audit(1762595250.473:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14953 comm="syz.4.2650" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702d539 code=0x0
[  778.423074][T13318] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  778.589360][T14966] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2651'.
[  778.653024][T13318] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  778.666204][T13318] usb 1-1: config 0 has no interface number 0
[  778.755732][T13318] usb 1-1: too many endpoints for config 0 interface 214 altsetting 243: 45, using maximum allowed: 30
[  778.822690][T13318] usb 1-1: config 0 interface 214 altsetting 243 has 0 endpoint descriptors, different from the interface descriptor's value: 45
[  778.885038][T13318] usb 1-1: config 0 interface 214 has no altsetting 0
[  778.923045][T13318] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  778.936797][T13318] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.951907][   T24] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  778.969802][T13318] usb 1-1: config 0 descriptor??
[  779.140813][   T24] usb 4-1: Using ep0 maxpacket: 16
[  779.149037][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  779.208495][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  779.238257][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[  779.273194][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.317574][   T24] usb 4-1: config 0 descriptor??
[  779.419896][T14950] delete_channel: no stack
[  779.429959][    T9] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  779.463306][T13318] usb 1-1: string descriptor 0 read error: -71
[  779.478659][T13318] gspca_main: sunplus-2.14.0 probing 055f:c420
[  779.491079][T13318] gspca_sunplus: reg_w_riv err -71
[  779.496886][T13318] sunplus 1-1:0.214: probe with driver sunplus failed with error -71
[  779.509147][T13318] usb 1-1: USB disconnect, device number 45
[  779.629610][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  779.656337][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  779.673369][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  779.707612][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  779.751681][    T9] usb 3-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  779.764818][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  779.777287][    T9] usb 3-1: Product: syz
[  779.783890][    T9] usb 3-1: Manufacturer: syz
[  779.794042][    T9] usb 3-1: SerialNumber: syz
[  779.815746][    T9] usb 3-1: config 0 descriptor??
[  779.839444][    T9] adutux 3-1:0.0: interrupt endpoints not found
[  779.979693][   T24] hid_parser_main: 12 callbacks suppressed
[  779.979714][   T24] apple 0003:05AC:024B.000F: unknown main item tag 0x7
[  780.023562][   T24] apple 0003:05AC:024B.000F: unbalanced collection at end of report description
[  780.050086][   T24] apple 0003:05AC:024B.000F: parse failed
[  780.100895][   T24] apple 0003:05AC:024B.000F: probe with driver apple failed with error -22
[  780.196586][ T5824] usb 4-1: USB disconnect, device number 44
[  780.642184][    T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  780.802690][    T9] usb 5-1: Using ep0 maxpacket: 16
[  780.817000][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  780.826373][    T9] usb 5-1: config 13 has an invalid interface number: 50 but max is 0
[  780.839304][    T9] usb 5-1: config 13 has no interface number 0
[  780.846122][    T9] usb 5-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16
[  780.856729][    T9] usb 5-1: config 13 interface 50 has no altsetting 0
[  780.867231][    T9] usb 5-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  780.876909][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  780.885264][    T9] usb 5-1: Product: syz
[  780.889672][    T9] usb 5-1: Manufacturer: syz
[  780.894698][    T9] usb 5-1: SerialNumber: syz
[  780.902836][T14987] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  781.267355][T14996] tipc: Started in network mode
[  781.284158][T14996] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711
[  781.309742][T14996] tipc: Enabled bearer <udp:syz1>, priority 10
[  781.590801][ T5824] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  781.672288][T14987] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2656'.
[  781.794871][ T5824] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  781.808713][ T5824] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  781.819714][ T5824] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  781.848153][T14987] netlink: 832 bytes leftover after parsing attributes in process `syz.4.2656'.
[  781.923176][ T5824] usb 4-1: config 0 descriptor??
