last executing test programs:

2m38.040259159s ago: executing program 2 (id=608):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

2m37.902287997s ago: executing program 2 (id=609):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000100), 0x3ffffffffffffffd, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000004c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f00000005c0)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000440)={r5, 0x0, 0xffff, 0x0, 0x0, [<r6=>0x0], [0x7, 0x0, 0x0, 0x67], [0x0, 0x0, 0xb, 0xfffffffc], [0x6, 0x4, 0x4, 0xffffffffffff7fff]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000200)={r6, 0x80000, <r7=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c64d1, &(0x7f0000000000)={0x0, 0x0, r7})

2m37.468029784s ago: executing program 2 (id=612):
socket(0x10, 0x803, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, 0x0, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x2, 0x0, 0x1, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18)
pipe2$watch_queue(&(0x7f0000001180)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x80)
r9 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r9, r7, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
close_range(r0, 0xffffffffffffffff, 0x0)
mbind(&(0x7f00008ef000/0x1000)=nil, 0x1000, 0x1, &(0x7f0000000580)=0x1, 0x2c0, 0x0)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
read$FUSE(r10, &(0x7f0000002140)={0x2020}, 0x2020)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r8, 0x0, 0x0)

2m36.48414766s ago: executing program 2 (id=617):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r1, r0, &(0x7f0000002080)=0x9c, 0x23b)

2m35.677020864s ago: executing program 2 (id=619):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0)

2m35.061782327s ago: executing program 2 (id=621):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000980)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x2, 0x3, 0x0, 0x2, 0x9, 0x0, 0x0, 0x0, [@sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x48}, 0x1, 0x7}, 0x0)
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080))
r5 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r5, &(0x7f00000003c0)=[{&(0x7f00000009c0)='l', 0xfdef}], 0x1, 0x80, 0x0, 0x17)

2m19.526595155s ago: executing program 32 (id=621):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000980)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_mmap}], [], 0x6b}})
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={0x2, 0x3, 0x0, 0x2, 0x9, 0x0, 0x0, 0x0, [@sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}]}, 0x48}, 0x1, 0x7}, 0x0)
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080))
r5 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
pwritev2(r5, &(0x7f00000003c0)=[{&(0x7f00000009c0)='l', 0xfdef}], 0x1, 0x80, 0x0, 0x17)

14.743374704s ago: executing program 0 (id=996):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140)={0x0, 0x4000e9d7}, 0x8)
sendto$inet6(r3, &(0x7f0000847fff)="1f", 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @private2}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r4 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r4, 0xc040565f, &(0x7f0000000080)={0x9, 0x100, 0x7, {0x400e802, 0x8001, 0x400, 0x4}})

11.786287076s ago: executing program 5 (id=1005):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r3], 0x78}}, 0x20000800)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000480)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r2, 0x0, 0x11203}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x7}, @IFLA_BR_MCAST_SNOOPING={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x10)

11.507926034s ago: executing program 3 (id=1007):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x10, 0x4, 0x10a}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
unshare(0x28000600)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x3, 0x0, 0x0, 0x9, 0x2, 0x1})
io_uring_enter(r2, 0x3516, 0x100000, 0x0, 0x0, 0x0)

11.353226248s ago: executing program 5 (id=1009):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket(0x2b, 0x1, 0x1) (async)
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_buf(r1, 0x6, 0x23, &(0x7f0000000000)=""/36, &(0x7f0000000040)=0x3b)
r2 = socket(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioprio_set$uid(0x3, 0x0, 0x0) (async)
ioprio_set$uid(0x3, 0x0, 0x0)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000ffe000/0x1000)=nil)
bind$inet(r2, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000005500e50128bd70000000000007000000", @ANYRES32=r8, @ANYBLOB="20000100385f8dc07295373bb1410cc88519ef967858dd405ca942d075feb51d211289d24474dfe70ec1e2ed81abf8df63dd56d9", @ANYRES32=r8, @ANYBLOB="010302007f00000100"/24], 0x38}}, 0x0) (async)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="380000005500e50128bd70000000000007000000", @ANYRES32=r8, @ANYBLOB="20000100385f8dc07295373bb1410cc88519ef967858dd405ca942d075feb51d211289d24474dfe70ec1e2ed81abf8df63dd56d9", @ANYRES32=r8, @ANYBLOB="010302007f00000100"/24], 0x38}}, 0x0)
r9 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x14, 0x601, 0x3, 0x0, {0x2b, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4001}, 0x4000)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'dummy0\x00', &(0x7f00000002c0)=@ethtool_eee={0x45, 0x5, 0x7, 0x2, 0x1, 0xc10f, 0x0, 0xfffffff9, [0x6, 0x7]}})

11.287922541s ago: executing program 0 (id=1011):
syz_usb_connect$printer(0x4, 0x36, &(0x7f0000000000)=ANY=[], 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="10000000040000"], 0x13)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000003880)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c9f4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75055df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83766b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b556381768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42ddd5f393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8dc0d472672286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8455029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a82a6ef09d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b420e74c6bcdf1ed0b306141a83bf1268e954ad069257fbfaa1a7ea582badc1a7f2a5b0965f3535872d85c0bc3a233a3ea85df6a8ed76f0f803d54b7bef77d8ea71621f8a78dd17c3b58c5c7476ed6191acbb949e77f7cac81c543f7751e5e1000"/4545], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c0000005e000100000000000000e0ff00000000", @ANYRES32=r2, @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x20054005}, 0x0)

9.476059226s ago: executing program 0 (id=1017):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x4004)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5, 0x0, 0x1}}, 0xb8}}, 0x0) (fail_nth: 4)

8.820088849s ago: executing program 0 (id=1018):
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000340)={0x2, 0x4e20, 0x0, @dev}, 0x1c)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x111, 0x2}}, 0x20) (async)
sendmmsg$inet(r0, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000f00)=[@ip_retopts={{0x18, 0x0, 0x7, {[@cipso={0x86, 0x6, 0x2}]}}}], 0x18}}], 0x2, 0x24000800) (async)
syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201000005d0d3087d07aa04d85b0102030109021b000f000000000904"], 0x0)

8.09602526s ago: executing program 5 (id=1023):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000740)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300042e010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000100)={0x40, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

8.004096354s ago: executing program 3 (id=1024):
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
fallocate(r2, 0x10, 0x20000007, 0x1)

7.717991315s ago: executing program 3 (id=1026):
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000001c0)={0x1fd, 0x1, 0xdddd0000, 0x2000, &(0x7f0000bd3000/0x2000)=nil})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000600)={0x9c0000, 0x5, 0x5150205e, 0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x9b090c, 0xffff, '\x00', @ptr=0x2}})
ioctl$SNDRV_PCM_IOCTL_REWIND(0xffffffffffffffff, 0x40084146, &(0x7f0000000300)=0x10001)
ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000380)={0x46e, 0xffffffffffffffff})
r3 = socket(0x10, 0x3, 0x0)
sendto$inet6(r3, &(0x7f0000000100)="c10e000018001f06b9409b0dffff110d0207be040205060506100a044300040018000000fac8388827a685a168d9a44604094565360c648dcaaf6c26c291214549932fde4a460c89b6ec0cff3959547f509058ba86c902fc3a10004a320c0400160012000a00000000000000000000080756ede4ccbe5880", 0xec1, 0x0, 0x0, 0x9e5e111c47e3504f)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYRES16, @ANYRES64, @ANYRES16=r2], 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x800)
syslog(0x4, 0x0, 0x0)
r5 = syz_open_procfs(r0, &(0x7f0000000180)='net/udp6\x00')
pread64(r5, &(0x7f0000001240)=""/102398, 0x18ffe, 0x2000000700)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000400), r5)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r5, 0x4068aea3, &(0x7f0000000440)={0xc5, 0x0, r5})
ptrace(0x8, r6)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f910, 0x7ffe, '\x00', @string=&(0x7f0000000340)=0x5}})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffffdd, 0xa}, [@ldst={0x3, 0x2, 0x3, 0x1c10a1, 0x0, 0x3f}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x19, &(0x7f0000000000), 0xb5, 0x10, &(0x7f0000000000)={0x0, 0x1000000}, 0x7, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)

6.69484874s ago: executing program 3 (id=1027):
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
syz_emit_vhci(&(0x7f0000001fc0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x6, 0xc9, 0x6}}}, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
readlinkat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000012c0)=""/168, 0xa8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r3, 0x4b67, &(0x7f0000001ec0)={0x1, &(0x7f0000001e80)=[{0x0, 0x1000}]})
syz_emit_vhci(&(0x7f0000000300)=ANY=[@ANYBLOB="04050400c9"], 0x7)
msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
linkat(0xffffffffffffff9c, &(0x7f0000000800)='./file3\x00', 0xffffffffffffff9c, &(0x7f0000000840)='./file7\x00', 0x1400)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002, 0x4001c}, [@IFLA_OPERSTATE={0x5, 0x10, 0x4}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
socket(0x8, 0x800, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000200200000000000000000030017f452bdd048eac460497fcf58867bea655d540e0f1c18e563a9aa39bf3b4a428a3ab0ed1715eb52761a03"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x20004880)
read$FUSE(0xffffffffffffffff, &(0x7f000000c000)={0x2020, 0x0, 0x0, 0x0, <r6=>0x0}, 0x2020)
sendmmsg$unix(0xffffffffffffffff, &(0x7f000000e140)=[{{&(0x7f0000000340)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000540)=[{&(0x7f00000003c0)="94fb5d4ca59307ec3e9a2271a945aa3259dc191d4010e4cabf9dfcf33f4b8fcda4540067a39c43dae240e8231c59755d79f0a5c36db0ba3de62bce145e2cd5053e5af339763332d2782d91287c2b4d87e8a01da5859a77c94b5ad4ed9b92a4414d9043369794c5fa800128afac8a33e0aceb89ae4296fcaa41084be859e6bdfa0ff7b0f48a2bda6d925fd7ac23d30a820cf64ab4848707e51ea8bbc752f5179b0b7177068bf4b87262bcdd787f21a94b797f1e08ccfe4469c485712e899c1cc8af4bdb799c49ea9fe781a09b4018d3041750c1f4", 0xd4}, {&(0x7f00000004c0)="8aae63d5497d88534b2b9342cc2d49ff914f09fde598c705e7acc1f6a33be9cbaf3997fe2f588e32433fd5df9183ae7d5b16cc07c4cb39c937c6b9a27e063b6c0b54d3042ff07488b3c0120cfa4a1ddc38603bbbd9f12ba8f607d3fa6ee4237773e5c5999a0011943be4f2fabe7f7ab45e3da9c38ac740a7e4ab7cf8f078746e", 0x80}], 0x2, &(0x7f0000000880)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10}}], 0x108, 0x20008010}}, {{&(0x7f0000000980)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000e80)=[{&(0x7f0000000a00)="ce", 0x1}, {&(0x7f0000000a40)="87e1f35dc997db64aa081d36b7e22577b3bb04b50a138680931f030a542bc71a4d98fcfa11352409b15f24f6837250e04ccc4e5f7ca26b0c1a2bee7db88d676f35368458862bf0af4b76ffc9b7edab69f2007d19c44263461b43887341fa6789644465e7f1023065a6d2925c9db820", 0x6f}, {&(0x7f0000000ac0)="3d4d035fc4502cc68e96685461b7e9491211c54749326cfc85e9a6471eec7edf36698181ee90770ae9bdc09dd3ae16eb09b35bd20e67dfe29208d0cfb24250c24e4e1385f9b1f8c1ce75b2cde039f966cface87df008304035d68832804671b1520afd26c6e2b1c9030ae19e7455c8633266bec90806c1e6af2ddc0d44daf8dbca215926eda8cd82272989d92a703de33a685e46043822928679c9fef2eed25026a599b145c4309c1d", 0xa9}, {&(0x7f0000000b80)="a3ea98de279f379a25e845427b64fc25efe16cc833b4efae5be0da0ab5262ff5aff815bd6c73072dc8a549357bf86f0703f08ccce3d05f5542463860c8a8c93f7c4b03c87ae2297ebea590faccb4fb9492bbf05563475352c0160f6781710f24305f1df74fc9c890", 0x68}, {&(0x7f0000000c00)="c2ed14086f22ee29d3fb3f9812ab0f2526c1c830118f41c50b34f5a43589d32206968cd1582ef1996ed11abc9d98ab43fc7296d532054e0e85a756007cf5b70228beeac0f1f1e617ae2473408806c761a83a4855fe5d40e1e8e95161ee2a609f24ea0a0611277332d7a3eb08fefff1a09e36e4ff858587bdc1ed3e731aca31dbcc87d1da5d4cc9245853c3ed7df0eea5ae", 0x91}, {&(0x7f0000000d00)="92c2ddb05cb44fa678237aaac108794347e2f50a73cc10ce1e7b7a02388878454f9b9b1971849089653f502c538f96ef787ae09d352298c1a38953af22364a122d778bd2802aac673abaed4f55967f8aefb63006087d85f6affe51c5940521e0c2aedf54ec4f757d785b7276335d05e360047d2c6b57cc6c339d29a08040a6a270de5825ae2b826a89c1f78524f079b6dc7b81424324f837077ca517ab79d787", 0xa0}, {&(0x7f0000000dc0)="36ff56c31ced033f7dd558104ff61d26f84bd3aab6c5cc217e90be273f21a9da2f29c0eaba8abb73c4e692e08f74eadb2018526ad2507fa16a88e1aaa8dac03d5e3c8bfebe1765dfd333a606b4b2c7d54a0c1000c46ccbc3f3a9423a9fba964530f4053c40de86212edb84381e21d8338f0367b2756d5ad443aecbea18b89dab593dda8bdad7253d61b166648589299476e3", 0x92}], 0x7, &(0x7f00000063c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee00}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x80, 0x8004800}}, {{&(0x7f0000006440)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000006780)=[{&(0x7f00000064c0)="aad9d325d56bd0d7b43f22cf80ba6ace5b49b34e215682d26ee327191f413882dad861acbb7d890c0efbe7faefb99cfa", 0x30}, {&(0x7f0000006540)="ff3e9f767d219d66184ef9daf74ce2823fc77a77e1a0200ccfa1b270fcd905243262ef2f37ceeddf1067dd2f6fbda496b090f96e0d2c11131394c47e248b91a8b78583be715b307c633896badcb59aa74c10da34a1d05f76349d7aa7cba4a192ffbd2152381c86d50eb6a8be4df856d4bfee98e1df3e00648581b2b8", 0x7c}, {&(0x7f00000065c0)="45b899c6edeab51959c53bab2ba11fac9544b6dfb5509da1ad085138b23d3fc49c8c9ac892ff4135c9d8df12a8be0c0572703535a819fb400e3b88696154f17d1e3bd204d13dd6e06583833dc0e93a978ddb38791629b96456983fbd9795e3c4ffd70419873c4e5678e29f9693304d271ec156b2baf767695c18230f6dba4c7fb806bbbf265bea24d6e25d08914e99114a773e6a70f97a4a80f0f216c0b68fe3486c4ad961cd46c22705504a9b4956ff5d9bef45fd404f6979", 0xb9}, {&(0x7f00000066c0)="4d99a750ffcf3137f96ed8f82e7b97c1cfe8891a98c7ff30d766eb98753017a2954d27d7913f31c7e25fe1b1e420cccc2ff3e82a181cd107a23c2bef28fcf376b2f835573b831fcd4624edcc5eaf287488ad66d07aa0b2f94243ee64c4974b397555b799b0ceee86e31e4da9e6f06b2af2a814f1fae58967e0f1e3bca973fcc548", 0x81}], 0x4, &(0x7f00000000c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r5]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01}}}, @cred={{0x1c}}], 0xa0}}, {{0x0, 0x0, &(0x7f0000009980)=[{&(0x7f0000008900)="3794487c0e8538207b7eb9573d8279f1b17347b1b3383b350376569013e8dbcafb32a56e09bd911f1389c9", 0x2b}, {&(0x7f0000008940)="d02b719bd7a4b6a79b303f357201c934084380a895a41bbc97a6358b3f62a4200df90c6e3e07d7e45e54805930b908a1d0edebf9819dfa96b9dbb6565430eac44991cc7bb74ae3db8c280f077d990547c3ae20100cbea517eb378be20c13e19e8056e449b401ba7ac4552d0e9d4bc39a03f9e6ac5bc3126d18d11e9f5fed4f63f759aecf8f3fe8c833e1b3099418799ed2955d471991c8b5e3851bf6e7675b96e5bf32c77e8273cab1be95052d789e1a8824b058c084c5c33be98135b3ed8d3d2ffc163eb2878e494a60d223d16907ee80ff5be47b7ec46248738dd6728465cb4e564885f1ea719a4751a41491d0bddba38b5773b6c9874339fac2ea93b1e2bd53d60431fd0624230985d50793d0b25febf4795e48623ce1ace0d722b439161aa0cc5ce424f2d72f29bd62a6832008a4279a0e4374fd6092a76b1fe169d2721cc0da77cba68cc825d56c7f8616561390ae0cba28d59eee38baea26f68d15b2a64fe004cb2d0531eb52b9bfd8ef13e353c0d6258c4fb76c71468dfa1cdfc147e42484c718c18427efff1ea3a1a78605864177d658c478f8151e70dfd5ac044f185fddf1e76afbd2c60a059086bd2cd0423de310c06881cb9c1a649abbd8b4927abd4c6ed4912c94ccafe32734ac018543cc892d3ebbf1dd3dc90829fabcd26a439c0086fb7471edd759d69b46d4f3e67f1f6f9075518892e715748597b85bd6620925b44d590e8c3b08c8cf6eee47f3eb1870a6b9d9fb7133c0193e7dfecc6dfd0b51bd13cf981c2076dba1ff9cbbaf2546d861a56132780f50a53b1bfec1a38196d80e55f528359bc8abe275717cbb4ee6bb0d1d3aaf495a44e8f54830c1d5e4bb1fa791cd8c468969fa2099f85749baeacf889a6f48c2c9928745ff3a9433f14dcc446493269ccbc5c6e62ad5e86218d10f7d49b6bb1ae0cab674f8d2924b4f170df38ea3a754843e2d785c6eb24c13c77fedfea60f12bdfd95e79c9a9eca5098222cc5c123fb8ff1477238079c4f9673a3f9c998a499ac9ecd838721fc657d9d7b59bc7da4b9111e7d12be1235703cd8fa47a08d3c26d05d75cc82ae3089cb3e51370ef7c45343a6aa79b31057755f86b97d75d11fd1c72589fe825c7b8422e72faf58416745bc93923c0fe706baedfd6735389293fa659303b213840187fd7c8f5d5290d3cdbf61f5b9cdecbb9d460ced4bc41e7d6b6f958a967627543a0e24eaed0a235fd253df19f08819e220c1d9357deff40a6ef36a401cd4d30f72ea8747b4ad8d4678eb86f42ec91f42395a8b5b10b961f3b94437e5a750fd470423f348db23d57fe1ef4c4a3c8a4fe622f95bd235c82d91e00e6f6524067120589bf3cb4a1a04d7fb6477bc6ed7af7ef28a26beae7b7d2e94411dec6352f94f80731a3bbbba4ebf9399cb426e2b0e2782a6f474d41d3575b9d882fd52bfc2624ed019cae1b29b5f0230d6edfc8aaf7e72c7af4f119f90c3616da741665268a2d132acf58e0fa166ec80ab4dbdaa84e1bf50ac146d6a491fa50ec5bd8df8e2514a57ed8462aaa97f6a543b2e4a87066a81a66d0d04aedb22bae233e78c7228c31ea66bc03aa5d2aab9733864f984bd1a40537fcaa4c6069592936c1e97ee5486e02c1296494c88112ae4ce0b40b8908335b8c2e8ec15df0556c991c2102c8ac2c4cf339ab106e1978e81f0195a18cdb995eade006516d31fd925d841936d4c24cade1903630355731b490990fe1d5dbbdb436a7c66ba63c6a18decbcbba86be36f40576b2241a21af95a070317383a5c6852839884727669a05e503f3a41be5a7699b3e70377c589faf806fa59c0720e75155007c888c1ae1d00c6bd8a96297ace0be9db15d2c28b5252b41a796eeeb73844d5a6bf26b33a138b4d2ed4dfa6e95f5dcc06d1ea0e0330c38bd77b9f2e538e22513424efe6d050c8c908b1f8b79035bff8a41cfc732e66618dad9b9dc99d23a560e9350cc4a372defc36e75500413d27822e23e52e4b512526a92d7ef50f74dd9348cfdbe08376bde7811ec4ba1781b1471f3a7de8adc4b8be4a8ffce82809d0bc7f5ecf834c06230c878f826d07c7bad5cb0b8975a572b93fc8caad506de5a41497f3580dc367858a2565d22ccfa6628a1e29f300dbb228821a85dbeba43efb9c682483345c5e303fae5414803e805c9a5fbc5af15759eca98cca8927e054d26be9b03008a5986a5d2a00cbe1cba969e19b21cc5fbd1294bd349539141c05f5c99757920157cc6f3f186c73be6f2b537f91600de647d4decdbc5ae306288f54d1a0230660c8dbb2c1dd973e027d24a8ed33e6bf4ee90026b5c59360772a58e40f0944acbfd49b0da2f4ff033f9bcfcf9aeff9d772b0241d2bbae16b37bf91ea3cf0986c04d35a16e3b3a210cf3f666162f6f2785b4bd7b2eb3208252e3bbeeebe4cce15a0a38ff8a04bbcb8bf06ce7491f724317a3cc03e88050b4c9dad5a46847992121f0739dfd7d6b71f333199f83a5de37b6a37a83690cadef5556188684a773409f857a443eb9247109db07372954d6e061ac2de4f4a9ac721cd16295e5cff758f7acb7d312e3cfa17aef2bf6dd6cfec05a424eea2fa5c475d87bc0e14e548558593014bfe5179dd001d845c5c60ebd8faacfab2d4735651a7d026c1afec0403d77786a5241e07fd183e7dc2433bd517e8905ac0e1ac1a9e094d789274afb5bba86d6beac6e43f5cbcda453541c024dc0737122750271b62eebb78e0a5755916ac12853b714c00998755961c5ef00ddaa76f3497e5ee5f53d1635e62b89686e6d948ab13a0bb9d2bc0b664fbb693db48424306051da63be88655e2ac2f5ec703e9d5ed1bbd74705a0c8ddbd5dd74a75ec15d702d5f880554ac2ea70f2d410939c4fee0f48fb7af8f990dd713cf8884f51db6bd0f638d7a8f2f39a68130f1f41df25220e6ead6d91c342895d0fe2a6889eb35ec84bdfaf8e94b849496d304c928fac90ba979c8602f742d2d1e99330f3b55614529ce19d754c8a55b7ff8c5856f0d560b2bf182c86ad1e550835c0ea95ef52fd0734eb1e89125f9924f2e2dec05208e29c51e0bace680d4f6e1740fd1821b668000a7fa7a7970d9df3bfed918b7dd5f04826669948f205ee7cb5f36d667fdf4e664092ea6e4a0b0e5eaeefe14143b6f4be758c3869d554e87064feb7d4535c349d2c8664efea2ea0e490bbfd8870817df14a711a53f272125b2471f579e759af90a467755dc92cc1fc511cd0d146394b78710122b1524eb9409712433829410d693e0c2c0d5bdd5cbc5d21c579a95c046b6afae4a334e36081b12271625982e135f6fefe226b9e183dc5577bd7aa8f26ecc5c93b1171d7c1e8dd030e845923171423a44a65584d6b5966910671834ad0588146060e8f17818cd1546338b8acf345b768c4ae938e70faedf5c8438d9c0ac02a18bacff4017b8ff25fd1af2a9447ccbc07a530a6d3ce30bc7bc6456151cb27f5220d77a96f5353c9ceab11263d811d8f5bcba3b5f471f96b8643aaede839a0a82112bbf221d732926c315fca496302c9373628feacde1fcb504a726b3a1ad0fb708c20bd9e81f4f092f9cdfbf1a3e303cc37494fba001ca28a13504b1fbd56b564711dd3128e97db61fa8b484972c9d766f65fc79824e4ca0f70a0dca3f23774e7eed808b22d18259ad6499de9cc6645ceb96d18831e23779da2afffb854ad0d3e04aeeb494b66151fdd67ed71920ce5561e85d45c58b4bceda6aad43732601f9e9d33f635ce9851eee0584cef2bc68168ff08f2198f949bf096325deabb61e314fa87e12ceb80dd948e56f6ec54569fc9a74f784d4ad8b04ef2614bbb5eef69320a9c8379b5b7c3ed6f8bab75a4680982975a01ff2742e01215abf696f04035bbd278c21afca7ba561c32fddaff7e8bb6ba251b8b46da15612c9368ace5b4e384059e264e1af550b8687c28c34a1540a318133e4b9231e2922e67a3fc49ca599d05295f2e26c6101ff0832f89760df99fd2cb28e1713d87cca33e324cf7f8460fc0cbb4a01899d381d3d40d01312ecdd9d7c8f6a996bdc4231356cb0bdb06d76022bbef3ade32956d179a09af48f914829bcdcbad35ac82e5e1239138fa130e080770d49dacefd70025cfebd1a0707c4b9be91152f21bca175889b4515a86c1761c23fc629b40c70d62efb54f20a250e1376626096aa0d8496c28e62dd92a1fdadb29174a2617ebced34b8462df7283a3a762e9eed31c58da6ef2c67bde35ae1f811661938c0897435ade48e9dca7a8fa5a76074305eaad8299a9cf08ab29874676be26870b4939f7004737a079a1bc98c4ac71f48ec77126fdd9cdf3eb3f475e2ab18281af5bf09db344a52519d9262540bb2dd117924c53bade7b693a1e3f0c5bc4ecf01403a9c92c7d87955fc12f7c38cf7892bfd3ea2df44f1e17d23c9f5a0a855778ae9750cde11f487efeeec31ea96265ef4780cca8cd62a9c6f60e6d85a07ee04a45110e7d71396d13f2d17a0467cf19097276ff47a0f273ee0915585b13a4ab3e6b17b6a060f67370b790558ad324b70a9612de79bd529819fc2de0558022af717f7fb0b5b159aa783abe703e50bf75600ed2f58269a782c6c2ff1120e7ad98a88734fb3922bbe1e2326faead18733ff13828092d85b8b9045bcfcca3824b92e2c3d37f2bd99086235f3ae32e85fefb715fcb982c585c02969fe2d3b725482637bc42b4e0a2994f725be4b1dea82cb0b9d48f7e1639a9eba5754f8508ae02d61a88d1e85896b8a97ad7c5d4e921675033da3964c65c852a6d4a3345251a5f1d8388108c529a2d02583d22efa76d38d0e9aa81297f35850b8239488bc84808809ca567a0bd3bfcfc1fc4ffae3040c9605187ccddb1aba386650c48d14ac01c7f219355f8d32bbdf3b50cd6ff20140a4e31ec2f3ac9f73bf25e879ef07836b26f954d2b8ff603c6f1e10300b08c234bdfe52df265a1d94282948b38c677af354d225fd5d31b52557923373f3abd09f8f09ac4415c53c2d70d3c7903d5bac104e5cb320f356c1d3b07d9b6aca0f409a844fd83ac2ceb54bfce6f4d6f15ce57ad3911894b9a6b77ecbee21913968b1a1f26f944051d23d369052da80a0432f519c04cb26bd2c8e48283b85d1e49ef7ea545dbf5365481f255b144946f0c5ba757fe6b7d0420751d8435a40f06dc09d19c539c5b09378a2c6820fd8774810a68ffba7045ab1edcc3daba156b5f6dcc8365e9a82ee1cb5b8bb756263e03fc0a053dc974552185fa2f3338d6263bc51a0a48af2f058d73fd1239c5d5f1ac20f9b57b82fcd94ced2bd94faaf13d4abda9da9c91a72609d44d58ad8df7ff7086610b139614f62c7fd6eb36568566053d3e46b83ecfa95f2d841dd63382388f8a4e51a5375ba27af1bd4a3657c4ccce8eb8ef880f7bde1078e2ceb554f40797023126b929c47d4451de34ff37f92dbd9d768ddd1d37f48ece0412faa371d12a347e28b2c7be3e4f3e4fdfb55b479d56a71cb6251af864cb9958719d96df8819c1cc3b118809bf74623e228879008f879d825a92c94e27153088c1202ac586e2bdf151f7d40fef1fe9ea237bda7ce23953293729a98effb3b15876af802f64e0681bcf5980628a174a521435222dec12fd2d61556193bdc9f7d27f499083197b50ef6917dc374f81d01e2a248202f8d1539e2286553d7e02bc12a0e4d1e439b912f5a26b39470ec6c7103a54cd52e79db0d72a6b652dd1c3de1b7a61ab62ce47400d4ab5e9c21592224932019b406927bfae589fe7238aed44e8e94c84df53cd36b56b4f1d5ca76e168", 0x1000}, {&(0x7f0000009940)="657f4c823357cf69e47b", 0xa}], 0x3, &(0x7f000000e040)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x118}}], 0x4, 0xc040)
stat(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0))
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f0000002140)={0x2020}, 0x2020)

6.616104119s ago: executing program 1 (id=1029):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
shutdown(r0, 0x45882e38ee51989f)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000140)={0x7, @capture={0x1000, 0x1, {0x4, 0x6}, 0x4, 0x3}})

6.480273707s ago: executing program 0 (id=1030):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x2b9, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x108, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$ax25(0x3, 0x3, 0x8)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r3, &(0x7f0000001400)=""/4076, 0xfffffeea)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)

6.474046828s ago: executing program 4 (id=1031):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000180)={'pimreg0\x00', 0x1001})
ioctl$TUNSETOFFLOAD(r1, 0x400454ce, 0x1)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x6, 0xb, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x18, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(0xffffffffffffffff, 0x7a4, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102362, 0x18fda)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b040000000000000000020000002800048024000180080001006c6f6700180002800900024073797a320000000008000340000000080900010073797a30000000000900020073797a320000000014000000110001"], 0x7c}}, 0x0)
close(r6)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r3, 0x4)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'veth0_virt_wifi\x00', 0x800})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)

6.240038686s ago: executing program 1 (id=1032):
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xffbff038}, {0x6}]}, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r4, &(0x7f0000000180), 0x4000190, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x106)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_inet_udp_SIOCINQ(r8, 0x5761, 0x0)
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)

5.349721314s ago: executing program 3 (id=1033):
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, 0x0, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000580)={0x4, 0x3}, 0x4)
r5 = socket$netlink(0x10, 0x3, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0))
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_STATION(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000640)=ANY=[@ANYBLOB="fc000000", @ANYRES16=r7, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32, @ANYBLOB="06001300962400000a0006000802110000010000060010008005000006001200000000002c0011"], 0xfc}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
write(r5, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

4.700447301s ago: executing program 0 (id=1034):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x10, 0x4, 0x10a}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
unshare(0x28000600)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_TEE={0x21, 0x2, 0x0, @fd_index=0x3, 0x0, 0x0, 0x9, 0x2, 0x1})
io_uring_enter(r2, 0x3516, 0x100000, 0x0, 0x0, 0x0)

3.836009429s ago: executing program 1 (id=1035):
syz_emit_ethernet(0x6e, &(0x7f0000000340)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb86dd6002adf700383aff00000000000000000000ffff0a010102ff02000000000000000000000000000102009078000000006000641a00003aff0000000000ff0000000000000000000000000000000000000000ffffe000000103bba8c1b77c06e7"], 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00')
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$9p_unix(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x802ca2, &(0x7f0000000400))
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000280)={<r1=>0x0, 0x2, 0x4})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)=ANY=[@ANYRES8=r0], 0xe8}}, 0x44810)
openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f0000000680)={r1, 0x1ff, 0xc847})
socket$inet6_udp(0xa, 0x2, 0x0)
munmap(&(0x7f0000003000/0x3000)=nil, 0x3000)
getdents64(r0, &(0x7f0000002f40)=""/4098, 0x1002)

3.835303251s ago: executing program 4 (id=1036):
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r2, r0)
fallocate(r2, 0x10, 0x20000007, 0x1)

2.969782613s ago: executing program 3 (id=1037):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'veth1_vlan\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x2c, 0x2}})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a74000000060a09040000000000000000020000000900010073797a30000000000900020073797a320000000048000480440001800c0001007061796c6f6164003400028008000440000000000800084029ba70c4080002400000000008000540000000000800"], 0x9c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r1, 0x40047451, &(0x7f0000000200))
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r1, &(0x7f0000000540)=[{&(0x7f00000003c0)="00214717a70700000000030600710a06069d856829c2", 0x16}], 0x1, 0x0, 0x0)
socket$kcm(0x2, 0x200000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0x80000)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000180)={0xa0000008})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unlink(&(0x7f0000000180)='./file0\x00')
mount(&(0x7f0000000900)=@loop={'/dev/loop', 0x0}, &(0x7f0000000940)='./file0\x00', &(0x7f0000000980)='bfs\x00', 0x1000010, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x3b0, 0x0, 0x43, 0xa0, 0x1d0, 0x98, 0x318, 0x178, 0x178, 0x318, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x1b0, 0x1d0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @common=@unspec=@helper={{0x48}, {0x0, 'ftp-20000\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0xe8, 0x148, 0x0, {}, [@common=@unspec=@connbytes={{0x38}, {[{0xb}]}}, @common=@set={{0x40}, {{0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x300]}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@multicast1}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x410)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)

2.902571285s ago: executing program 5 (id=1038):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r1, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0xfd53}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000006c0)={&(0x7f00000002c0)={0x1c, r3, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20004040}, 0x50)
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0xc8, r3, 0x5, 0x70bd27, 0x8, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IE={0x9e, 0x2a, [@mesh_id={0x72, 0x6}, @sec_chan_ofs={0x3e, 0x1}, @fast_bss_trans={0x37, 0x8d, {0x0, 0x4, "1b484bae36ff2a0e960a8b9b100ec424", "664088659e77651df7c729226315059b720657eaaebae87f2efb99f7882943ba", "4ac75dd85d33c2f20dec12adfcd3498d94b85af16896cd4f7594e56fe78a063f", [{0x1}, {0x4, 0x28, "5c5b5f7ab3f36cae960e2ad53338f9701af173e4def9411cabf3afe207f1ca303500000000000000"}, {0x3}, {0x4, 0xb, "bda683ec08c3f59c518dbc"}]}}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20000040}, 0x488c0)

2.840166829s ago: executing program 4 (id=1039):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[], 0x24}}, 0x0)

2.802594229s ago: executing program 1 (id=1040):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shmat(0xffffffffffffffff, &(0x7f00005a1000/0x4000)=nil, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000380)=@o_path={&(0x7f0000000340)='./cgroup/../file0\x00', 0x0, 0x10, r0}, 0x18)
r6 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x7, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
r7 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000440), 0x34900, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='hugetlb.1GB.usage_in_bytes\x00', 0x0, 0x0)
r9 = syz_open_dev$vcsu(&(0x7f00000004c0), 0x1, 0x20000)
r10 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000500)={0x0, 0x81}, 0xc)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r11, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r12, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r13 = dup3(r12, r11, 0x0)
ioctl$BINDER_WRITE_READ(r13, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000005c0)=@bpf_tracing={0x1a, 0x7, &(0x7f00000000c0)=@raw=[@map_idx={0x18, 0x2, 0x5, 0x0, 0x9}, @map_idx_val={0x18, 0x4, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x10}, @map_val={0x18, 0x1, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0xfffffffb}, @alu={0x7, 0x0, 0x0, 0x0, 0xb, 0x40, 0x1}], &(0x7f0000000100)='GPL\x00', 0x8, 0xa2, &(0x7f0000000280)=""/162, 0x41000, 0xc, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x1, 0x3}, 0x8, 0x10, &(0x7f00000001c0)={0x3, 0x3, 0xd, 0x5}, 0x10, 0xcc95, r5, 0x3, &(0x7f0000000540)=[r6, r7, r8, r9, 0x1, 0xffffffffffffffff, r10, r13], &(0x7f0000000580)=[{0x4, 0x1, 0x5, 0xc}, {0x4, 0x3, 0x6, 0x1}, {0x4, 0x4, 0xe, 0x4}], 0x10, 0xfffffffe, @void, @value}, 0x94)
r14 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r14, 0x0, 0xca, &(0x7f0000000080)={0x1, 0x4, 0x1, 0x6, @vifc_lcl_ifindex, @rand_addr=0x64010101}, 0x10)

2.705074271s ago: executing program 4 (id=1041):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb91f7582ab314be"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340), 0xfffffffffffffe19, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000300)=r1, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000140)=ANY=[@ANYBLOB="f8000000160039030000000000000000e000000100000000000000000000000000000000000000000000ffff00"/64, @ANYRES32=0x0, @ANYRESOCT=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x002'], 0xf8}}, 0x0)
memfd_create(&(0x7f0000000000)='\xa3\xcb\x04=\x827\xe7\x81S\bDVK| \x8b\xdb\xb1\x03\xd0\x9d2\x9es\x19_=#n_\xeb\xbdR\xea\xb9o\xdbM\x11ca\v\xeb#\xaf\xcf\xb5\xfd`U\xa7k\xd0\xd8\xd2\xc0\x91\xc1\x98#\r\xa7\x16\xfd@\xd7V*^\xcf\x9f\b1\xce3\vN\xa6\x01\xb5\xb5\xba\xdc\xc8\xda\xd2\apY\vu\x80\xa9\x14X\xcf!\xd3W\'\xb44#\xf6\x7fHS\xa6l\x17\x97\x80\xea\xc5+T\xe3\"\xda\x14\xfe,\xf3\\\xeb\x1cp\xd6\xc1\b\xec\xe1\x94\xdf\xdb\xa1\xf7=B\xb2\x94o\xd5{\xd2_\x93\xa1)\xdem\'H\\e\x8bu\xbcVw\xaeb\xa1b\xb1\xc1\f\x9f0\x93\x0f\x16,\xeb!Z\xa9\\\xf7B\xf8L\x05\xc7\xf7q\x9d_\xb4\xbb3i[t\xb6\xbc\x824\x7f\xd7\xb7 \xd4\x7fUE\xcb7\xe3\xb4\xb6\xa0\xd8\x1b\a8\xfe$\xa1\x12&\xb2\xfc\xfb\x12U\xb9u\xb4=\xc4\xc5q\x8bk\xf1\x9c\xc3\xa4w\xf9!^#\x8c', 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="b40800000000000073113a00000000008510000002000000b70000000000000095eec100000000009500001200000000"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
unshare(0x20000400)
r2 = socket(0x1d, 0x2, 0x6)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000080)={'sit0\x00', &(0x7f0000000000)={'gre0\x00', 0x0, 0x8, 0x40, 0x6, 0x42, {{0x6, 0x4, 0x1, 0x1, 0x18, 0x68, 0x0, 0x7, 0x4, 0x0, @remote, @remote, {[@timestamp={0x44, 0x4, 0x61, 0x0, 0xf}]}}}}})
bind$inet(r2, &(0x7f00000000c0)={0x1d, 0x4e20, @loopback}, 0x10)

1.624160977s ago: executing program 1 (id=1042):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0xc8, r1, 0x5, 0x70bd27, 0x8, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IE={0x9e, 0x2a, [@mesh_id={0x72, 0x6}, @sec_chan_ofs={0x3e, 0x1}, @fast_bss_trans={0x37, 0x8d, {0x0, 0x4, "1b484bae36ff2a0e960a8b9b100ec424", "664088659e77651df7c729226315059b720657eaaebae87f2efb99f7882943ba", "4ac75dd85d33c2f20dec12adfcd3498d94b85af16896cd4f7594e56fe78a063f", [{0x1}, {0x4, 0x28, "5c5b5f7ab3f36cae960e2ad53338f9701af173e4def9411cabf3afe207f1ca303500000000000000"}, {0x3}, {0x4, 0xb, "bda683ec08c3f59c518dbc"}]}}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20000040}, 0x488c0)

1.621547766s ago: executing program 5 (id=1043):
syz_io_uring_setup(0x6a95, 0x0, 0x0, 0x0)
socket$rds(0x15, 0x5, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
syz_io_uring_setup(0x1f87, &(0x7f0000000380)={0x0, 0x0, 0x13580, 0x3, 0x40083}, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000300)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x800}, 0x40015)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r4=>0x0})
connect$can_bcm(r3, &(0x7f0000001ff0)={0x1d, r4}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000fffffff90000000400000a30000000180a05000000000000000000020000001c000380180003801400010077673200000000000000000000000000140000001600010000000000000000000300000a"], 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
sendmsg$can_raw(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f0000000580)=@canfd={{0x1}, 0xf6, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0x48}, 0xee, 0x0, 0x0, 0x40041}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001380)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003000000030000000020000000000000000000002000000000000000001000004000000000000000003000000000001000000000000000010020000000000"], 0x0, 0x4a, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

1.535971038s ago: executing program 4 (id=1044):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x2b9, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x108, &(0x7f0000000180)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$ax25(0x3, 0x3, 0x8)
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
read(r3, &(0x7f0000001400)=""/4076, 0xfffffeea)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)