[  781.929403][T14993] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  782.058591][T13318] usb 3-1: USB disconnect, device number 35
[  782.159812][T14993] bridge0: port 1(bridge_slave_0) entered disabled state
[  782.440902][T13318] tipc: Node number set to 4269801494
[  782.528360][ T5824] elan 0003:04F3:0755.0010: unknown main item tag 0x0
[  782.628251][ T5824] elan 0003:04F3:0755.0010: item fetching failed at offset 3/5
[  782.671479][ T5824] elan 0003:04F3:0755.0010: Hid Parse failed
[  782.735521][ T5824] elan 0003:04F3:0755.0010: probe with driver elan failed with error -22
[  782.827050][ T5824] usb 4-1: USB disconnect, device number 45
[  783.020813][ T5921] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  783.190823][ T5921] usb 1-1: Using ep0 maxpacket: 32
[  783.214650][ T5921] usb 1-1: config 2 has an invalid interface number: 88 but max is 0
[  783.228690][ T5921] usb 1-1: config 2 has no interface number 0
[  783.244174][ T5921] usb 1-1: config 2 interface 88 has no altsetting 0
[  783.259566][ T5921] usb 1-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  783.271173][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.279341][ T5921] usb 1-1: Product: syz
[  783.284305][ T5921] usb 1-1: Manufacturer: syz
[  783.289046][ T5921] usb 1-1: SerialNumber: syz
[  783.789140][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  783.839528][    T9] usb 5-1: MIDIStreaming interface descriptor not found
[  783.970365][ T5921] asix 1-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  783.991854][ T5921] asix 1-1:2.88: probe with driver asix failed with error -71
[  784.010074][ T5921] usb 1-1: USB disconnect, device number 46
[  784.175086][    T9] usb 5-1: USB disconnect, device number 35
[  784.407060][T14303] Bluetooth: hci4: unexpected event 0x03 length: 1 < 11
[  785.450774][ T5920] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  785.601162][ T5920] usb 5-1: Using ep0 maxpacket: 16
[  785.644130][ T5920] usb 5-1: config 0 has no interfaces?
[  785.691172][ T5920] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  785.700401][ T5920] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  785.735349][ T5920] usb 5-1: Manufacturer: syz
[  785.852766][ T5920] usb 5-1: config 0 descriptor??
[  786.284389][T15060] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  786.361565][T15068] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  786.405248][T15068] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  787.047243][   T30] audit: type=1326 audit(1762595259.173:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.094868][T15075] random: crng reseeded on system resumption
[  787.104810][   T30] audit: type=1326 audit(1762595259.193:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.247897][   T30] audit: type=1326 audit(1762595259.203:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.274842][   T30] audit: type=1326 audit(1762595259.203:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.297612][   T30] audit: type=1326 audit(1762595259.203:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.327139][   T30] audit: type=1326 audit(1762595259.203:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=45 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.353209][   T30] audit: type=1326 audit(1762595259.203:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.380895][   T30] audit: type=1326 audit(1762595259.203:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.411784][   T30] audit: type=1326 audit(1762595259.203:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.442009][   T30] audit: type=1326 audit(1762595259.203:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.1.2675" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000
[  787.983995][ T5921] usb 5-1: USB disconnect, device number 36
[  788.061107][ T5920] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  788.169246][T15097] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  788.220926][ T5920] usb 1-1: device descriptor read/64, error -71
[  788.251246][T15100] syzkaller0: entered promiscuous mode
[  788.257573][T15100] syzkaller0: entered allmulticast mode
[  788.436870][T15103] vcan0: tx drop: invalid da for name 0x0000002000000000
[  788.449643][T15097] tipc: Resetting bearer <eth:syzkaller0>
[  788.470837][ T5920] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  788.556410][T15094] tipc: Resetting bearer <eth:syzkaller0>
[  788.598792][T15094] tipc: Disabling bearer <eth:syzkaller0>
[  788.623614][ T5920] usb 1-1: device descriptor read/64, error -71
[  788.733950][ T5920] usb usb1-port1: attempt power cycle
[  789.144732][ T5920] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  789.208628][ T5920] usb 1-1: device descriptor read/8, error -71
[  789.450742][ T5920] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  789.477471][ T5920] usb 1-1: device descriptor read/8, error -71
[  789.617552][ T5920] usb usb1-port1: unable to enumerate USB device
[  790.103946][T15121] bridge0: port 1(bridge_slave_0) entered blocking state
[  790.111325][T15121] bridge0: port 1(bridge_slave_0) entered forwarding state
[  791.902999][T15145] FAULT_INJECTION: forcing a failure.