150.354718ms ago: executing program 5 (id=1045):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2002, 0x240141)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x3668, &(0x7f0000000300)={0x0, 0xa0b, 0x100, 0x2, 0x2b1}, &(0x7f0000000380)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000800)={0xc})
ioctl$SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000007c0)=0x205)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x70a, 0x41e3, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="2e010000ed454210cd0c99009bf4000203010902120001000000000904"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @local, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0xa, @local, @rand_addr=0x64010101, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}, @remote}}}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r5, 0x28, 0x6, &(0x7f0000000000)={0x77359400}, 0x10)
timer_create(0x0, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
syz_usb_connect$cdc_ncm(0x2, 0x90, &(0x7f0000000840)={{0x12, 0x1, 0x210, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7e, 0x2, 0x1, 0x0, 0x10, 0x3a, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x8000}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x2c2, 0x4, 0x7}, {0x6, 0x24, 0x1a, 0x9, 0x4}, [@mbim_extended={0x8, 0x24, 0x1c, 0x5, 0xad, 0xb34}, @obex={0x5}, @mdlm={0x15, 0x24, 0x12, 0xdbed}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x6, 0xa, 0xe6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x76f, 0x1, 0x4, 0xf}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0xaf, 0x7f, 0xd1}}}}}}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000900)={0xa, 0x6, 0x201, 0x2, 0xc, 0x6, 0x8, 0x72}, 0x3b, &(0x7f0000000940)={0x5, 0xf, 0x3b, 0x4, [@wireless={0xb, 0x10, 0x1, 0xc, 0x11, 0x4, 0x2, 0xf800, 0x1}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x7, 0x8, 0x64}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "e555164c8435c1639fcf99efe0780c36"}, @ssp_cap={0x10, 0x10, 0xa, 0xf, 0x1, 0x8001, 0x0, 0x6, [0xc0]}]}, 0xa, [{0x7e, &(0x7f0000000980)=@string={0x7e, 0x3, "3acd5d03fbed46b4a7f4416ff3cea1c8b186b8403dcf5ba6a86ab2991f6ce9d5f93358e684399e3765609f2c88451e13743aec88e59f7afa9cde072ee60c25cc40621e1cba4e9783fbc26189e0f59eb91cc32c72a0a8dca4c8ca092dc6244ac2cd52209cba3bdd72c3dfbeaea93c54b73286a60a21f5050e85ccb7ad"}}, {0x76, &(0x7f0000000a00)=@string={0x76, 0x3, "5b32b8fd5f069b7bd67169042cc3e4a95ba9c44c7d632c74a436591d11a0153299e5c0f75e1da4d968c80d5ac4c703976ee66d5c302a8ab8f3e9fce544820d7442c3a2456b9157cd5d1ea4d634acb4493880c68244f2e0556e342c9c56724c01a9bbafe522b073913f0c39f86b137036f879f9d3"}}, {0x61, &(0x7f0000000a80)=@string={0x61, 0x3, "02c10e30528123f28ef09ec89ee1772211593781ba91222af0b4012e09e22dae76fc5bfcd53a4791a70f0f9caf4a2a3ad3dcf74820e4c268e360848b87596e63857c6408d143261900ed72f15c39f9ea169cccc4f5d6f14e60b3af840e1eea"}}, {0xe0, &(0x7f0000000bc0)=@string={0xe0, 0x3, "8d064b6d5a1d7d2352ded92df741921a366d540394f6af6366abbd04cf2e622c6aa5061d9aef16d14af87b8b4f25b21e5db202c52790b66adabadc757e21735f55410b9593318645f511b29f8b9164446e63ea41846c993c8ab81159e123c287e1ed78ccf709bfeafcfd70bab92cce2cbe5a1f76c1baa237f3e42f21a83d4125dc52b3fd5a931758443bde9233faa9ac84b5f765d0512dc51f76ac623bd14ea47071711970c93f3767d17e649028a1bf283f072661bcb1fe86961b92b000b4d7ae30610282cc35a46096ab210c633e57e12a509416dcd0733c7ee31a1a4c"}}, {0x8c, &(0x7f0000000cc0)=@string={0x8c, 0x3, "5c56bf69bfdb35f58a624ba41940e20dfb7d5b8e0d17f40bcc32c4ce30e32fa44e515ba0f639b6132cb4d95cffce3e8d04ad98ecd9cafa488cc616ae7cf030a1adea192f4e9acc0b5d3158738140dfe0f3a6808f91cbe7d782ba3531d7ea9d1520e1e2df4eedd57d3dfe5f1712197205370833da63e9bedcbccd52b5ae073cb50ade3ea877af4d97d008"}}, {0x4, &(0x7f0000000b00)=@lang_id={0x4, 0x3, 0x440a}}, {0xd2, &(0x7f0000000d80)=@string={0xd2, 0x3, "f981c9286763f632e96cb6522fbe19a8d36ebba08bac69050a85ae5cc1a6117a84b9df14eb510c49c2b74edd25c7af4b69f8de756f969615a708df5887cdfa6ac21fc56760766c23cd9c82cbc9a627425553f339378635618cf868e2c804102784b604e04da9b9b1a4e3d40c44fbfe81e6cdbeef5412b7fb9e55f390562a3e00a14cb0f84c717cf79a63d49beb1c232dee8e171d26694588c2065a9403538aaad8676489290fd5323a16d03513bc359c23f5351c68bd5fcf61b298850e6ea4b7a8092f91d9956145c466f8e0e01871eb"}}, {0x3b, &(0x7f0000000b40)=@string={0x3b, 0x3, "86f926aedceb75d39167ed6dd81a62cb5c65a41964df5f5485562c41c3ebd3fd5f6cec1c5c3f4a008da20f226c5167fe6ab7cbbd44310f0eed"}}, {0x9f, &(0x7f0000000e80)=@string={0x9f, 0x3, "184d1a8153e4ec31dee3e629f463afe439c2ff0cbf46151b418e48ec068c36586ba54f957bacacf9d249bf043a037b51c098321d780320d5d76247b7f66732d97e942fa22b7eed1343856bde1b2685759b7678ac11b340f5c375e05c5562624837daf6563e669b48a45d71c01df7932ffac1a2b7286d106f645a9562a5d220b04020ed30a536a28a35589c1aa9c30920c81dda40f3b92409dc6138f7ea"}}, {0x4, &(0x7f0000000f40)=@lang_id={0x4, 0x3, 0x140c}}]})
r7 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x2c2}, &(0x7f0000000000)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
r10 = socket$pptp(0x18, 0x1, 0x2)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r10, 0x80, &(0x7f00000003c0)=@ll={0x11, 0x1, 0x0, 0x1, 0x4}, 0x0, 0x0, 0x1})
io_uring_enter(r7, 0x2def, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28)
recvmmsg(r6, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/88, 0x58}], 0x1}}], 0x1, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000001040)='autofs\x00', 0x1368000, 0x0)
mount$overlay(0x0, &(0x7f0000001340)='./file0\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r11 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
readv(r11, &(0x7f0000000740)=[{&(0x7f0000000400)=""/238, 0xee}, {&(0x7f0000000240)=""/21, 0x15}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000000500)=""/68, 0x44}, {&(0x7f0000000580)=""/243, 0xf3}, {&(0x7f0000000680)=""/134, 0x86}, {&(0x7f0000000280)=""/25, 0x19}], 0x7)

55.374919ms ago: executing program 1 (id=1046):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$netlink(0x10, 0x3, 0xb)
iopl(0x3)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0xe1, &(0x7f0000000000)={0x0, 0x1, 0x8})
mq_timedreceive(r2, &(0x7f0000000180)=""/196, 0xc4, 0x1000000, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x100000000000000, 0x0)
getrlimit(0x1, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x9, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_io_uring_setup(0x507d, &(0x7f0000000440)={0x0, 0x2431, 0x10100, 0x0, 0xffffffff}, 0x0, &(0x7f0000000140))

0s ago: executing program 4 (id=1047):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
r2 = accept4(r1, 0x0, 0x0, 0x80000)
read$alg(r2, &(0x7f00000013c0)=""/4096, 0x1000)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000009c0)={0x14, 0x2d, 0x9, 0x70bd26, 0x0, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x84)

kernel console output (not intermixed with test programs):

tl28xxu failed with error -32
[  341.639730][ T5870] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  341.891819][ T5870] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  342.156668][ T5870] usb 1-1: cp210x converter now attached to ttyUSB0
[  342.179667][ T5867] usb 3-1: USB disconnect, device number 16
[  342.216262][ T5870] usb 1-1: USB disconnect, device number 20
[  342.265139][ T5870] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  342.404741][ T5870] cp210x 1-1:0.0: device disconnected
[  344.576032][   T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  344.656543][ T8143] program syz.3.587 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  345.039594][   T24] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  345.108722][   T24] usb 5-1: config 160 has no interface number 0
[  345.232358][   T24] usb 5-1: config 160 interface 200 has no altsetting 0
[  345.259819][   T24] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  345.287820][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.315997][   T24] usb 5-1: Product: syz
[  345.330643][   T24] usb 5-1: Manufacturer: syz
[  345.335297][   T24] usb 5-1: SerialNumber: syz
[  345.465984][ T5870] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  345.544083][ T8147] netlink: 'syz.3.589': attribute type 5 has an invalid length.
[  345.685266][ T5870] usb 1-1: Using ep0 maxpacket: 32
[  346.052102][ T5870] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  346.055047][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  346.064553][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.082488][   T24] usb 5-1: MIDIStreaming interface descriptor not found
[  346.158965][ T5870] usb 1-1: config 0 descriptor??
[  346.204632][   T24] usb 5-1: USB disconnect, device number 15
[  346.333740][ T7629] udevd[7629]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  346.385957][ T5870] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  346.425914][ T5870] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  346.476253][ T5870] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  346.514945][ T5870] usb 1-1: media controller created
[  346.721509][ T8154] netlink: 'syz.3.590': attribute type 2 has an invalid length.
[  347.307936][ T5870] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  347.615425][ T8160] netlink: 44 bytes leftover after parsing attributes in process `syz.3.593'.
[  347.754101][ T8160] netlink: 12 bytes leftover after parsing attributes in process `syz.3.593'.
[  347.840952][ T5908] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  348.025206][ T5908] usb 5-1: device descriptor read/64, error -71
[  348.319451][ T5908] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  348.337014][ T8165] netlink: 4 bytes leftover after parsing attributes in process `syz.3.595'.
[  348.345152][ T5870] az6027: usb out operation failed. (-71)
[  348.378340][ T5870] az6027: usb out operation failed. (-71)
[  348.384132][ T5870] stb0899_attach: Driver disabled by Kconfig
[  348.394150][ T5870] az6027: no front-end attached
[  348.394150][ T5870] 
[  348.404563][ T5870] az6027: usb out operation failed. (-71)
[  348.410395][ T5870] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  348.457229][ T5870] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13
[  348.494018][ T5908] usb 5-1: device descriptor read/64, error -71
[  348.508234][ T5870] dvb-usb: schedule remote query interval to 400 msecs.
[  348.529899][ T5870] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  348.617241][ T5908] usb usb5-port1: attempt power cycle
[  348.829636][ T5870] usb 1-1: USB disconnect, device number 21
[  349.516279][ T5908] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  349.720210][ T5908] usb 5-1: device descriptor read/8, error -71
[  349.890171][ T5870] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  350.072523][ T5908] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  350.120748][ T5908] usb 5-1: device descriptor read/8, error -71
[  350.360181][ T5908] usb usb5-port1: unable to enumerate USB device
[  350.910495][ T8191] netlink: 'syz.1.603': attribute type 2 has an invalid length.
[  351.428020][ T5817] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  351.634599][ T5817] usb 1-1: config 160 has an invalid interface number: 200 but max is 0
[  351.665902][ T5817] usb 1-1: config 160 has no interface number 0
[  351.734507][ T5817] usb 1-1: config 160 interface 200 has no altsetting 0
[  351.979029][ T5817] usb 1-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  352.206896][ T5817] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.243855][ T5817] usb 1-1: Product: syz
[  352.259395][ T5817] usb 1-1: Manufacturer: syz
[  352.269506][ T5817] usb 1-1: SerialNumber: syz
[  352.541647][ T5817] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  352.606693][ T8202] team_slave_0: entered promiscuous mode
[  352.613523][ T8202] team_slave_1: entered promiscuous mode
[  352.676298][ T8202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  352.770817][ T8202] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  352.822458][ T5817] usb 1-1: MIDIStreaming interface descriptor not found
[  352.979173][ T5817] usb 1-1: USB disconnect, device number 22
[  353.207458][ T7629] udevd[7629]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  354.495778][ T8222] netlink: 'syz.4.615': attribute type 2 has an invalid length.
[  356.280390][   T24] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  356.681682][ T8254] sctp: [Deprecated]: syz.0.622 (pid 8254) Use of int in maxseg socket option.
[  356.681682][ T8254] Use struct sctp_assoc_value instead
[  356.730155][ T8252] FAULT_INJECTION: forcing a failure.
[  356.730155][ T8252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  356.743720][ T8252] CPU: 0 UID: 0 PID: 8252 Comm: syz.3.625 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  356.743750][ T8252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  356.743764][ T8252] Call Trace:
[  356.743773][ T8252]  <TASK>
[  356.743783][ T8252]  dump_stack_lvl+0x189/0x250
[  356.743822][ T8252]  ? __pfx_dump_stack_lvl+0x10/0x10
[  356.743852][ T8252]  ? __pfx__printk+0x10/0x10
[  356.743896][ T8252]  ? __folio_batch_add_and_move+0x20a/0xd20
[  356.743942][ T8252]  should_fail_ex+0x414/0x560
[  356.743970][ T8252]  copy_page_from_iter_atomic+0x2bc/0x18a0
[  356.744010][ T8252]  ? __pfx_workingset_update_node+0x10/0x10
[  356.744052][ T8252]  ? __pfx_copy_page_from_iter_atomic+0x10/0x10
[  356.744076][ T8252]  ? filemap_add_folio+0x1af/0x270
[  356.744119][ T8252]  ? folio_zero_segment+0x256/0x2c0
[  356.744154][ T8252]  netfs_perform_write+0x9f7/0x1d90
[  356.744219][ T8252]  ? __pfx_netfs_perform_write+0x10/0x10
[  356.744297][ T8252]  ? file_update_time+0x2da/0x490
[  356.744329][ T8252]  ? netfs_buffered_write_iter_locked+0x126/0x2a0
[  356.744358][ T8252]  ? netfs_file_write_iter+0x167/0x4a0
[  356.744391][ T8252]  netfs_file_write_iter+0x17d/0x4a0
[  356.744427][ T8252]  do_iter_readv_writev+0x56b/0x7f0
[  356.744464][ T8252]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  356.744494][ T8252]  ? rcu_read_lock_any_held+0xb3/0x120
[  356.744548][ T8252]  vfs_writev+0x306/0x9a0
[  356.744570][ T8252]  ? vfs_write+0x8d8/0xa90
[  356.744608][ T8252]  ? __pfx_vfs_writev+0x10/0x10
[  356.744644][ T8252]  ? __fget_files+0x2a/0x420
[  356.744670][ T8252]  ? __fget_files+0x3a0/0x420
[  356.744689][ T8252]  ? __fget_files+0x2a/0x420
[  356.744721][ T8252]  __se_sys_pwritev2+0x179/0x290
[  356.744758][ T8252]  ? __pfx___se_sys_pwritev2+0x10/0x10
[  356.744798][ T8252]  ? do_syscall_64+0xba/0x210
[  356.744826][ T8252]  ? __x64_sys_pwritev2+0x20/0xc0
[  356.744870][ T8252]  do_syscall_64+0xf6/0x210
[  356.744900][ T8252]  ? clear_bhb_loop+0x60/0xb0
[  356.744928][ T8252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.744949][ T8252] RIP: 0033:0x7fa74cf8e969
[  356.744969][ T8252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.744988][ T8252] RSP: 002b:00007fa74de4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  356.745010][ T8252] RAX: ffffffffffffffda RBX: 00007fa74d1b5fa0 RCX: 00007fa74cf8e969
[  356.745027][ T8252] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000009
[  356.745041][ T8252] RBP: 00007fa74de4f090 R08: 0000000000000000 R09: 0000000000000017
[  356.745055][ T8252] R10: 0000000000000080 R11: 0000000000000246 R12: 0000000000000001
[  356.745069][ T8252] R13: 0000000000000000 R14: 00007fa74d1b5fa0 R15: 00007ffc23460e28
[  356.745105][ T8252]  </TASK>
[  357.035298][   T24] usb 2-1: config 160 has an invalid interface number: 200 but max is 0
[  357.044747][   T24] usb 2-1: config 160 has no interface number 0
[  357.051333][   T24] usb 2-1: config 160 interface 200 has no altsetting 0
[  357.082293][   T24] usb 2-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  357.098511][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.107088][   T24] usb 2-1: Product: syz
[  357.111295][   T24] usb 2-1: Manufacturer: syz
[  357.115949][   T24] usb 2-1: SerialNumber: syz
[  357.520656][ T5870] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  358.668238][ T5870] usb 1-1: Using ep0 maxpacket: 16
[  358.689374][ T8262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  358.758794][   T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  358.802598][ T5870] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  358.805133][   T24] usb 2-1: MIDIStreaming interface descriptor not found
[  358.871387][ T5870] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  358.886981][ T8262] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  359.089719][ T5870] usb 1-1: config 0 has no interface number 0
[  359.113523][   T24] usb 2-1: USB disconnect, device number 15
[  359.115416][ T5870] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  359.147922][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.179611][ T5870] usb 1-1: Product: syz
[  359.183852][ T5870] usb 1-1: Manufacturer: syz
[  359.210646][ T5870] usb 1-1: SerialNumber: syz
[  359.224247][ T7629] udevd[7629]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  359.243683][ T5870] usb 1-1: config 0 descriptor??
[  359.394945][ T5817] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  359.479219][   T24] usb 1-1: USB disconnect, device number 23
[  359.721739][ T5817] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  359.736924][ T5817] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  359.749405][ T5817] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  359.761515][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.848004][ T8279] netlink: 'syz.1.633': attribute type 2 has an invalid length.
[  360.405828][ T5817] usb 5-1: Product: syz
[  360.419343][ T5817] usb 5-1: Manufacturer: syz
[  360.495196][ T5817] usb 5-1: SerialNumber: syz
[  360.747195][ T5817] usb 5-1: 0:2 : does not exist
[  360.756240][ T5817] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  360.776414][ T5817] usb 5-1: USB disconnect, device number 20
[  360.810218][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  360.989468][ T8293] netlink: 28 bytes leftover after parsing attributes in process `syz.0.638'.
[  361.113457][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  361.212865][ T5870] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  361.355884][   T24] usb 2-1: Using ep0 maxpacket: 8
[  361.372207][ T5870] usb 4-1: Using ep0 maxpacket: 8
[  361.375990][   T24] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  361.389940][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.392655][ T5870] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  361.399174][   T24] usb 2-1: Product: syz
[  361.412169][   T24] usb 2-1: Manufacturer: syz
[  361.416808][   T24] usb 2-1: SerialNumber: syz
[  361.425825][ T5870] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  361.430619][   T24] usb 2-1: config 0 descriptor??
[  361.445747][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.448080][ T8303] netlink: 'syz.0.641': attribute type 1 has an invalid length.
[  361.457908][ T5870] usb 4-1: Product: syz
[  361.466858][ T5870] usb 4-1: Manufacturer: syz
[  361.475057][ T5870] usb 4-1: SerialNumber: syz
[  361.484862][ T5870] usb 4-1: config 0 descriptor??
[  361.538687][ T5817] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  361.646552][   T24] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  361.699581][ T5817] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  361.708413][ T5817] usb 5-1: config 160 has no interface number 0
[  361.714721][ T5817] usb 5-1: config 160 interface 200 has no altsetting 0
[  361.724308][ T5817] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  361.734294][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.742597][ T5817] usb 5-1: Product: syz
[  361.756387][ T5817] usb 5-1: Manufacturer: syz
[  361.762711][ T5817] usb 5-1: SerialNumber: syz
[  362.001425][ T5817] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  362.012737][ T5817] usb 5-1: MIDIStreaming interface descriptor not found
[  362.078787][ T5817] usb 5-1: USB disconnect, device number 21
[  362.166594][ T7623] udevd[7623]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  362.541762][ T8316] netlink: 'syz.0.644': attribute type 2 has an invalid length.
[  363.057170][   T24] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  363.149143][   T24] usb 2-1: USB disconnect, device number 16
[  363.274849][ T8320] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  363.685511][ T8323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  363.910158][   T24] usb 4-1: USB disconnect, device number 17
[  364.118592][ T8329] netlink: 56 bytes leftover after parsing attributes in process `syz.3.647'.
[  365.191599][   T24] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  365.362402][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  365.384957][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  365.400284][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  365.414581][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  365.434028][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  365.444118][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  365.455966][   T24] usb 4-1: SerialNumber: syz
[  365.481306][ T8332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  365.488650][ T8332] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  365.520656][   T24] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  365.767484][ T5817] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  365.796443][ T5870] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  365.928335][ T5817] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  365.938929][ T5817] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  365.948093][ T5870] usb 1-1: Using ep0 maxpacket: 8
[  365.963889][ T5817] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  365.982776][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.992827][ T5870] usb 1-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  366.006547][ T5817] usb 5-1: Product: syz
[  366.011849][ T5870] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.021658][ T5817] usb 5-1: Manufacturer: syz
[  366.030129][ T5870] usb 1-1: Product: syz
[  366.036123][ T5817] usb 5-1: SerialNumber: syz
[  366.040855][ T5870] usb 1-1: Manufacturer: syz
[  366.051274][ T5870] usb 1-1: SerialNumber: syz
[  366.082597][ T5870] usb 1-1: config 0 descriptor??
[  366.098696][ T5870] gspca_main: vc032x-2.14.0 probing 046d:0896
[  366.297456][ T5817] usb 5-1: 0:2 : does not exist
[  366.308987][ T5870] gspca_vc032x: reg_r err -71
[  366.317394][ T5817] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  366.325311][ T5870] vc032x 1-1:0.0: probe with driver vc032x failed with error -71
[  366.367077][ T5870] usb 1-1: USB disconnect, device number 24
[  366.735120][ T5817] usb 5-1: USB disconnect, device number 22
[  367.062065][ T5864] udevd[5864]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  367.152166][   T24] cdc_acm 4-1:1.0: ttyACM0: USB ACM device
[  367.163475][   T24] usb 4-1: USB disconnect, device number 18
[  367.672177][ T5868] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  367.860299][ T5868] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  367.883781][ T5868] usb 5-1: config 160 has no interface number 0
[  368.058286][ T5868] usb 5-1: config 160 interface 200 has no altsetting 0
[  368.086988][ T5868] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  369.117026][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.133989][ T5868] usb 5-1: Product: syz
[  369.139241][ T5868] usb 5-1: Manufacturer: syz
[  369.147484][ T5868] usb 5-1: SerialNumber: syz
[  369.612223][ T8368] netlink: 40 bytes leftover after parsing attributes in process `syz.3.660'.
[  370.748498][ T8373] set match dimension is over the limit!
[  371.565545][ T5868] usb 5-1: can't set config #160, error -71
[  371.585199][ T5868] usb 5-1: USB disconnect, device number 23
[  371.832835][ T8381] netlink: 'syz.0.661': attribute type 21 has an invalid length.
[  371.841444][ T8381] netlink: 'syz.0.661': attribute type 6 has an invalid length.
[  371.849380][ T8381] netlink: 132 bytes leftover after parsing attributes in process `syz.0.661'.
[  372.842157][ T8384] netlink: 28 bytes leftover after parsing attributes in process `syz.1.664'.
[  372.851543][ T8384] netlink: 28 bytes leftover after parsing attributes in process `syz.1.664'.
[  374.089244][ T8397] sctp: [Deprecated]: syz.0.668 (pid 8397) Use of struct sctp_assoc_value in delayed_ack socket option.
[  374.089244][ T8397] Use struct sctp_sack_info instead
[  374.302356][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  374.314960][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  374.322360][ T5868] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  374.332096][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  374.348531][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  374.362626][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  374.447287][ T8403] lo speed is unknown, defaulting to 1000
[  374.495087][ T5868] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  374.528503][ T5868] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  374.565712][ T5868] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  374.581935][ T5868] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.611830][ T5868] usb 2-1: Product: syz
[  374.626235][ T5868] usb 2-1: Manufacturer: syz
[  374.642825][ T5868] usb 2-1: SerialNumber: syz
[  374.845612][ T8408] IPVS: set_ctl: invalid protocol: 1 100.1.1.2:20001
[  374.855946][   T30] audit: type=1326 audit(1747454806.630:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  374.865623][ T5868] usb 2-1: 0:2 : does not exist
[  374.927933][ T5868] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  374.971484][ T8411] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(13)
[  374.978156][ T8411] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  374.986959][   T30] audit: type=1326 audit(1747454806.630:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  375.017301][ T8411] vhci_hcd vhci_hcd.0: Device attached
[  375.083185][   T30] audit: type=1326 audit(1747454806.630:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  375.112259][ T5868] usb 2-1: USB disconnect, device number 17
[  375.120203][ T8403] chnl_net:caif_netlink_parms(): no params data found
[  375.166050][   T30] audit: type=1326 audit(1747454806.630:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  375.197345][   T30] audit: type=1326 audit(1747454806.630:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  375.383160][   T24] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  375.403746][   T30] audit: type=1326 audit(1747454806.630:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  375.464634][ T8412] vhci_hcd: connection reset by peer
[  375.473436][ T1163] vhci_hcd: stop threads
[  375.479469][ T1163] vhci_hcd: release socket
[  375.493189][ T1163] vhci_hcd: disconnect device
[  375.561979][   T30] audit: type=1326 audit(1747454807.243:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  375.583508][    C1] vkms_vblank_simulate: vblank timer overrun
[  375.676214][   T30] audit: type=1326 audit(1747454807.243:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8407 comm="syz.3.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa74cf8e969 code=0x7ffc0000
[  375.793442][ T5908] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  376.879356][ T5832] Bluetooth: hci5: command tx timeout
[  376.906117][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  377.449702][ T5908] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  377.537446][ T5908] usb 5-1: config 160 has no interface number 0
[  377.595520][ T5908] usb 5-1: config 160 interface 200 has no altsetting 0
[  377.654645][ T5908] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  378.147816][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  378.153577][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.186044][ T5908] usb 5-1: Product: syz
[  378.213418][ T5908] usb 5-1: Manufacturer: syz
[  378.242369][ T5908] usb 5-1: SerialNumber: syz
[  378.380511][ T8403] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.405106][ T8403] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.440170][ T8403] bridge_slave_0: entered allmulticast mode
[  378.550383][ T8403] bridge_slave_0: entered promiscuous mode
[  378.616393][ T8403] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.641791][ T8403] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.649808][ T8403] bridge_slave_1: entered allmulticast mode
[  378.671667][ T5908] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  378.678727][ T5908] usb 5-1: MIDIStreaming interface descriptor not found
[  378.692757][ T8403] bridge_slave_1: entered promiscuous mode
[  378.999696][ T5832] Bluetooth: hci5: command tx timeout
[  379.027128][ T5908] usb 5-1: USB disconnect, device number 24
[  379.114017][ T7629] udevd[7629]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  379.197794][ T8444] tmpfs: Bad value for 'mpol'
[  379.424819][ T8442] netlink: 'syz.1.677': attribute type 21 has an invalid length.
[  379.434452][ T8442] netlink: 'syz.1.677': attribute type 6 has an invalid length.
[  379.442802][ T8442] netlink: 132 bytes leftover after parsing attributes in process `syz.1.677'.
[  379.510832][ T8403] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.552953][ T8403] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.753865][ T8459] FAULT_INJECTION: forcing a failure.
[  379.753865][ T8459] name failslab, interval 1, probability 0, space 0, times 0
[  379.766893][ T8459] CPU: 0 UID: 0 PID: 8459 Comm: syz.3.683 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  379.766925][ T8459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  379.766940][ T8459] Call Trace:
[  379.766946][ T8459]  <TASK>
[  379.766955][ T8459]  dump_stack_lvl+0x189/0x250
[  379.766981][ T8459]  ? lockdep_hardirqs_on+0x9c/0x150
[  379.767001][ T8459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.767035][ T8459]  should_fail_ex+0x414/0x560
[  379.767055][ T8459]  should_failslab+0xa8/0x100
[  379.767070][ T8459]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  379.767098][ T8459]  ? __alloc_skb+0x112/0x2d0
[  379.767120][ T8459]  __alloc_skb+0x112/0x2d0
[  379.767142][ T8459]  netlink_sendmsg+0x5c6/0xb30
[  379.767168][ T8459]  ? __pfx_netlink_sendmsg+0x10/0x10
[  379.767192][ T8459]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  379.767210][ T8459]  ? __pfx_netlink_sendmsg+0x10/0x10
[  379.767229][ T8459]  __sock_sendmsg+0x219/0x270
[  379.767247][ T8459]  ____sys_sendmsg+0x505/0x830
[  379.767272][ T8459]  ? __pfx_____sys_sendmsg+0x10/0x10
[  379.767301][ T8459]  ? import_iovec+0x74/0xa0
[  379.767336][ T8459]  ___sys_sendmsg+0x21f/0x2a0
[  379.767369][ T8459]  ? __pfx____sys_sendmsg+0x10/0x10
[  379.767423][ T8459]  ? __fget_files+0x2a/0x420
[  379.767437][ T8459]  ? __fget_files+0x3a0/0x420
[  379.767459][ T8459]  __x64_sys_sendmsg+0x19b/0x260
[  379.767482][ T8459]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  379.767516][ T8459]  ? do_syscall_64+0xba/0x210
[  379.767540][ T8459]  do_syscall_64+0xf6/0x210
[  379.767559][ T8459]  ? asm_sysvec_call_function_single+0x1a/0x20
[  379.767576][ T8459]  ? clear_bhb_loop+0x60/0xb0
[  379.767595][ T8459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.767610][ T8459] RIP: 0033:0x7fa74cf8e969
[  379.767624][ T8459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.767638][ T8459] RSP: 002b:00007fa74de4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  379.767654][ T8459] RAX: ffffffffffffffda RBX: 00007fa74d1b5fa0 RCX: 00007fa74cf8e969