[  791.902999][T15145] name failslab, interval 1, probability 0, space 0, times 0
[  791.940740][T15145] CPU: 0 UID: 0 PID: 15145 Comm: syz.2.2696 Not tainted syzkaller #0 PREEMPT(full) 
[  791.940770][T15145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  791.940783][T15145] Call Trace:
[  791.940791][T15145]  <TASK>
[  791.940800][T15145]  dump_stack_lvl+0x189/0x250
[  791.940831][T15145]  ? __pfx____ratelimit+0x10/0x10
[  791.940857][T15145]  ? __pfx_dump_stack_lvl+0x10/0x10
[  791.940883][T15145]  ? __pfx__printk+0x10/0x10
[  791.940909][T15145]  ? __pfx___might_resched+0x10/0x10
[  791.940935][T15145]  should_fail_ex+0x414/0x560
[  791.940969][T15145]  should_failslab+0xa8/0x100
[  791.940991][T15145]  __kmalloc_noprof+0xcb/0x7f0
[  791.941017][T15145]  ? kfree+0x4d/0x6d0
[  791.941038][T15145]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  791.941075][T15145]  tomoyo_realpath_from_path+0xe3/0x5d0
[  791.941107][T15145]  ? tomoyo_domain+0xd9/0x130
[  791.941132][T15145]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  791.941158][T15145]  tomoyo_path_number_perm+0x1e8/0x5a0
[  791.941186][T15145]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  791.941238][T15145]  ? __lock_acquire+0xab9/0xd20
[  791.941279][T15145]  ? __fget_files+0x2a/0x420
[  791.941301][T15145]  ? __fget_files+0x3a0/0x420
[  791.941319][T15145]  ? __fget_files+0x2a/0x420
[  791.941342][T15145]  security_file_ioctl_compat+0xcb/0x2d0
[  791.941370][T15145]  __ia32_compat_sys_ioctl+0x128/0x840
[  791.941401][T15145]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  791.941428][T15145]  ? __fget_files+0x3a0/0x420
[  791.941454][T15145]  ? fput+0xa0/0xd0
[  791.941478][T15145]  ? ksys_write+0x22a/0x250
[  791.941505][T15145]  ? exc_page_fault+0x82/0x100
[  791.941535][T15145]  ? __pfx_ksys_write+0x10/0x10
[  791.941568][T15145]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[  791.941599][T15145]  ? lockdep_hardirqs_on+0x9c/0x150
[  791.941631][T15145]  __do_fast_syscall_32+0xb6/0x2b0
[  791.941663][T15145]  ? lockdep_hardirqs_on+0x9c/0x150
[  791.941695][T15145]  do_fast_syscall_32+0x34/0x80
[  791.941727][T15145]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  791.941750][T15145] RIP: 0023:0xf6ffd539
[  791.941767][T15145] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  791.941784][T15145] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  791.941806][T15145] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008947
[  791.941820][T15145] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  791.941832][T15145] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  791.941843][T15145] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  791.941855][T15145] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  791.941887][T15145]  </TASK>
[  791.941918][T15145] ERROR: Out of memory at tomoyo_realpath_from_path.
[  793.199169][T15170] QAT: failed to copy from user.
[  795.262985][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  795.263009][   T30] audit: type=1326 audit(1762595267.343:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15192 comm="syz.1.2707" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x0
[  795.472682][T15198] ------------[ cut here ]------------
[  795.478234][T15198] WARNING: CPU: 1 PID: 15198 at drivers/gpu/drm/drm_prime.c:223 drm_prime_destroy_file_private+0x4b/0x60
[  795.489605][T15198] Modules linked in:
[  795.493547][T15198] CPU: 1 UID: 0 PID: 15198 Comm: syz.1.2707 Not tainted syzkaller #0 PREEMPT(full) 
[  795.503199][T15198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  795.513337][T15198] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[  795.520044][T15198] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 3d 64 f2 fc 48 83 3b 00 75 0c e8 62 ae 8c fc 5b c3 cc cc cc cc cc e8 56 ae 8c fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[  795.539721][T15198] RSP: 0018:ffffc9000bcc7c40 EFLAGS: 00010283
[  795.545830][T15198] RAX: ffffffff8533583a RBX: ffff8880516d4410 RCX: 0000000000080000
[  795.553869][T15198] RDX: ffffc9000e432000 RSI: 0000000000000c57 RDI: 0000000000000c58
[  795.561964][T15198] RBP: ffff8880516d42c8 R08: ffffc9000bcc7bc7 R09: 1ffff92001798f78
[  795.569980][T15198] R10: dffffc0000000000 R11: fffff52001798f79 R12: dffffc0000000000
[  795.578080][T15198] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880516d42d8
[  795.586220][T15198] FS:  0000000000000000(0000) GS:ffff88812623b000(0063) knlGS:00000000f5485b40
[  795.595459][T15198] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  795.602093][T15198] CR2: 0000000080021018 CR3: 0000000077332000 CR4: 00000000003526f0
[  795.610083][T15198] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  795.618099][T15198] DR3: ffffffffefffff12 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  795.626126][T15198] Call Trace:
[  795.629428][T15198]  <TASK>
[  795.632403][T15198]  drm_file_free+0x7f2/0xa00
[  795.637027][T15198]  drm_release+0x2de/0x3f0
[  795.641536][T15198]  ? __pfx_drm_release+0x10/0x10
[  795.646493][T15198]  __fput+0x44c/0xa70
[  795.650498][T15198]  task_work_run+0x1d4/0x260
[  795.655160][T15198]  ? __pfx_task_work_run+0x10/0x10
[  795.660337][T15198]  ? exit_to_user_mode_loop+0x40/0x130
[  795.665937][T15198]  exit_to_user_mode_loop+0xe9/0x130
[  795.671310][T15198]  __do_fast_syscall_32+0x1f4/0x2b0
[  795.676582][T15198]  do_fast_syscall_32+0x34/0x80
[  795.681559][T15198]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  795.687916][T15198] RIP: 0023:0xf7fb2539
[  795.692047][T15198] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  795.711742][T15198] RSP: 002b:00000000f548555c EFLAGS: 00000206 ORIG_RAX: 00000000000001b4
[  795.720179][T15198] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffffff
[  795.728206][T15198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  795.736221][T15198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  795.744643][T15198] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  795.752809][T15198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  795.760883][T15198]  </TASK>
[  795.763928][T15198] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  795.771219][T15198] CPU: 1 UID: 0 PID: 15198 Comm: syz.1.2707 Not tainted syzkaller #0 PREEMPT(full) 
[  795.780613][T15198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  795.790725][T15198] Call Trace:
[  795.794032][T15198]  <TASK>
[  795.796999][T15198]  dump_stack_lvl+0x99/0x250
[  795.801639][T15198]  ? __asan_memcpy+0x40/0x70
[  795.806277][T15198]  ? __pfx_dump_stack_lvl+0x10/0x10
[  795.811508][T15198]  ? __pfx__printk+0x10/0x10
[  795.816131][T15198]  vpanic+0x237/0x6d0
[  795.820157][T15198]  ? __pfx_vpanic+0x10/0x10
[  795.824686][T15198]  panic+0xb9/0xc0
[  795.828423][T15198]  ? __pfx_panic+0x10/0x10
[  795.832871][T15198]  __warn+0x31b/0x4b0
[  795.836873][T15198]  ? drm_prime_destroy_file_private+0x4b/0x60
[  795.842959][T15198]  ? drm_prime_destroy_file_private+0x4b/0x60
[  795.849051][T15198]  report_bug+0x2be/0x4f0
[  795.853514][T15198]  ? drm_prime_destroy_file_private+0x4b/0x60
[  795.859635][T15198]  ? drm_prime_destroy_file_private+0x4b/0x60
[  795.865740][T15198]  ? drm_prime_destroy_file_private+0x4d/0x60
[  795.871852][T15198]  handle_bug+0x84/0x160
[  795.876139][T15198]  exc_invalid_op+0x1a/0x50
[  795.880665][T15198]  asm_exc_invalid_op+0x1a/0x20
[  795.885552][T15198] RIP: 0010:drm_prime_destroy_file_private+0x4b/0x60
[  795.892269][T15198] Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 3d 64 f2 fc 48 83 3b 00 75 0c e8 62 ae 8c fc 5b c3 cc cc cc cc cc e8 56 ae 8c fc 90 <0f> 0b 90 5b c3 cc cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90
[  795.911917][T15198] RSP: 0018:ffffc9000bcc7c40 EFLAGS: 00010283
[  795.918024][T15198] RAX: ffffffff8533583a RBX: ffff8880516d4410 RCX: 0000000000080000
[  795.926010][T15198] RDX: ffffc9000e432000 RSI: 0000000000000c57 RDI: 0000000000000c58
[  795.934000][T15198] RBP: ffff8880516d42c8 R08: ffffc9000bcc7bc7 R09: 1ffff92001798f78
[  795.941992][T15198] R10: dffffc0000000000 R11: fffff52001798f79 R12: dffffc0000000000
[  795.950031][T15198] R13: dead000000000100 R14: 0000000000000000 R15: ffff8880516d42d8
[  795.958034][T15198]  ? drm_prime_destroy_file_private+0x4a/0x60
[  795.964147][T15198]  drm_file_free+0x7f2/0xa00
[  795.968812][T15198]  drm_release+0x2de/0x3f0
[  795.973262][T15198]  ? __pfx_drm_release+0x10/0x10
[  795.978222][T15198]  __fput+0x44c/0xa70
[  795.982239][T15198]  task_work_run+0x1d4/0x260
[  795.986870][T15198]  ? __pfx_task_work_run+0x10/0x10
[  795.992020][T15198]  ? exit_to_user_mode_loop+0x40/0x130
[  795.997516][T15198]  exit_to_user_mode_loop+0xe9/0x130
[  796.002823][T15198]  __do_fast_syscall_32+0x1f4/0x2b0
[  796.008053][T15198]  do_fast_syscall_32+0x34/0x80
[  796.012949][T15198]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  796.019293][T15198] RIP: 0023:0xf7fb2539
[  796.023374][T15198] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  796.043083][T15198] RSP: 002b:00000000f548555c EFLAGS: 00000206 ORIG_RAX: 00000000000001b4
[  796.051609][T15198] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00000000ffffffff
[  796.059586][T15198] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  796.067568][T15198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  796.075560][T15198] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  796.083555][T15198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  796.091548][T15198]  </TASK>
[  796.094977][T15198] Kernel Offset: disabled
[  796.099312][T15198] Rebooting in 86400 seconds..