[  379.767666][ T8459] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000008
[  379.767675][ T8459] RBP: 00007fa74de4f090 R08: 0000000000000000 R09: 0000000000000000
[  379.767685][ T8459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.767694][ T8459] R13: 0000000000000000 R14: 00007fa74d1b5fa0 R15: 00007ffc23460e28
[  379.767717][ T8459]  </TASK>
[  380.714978][   T24] vhci_hcd: vhci_device speed not set
[  381.083311][ T5832] Bluetooth: hci5: command tx timeout
[  381.673981][ T8403] team0: Port device team_slave_0 added
[  381.774098][ T8403] team0: Port device team_slave_1 added
[  381.805851][ T8470] IPVS: length: 4096 != 8
[  381.937025][ T8476] tmpfs: Unknown parameter 'noswïD}6xO•û'
[  381.964330][ T8403] batman_adv: batadv0: Adding interface: batadv_slave_0
[  381.971457][ T8403] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  382.070443][ T8403] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  382.249478][ T8476] tipc: Started in network mode
[  382.349791][ T8476] tipc: Node identity 6, cluster identity 4711
[  382.440912][ T8476] tipc: Node number set to 6
[  382.448488][ T8403] batman_adv: batadv0: Adding interface: batadv_slave_1
[  382.457615][ T8473] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  382.498699][ T8403] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  382.662882][ T8403] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  382.848596][ T8471] netlink: 8 bytes leftover after parsing attributes in process `syz.3.686'.
[  382.901723][ T8403] hsr_slave_0: entered promiscuous mode
[  382.926944][ T8403] hsr_slave_1: entered promiscuous mode
[  382.948625][ T8403] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  382.956235][ T8403] Cannot create hsr debugfs directory
[  383.007904][ T5817] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  383.147071][ T5832] Bluetooth: hci5: command tx timeout
[  383.151533][ T8493] netlink: 'syz.0.691': attribute type 21 has an invalid length.
[  383.246767][ T5817] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  383.255177][ T5817] usb 5-1: config 160 has no interface number 0
[  383.375301][ T5817] usb 5-1: config 160 interface 200 has no altsetting 0
[  383.386009][ T8493] netlink: 'syz.0.691': attribute type 6 has an invalid length.
[  383.419748][ T8493] netlink: 132 bytes leftover after parsing attributes in process `syz.0.691'.
[  383.712284][ T5817] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  383.722066][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.730648][ T5817] usb 5-1: Product: syz
[  383.734937][ T5817] usb 5-1: Manufacturer: syz
[  383.740575][ T5817] usb 5-1: SerialNumber: syz
[  384.011837][ T5817] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  384.030764][ T5817] usb 5-1: MIDIStreaming interface descriptor not found
[  384.112520][ T5817] usb 5-1: USB disconnect, device number 25
[  384.386284][ T7627] udevd[7627]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  384.473742][ T5983] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  384.638083][ T5865] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  384.792567][ T5983] usb 2-1: Using ep0 maxpacket: 32
[  385.147781][ T5983] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  385.200281][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.221116][ T8403] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  385.236745][ T5983] usb 2-1: Product: syz
[  385.265673][ T5983] usb 2-1: Manufacturer: syz
[  385.270341][ T5983] usb 2-1: SerialNumber: syz
[  385.308281][ T5865] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  385.332298][ T8403] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  385.357629][ T5983] usb 2-1: config 0 descriptor??
[  385.362927][ T5865] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  385.366689][ T8403] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  385.410894][ T8403] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  385.414184][ T5865] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  385.430258][ T5865] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.449121][ T5865] usb 4-1: Product: syz
[  385.455208][ T5865] usb 4-1: Manufacturer: syz
[  385.459926][ T5865] usb 4-1: SerialNumber: syz
[  385.925266][   T24] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  386.005125][ T5865] usb 4-1: 0:2 : does not exist
[  386.034460][ T5865] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  386.086899][ T5865] usb 4-1: USB disconnect, device number 19
[  386.097124][   T24] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  386.132955][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.154552][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  386.191972][   T24] usb 5-1: config 0 descriptor??
[  386.221218][   T24] cp210x 5-1:0.0: cp210x converter detected
[  386.247656][ T8403] 8021q: adding VLAN 0 to HW filter on device bond0
[  386.304031][ T8403] 8021q: adding VLAN 0 to HW filter on device team0
[  386.354608][ T5924] bridge0: port 1(bridge_slave_0) entered blocking state
[  386.361919][ T5924] bridge0: port 1(bridge_slave_0) entered forwarding state
[  386.394136][ T5983] peak_usb 2-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  386.410369][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  386.417694][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.442834][ T5983] peak_usb 2-1:0.0 can0: sending command failure: -22
[  386.458212][ T5983] peak_usb 2-1:0.0 can0: sending command failure: -22
[  386.575775][ T5983] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22
[  386.659336][   T24] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  388.330224][   T24] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  388.415135][ T8403] 8021q: adding VLAN 0 to HW filter on device batadv0
[  388.467377][ T5908] usb 2-1: USB disconnect, device number 18
[  388.476037][   T24] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  388.534901][ T8543] FAULT_INJECTION: forcing a failure.
[  388.534901][ T8543] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.573531][   T24] usb 5-1: cp210x converter now attached to ttyUSB0
[  388.638283][   T24] usb 5-1: USB disconnect, device number 26
[  388.683955][ T8543] CPU: 1 UID: 0 PID: 8543 Comm: syz.3.703 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  388.683986][ T8543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  388.683999][ T8543] Call Trace:
[  388.684007][ T8543]  <TASK>
[  388.684017][ T8543]  dump_stack_lvl+0x189/0x250
[  388.684050][ T8543]  ? __lock_acquire+0xaac/0xd20
[  388.684089][ T8543]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.684117][ T8543]  ? __pfx__printk+0x10/0x10
[  388.684152][ T8543]  ? __might_fault+0xb0/0x130
[  388.684197][ T8543]  should_fail_ex+0x414/0x560
[  388.684225][ T8543]  _copy_from_user+0x2d/0xb0
[  388.684256][ T8543]  wext_handle_ioctl+0xba/0x1c0
[  388.684294][ T8543]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  388.684334][ T8543]  ? __asan_memset+0x22/0x50
[  388.684361][ T8543]  ? smack_file_ioctl+0x24a/0x340
[  388.684387][ T8543]  sock_ioctl+0x15f/0x790
[  388.684423][ T8543]  ? __pfx_sock_ioctl+0x10/0x10
[  388.684459][ T8543]  ? __fget_files+0x3a0/0x420
[  388.684478][ T8543]  ? __fget_files+0x2a/0x420
[  388.684500][ T8543]  ? bpf_lsm_file_ioctl+0x9/0x20
[  388.684523][ T8543]  ? __pfx_sock_ioctl+0x10/0x10
[  388.684553][ T8543]  __se_sys_ioctl+0xf9/0x170
[  388.684583][ T8543]  do_syscall_64+0xf6/0x210
[  388.684610][ T8543]  ? clear_bhb_loop+0x60/0xb0
[  388.684636][ T8543]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.684658][ T8543] RIP: 0033:0x7fa74cf8e969
[  388.684679][ T8543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.684698][ T8543] RSP: 002b:00007fa74de4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  388.684722][ T8543] RAX: ffffffffffffffda RBX: 00007fa74d1b5fa0 RCX: 00007fa74cf8e969
[  388.684738][ T8543] RDX: 0000200000000000 RSI: 0000000000008b15 RDI: 0000000000000003
[  388.684752][ T8543] RBP: 00007fa74de4f090 R08: 0000000000000000 R09: 0000000000000000
[  388.684766][ T8543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.684779][ T8543] R13: 0000000000000000 R14: 00007fa74d1b5fa0 R15: 00007ffc23460e28
[  388.684812][ T8543]  </TASK>
[  388.686741][ T8548] FAULT_INJECTION: forcing a failure.
[  388.686741][ T8548] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.736464][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  388.809053][ T8548] CPU: 0 UID: 0 PID: 8548 Comm: syz.4.704 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  388.809086][ T8548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  388.809101][ T8548] Call Trace:
[  388.809110][ T8548]  <TASK>
[  388.809119][ T8548]  dump_stack_lvl+0x189/0x250
[  388.809156][ T8548]  ? __lock_acquire+0xaac/0xd20
[  388.809190][ T8548]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.809221][ T8548]  ? __pfx__printk+0x10/0x10
[  388.809257][ T8548]  ? __might_fault+0xb0/0x130
[  388.809314][ T8548]  should_fail_ex+0x414/0x560
[  388.809345][ T8548]  _copy_from_user+0x2d/0xb0
[  388.809379][ T8548]  csum_and_copy_from_iter_full+0x1d8/0x1d20
[  388.809422][ T8548]  ? sock_alloc_send_pskb+0x875/0x990
[  388.809469][ T8548]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  388.809512][ T8548]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  388.809545][ T8548]  ? tomoyo_check_open_permission+0x16a/0x3b0
[  388.809572][ T8548]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  388.809597][ T8548]  ? smk_access+0x14c/0x4e0
[  388.809635][ T8548]  ping_getfrag+0x72/0x260
[  388.809670][ T8548]  ? skb_put+0x11b/0x210
[  388.809704][ T8548]  __ip6_append_data+0x3826/0x3dc0
[  388.809732][ T8548]  ? __lock_acquire+0xaac/0xd20
[  388.809781][ T8548]  ? __lock_acquire+0xaac/0xd20
[  388.809815][ T8548]  ? __pfx_ping_getfrag+0x10/0x10
[  388.809873][ T8548]  ? __pfx___ip6_append_data+0x10/0x10
[  388.809916][ T8548]  ip6_append_data+0x1c4/0x380
[  388.809949][ T8548]  ? __pfx_ping_getfrag+0x10/0x10
[  388.809987][ T8548]  ping_v6_sendmsg+0xe06/0x1210
[  388.810026][ T8548]  ? __pfx_ping_v6_sendmsg+0x10/0x10
[  388.810065][ T8548]  ? __lock_acquire+0xaac/0xd20
[  388.810119][ T8548]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  388.810153][ T8548]  ? __fget_files+0x2a/0x420
[  388.810174][ T8548]  ? sock_rps_record_flow+0x19/0x400
[  388.810212][ T8548]  ? inet_sendmsg+0x2f4/0x370
[  388.810243][ T8548]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  388.810272][ T8548]  __sock_sendmsg+0x19c/0x270
[  388.810307][ T8548]  __sys_sendto+0x3bd/0x520
[  388.810339][ T8548]  ? __pfx___sys_sendto+0x10/0x10
[  388.810363][ T8548]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  388.810409][ T8548]  ? __fget_files+0x3a0/0x420
[  388.810444][ T8548]  ? ksys_write+0x1f0/0x250
[  388.810488][ T8548]  __x64_sys_sendto+0xde/0x100
[  388.810521][ T8548]  do_syscall_64+0xf6/0x210
[  388.810552][ T8548]  ? asm_sysvec_call_function_single+0x1a/0x20
[  388.810577][ T8548]  ? clear_bhb_loop+0x60/0xb0
[  388.810605][ T8548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.810627][ T8548] RIP: 0033:0x7f5de118e969
[  388.810648][ T8548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.810668][ T8548] RSP: 002b:00007f5de1f76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  388.810692][ T8548] RAX: ffffffffffffffda RBX: 00007f5de13b6080 RCX: 00007f5de118e969
[  388.810710][ T8548] RDX: 000000000000ffd8 RSI: 0000200000000080 RDI: 000000000000000d
[  388.810725][ T8548] RBP: 00007f5de1f76090 R08: 0000000000000000 R09: 0000000000000000
[  388.810739][ T8548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.810752][ T8548] R13: 0000000000000000 R14: 00007f5de13b6080 R15: 00007fff86937778
[  388.810790][ T8548]  </TASK>
[  389.639765][   T24] cp210x 5-1:0.0: device disconnected
[  389.841960][ T5908] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  390.233278][ T5908] usb 1-1: config 160 has an invalid interface number: 200 but max is 0
[  390.248124][ T5908] usb 1-1: config 160 has no interface number 0
[  390.255115][ T5908] usb 1-1: config 160 interface 200 has no altsetting 0
[  391.727728][ T5908] usb 1-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  391.738653][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.747107][ T5908] usb 1-1: Product: syz
[  391.753133][ T5908] usb 1-1: Manufacturer: syz
[  391.758666][ T5908] usb 1-1: SerialNumber: syz
[  392.219103][ T5908] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  392.252984][ T5908] usb 1-1: MIDIStreaming interface descriptor not found
[  392.414300][ T8403] veth0_vlan: entered promiscuous mode
[  392.427691][ T5908] usb 1-1: USB disconnect, device number 25
[  392.491576][ T8403] veth1_vlan: entered promiscuous mode
[  392.620898][ T5865] usb 5-1: new low-speed USB device number 27 using dummy_hcd
[  392.628774][ T5817] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  392.664778][ T8403] veth0_macvtap: entered promiscuous mode
[  392.693920][ T8403] veth1_macvtap: entered promiscuous mode
[  392.760853][ T8403] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.792925][ T5817] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  392.804224][ T5865] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  392.816437][ T8403] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.828925][ T5817] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  392.839526][ T5865] usb 5-1: config 0 has no interface number 0
[  392.845680][ T5865] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  392.862368][ T8403] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.884571][ T8403] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  392.885711][ T5817] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  392.904519][ T8403] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  392.914547][ T5865] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  392.917906][ T8403] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  392.935413][ T5817] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.090736][  T991] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.124772][  T991] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.136551][ T5908] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  393.147600][ T5817] usb 4-1: Product: syz
[  393.151815][ T5817] usb 4-1: Manufacturer: syz
[  393.156534][ T5865] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  393.168241][ T5817] usb 4-1: SerialNumber: syz
[  393.174661][ T5865] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  393.185861][ T5865] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  393.203511][ T5865] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  393.230874][ T5865] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  393.240524][ T5865] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.345690][ T8584] [U] 5ѨD§ªÕ�¶¦“
[  393.350053][ T8584] [U] ÜDL·Y‹>D@ÂÛÛ
[  393.358000][ T8584] [U] ,Ø)ÆT@
[  393.361263][ T8584] [U] 
[  393.364005][ T8584] [U] 
[  393.367815][ T8584] [U] 
[  393.370551][ T8584] [U] 
[  393.373274][ T8584] [U] 
[  393.375995][ T8584] [U] 
[  393.379346][ T8584] [U] 
[  393.382240][ T8584] [U] 
[  393.385073][ T8584] [U] 
[  393.806626][  T991] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.814524][  T991] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.839962][ T8579] [U] 
[  393.847460][ T5817] usb 4-1: 0:2 : does not exist
[  393.848060][ T5908] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  393.857681][ T5865] usb 5-1: config 0 descriptor??
[  393.899284][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.931444][ T5908] usb 2-1: config 0 descriptor??
[  393.964333][ T5908] cp210x 2-1:0.0: cp210x converter detected
[  394.012002][ T5817] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  394.015859][ T8577] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  394.076956][ T5817] usb 4-1: USB disconnect, device number 20
[  394.085584][ T8577] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  394.159533][ T5865] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  394.753214][ T5908] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  395.138590][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  395.182594][   T30] audit: type=1326 audit(1747454827.004:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8574 comm="syz.4.711" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5de118e969 code=0x0
[  395.869990][ T8601] netlink: 56 bytes leftover after parsing attributes in process `syz.3.716'.
[  396.119662][ T8606] netlink: 56 bytes leftover after parsing attributes in process `syz.5.717'.
[  396.262364][   T10] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  396.338215][ T5908] cp210x 2-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  396.361483][ T5868] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  396.387826][ T5908] cp210x 2-1:0.0: GPIO initialisation failed: -71
[  396.451882][ T5908] usb 2-1: cp210x converter now attached to ttyUSB0
[  396.482249][   T50] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  396.520939][ T5908] usb 2-1: USB disconnect, device number 19
[  396.546122][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  396.564422][ T5908] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  396.584454][ T5868] usb 1-1: config 1 has an invalid descriptor of length 85, skipping remainder of the config
[  396.642812][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  396.643951][ T5908] cp210x 2-1:0.0: device disconnected
[  396.664189][ T5868] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  396.684023][   T50] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  396.731199][   T10] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  396.769330][ T5868] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  396.778829][   T50] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  396.814974][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.826580][   T10] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  396.833916][   T50] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  396.860280][ T5868] usb 1-1: Product: syz
[  396.868949][ T5868] usb 1-1: Manufacturer: syz
[  396.889143][ T5868] usb 1-1: SerialNumber: syz
[  396.896827][   T50] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  396.911146][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  396.931121][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  396.978799][   T50] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  396.988207][   T10] usb 4-1: SerialNumber: syz
[  397.009144][ T8601] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  397.034528][ T8601] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  397.054794][   T50] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  397.085619][   T50] usb 6-1: SerialNumber: syz
[  397.106214][   T10] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  397.126820][   T13] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  397.140945][ T8607] raw-gadget.4 gadget.5: fail, usb_ep_enable returned -22
[  397.168334][ T8607] raw-gadget.4 gadget.5: fail, usb_ep_enable returned -22
[  397.188912][ T5868] usb 1-1: 0:2 : does not exist
[  397.224475][   T50] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  397.242601][ T5868] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  397.308442][ T5868] usb 1-1: USB disconnect, device number 26
[  397.452709][   T50] cdc_acm 6-1:1.0: ttyACM1: USB ACM device
[  397.509667][   T50] usb 6-1: USB disconnect, device number 2
[  397.522321][ T5865] usb 5-1: USB disconnect, device number 27
[  397.532709][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  397.609484][ T5865] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  397.850571][ T5817] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  398.649792][   T50] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  398.839825][   T50] usb 1-1: config 160 has an invalid interface number: 200 but max is 0
[  398.868393][   T50] usb 1-1: config 160 has no interface number 0
[  398.967701][   T10] cdc_acm 4-1:1.0: ttyACM0: USB ACM device
[  398.977080][   T10] usb 4-1: USB disconnect, device number 21
[  398.984284][ T5817] usb 2-1: not running at top speed; connect to a high speed hub
[  398.996376][ T5817] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  399.008562][ T5817] usb 2-1: config 1 has no interface number 1
[  399.024849][   T50] usb 1-1: config 160 interface 200 has no altsetting 0
[  399.039045][ T5817] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  399.182834][   T50] usb 1-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  399.286809][   T50] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.374013][   T50] usb 1-1: Product: syz
[  399.383688][ T5817] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  399.391021][   T50] usb 1-1: Manufacturer: syz
[  399.441976][   T50] usb 1-1: SerialNumber: syz
[  399.447726][ T5817] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.606072][ T5817] usb 2-1: Product: syz
[  399.648850][ T5817] usb 2-1: Manufacturer: syz
[  399.653526][ T5817] usb 2-1: SerialNumber: syz
[  400.362081][ T5817] usb 2-1: 2:1: All rates were zero
[  400.396808][   T50] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  400.401952][ T5817] usb 2-1: USB disconnect, device number 20
[  400.447904][   T50] usb 1-1: MIDIStreaming interface descriptor not found
[  401.276701][   T50] usb 1-1: USB disconnect, device number 27
[  401.282858][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  401.362300][ T8640] Process accounting resumed
[  401.449506][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  401.559515][ T7627] udevd[7627]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:160.200/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  401.717216][  T976] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  401.817183][ T8652] netlink: 56 bytes leftover after parsing attributes in process `syz.1.732'.
[  401.938616][  T976] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  402.044800][  T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.160292][ T8656] [U] 5ѨD§ªÕ�¶¦“
[  402.164432][ T8656] [U] ÜDL·Y‹>D@ÂÛÛ
[  402.171282][ T8656] [U] ,Ø)ÆT@
[  402.174564][ T8656] [U] 
[  402.177302][ T8656] [U] 
[  402.180871][ T8656] [U] 
[  402.183604][ T8656] [U] 
[  402.186331][ T8656] [U] 
[  402.189059][ T8656] [U] 
[  402.192270][ T8656] [U] 
[  402.195006][ T8656] [U] 
[  402.197939][ T8656] [U] 
[  402.227743][ T5817] usb 2-1: new full-speed USB device number 21 using dummy_hcd
[  402.679918][  T976] usb 5-1: config 0 descriptor??
[  402.688588][  T976] cp210x 5-1:0.0: cp210x converter detected
[  402.692572][ T8653] [U] 
[  403.296703][ T5817] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  403.308106][ T5817] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  403.482884][  T976] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  403.972486][ T5817] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  403.983452][ T5817] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  403.998122][ T5817] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  404.007473][ T5817] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  404.045053][ T5817] usb 2-1: SerialNumber: syz
[  404.166167][ T8652] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  404.214879][ T8665] netlink: 56 bytes leftover after parsing attributes in process `syz.3.735'.
[  404.215343][ T8652] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  404.739186][ T5817] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  405.141767][ T8670] set match dimension is over the limit!
[  405.912161][ T5817] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  406.112735][  T976] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  406.131178][  T976] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  406.139505][ T5817] usb 2-1: USB disconnect, device number 21
[  406.185328][  T976] usb 5-1: cp210x converter now attached to ttyUSB0
[  406.356445][  T976] usb 5-1: USB disconnect, device number 28
[  406.529587][  T976] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  406.662324][  T976] cp210x 5-1:0.0: device disconnected
[  407.697809][ T8682] Process accounting resumed
[  407.855071][ T8685] netlink: 4 bytes leftover after parsing attributes in process `syz.3.740'.
[  407.922172][ T8685] macvtap1: entered promiscuous mode
[  408.853759][ T8685] batadv0: entered promiscuous mode
[  408.862600][ T8685] macvtap1: entered allmulticast mode
[  408.982883][ T8685] batadv0: entered allmulticast mode
[  409.251153][ T8685] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  409.378189][ T8702] No such timeout policy "syz1"
[  409.437100][ T8698] batadv0: left allmulticast mode
[  409.817351][ T8698] batadv0: left promiscuous mode
[  410.071484][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  412.644861][ T8716] netlink: 56 bytes leftover after parsing attributes in process `syz.1.748'.
[  413.378345][ T8724] netlink: 'syz.0.750': attribute type 7 has an invalid length.
[  413.383342][ T5817] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  414.211302][ T5817] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  414.235946][ T8725] Process accounting resumed
[  414.241725][  T976] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  414.509974][  T976] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  414.635914][  T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.638656][ T5817] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  414.698746][ T5817] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  414.699851][  T976] usb 5-1: config 0 descriptor??
[  414.741379][ T5817] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  414.773250][  T976] cp210x 5-1:0.0: cp210x converter detected
[  414.777044][ T5817] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  414.809413][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  414.827054][ T5817] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  414.866424][ T5817] usb 2-1: SerialNumber: syz
[  415.437053][   T10] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  415.451124][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[  415.461421][   T10] usb 1-1: New USB device found, idVendor=0757, idProduct=0a00, bcdDevice= 0.00
[  415.472768][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.488515][ T8716] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  415.504004][ T8716] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  415.521358][ T5817] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  415.533053][   T10] usb 1-1: config 0 descriptor??
[  415.536992][ T8741] loop6: detected capacity change from 0 to 63
[  415.553450][ T5925] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.568037][ T8741] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.576824][ T8741] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.585301][ T8741] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.593417][ T8741] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.603025][ T8741] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.611361][ T8741] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.852115][  T976] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  415.860884][ T5925] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.869708][ T5925] Buffer I/O error on dev loop6, logical block 0, async page read
[  415.878369][ T5925] Buffer I/O error on dev loop6, logical block 0, async page read
[  416.003224][ T5817] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  416.060599][ T5817] usb 2-1: USB disconnect, device number 22
[  416.237634][   T10] nti 0003:0757:0A00.0003: hidraw0: USB HID v0.00 Device [HID 0757:0a00] on usb-dummy_hcd.0-1/input0
[  416.483608][   T10] usb 1-1: USB disconnect, device number 28
[  416.654508][ T8755] sctp: [Deprecated]: syz.1.758 (pid 8755) Use of int in max_burst socket option deprecated.
[  416.654508][ T8755] Use struct sctp_assoc_value instead
[  416.927995][ T8757] xt_CT: No such helper "snmp"
[  417.193526][  T976] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  417.201148][  T976] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  417.241990][  T976] usb 5-1: cp210x converter now attached to ttyUSB0
[  417.261007][  T976] usb 5-1: USB disconnect, device number 29
[  417.269046][ T8760] FAULT_INJECTION: forcing a failure.
[  417.269046][ T8760] name failslab, interval 1, probability 0, space 0, times 0
[  417.305699][  T976] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  417.323503][ T8760] CPU: 1 UID: 0 PID: 8760 Comm: syz.4.759 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  417.323534][ T8760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  417.323547][ T8760] Call Trace:
[  417.323556][ T8760]  <TASK>
[  417.323565][ T8760]  dump_stack_lvl+0x189/0x250
[  417.323603][ T8760]  ? __pfx_dump_stack_lvl+0x10/0x10
[  417.323634][ T8760]  ? __pfx__printk+0x10/0x10
[  417.323670][ T8760]  ? __pfx___might_resched+0x10/0x10
[  417.323704][ T8760]  ? fs_reclaim_acquire+0x7d/0x100
[  417.323733][ T8760]  should_fail_ex+0x414/0x560
[  417.323761][ T8760]  should_failslab+0xa8/0x100
[  417.323784][ T8760]  __kmalloc_cache_noprof+0x70/0x3d0
[  417.323817][ T8760]  ? alloc_fs_context+0x61/0x7d0
[  417.323842][ T8760]  alloc_fs_context+0x61/0x7d0
[  417.323864][ T8760]  ? kfree+0x193/0x440
[  417.323892][ T8760]  ? get_fs_type+0x407/0x480
[  417.323921][ T8760]  __se_sys_fsopen+0xa5/0x2b0
[  417.323951][ T8760]  do_syscall_64+0xf6/0x210
[  417.323982][ T8760]  ? clear_bhb_loop+0x60/0xb0
[  417.324009][ T8760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.324042][ T8760] RIP: 0033:0x7f5de118e969
[  417.324060][ T8760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.324079][ T8760] RSP: 002b:00007f5de1f97038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
[  417.324102][ T8760] RAX: ffffffffffffffda RBX: 00007f5de13b5fa0 RCX: 00007f5de118e969
[  417.324118][ T8760] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00002000000000c0
[  417.324132][ T8760] RBP: 00007f5de1f97090 R08: 0000000000000000 R09: 0000000000000000
[  417.324146][ T8760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  417.324159][ T8760] R13: 0000000000000001 R14: 00007f5de13b5fa0 R15: 00007fff86937778
[  417.324192][ T8760]  </TASK>
[  417.602703][  T976] cp210x 5-1:0.0: device disconnected
[  419.404246][ T8771] can: request_module (can-proto-5) failed.
[  420.089217][ T5817] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  420.477365][ T5817] usb 1-1: not running at top speed; connect to a high speed hub
[  420.498877][ T5817] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  420.525396][ T5817] usb 1-1: config 1 has no interface number 1
[  420.540933][ T5817] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  420.573424][ T5817] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  420.601115][ T5817] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.613912][ T5817] usb 1-1: Product: syz
[  420.977921][ T5817] usb 1-1: Manufacturer: syz
[  420.982599][ T5817] usb 1-1: SerialNumber: syz
[  421.197985][ T8801] bridge0: entered promiscuous mode
[  421.225741][ T5817] usb 1-1: 2:1: All rates were zero
[  421.233267][ T8801] bridge0: port 3(macsec1) entered blocking state
[  421.272314][ T8802] bio_check_eod: 2 callbacks suppressed
[  421.272335][ T8802] syz.1.770: attempt to access beyond end of device
[  421.272335][ T8802] loop3: rw=0, sector=2, nr_sectors = 2 limit=0
[  421.273211][ T5817] usb 1-1: USB disconnect, device number 29
[  421.291813][ T8801] bridge0: port 3(macsec1) entered disabled state
[  421.292109][ T8801] macsec1: entered allmulticast mode
[  421.316068][ T8802] syz.1.770: attempt to access beyond end of device
[  421.316068][ T8802] loop3: rw=0, sector=16, nr_sectors = 2 limit=0
[  421.329527][   T10] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  421.352075][ T8804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.771'.
[  421.364097][ T8801] bridge0: entered allmulticast mode
[  421.412927][ T8801] macsec1: left allmulticast mode
[  421.426492][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  421.439020][ T8801] bridge0: left allmulticast mode
[  421.466156][ T8801] bridge0: left promiscuous mode
[  421.539574][   T10] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  421.555255][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.599200][   T10] usb 5-1: config 0 descriptor??
[  421.648000][   T10] cp210x 5-1:0.0: cp210x converter detected
[  422.062126][ T8814] veth0_vlan: entered allmulticast mode
[  422.089125][ T8814] netlink: 248 bytes leftover after parsing attributes in process `syz.0.774'.
[  422.386650][   T10] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  423.512314][ T5817] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  424.169307][   T10] cp210x 5-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  424.187852][   T10] cp210x 5-1:0.0: GPIO initialisation failed: -71
[  424.203168][ T5817] usb 2-1: not running at top speed; connect to a high speed hub
[  424.211921][   T10] usb 5-1: cp210x converter now attached to ttyUSB0
[  424.219935][ T5817] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  424.256171][ T5817] usb 2-1: config 1 has no interface number 1
[  424.274446][   T10] usb 5-1: USB disconnect, device number 30
[  424.284150][ T5817] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  424.342491][   T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  424.362946][ T5817] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  424.392043][   T10] cp210x 5-1:0.0: device disconnected
[  424.403695][ T5817] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.416413][ T5817] usb 2-1: Product: syz
[  424.422837][ T5817] usb 2-1: Manufacturer: syz
[  424.427871][ T5817] usb 2-1: SerialNumber: syz
[  424.439873][ T8828] overlayfs: failed to verify upper root origin
[  424.669888][ T5817] usb 2-1: 2:1: All rates were zero
[  424.764444][ T5817] usb 2-1: USB disconnect, device number 23
[  424.904574][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  425.086894][ T5865] usb 5-1: new full-speed USB device number 31 using dummy_hcd
[  425.271682][ T5865] usb 5-1: config 4 has an invalid interface number: 156 but max is 0
[  425.289198][ T5865] usb 5-1: config 4 has no interface number 0
[  425.332018][ T5865] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db71, bcdDevice=53.3e
[  425.359615][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  425.368634][ T5865] usb 5-1: Product: syz
[  425.372837][ T5865] usb 5-1: Manufacturer: syz
[  425.409627][ T5865] usb 5-1: SerialNumber: syz
[  425.500184][ T5865] dvb-usb: found a 'DViCO FusionHDTV DVB-T NANO2 w/o firmware' in warm state.
[  425.515596][ T8840] kvm: kvm [8839]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc1) = 0x822
[  425.556864][ T8840] kvm: kvm [8839]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x7e
[  425.569757][ T5865] usb 5-1: setting power ON
[  425.576388][ T8854] netlink: 20 bytes leftover after parsing attributes in process `syz.0.783'.
[  425.585837][ T5865] dvb-usb: bulk message failed: -8 (2/0)
[  425.605253][ T5865] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  425.680296][ T5865] dvb-usb: DViCO FusionHDTV DVB-T NANO2 w/o firmware error while loading driver (-19)
[  425.711407][ T8834] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  425.749501][ T5865] dvb_usb_cxusb 5-1:4.156: probe with driver dvb_usb_cxusb failed with error -22
[  425.777180][ T8834] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  426.756352][ T5865] usb 5-1: USB disconnect, device number 31
[  427.986290][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  428.562858][ T8886] netlink: 8 bytes leftover after parsing attributes in process `syz.0.794'.
[  428.614089][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.4.795'.
[  429.796406][ T8898] dlm: non-version read from control device 211
[  429.804580][ T8898] dlm: non-version read from control device 211
[  429.826355][ T5817] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  430.055914][ T5817] usb 5-1: Using ep0 maxpacket: 32
[  430.310512][ T5817] usb 5-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice= e.22
[  430.379456][ T5817] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.396957][ T5817] usb 5-1: Product: syz
[  430.474286][ T5817] usb 5-1: Manufacturer: syz
[  430.591318][ T5817] usb 5-1: SerialNumber: syz
[  430.646962][ T5817] usb 5-1: config 0 descriptor??
[  430.713222][ T5817] usb 5-1: selecting invalid altsetting 3
[  430.810552][ T5817] comedi comedi0: could not set alternate setting 3 in high speed
[  431.182870][ T5817] usbdux 5-1:0.0: driver 'usbdux' failed to auto-configure device.
[  431.278135][ T5817] usbdux 5-1:0.0: probe with driver usbdux failed with error -22
[  431.312645][ T5817] usb 5-1: USB disconnect, device number 32
[  431.590239][ T8919] set match dimension is over the limit!
[  431.801409][ T8888] syz.4.795 (8888) used greatest stack depth: 17080 bytes left
[  432.526958][ T8931] lo speed is unknown, defaulting to 1000
[  433.265677][ T5908] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  433.303285][ T8925] netlink: 68 bytes leftover after parsing attributes in process `syz.1.804'.
[  433.448596][ T5908] usb 6-1: Using ep0 maxpacket: 32
[  433.475070][ T5908] usb 6-1: config index 0 descriptor too short (expected 32768, got 27)
[  433.513365][ T5908] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.727929][ T5908] usb 6-1: config 0 has no interfaces?
[  433.736380][ T5908] usb 6-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  433.745588][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  433.754889][ T5908] usb 6-1: Product: syz
[  433.759129][ T5908] usb 6-1: Manufacturer: syz
[  433.767403][ T5908] usb 6-1: config 0 descriptor??
[  433.890801][ T8942] netlink: 'syz.1.806': attribute type 4 has an invalid length.
[  433.898667][ T8942] netlink: 3657 bytes leftover after parsing attributes in process `syz.1.806'.
[  434.345304][ T8931] netlink: 892 bytes leftover after parsing attributes in process `syz.5.803'.
[  435.621811][ T5817] usb 6-1: USB disconnect, device number 3
[  436.811355][ T8961] xt_NFQUEUE: number of queues (65532) out of range (got 66665)
[  436.975853][ T8966] FAULT_INJECTION: forcing a failure.
[  436.975853][ T8966] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  437.011168][ T8966] CPU: 1 UID: 0 PID: 8966 Comm: syz.3.817 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  437.011208][ T8966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  437.011222][ T8966] Call Trace:
[  437.011231][ T8966]  <TASK>
[  437.011241][ T8966]  dump_stack_lvl+0x189/0x250
[  437.011280][ T8966]  ? __pfx_dump_stack_lvl+0x10/0x10
[  437.011310][ T8966]  ? __pfx__printk+0x10/0x10
[  437.011346][ T8966]  ? fs_reclaim_acquire+0x7d/0x100
[  437.011382][ T8966]  should_fail_ex+0x414/0x560
[  437.011411][ T8966]  prepare_alloc_pages+0x213/0x610
[  437.011445][ T8966]  __alloc_frozen_pages_noprof+0x123/0x370
[  437.011477][ T8966]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  437.011501][ T8966]  ? __lock_acquire+0xaac/0xd20
[  437.011540][ T8966]  ? policy_nodemask+0x27c/0x720
[  437.011580][ T8966]  alloc_pages_mpol+0x232/0x4a0
[  437.011621][ T8966]  vma_alloc_folio_noprof+0xe4/0x200
[  437.011646][ T8966]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  437.011696][ T8966]  folio_prealloc+0x30/0x180
[  437.011720][ T8966]  do_wp_page+0x123a/0x5760
[  437.011777][ T8966]  ? __pfx_do_wp_page+0x10/0x10
[  437.011805][ T8966]  ? do_raw_spin_lock+0x121/0x290
[  437.011832][ T8966]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  437.011868][ T8966]  __handle_mm_fault+0x1028/0x5380
[  437.011922][ T8966]  ? __pfx___handle_mm_fault+0x10/0x10
[  437.011978][ T8966]  ? find_vma+0xe7/0x160
[  437.011997][ T8966]  ? __pfx_find_vma+0x10/0x10
[  437.012020][ T8966]  handle_mm_fault+0x2d5/0x7f0
[  437.012065][ T8966]  do_user_addr_fault+0x764/0x1390
[  437.012118][ T8966]  exc_page_fault+0x68/0x110
[  437.012150][ T8966]  asm_exc_page_fault+0x26/0x30
[  437.012170][ T8966] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  437.012192][ T8966] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 ff f1 03 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  437.012219][ T8966] RSP: 0018:ffffc9001a12f638 EFLAGS: 00050202
[  437.012240][ T8966] RAX: ffffffff84af5d01 RBX: ffff88807ee68000 RCX: 000000000000045c
[  437.012256][ T8966] RDX: 0000000000000000 RSI: ffff88807ee68a00 RDI: 0000200000005000
[  437.012272][ T8966] RBP: ffffc9001a12f798 R08: ffff88807ee68e5b R09: 1ffff1100fdcd1cb
[  437.012288][ T8966] R10: dffffc0000000000 R11: ffffed100fdcd1cc R12: dffffc0000000000
[  437.012304][ T8966] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000e5c
[  437.012328][ T8966]  ? _copy_to_iter+0x3d1/0x15a0
[  437.012364][ T8966]  _copy_to_iter+0x484/0x15a0
[  437.012406][ T8966]  ? __pfx__copy_to_iter+0x10/0x10
[  437.012431][ T8966]  ? __skb_try_recv_from_queue+0x58f/0x730
[  437.012472][ T8966]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  437.012513][ T8966]  __skb_datagram_iter+0x100/0x960
[  437.012548][ T8966]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  437.012591][ T8966]  skb_copy_datagram_iter+0xc5/0x230
[  437.012630][ T8966]  netlink_recvmsg+0x2c9/0xe00
[  437.012668][ T8966]  ? __pfx_netlink_recvmsg+0x10/0x10
[  437.012713][ T8966]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  437.012737][ T8966]  ? security_socket_recvmsg+0x7e/0x2e0
[  437.012759][ T8966]  ? __pfx_netlink_recvmsg+0x10/0x10
[  437.012786][ T8966]  sock_recvmsg+0x229/0x270
[  437.012814][ T8966]  ____sys_recvmsg+0x1c9/0x460
[  437.012855][ T8966]  ? __pfx_____sys_recvmsg+0x10/0x10
[  437.012905][ T8966]  ? import_iovec+0x74/0xa0
[  437.012940][ T8966]  ___sys_recvmsg+0x1b5/0x510
[  437.012978][ T8966]  ? __pfx____sys_recvmsg+0x10/0x10
[  437.013039][ T8966]  ? __fget_files+0x3a0/0x420
[  437.013073][ T8966]  __x64_sys_recvmsg+0x198/0x260
[  437.013108][ T8966]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  437.013159][ T8966]  ? do_syscall_64+0xba/0x210
[  437.013201][ T8966]  do_syscall_64+0xf6/0x210
[  437.013231][ T8966]  ? clear_bhb_loop+0x60/0xb0
[  437.013258][ T8966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.013279][ T8966] RIP: 0033:0x7fa74cf8e969
[  437.013298][ T8966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.013317][ T8966] RSP: 002b:00007fa74de4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  437.013338][ T8966] RAX: ffffffffffffffda RBX: 00007fa74d1b5fa0 RCX: 00007fa74cf8e969
[  437.013354][ T8966] RDX: 0000000040012022 RSI: 0000200000000080 RDI: 0000000000000003
[  437.013369][ T8966] RBP: 00007fa74de4f090 R08: 0000000000000000 R09: 0000000000000000
[  437.013382][ T8966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.013395][ T8966] R13: 0000000000000000 R14: 00007fa74d1b5fa0 R15: 00007ffc23460e28
[  437.013429][ T8966]  </TASK>
[  437.467332][ T8971] netlink: 8 bytes leftover after parsing attributes in process `syz.1.818'.
[  437.645394][ T5908] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  437.979837][ T5908] usb 6-1: Using ep0 maxpacket: 8
[  438.000241][ T5908] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  438.013667][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.061376][ T5908] usb 6-1: Product: syz
[  438.265011][ T5908] usb 6-1: Manufacturer: syz
[  438.270274][ T5908] usb 6-1: SerialNumber: syz
[  438.837899][ T5908] usb 6-1: config 0 descriptor??
[  439.072223][ T5908] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  439.518989][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  439.674903][ T5865] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  439.705062][ T5908] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  440.316679][ T5908] usb 6-1: USB disconnect, device number 4
[  440.355619][ T6623] udevd[6623]: setting owner of /dev/bus/usb/006/004 to uid=0, gid=0 failed: No such file or directory
[  440.417301][ T5865] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  440.438193][ T5865] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  440.603832][ T5865] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  441.295643][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.303844][ T5865] usb 2-1: Product: syz
[  441.329667][ T5865] usb 2-1: Manufacturer: syz
[  441.334332][ T5865] usb 2-1: SerialNumber: syz
[  441.366524][ T9013] netlink: 36 bytes leftover after parsing attributes in process `syz.5.830'.
[  441.595119][   T50] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  441.605483][ T5865] usb 2-1: 0:2 : does not exist
[  441.675249][ T5865] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  441.765325][   T50] usb 1-1: Using ep0 maxpacket: 16
[  441.772063][ T5865] usb 2-1: USB disconnect, device number 24
[  441.774853][   T50] usb 1-1: config 0 has no interfaces?
[  441.937642][   T50] usb 1-1: New USB device found, idVendor=0ea0, idProduct=2168, bcdDevice= 1.10
[  442.003457][   T50] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.096397][   T50] usb 1-1: Product: syz
[  442.102772][   T50] usb 1-1: Manufacturer: syz
[  442.150681][   T50] usb 1-1: SerialNumber: syz
[  442.537621][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  442.565885][   T50] usb 1-1: rejected 1 configuration due to insufficient available bus power
[  442.747699][   T50] usb 1-1: no configuration chosen from 1 choice
[  442.756703][   T50] usb 1-1: USB disconnect, device number 30
[  442.892840][ T9035] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  444.308270][ T9046] FAULT_INJECTION: forcing a failure.
[  444.308270][ T9046] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  444.334585][ T9046] CPU: 0 UID: 0 PID: 9046 Comm: syz.3.839 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  444.334617][ T9046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  444.334631][ T9046] Call Trace:
[  444.334640][ T9046]  <TASK>
[  444.334649][ T9046]  dump_stack_lvl+0x189/0x250
[  444.334688][ T9046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  444.334718][ T9046]  ? __pfx__printk+0x10/0x10
[  444.334754][ T9046]  ? fs_reclaim_acquire+0x7d/0x100
[  444.334788][ T9046]  should_fail_ex+0x414/0x560
[  444.334817][ T9046]  prepare_alloc_pages+0x213/0x610
[  444.334852][ T9046]  __alloc_frozen_pages_noprof+0x123/0x370
[  444.334892][ T9046]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  444.334929][ T9046]  ? __lock_acquire+0xaac/0xd20
[  444.334971][ T9046]  ? policy_nodemask+0x27c/0x720
[  444.335010][ T9046]  alloc_pages_mpol+0x232/0x4a0
[  444.335050][ T9046]  vma_alloc_folio_noprof+0xe4/0x200
[  444.335074][ T9046]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  444.335122][ T9046]  folio_prealloc+0x30/0x180
[  444.335145][ T9046]  do_wp_page+0x123a/0x5760
[  444.335200][ T9046]  ? __pfx_do_wp_page+0x10/0x10
[  444.335226][ T9046]  ? do_raw_spin_lock+0x121/0x290
[  444.335252][ T9046]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  444.335287][ T9046]  __handle_mm_fault+0x1028/0x5380
[  444.335339][ T9046]  ? __pfx___handle_mm_fault+0x10/0x10
[  444.335412][ T9046]  ? find_vma+0xe7/0x160
[  444.335431][ T9046]  ? __pfx_find_vma+0x10/0x10
[  444.335454][ T9046]  handle_mm_fault+0x2d5/0x7f0
[  444.335495][ T9046]  do_user_addr_fault+0x764/0x1390
[  444.335547][ T9046]  exc_page_fault+0x68/0x110
[  444.335576][ T9046]  asm_exc_page_fault+0x26/0x30
[  444.335609][ T9046] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  444.335630][ T9046] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 ff f1 03 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  444.335648][ T9046] RSP: 0018:ffffc9001d0bf638 EFLAGS: 00050202
[  444.335686][ T9046] RAX: ffffffff84af5d01 RBX: ffff8880274c8000 RCX: 000000000000045c
[  444.335731][ T9046] RDX: 0000000000000000 RSI: ffff8880274c8a00 RDI: 0000200000005000
[  444.335746][ T9046] RBP: ffffc9001d0bf798 R08: ffff8880274c8e5b R09: 1ffff11004e991cb
[  444.335762][ T9046] R10: dffffc0000000000 R11: ffffed1004e991cc R12: dffffc0000000000
[  444.335778][ T9046] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000e5c
[  444.335806][ T9046]  ? _copy_to_iter+0x3d1/0x15a0
[  444.335841][ T9046]  _copy_to_iter+0x484/0x15a0
[  444.335911][ T9046]  ? __pfx__copy_to_iter+0x10/0x10
[  444.335937][ T9046]  ? __skb_try_recv_from_queue+0x58f/0x730
[  444.335977][ T9046]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  444.336019][ T9046]  __skb_datagram_iter+0x100/0x960
[  444.336060][ T9046]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  444.336102][ T9046]  skb_copy_datagram_iter+0xc5/0x230
[  444.336140][ T9046]  netlink_recvmsg+0x2c9/0xe00
[  444.336178][ T9046]  ? __pfx_netlink_recvmsg+0x10/0x10
[  444.336225][ T9046]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  444.336248][ T9046]  ? security_socket_recvmsg+0x7e/0x2e0
[  444.336271][ T9046]  ? __pfx_netlink_recvmsg+0x10/0x10
[  444.336298][ T9046]  sock_recvmsg+0x229/0x270
[  444.336325][ T9046]  ____sys_recvmsg+0x1c9/0x460
[  444.336366][ T9046]  ? __pfx_____sys_recvmsg+0x10/0x10
[  444.336413][ T9046]  ? import_iovec+0x74/0xa0
[  444.336448][ T9046]  ___sys_recvmsg+0x1b5/0x510
[  444.336484][ T9046]  ? __pfx____sys_recvmsg+0x10/0x10
[  444.336542][ T9046]  ? __fget_files+0x3a0/0x420
[  444.336575][ T9046]  __x64_sys_recvmsg+0x198/0x260
[  444.336609][ T9046]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  444.336660][ T9046]  ? do_syscall_64+0xba/0x210
[  444.336693][ T9046]  do_syscall_64+0xf6/0x210
[  444.336721][ T9046]  ? clear_bhb_loop+0x60/0xb0
[  444.336748][ T9046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.336769][ T9046] RIP: 0033:0x7fa74cf8e969
[  444.336788][ T9046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  444.336812][ T9046] RSP: 002b:00007fa74de4f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  444.336834][ T9046] RAX: ffffffffffffffda RBX: 00007fa74d1b5fa0 RCX: 00007fa74cf8e969
[  444.336851][ T9046] RDX: 0000000040012022 RSI: 0000200000000080 RDI: 0000000000000003
[  444.336864][ T9046] RBP: 00007fa74de4f090 R08: 0000000000000000 R09: 0000000000000000
[  444.336884][ T9046] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  444.336896][ T9046] R13: 0000000000000000 R14: 00007fa74d1b5fa0 R15: 00007ffc23460e28
[  444.336928][ T9046]  </TASK>
[  444.781637][    C0] vkms_vblank_simulate: vblank timer overrun
[  445.027829][ T9054] netlink: 40 bytes leftover after parsing attributes in process `syz.5.842'.
[  445.736397][ T9061] xt_connbytes: Forcing CT accounting to be enabled
[  445.743070][ T9061] set match dimension is over the limit!
[  447.974502][ T5865] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  448.045368][ T9091] netlink: 'syz.0.849': attribute type 11 has an invalid length.
[  448.197949][ T5865] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  448.229605][ T5865] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  448.875644][ T5865] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  448.914386][ T5865] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.953087][ T5865] usb 2-1: Product: syz
[  448.966615][ T5865] usb 2-1: Manufacturer: syz
[  448.971316][ T5865] usb 2-1: SerialNumber: syz
[  449.304079][ T5865] usb 2-1: 0:2 : does not exist
[  450.647308][ T5865] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  451.174926][ T5865] usb 2-1: USB disconnect, device number 25
[  452.415089][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  452.600789][ T5817] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  453.280833][ T5817] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  453.309297][ T5817] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.335052][ T5817] usb 1-1: config 0 descriptor??
[  453.358076][ T5817] cp210x 1-1:0.0: cp210x converter detected
[  453.398372][ T9143] netlink: 4 bytes leftover after parsing attributes in process `syz.5.864'.
[  453.454513][ T5865] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  453.628715][ T9155] netlink: 56 bytes leftover after parsing attributes in process `syz.5.867'.
[  453.840872][ T5817] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[  453.874272][ T5865] usb 4-1: Using ep0 maxpacket: 32
[  453.886324][ T9139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.930242][ T9139] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.074311][   T50] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  454.082544][ T5865] usb 4-1: unable to get BOS descriptor or descriptor too short
[  454.098300][ T5865] usb 4-1: unable to read config index 0 descriptor/start: -71
[  454.098343][ T5865] usb 4-1: can't read configurations, error -71
[  454.263095][   T50] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  454.275256][   T50] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  454.286883][   T50] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  454.298280][   T50] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  454.313543][   T50] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  454.322993][   T50] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  454.333276][   T50] usb 6-1: SerialNumber: syz
[  454.345956][ T9155] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  454.359722][ T9155] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  454.493180][   T50] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  454.611295][   T50] cdc_acm 6-1:1.0: ttyACM0: USB ACM device
[  454.634566][   T50] usb 6-1: USB disconnect, device number 5
[  454.754820][ T5983] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  454.838386][ T9172] netlink: 144 bytes leftover after parsing attributes in process `syz.3.872'.
[  455.488819][ T5867] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  455.574383][ T5817] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  455.594582][ T5817] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  455.622555][ T5817] usb 1-1: cp210x converter now attached to ttyUSB0
[  455.700515][ T5983] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  455.741754][ T5817] usb 1-1: USB disconnect, device number 31
[  455.751908][ T5983] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  455.782450][ T5817] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  455.798304][ T5867] usb 5-1: Using ep0 maxpacket: 8
[  455.806643][ T5983] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  455.822610][ T5817] cp210x 1-1:0.0: device disconnected
[  455.843937][ T5867] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  455.856151][ T5983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.878897][ T5867] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.891129][ T5983] usb 2-1: Product: syz
[  455.907514][ T5983] usb 2-1: Manufacturer: syz
[  455.912195][ T5983] usb 2-1: SerialNumber: syz
[  455.916892][ T5867] usb 5-1: Product: syz
[  455.924371][ T5867] usb 5-1: Manufacturer: syz
[  455.929060][ T5867] usb 5-1: SerialNumber: syz
[  456.091660][ T5867] usb 5-1: config 0 descriptor??
[  456.665359][ T5867] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  456.677289][ T5983] usb 2-1: 0:2 : does not exist
[  456.718154][ T5983] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  456.963193][ T9188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.877'.
[  457.076752][ T9192] netlink: 144 bytes leftover after parsing attributes in process `syz.1.878'.
[  457.709436][ T5983] usb 2-1: USB disconnect, device number 26
[  457.804219][ T9194] netlink: 100 bytes leftover after parsing attributes in process `syz.0.879'.
[  457.923365][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  458.126130][ T5867] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  458.244262][ T5867] usb 5-1: USB disconnect, device number 33
[  458.568374][ T9206] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  459.644218][ T5983] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  459.733706][ T9222] lo speed is unknown, defaulting to 1000
[  460.006523][ T5983] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  460.017505][ T5983] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  460.030494][ T5983] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  460.040311][ T5983] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.062170][ T5983] usb 4-1: Product: syz
[  460.090072][ T5983] usb 4-1: Manufacturer: syz
[  460.106171][ T5983] usb 4-1: SerialNumber: syz
[  460.337369][ T5983] usb 4-1: 0:2 : does not exist
[  460.358811][ T5983] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  460.398516][ T5983] usb 4-1: USB disconnect, device number 24
[  460.611932][ T9233] netlink: 144 bytes leftover after parsing attributes in process `syz.1.892'.
[  461.580433][  T976] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  461.725231][ T9239] netlink: 'syz.5.893': attribute type 2 has an invalid length.
[  461.788111][ T9239] : entered promiscuous mode
[  461.916493][  T976] usb 5-1: Using ep0 maxpacket: 8
[  462.140687][  T976] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  462.313839][  T976] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  462.325428][  T976] usb 5-1: config 0 interface 0 has no altsetting 0
[  462.332111][  T976] usb 5-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  462.343018][  T976] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.365622][  T976] usb 5-1: config 0 descriptor??
[  462.604452][   T50] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  463.273818][  T976] a4tech 0003:09DA:000A.0004: hidraw0: USB HID v0.00 Device [HID 09da:000a] on usb-dummy_hcd.4-1/input0
[  463.415980][   T50] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  463.518386][   T50] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  463.600585][   T50] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 50154, setting to 1024
[  463.645681][   T50] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  463.669262][ T5908] usb 5-1: USB disconnect, device number 34
[  463.689701][   T50] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  463.704925][   T50] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.716889][ T9252] netlink: 56 bytes leftover after parsing attributes in process `syz.3.897'.
[  463.731716][ T9252] netlink: 8 bytes leftover after parsing attributes in process `syz.3.897'.
[  463.769089][ T9249] fido_id[9249]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  463.786358][   T50] usb 2-1: config 0 descriptor??
[  463.824124][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  464.036200][   T50] ath6kl: Failed to submit usb control message: -71
[  464.045469][   T50] ath6kl: unable to send the bmi data to the device: -71
[  464.052580][   T50] ath6kl: Unable to send get target info: -71
[  464.082817][ T9263] FAULT_INJECTION: forcing a failure.
[  464.082817][ T9263] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  464.096138][   T50] ath6kl: Failed to init ath6kl core: -71
[  464.104828][   T50] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  464.113391][ T9263] CPU: 1 UID: 0 PID: 9263 Comm: syz.5.901 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  464.113421][ T9263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  464.113435][ T9263] Call Trace:
[  464.113444][ T9263]  <TASK>
[  464.113454][ T9263]  dump_stack_lvl+0x189/0x250
[  464.113494][ T9263]  ? __pfx_dump_stack_lvl+0x10/0x10
[  464.113525][ T9263]  ? __pfx__printk+0x10/0x10
[  464.113574][ T9263]  should_fail_ex+0x414/0x560
[  464.113603][ T9263]  strncpy_from_user+0x36/0x290
[  464.113629][ T9263]  getname_flags+0xf3/0x540
[  464.113657][ T9263]  __x64_sys_newlstat+0xda/0x180
[  464.113682][ T9263]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  464.113714][ T9263]  ? __pfx___x64_sys_newlstat+0x10/0x10
[  464.113768][ T9263]  ? do_syscall_64+0xba/0x210
[  464.113801][ T9263]  do_syscall_64+0xf6/0x210
[  464.113831][ T9263]  ? clear_bhb_loop+0x60/0xb0
[  464.113858][ T9263]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.113884][ T9263] RIP: 0033:0x7fbd2678e969
[  464.113903][ T9263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.113922][ T9263] RSP: 002b:00007fbd2760e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000006
[  464.113944][ T9263] RAX: ffffffffffffffda RBX: 00007fbd269b5fa0 RCX: 00007fbd2678e969
[  464.113960][ T9263] RDX: 0000000000000000 RSI: 0000200000004900 RDI: 00002000000048c0
[  464.113975][ T9263] RBP: 00007fbd2760e090 R08: 0000000000000000 R09: 0000000000000000
[  464.113989][ T9263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.114001][ T9263] R13: 0000000000000000 R14: 00007fbd269b5fa0 R15: 00007ffc43736ee8
[  464.114034][ T9263]  </TASK>
[  464.426919][   T50] usb 2-1: USB disconnect, device number 27
[  464.638331][ T9271] netlink: 44 bytes leftover after parsing attributes in process `syz.4.904'.
[  464.669215][ T9271] netlink: 43 bytes leftover after parsing attributes in process `syz.4.904'.
[  464.685238][ T5867] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  464.774374][ T9271] netlink: 'syz.4.904': attribute type 6 has an invalid length.
[  465.096523][ T9271] netlink: 'syz.4.904': attribute type 5 has an invalid length.
[  465.270452][ T5867] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  465.286056][ T5867] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  465.299547][ T9271] netlink: 43 bytes leftover after parsing attributes in process `syz.4.904'.
[  465.308621][ T5867] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  465.339827][ T5867] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  465.384083][ T5867] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  465.422768][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  465.451325][ T5867] usb 4-1: SerialNumber: syz
[  465.454101][ T5908] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  465.506833][ T9267] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  465.514433][ T9267] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  465.567409][ T5867] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  465.606047][ T5908] usb 2-1: device descriptor read/64, error -71
[  465.763149][ T5867] cdc_acm 4-1:1.0: ttyACM0: USB ACM device
[  465.874296][ T5908] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  465.986210][ T5865] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  466.024287][ T5867] usb 4-1: USB disconnect, device number 25
[  466.115425][ T5908] usb 2-1: device descriptor read/64, error -71
[  466.267426][ T5908] usb usb2-port1: attempt power cycle
[  466.274904][ T5865] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  466.330026][ T5865] usb 5-1: config 160 has no interface number 0
[  466.356973][ T5865] usb 5-1: config 160 interface 200 has no altsetting 0
[  466.397795][ T5865] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  466.434123][ T5865] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.475324][ T5865] usb 5-1: Product: syz
[  466.479544][ T5865] usb 5-1: Manufacturer: syz
[  466.516095][ T5865] usb 5-1: SerialNumber: syz
[  466.634312][ T5908] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  466.700858][ T5908] usb 2-1: device descriptor read/8, error -71
[  466.785525][ T5865] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  466.894336][ T5865] usb 5-1: MIDIStreaming interface descriptor not found
[  466.923977][ T5817] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  466.964115][ T5908] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  466.995030][ T5908] usb 2-1: device descriptor read/8, error -71
[  467.031369][ T5865] usb 5-1: USB disconnect, device number 35
[  467.111316][ T5817] usb 4-1: not running at top speed; connect to a high speed hub
[  467.137400][ T5908] usb usb2-port1: unable to enumerate USB device
[  467.365871][ T5817] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  467.375268][ T7629] udevd[7629]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  467.391821][ T5817] usb 4-1: config 1 has no interface number 1
[  467.398645][ T5817] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  467.447026][ T5817] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  467.494131][ T5817] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.502194][ T5817] usb 4-1: Product: syz
[  467.556605][ T5817] usb 4-1: Manufacturer: syz
[  467.563308][ T5817] usb 4-1: SerialNumber: syz
[  467.740836][ T9299] lo speed is unknown, defaulting to 1000
[  467.803422][ T5817] usb 4-1: 2:1: All rates were zero
[  467.986036][ T9304] netlink: 56 bytes leftover after parsing attributes in process `syz.5.914'.
[  468.457051][ T5817] usb 4-1: USB disconnect, device number 26
[  468.697170][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  468.838900][ T9311] syz.3.916: attempt to access beyond end of device
[  468.838900][ T9311] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[  468.874150][ T9311] hpfs: hpfs_map_sector(): read error
[  469.074110][ T5817] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  469.293502][ T5817] usb 6-1: Using ep0 maxpacket: 8
[  469.311222][ T5817] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  469.321099][ T5817] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.349992][ T5817] usb 6-1: Product: syz
[  469.366656][ T5817] usb 6-1: Manufacturer: syz
[  469.390685][ T5817] usb 6-1: SerialNumber: syz
[  469.423321][ T5817] usb 6-1: config 0 descriptor??
[  469.660173][ T5817] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  469.859732][ T5817] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  470.161369][ T9326] netlink: 56 bytes leftover after parsing attributes in process `syz.0.920'.
[  470.368003][ T9328] netlink: 12 bytes leftover after parsing attributes in process `syz.4.921'.
[  470.444103][   T50] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  470.635878][   T50] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  470.664780][   T50] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  470.704763][   T50] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  470.727657][   T50] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  470.756387][   T50] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  470.773862][   T50] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  470.806240][   T50] usb 1-1: SerialNumber: syz
[  470.833428][ T9326] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  470.850815][ T9326] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  470.880457][   T50] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  471.092406][   T50] cdc_acm 1-1:1.0: ttyACM0: USB ACM device
[  471.174703][   T50] usb 1-1: USB disconnect, device number 32
[  471.224667][ T5868] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  471.332647][ T5865] usb 2-1: new full-speed USB device number 32 using dummy_hcd
[  471.449612][ T5868] usb 5-1: config 160 has an invalid interface number: 200 but max is 0
[  471.468644][ T5868] usb 5-1: config 160 has no interface number 0
[  471.476813][ T5868] usb 5-1: config 160 interface 200 has no altsetting 0
[  471.489963][ T5868] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  471.501221][ T5868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.514205][ T5865] usb 2-1: device descriptor read/64, error -71
[  471.527850][ T5868] usb 5-1: Product: syz
[  471.537963][ T5868] usb 5-1: Manufacturer: syz
[  471.542748][ T5868] usb 5-1: SerialNumber: syz
[  471.615351][ T5908] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  471.775977][ T5865] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  471.827196][ T5908] usb 4-1: not running at top speed; connect to a high speed hub
[  471.938321][ T5908] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  471.987885][ T9342] netlink: 56 bytes leftover after parsing attributes in process `syz.0.927'.
[  471.993075][ T5908] usb 4-1: config 1 has no interface number 1
[  472.014392][ T5868] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  472.028814][ T5908] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  472.058679][ T5868] usb 5-1: MIDIStreaming interface descriptor not found
[  472.079613][ T5865] usb 2-1: device descriptor read/64, error -71
[  472.086935][ T5908] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  472.097306][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.106910][ T5908] usb 4-1: Product: syz
[  472.111286][ T5908] usb 4-1: Manufacturer: syz
[  472.118616][ T5908] usb 4-1: SerialNumber: syz
[  472.211020][ T5868] usb 5-1: USB disconnect, device number 36
[  472.214027][ T5983] usb 6-1: USB disconnect, device number 6
[  472.399369][ T5865] usb usb2-port1: attempt power cycle
[  472.475846][ T5908] usb 4-1: 2:1: All rates were zero
[  472.816869][ T5908] usb 4-1: USB disconnect, device number 27
[  472.953279][ T9350] netlink: 'syz.0.929': attribute type 2 has an invalid length.
[  473.501924][ T5865] usb 2-1: new full-speed USB device number 34 using dummy_hcd
[  473.544561][ T5865] usb 2-1: device descriptor read/8, error -71
[  473.629089][ T6623] udevd[6623]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  473.860332][ T5865] usb 2-1: new full-speed USB device number 35 using dummy_hcd
[  474.075024][ T9354] netlink: 'syz.5.930': attribute type 12 has an invalid length.
[  474.083231][ T9354] netlink: 'syz.5.930': attribute type 29 has an invalid length.
[  474.091534][ T9354] netlink: 148 bytes leftover after parsing attributes in process `syz.5.930'.
[  474.103265][ T9354] netlink: 59 bytes leftover after parsing attributes in process `syz.5.930'.
[  474.354916][ T5865] usb 2-1: device descriptor read/8, error -71
[  474.454334][ T9360] netlink: 144 bytes leftover after parsing attributes in process `syz.0.932'.
[  474.463550][ T9360] netlink: 40 bytes leftover after parsing attributes in process `syz.0.932'.
[  475.146153][ T5865] usb usb2-port1: unable to enumerate USB device
[  475.583997][ T5865] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  475.594080][ T5817] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  475.837269][ T5865] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  475.941192][ T5817] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  475.982692][ T9374] netlink: 40 bytes leftover after parsing attributes in process `syz.5.937'.
[  475.993908][ T5865] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.024808][ T5817] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  476.045160][ T5865] usb 1-1: config 0 descriptor??
[  476.206353][ T5865] cp210x 1-1:0.0: cp210x converter detected
[  476.215770][ T5817] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 576, setting to 64
[  476.316905][ T9378] set match dimension is over the limit!
[  476.899916][ T5832] Bluetooth: hci2: unexpected event for opcode 0x0c1c
[  476.918865][ T5817] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  477.068222][ T5817] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  477.081760][ T5817] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  477.089899][ T5817] usb 4-1: SerialNumber: syz
[  477.102621][ T9367] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  477.118104][ T9367] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  477.140080][ T5817] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  477.342263][ T5865] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[  477.400219][ T9383] netlink: 56 bytes leftover after parsing attributes in process `syz.5.939'.
[  477.467567][ T5817] cdc_acm 4-1:1.0: ttyACM0: USB ACM device
[  477.485241][ T5817] usb 4-1: USB disconnect, device number 28
[  479.206904][ T9398] tmpfs: Bad value for 'mode'
[  479.236463][ T9399] netlink: 'syz.3.943': attribute type 1 has an invalid length.
[  479.244223][ T9399] netlink: 'syz.3.943': attribute type 2 has an invalid length.
[  479.295269][ T5865] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  479.324590][ T5865] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  479.414476][ T5865] usb 1-1: cp210x converter now attached to ttyUSB0
[  479.760255][ T5865] usb 1-1: USB disconnect, device number 33
[  479.996883][ T5865] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  480.023148][ T5865] cp210x 1-1:0.0: device disconnected
[  480.055927][ T9406] netlink: 76 bytes leftover after parsing attributes in process `syz.1.945'.
[  480.445283][ T5832] Bluetooth: hci4: unexpected event for opcode 0x0c7c
[  481.195285][ T9420] FAULT_INJECTION: forcing a failure.
[  481.195285][ T9420] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  481.259172][ T9420] CPU: 1 UID: 0 PID: 9420 Comm: syz.0.949 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  481.259204][ T9420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  481.259218][ T9420] Call Trace:
[  481.259227][ T9420]  <TASK>
[  481.259235][ T9420]  dump_stack_lvl+0x189/0x250
[  481.259269][ T9420]  ? __lock_acquire+0xaac/0xd20
[  481.259300][ T9420]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.259329][ T9420]  ? __pfx__printk+0x10/0x10
[  481.259362][ T9420]  ? __might_fault+0xb0/0x130
[  481.259409][ T9420]  should_fail_ex+0x414/0x560
[  481.259437][ T9420]  _copy_from_user+0x2d/0xb0
[  481.259468][ T9420]  video_usercopy+0x354/0x14f0
[  481.259506][ T9420]  ? smk_tskacc+0x2fc/0x370
[  481.259540][ T9420]  ? __pfx___video_do_ioctl+0x10/0x10
[  481.259570][ T9420]  ? __pfx_video_usercopy+0x10/0x10
[  481.259599][ T9420]  ? smack_file_ioctl+0x2a9/0x340
[  481.259639][ T9420]  ? __fget_files+0x3a0/0x420
[  481.259664][ T9420]  v4l2_ioctl+0x18a/0x1e0
[  481.259695][ T9420]  ? __pfx_v4l2_ioctl+0x10/0x10
[  481.259724][ T9420]  __se_sys_ioctl+0xf9/0x170
[  481.259756][ T9420]  do_syscall_64+0xf6/0x210
[  481.259787][ T9420]  ? clear_bhb_loop+0x60/0xb0
[  481.259814][ T9420]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.259836][ T9420] RIP: 0033:0x7fb6ae98e969
[  481.259856][ T9420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.259875][ T9420] RSP: 002b:00007fb6ac7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  481.259899][ T9420] RAX: ffffffffffffffda RBX: 00007fb6aebb5fa0 RCX: 00007fb6ae98e969
[  481.259915][ T9420] RDX: 0000200000000340 RSI: 00000000c0d05605 RDI: 0000000000000003
[  481.259937][ T9420] RBP: 00007fb6ac7f6090 R08: 0000000000000000 R09: 0000000000000000
[  481.259951][ T9420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.259964][ T9420] R13: 0000000000000000 R14: 00007fb6aebb5fa0 R15: 00007ffead9b2528
[  481.259998][ T9420]  </TASK>
[  481.496418][ T9423] netlink: 'syz.3.952': attribute type 5 has an invalid length.
[  481.511379][ T9423] ip6erspan0: entered promiscuous mode
[  482.691321][ T9438] fuse: Bad value for 'fd'
[  484.283533][ T9448] netlink: 'syz.3.958': attribute type 4 has an invalid length.
[  484.291616][ T9448] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.958'.
[  485.418282][ T9446] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.576297][ T9440] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.743482][ T9462] FAULT_INJECTION: forcing a failure.
[  485.743482][ T9462] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  485.774600][ T9462] CPU: 1 UID: 0 PID: 9462 Comm: syz.4.961 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  485.774630][ T9462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  485.774643][ T9462] Call Trace:
[  485.774652][ T9462]  <TASK>
[  485.774660][ T9462]  dump_stack_lvl+0x189/0x250
[  485.774700][ T9462]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.774729][ T9462]  ? __pfx__printk+0x10/0x10
[  485.774777][ T9462]  should_fail_ex+0x414/0x560
[  485.774806][ T9462]  _copy_to_user+0x31/0xb0
[  485.774839][ T9462]  simple_read_from_buffer+0xe1/0x170
[  485.774877][ T9462]  proc_fail_nth_read+0x1df/0x250
[  485.774901][ T9462]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  485.774928][ T9462]  ? rw_verify_area+0x258/0x650
[  485.774956][ T9462]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  485.774981][ T9462]  vfs_read+0x200/0x980
[  485.775012][ T9462]  ? __pfx___mutex_lock+0x10/0x10
[  485.775036][ T9462]  ? __pfx_vfs_read+0x10/0x10
[  485.775061][ T9462]  ? __fget_files+0x2a/0x420
[  485.775081][ T9462]  ? __fget_files+0x3a0/0x420
[  485.775096][ T9462]  ? __fget_files+0x2a/0x420
[  485.775119][ T9462]  ksys_read+0x145/0x250
[  485.775145][ T9462]  ? __pfx_ksys_read+0x10/0x10
[  485.775172][ T9462]  ? do_syscall_64+0xba/0x210
[  485.775198][ T9462]  do_syscall_64+0xf6/0x210
[  485.775221][ T9462]  ? clear_bhb_loop+0x60/0xb0
[  485.775243][ T9462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  485.775259][ T9462] RIP: 0033:0x7f5de118d37c
[  485.775275][ T9462] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  485.775290][ T9462] RSP: 002b:00007f5de1f97030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  485.775308][ T9462] RAX: ffffffffffffffda RBX: 00007f5de13b5fa0 RCX: 00007f5de118d37c
[  485.775328][ T9462] RDX: 000000000000000f RSI: 00007f5de1f970a0 RDI: 0000000000000004
[  485.775338][ T9462] RBP: 00007f5de1f97090 R08: 0000000000000000 R09: 0000000000000000
[  485.775349][ T9462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  485.775359][ T9462] R13: 0000000000000000 R14: 00007f5de13b5fa0 R15: 00007fff86937778
[  485.775385][ T9462]  </TASK>
[  485.985915][    C1] vkms_vblank_simulate: vblank timer overrun
[  486.598988][ T9475] netlink: 'syz.4.965': attribute type 5 has an invalid length.
[  486.723475][ T9475] ip6erspan0: entered promiscuous mode
[  488.459734][   T30] audit: type=1326 audit(1747454920.284:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  488.833735][   T30] audit: type=1326 audit(1747454920.664:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  488.981807][   T30] audit: type=1326 audit(1747454920.664:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  489.050064][ T9483] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  489.071854][   T30] audit: type=1326 audit(1747454920.664:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  489.093215][    C1] vkms_vblank_simulate: vblank timer overrun
[  489.111361][   T30] audit: type=1326 audit(1747454920.664:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  489.154280][ T9483] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  489.305364][ T9483] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  489.443340][   T30] audit: type=1326 audit(1747454920.664:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  489.573884][ T9507] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  489.646985][   T30] audit: type=1326 audit(1747454920.664:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  489.803851][   T30] audit: type=1326 audit(1747454920.664:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  489.833635][   T30] audit: type=1326 audit(1747454920.664:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  489.909769][   T30] audit: type=1326 audit(1747454920.664:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9487 comm="syz.0.970" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb6ae98e969 code=0x7fc00000
[  490.062895][ T9503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  490.134410][ T9503] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  491.605575][ T9531] netlink: 144 bytes leftover after parsing attributes in process `syz.3.980'.
[  494.265959][ T9551] FAULT_INJECTION: forcing a failure.
[  494.265959][ T9551] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  494.337119][ T9551] CPU: 0 UID: 0 PID: 9551 Comm: syz.4.986 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  494.337150][ T9551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  494.337163][ T9551] Call Trace:
[  494.337171][ T9551]  <TASK>
[  494.337181][ T9551]  dump_stack_lvl+0x189/0x250
[  494.337213][ T9551]  ? __lock_acquire+0xaac/0xd20
[  494.337246][ T9551]  ? __pfx_dump_stack_lvl+0x10/0x10
[  494.337275][ T9551]  ? __pfx__printk+0x10/0x10
[  494.337308][ T9551]  ? __might_fault+0xb0/0x130
[  494.337354][ T9551]  should_fail_ex+0x414/0x560
[  494.337382][ T9551]  _copy_from_iter+0x1db/0x15a0
[  494.337418][ T9551]  ? __build_skb+0x4b/0x90
[  494.337446][ T9551]  ? __pfx__copy_from_iter+0x10/0x10
[  494.337475][ T9551]  ? __build_skb_around+0x257/0x3e0
[  494.337505][ T9551]  ? netlink_sendmsg+0x642/0xb30
[  494.337529][ T9551]  ? skb_put+0x11b/0x210
[  494.337561][ T9551]  netlink_sendmsg+0x6b2/0xb30
[  494.337585][ T9551]  ? is_bpf_text_address+0x26/0x2b0
[  494.337623][ T9551]  ? __pfx_netlink_sendmsg+0x10/0x10
[  494.337659][ T9551]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  494.337682][ T9551]  ? __pfx_netlink_sendmsg+0x10/0x10
[  494.337709][ T9551]  __sock_sendmsg+0x219/0x270
[  494.337734][ T9551]  ____sys_sendmsg+0x505/0x830
[  494.337771][ T9551]  ? __pfx_____sys_sendmsg+0x10/0x10
[  494.337811][ T9551]  ? import_iovec+0x74/0xa0
[  494.337845][ T9551]  ___sys_sendmsg+0x21f/0x2a0
[  494.337879][ T9551]  ? __pfx____sys_sendmsg+0x10/0x10
[  494.337956][ T9551]  ? __fget_files+0x2a/0x420
[  494.337975][ T9551]  ? __fget_files+0x3a0/0x420
[  494.338007][ T9551]  __x64_sys_sendmsg+0x19b/0x260
[  494.338040][ T9551]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  494.338090][ T9551]  ? do_syscall_64+0xba/0x210
[  494.338123][ T9551]  do_syscall_64+0xf6/0x210
[  494.338157][ T9551]  ? clear_bhb_loop+0x60/0xb0
[  494.338184][ T9551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  494.338205][ T9551] RIP: 0033:0x7f5de118e969
[  494.338224][ T9551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  494.338244][ T9551] RSP: 002b:00007f5de1f97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  494.338267][ T9551] RAX: ffffffffffffffda RBX: 00007f5de13b5fa0 RCX: 00007f5de118e969
[  494.338283][ T9551] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  494.338297][ T9551] RBP: 00007f5de1f97090 R08: 0000000000000000 R09: 0000000000000000
[  494.338311][ T9551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  494.338324][ T9551] R13: 0000000000000000 R14: 00007f5de13b5fa0 R15: 00007fff86937778
[  494.338356][ T9551]  </TASK>
[  495.105405][ T5817] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  495.983842][ T5817] usb 6-1: device descriptor read/64, error -71
[  496.244047][ T5817] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  496.433860][ T5817] usb 6-1: device descriptor read/64, error -71
[  496.554284][ T5817] usb usb6-port1: attempt power cycle
[  496.935968][ T5817] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  496.964549][ T5817] usb 6-1: device descriptor read/8, error -71
[  497.203880][ T5817] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  497.787391][ T5817] usb 6-1: device descriptor read/8, error -71
[  497.909713][ T5128] Bluetooth: hci5: command 0x0406 tx timeout
[  497.926625][ T5817] usb usb6-port1: unable to enumerate USB device
[  499.248360][ T9604] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1005'.
[  499.340128][ T9604] bridge0: port 2(bridge_slave_1) entered disabled state
[  499.350031][ T9604] bridge0: port 1(bridge_slave_0) entered disabled state
[  499.538296][ T9609] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1008'.
[  500.966534][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  501.287892][ T9629] syzkaller0: refused to change device tx_queue_len
[  501.560337][ T9637] FAULT_INJECTION: forcing a failure.
[  501.560337][ T9637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.643136][ T9637] CPU: 1 UID: 0 PID: 9637 Comm: syz.0.1017 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  501.643170][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  501.643183][ T9637] Call Trace:
[  501.643191][ T9637]  <TASK>
[  501.643201][ T9637]  dump_stack_lvl+0x189/0x250
[  501.643234][ T9637]  ? __lock_acquire+0xaac/0xd20
[  501.643259][ T9637]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.643280][ T9637]  ? __pfx__printk+0x10/0x10
[  501.643306][ T9637]  ? __might_fault+0xb0/0x130
[  501.643339][ T9637]  should_fail_ex+0x414/0x560
[  501.643362][ T9637]  _copy_from_iter+0x1db/0x15a0
[  501.643390][ T9637]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  501.643414][ T9637]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  501.643441][ T9637]  ? __pfx__copy_from_iter+0x10/0x10
[  501.643462][ T9637]  ? __build_skb_around+0x257/0x3e0
[  501.643485][ T9637]  ? netlink_sendmsg+0x642/0xb30
[  501.643502][ T9637]  ? skb_put+0x11b/0x210
[  501.643524][ T9637]  netlink_sendmsg+0x6b2/0xb30
[  501.643542][ T9637]  ? is_bpf_text_address+0x26/0x2b0
[  501.643570][ T9637]  ? __pfx_netlink_sendmsg+0x10/0x10
[  501.643595][ T9637]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  501.643612][ T9637]  ? __pfx_netlink_sendmsg+0x10/0x10
[  501.643631][ T9637]  __sock_sendmsg+0x219/0x270
[  501.643661][ T9637]  ____sys_sendmsg+0x505/0x830
[  501.643696][ T9637]  ? __pfx_____sys_sendmsg+0x10/0x10
[  501.643730][ T9637]  ? import_iovec+0x74/0xa0
[  501.643754][ T9637]  ___sys_sendmsg+0x21f/0x2a0
[  501.643777][ T9637]  ? __pfx____sys_sendmsg+0x10/0x10
[  501.643826][ T9637]  ? __fget_files+0x2a/0x420
[  501.643840][ T9637]  ? __fget_files+0x3a0/0x420
[  501.643862][ T9637]  __x64_sys_sendmsg+0x19b/0x260
[  501.643886][ T9637]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  501.643920][ T9637]  ? do_syscall_64+0xba/0x210
[  501.643944][ T9637]  do_syscall_64+0xf6/0x210
[  501.643965][ T9637]  ? clear_bhb_loop+0x60/0xb0
[  501.643984][ T9637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.643999][ T9637] RIP: 0033:0x7fb6ae98e969
[  501.644013][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  501.644027][ T9637] RSP: 002b:00007fb6ac7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  501.644043][ T9637] RAX: ffffffffffffffda RBX: 00007fb6aebb5fa0 RCX: 00007fb6ae98e969
[  501.644061][ T9637] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  501.644070][ T9637] RBP: 00007fb6ac7f6090 R08: 0000000000000000 R09: 0000000000000000
[  501.644080][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  501.644089][ T9637] R13: 0000000000000000 R14: 00007fb6aebb5fa0 R15: 00007ffead9b2528
[  501.644112][ T9637]  </TASK>
[  502.513889][ T5817] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  502.695875][ T5817] usb 1-1: Using ep0 maxpacket: 8
[  502.717121][ T5817] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  502.738281][ T5817] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 15
[  502.768988][ T5817] usb 1-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  502.787633][ T5817] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.811982][ T5817] usb 1-1: Product: syz
[  502.821284][ T5817] usb 1-1: Manufacturer: syz
[  502.838651][ T5817] usb 1-1: SerialNumber: syz
[  502.863181][ T5817] usb 1-1: config 0 descriptor??
[  502.886798][ T5817] powermate 1-1:0.0: probe with driver powermate failed with error -22
[  503.054908][ T9655] fuse: Unknown parameter 'group_id00000000000000000000'
[  503.097528][ T5817] usb 1-1: USB disconnect, device number 34
[  503.483832][ T5908] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  503.543540][ T9663] netlink: 'syz.3.1026': attribute type 4 has an invalid length.
[  503.551665][ T9663] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.1026'.
[  503.793922][ T5908] usb 6-1: Using ep0 maxpacket: 8
[  504.051292][ T5908] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  504.249314][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.273697][ T5908] usb 6-1: Product: syz
[  504.277918][ T5908] usb 6-1: Manufacturer: syz
[  504.282542][ T5908] usb 6-1: SerialNumber: syz
[  504.293276][ T5908] usb 6-1: config 0 descriptor??
[  504.355402][ T9666] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1028'.
[  504.411791][ T9666] IPv6: Can't replace route, no match found
[  504.568846][ T5908] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  505.544830][ T9672] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  506.140183][ T5908] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  506.214125][ T5908] usb 6-1: USB disconnect, device number 11
[  506.788856][ T5128] Bluetooth: hci4: command tx timeout
[  507.179565][ T9695] netlink: 144 bytes leftover after parsing attributes in process `syz.3.1033'.
[  507.983503][ T9698] fuse: Unknown parameter 'group_id00000000000000000000'
[  508.642368][ T9713] pimreg: entered allmulticast mode
[  509.957186][ T9725] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  511.185232][   T31] INFO: task kworker/u8:3:53 blocked for more than 143 seconds.
[  511.193073][   T31]       Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0
[  511.284295][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  511.427425][   T31] task:kworker/u8:3    state:D stack:22584 pid:53    tgid:53    ppid:2      task_flags:0x4208160 flags:0x00004000
[  511.453841][   T31] Workqueue: events_unbound netfs_write_collection_worker
[  511.613798][   T31] Call Trace:
[  511.617118][   T31]  <TASK>
[  511.622181][ T9729] ieee80211 phy28: Selected rate control algorithm 'minstrel_ht'
[  511.637241][   T31]  __schedule+0x168f/0x4c70
[  511.697387][   T31]  ? ring_buffer_unlock_commit+0x476/0x5f0
[  511.714025][   T31]  ? __lock_acquire+0xaac/0xd20
[  511.721354][   T31]  ? schedule+0x165/0x360
[  511.737251][   T31]  ? __lock_acquire+0xaac/0xd20
[  511.751786][   T31]  ? __pfx___schedule+0x10/0x10
[  511.767348][   T31]  ? schedule+0x91/0x360
[  511.771894][   T31]  schedule+0x165/0x360
[  511.780040][   T31]  bit_wait+0x11/0xd0
[  511.793496][   T31]  __wait_on_bit+0xb9/0x310
[  511.802158][   T31]  ? __pfx_bit_wait+0x10/0x10
[  511.812774][   T31]  ? __pfx_bit_wait+0x10/0x10
[  511.835613][   T31]  out_of_line_wait_on_bit+0x123/0x170
[  511.867342][   T31]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  511.891653][   T31]  ? __pfx_wake_bit_function+0x10/0x10
[  511.920267][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  511.946009][   T31]  ? __lock_acquire+0xaac/0xd20
[  511.963328][   T31]  netfs_retry_writes+0x156/0x1840
[  511.973833][ T5817] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  511.987362][   T31]  ? __lock_acquire+0xaac/0xd20
[  512.005006][   T31]  ? kvm_sched_clock_read+0x11/0x20
[  512.026144][   T31]  ? __pfx_netfs_retry_writes+0x10/0x10
[  512.058834][   T31]  ? __lock_acquire+0xaac/0xd20
[  512.089084][   T31]  ? do_raw_spin_lock+0x121/0x290
[  512.111417][   T31]  netfs_write_collection_worker+0x2007/0x2bd0
[  512.185637][   T31]  ? process_scheduled_works+0x9ec/0x17a0
[  512.194991][ T5817] usb 6-1: Using ep0 maxpacket: 16
[  512.210533][   T31]  process_scheduled_works+0xadb/0x17a0
[  512.223617][ T5817] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  512.232845][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  512.252165][   T31]  worker_thread+0x8a0/0xda0
[  512.257401][ T5817] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  512.272564][   T31]  kthread+0x70e/0x8a0
[  512.277154][   T31]  ? __pfx_worker_thread+0x10/0x10
[  512.282456][ T5817] usb 6-1: Product: syz
[  512.287491][   T31]  ? __pfx_kthread+0x10/0x10
[  512.293272][ T5817] usb 6-1: SerialNumber: syz
[  512.298311][   T31]  ? __pfx_kthread+0x10/0x10
[  512.308972][ T5817] usb 6-1: config 0 descriptor??
[  512.323687][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  512.343210][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  512.351640][ T5817] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  512.362613][   T31]  ? __pfx_kthread+0x10/0x10
[  512.369593][   T31]  ret_from_fork+0x4b/0x80
[  512.376226][ T5817] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  512.385745][   T31]  ? __pfx_kthread+0x10/0x10
[  512.390537][   T31]  ret_from_fork_asm+0x1a/0x30
[  512.405828][ T5817] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  512.412348][   T31]  </TASK>
[  512.417002][ T5817] dvb_usb_af9035 6-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  512.424260][   T31] 
[  512.424260][   T31] Showing all locks held in the system:
[  512.461944][   T31] 1 lock held by khungtaskd/31:
[  512.481389][   T31]  #0: ffffffff8df3dce0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  512.516935][   T31] 2 locks held by kworker/u8:3/53:
[  512.569110][   T31]  #0: ffff88801a089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0
[  512.604987][ T9732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  512.621063][   T31]  #1: ffffc90000be7c60 ((work_completion)(&rreq->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[  512.647983][   T31] 3 locks held by udevd/5188:
[  512.648392][ T9732] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  512.668092][   T31]  #0: ffff8880b88399d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  512.688124][   T31]  #1: ffff8880b8923b08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0
[  512.701451][   T31]  #2: ffff888024c296d8 (&lockref->lock){+.+.}-{3:3}, at: __dentry_kill+0x2cf/0x660
[  512.721500][   T31] 2 locks held by getty/5586:
[  512.731582][   T31]  #0: ffff8880309250a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  512.742697][   T31]  #1: ffffc90002ffe2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  512.753307][   T31] 3 locks held by syz.2.621/8241:
[  512.758693][   T31]  #0: ffff888079f18420 (sb_writers#21){.+.+}-{0:0}, at: vfs_writev+0x274/0x9a0
[  512.768240][   T31]  #1: ffff88805b460148 (&sb->s_type->i_mutex_key#26){++++}-{4:4}, at: netfs_start_io_write+0xd8/0x100
[  512.792517][   T31]  #2: ffff88805b460500 (&ctx->wb_lock){+.+.}-{4:4}, at: netfs_begin_writethrough+0x65/0x140
[  512.818829][   T31] 2 locks held by syz.1.1046/9733:
[  512.833979][   T31] 3 locks held by syz.5.1045/9731:
[  512.847016][   T31]  #0: ffff8880797ab808 (&sb->s_type->i_mutex_key#10){+.+.}-{4:4}, at: sock_close+0x9b/0x240
[  512.858844][   T31]  #1: ffff88802628e258 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pptp_release+0x52/0x2f0
[  512.875375][   T31]  #2: ffffffff8df437b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f4/0x730
[  512.888898][ T5817] usb 6-1: USB disconnect, device number 12
[  512.909565][   T31] 
[  512.912069][   T31] =============================================
[  512.912069][   T31] 
[  512.921328][   T31] NMI backtrace for cpu 0
[  512.921346][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  512.921373][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  512.921393][   T31] Call Trace:
[  512.921402][   T31]  <TASK>
[  512.921411][   T31]  dump_stack_lvl+0x189/0x250
[  512.921443][   T31]  ? __wake_up_klogd+0xd9/0x110
[  512.921471][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  512.921500][   T31]  ? __pfx__printk+0x10/0x10
[  512.921547][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  512.921573][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  512.921592][   T31]  ? _printk+0xcf/0x120
[  512.921630][   T31]  ? __pfx__printk+0x10/0x10
[  512.921665][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  512.921690][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  512.921716][   T31]  watchdog+0xfee/0x1030
[  512.921745][   T31]  ? watchdog+0x1de/0x1030
[  512.921780][   T31]  kthread+0x70e/0x8a0
[  512.921809][   T31]  ? __pfx_watchdog+0x10/0x10
[  512.921840][   T31]  ? __pfx_kthread+0x10/0x10
[  512.921865][   T31]  ? __pfx_kthread+0x10/0x10
[  512.921889][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  512.921912][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  512.921938][   T31]  ? __pfx_kthread+0x10/0x10
[  512.921961][   T31]  ret_from_fork+0x4b/0x80
[  512.921981][   T31]  ? __pfx_kthread+0x10/0x10
[  512.922004][   T31]  ret_from_fork_asm+0x1a/0x30
[  512.922053][   T31]  </TASK>
[  512.922089][   T31] Sending NMI from CPU 0 to CPUs 1:
[  513.073981][    C1] NMI backtrace for cpu 1
[  513.073998][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  513.074020][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  513.074032][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  513.074061][    C1] Code: 43 d4 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 bf 18 00 f3 0f 1e fa fb f4 <e9> 18 d4 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  513.074077][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  513.074094][    C1] RAX: 4c88b39bfec26100 RBX: ffffffff81977048 RCX: 4c88b39bfec26100
[  513.074109][    C1] RDX: 0000000000000001 RSI: ffffffff8d738e8e RDI: ffffffff8bc10660
[  513.074122][    C1] RBP: ffffc90000197f20 R08: ffff8880b8932b5b R09: 1ffff1101712656b
[  513.074136][    C1] R10: dffffc0000000000 R11: ffffed101712656c R12: ffffffff8f7dd370
[  513.074149][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110036d1b40
[  513.074162][    C1] FS:  0000000000000000(0000) GS:ffff8881261f9000(0000) knlGS:0000000000000000
[  513.074177][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  513.074191][    C1] CR2: 00007f604302be9c CR3: 0000000032c60000 CR4: 00000000003526f0
[  513.074207][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  513.074218][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  513.074230][    C1] Call Trace:
[  513.074237][    C1]  <TASK>
[  513.074243][    C1]  default_idle+0x13/0x20
[  513.074269][    C1]  default_idle_call+0x74/0xb0
[  513.074296][    C1]  do_idle+0x1e8/0x510
[  513.074328][    C1]  ? __pfx_do_idle+0x10/0x10
[  513.074366][    C1]  cpu_startup_entry+0x44/0x60
[  513.074395][    C1]  start_secondary+0x101/0x110
[  513.074423][    C1]  common_startup_64+0x13e/0x147
[  513.074464][    C1]  </TASK>
[  513.079463][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  513.264756][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc6-syzkaller-00208-g3c21441eeffc #0 PREEMPT(full) 
[  513.276564][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  513.286625][   T31] Call Trace:
[  513.289906][   T31]  <TASK>
[  513.292851][   T31]  dump_stack_lvl+0x99/0x250
[  513.297468][   T31]  ? __asan_memcpy+0x40/0x70
[  513.302070][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  513.307278][   T31]  ? __pfx__printk+0x10/0x10
[  513.311911][   T31]  panic+0x2db/0x790
[  513.315824][   T31]  ? __pfx_panic+0x10/0x10
[  513.320253][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  513.326075][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  513.331453][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  513.337619][   T31]  watchdog+0x102d/0x1030
[  513.341963][   T31]  ? watchdog+0x1de/0x1030
[  513.346414][   T31]  kthread+0x70e/0x8a0
[  513.350496][   T31]  ? __pfx_watchdog+0x10/0x10
[  513.355183][   T31]  ? __pfx_kthread+0x10/0x10
[  513.359789][   T31]  ? __pfx_kthread+0x10/0x10
[  513.364387][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  513.369593][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  513.374806][   T31]  ? __pfx_kthread+0x10/0x10
[  513.379404][   T31]  ret_from_fork+0x4b/0x80
[  513.383831][   T31]  ? __pfx_kthread+0x10/0x10
[  513.388443][   T31]  ret_from_fork_asm+0x1a/0x30
[  513.393235][   T31]  </TASK>
[  513.396561][   T31] Kernel Offset: disabled
[  513.400902][   T31] Rebooting in 86400 seconds..