last executing test programs:

9.15529s ago: executing program 4 (id=1948):
r0 = semget$private(0x0, 0x6, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x31, 0x5, 0x8, 0x80, 0x0, 0x7, 0xbcc, 0x7c78, 0xfa11, 0x2}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000140), 0x80401, 0x0)
write$USERIO_CMD_REGISTER(r3, &(0x7f00000001c0), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r3, &(0x7f0000000200)={0x2, 0x4}, 0x2)
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000c80)=ANY=[@ANYBLOB="14000000170a01080000000000000000020000086f8a8bbb2591e9a339b4c54330c5190e1d9500946bfaef5180229118f1797da18e59c1f014c55a412509d58e4435ad37d7a5c77d8c70a76a22a7cadb169d87eddf95c78fbb532c789d3966e3a37496283893c87bdf6a47af691117"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r5 = socket(0x80000000000000a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb03000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94a"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x200000, 0x400}, 0x10, 0xffffffffffffffff}, 0x94)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000340)="d4d7efad020efa27e4b5b271825ef53d030f992ff58468566c6fc090ac508f876b89a6004f4d6aa59f13c8afda4bfc2137c8a1d584595b77c2a5f6a72a6d627f3408", 0x42, 0x10, 0x0, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffe}}, {{0xa, 0x4e23, 0x0, @mcast1}}}, 0x108)
close(r4)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup(r1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xc, 0x2012, r6, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
semtimedop(r0, &(0x7f00000003c0)=[{0x4, 0x4, 0x1800}], 0x1, 0x0)
semop(r0, &(0x7f0000000480)=[{0x1, 0x9}, {0x1, 0x3, 0x800}], 0x2)

7.530500236s ago: executing program 0 (id=1951):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, '\x00'}]}, 0x24}}, 0x0)

7.405664708s ago: executing program 0 (id=1952):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000000c0)={0x8}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd2b, 0x25dfdbfb, {0xa, 0x80, 0x80, 0x0, 0x0, 0x0, 0xfe}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
bind$alg(r0, &(0x7f0000000540)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)=',', 0x1)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f00000001c0)={'\x00', {0x2, 0x4e22, @empty}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'ip_vti0\x00', @ifru_addrs=@hci={0x1f, 0xffffffffffffffff}}})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000002780)=ANY=[@ANYBLOB="1c0008200203000014"], 0xfb5)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10, {{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x9}, {0x1, 0x0, 0x80}, 0x0, 0x6e6bb7, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0)

7.083116192s ago: executing program 4 (id=1955):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x8001000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x228, 0x0, 0x11, 0x148, 0x0, 0x0, 0x190, 0x2a8, 0x2a8, 0x190, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x6, 0xd04, 'netbios-ns\x00', {0x5}}}}, {{@ip={@multicast1, @private=0xa010102, 0xffffffff, 0xffffff00, 'nr0\x00', 'macsec0\x00', {0xff}, {}, 0x6, 0x2, 0x8}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x288)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000500)={'syz_tun\x00', 0x0})
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x3c, r1, 0x1, 0x70bd2b, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xfa}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xd5dd}]}, 0x3c}}, 0x0)

6.881080659s ago: executing program 0 (id=1956):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x3156c0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000600)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
pipe(&(0x7f0000000640)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0x1, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, &(0x7f0000000080)=0x1)
r8 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f00000000c0)=0x20)
socket(0x10, 0x803, 0x9)
socket$unix(0x1, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r6, 0x9ab7)
sendto$inet6(r9, &(0x7f0000000240)="8a", 0x1, 0xd1, &(0x7f0000000080)={0xa, 0x4e21, 0x2, @local, 0x9}, 0x1c)

5.234277819s ago: executing program 2 (id=1962):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000640)=0x1)
ioctl$PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f0000000080)={0x281, 0x2})
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$SOCK_DIAG_BY_FAMILY(r5, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000006080)={0x28, 0x14, 0x211, 0x0, 0x25dfdbfc, {0x28}, [@INET_DIAG_REQ_BYTECODE={0xfffffffffffffd68, 0xfa, "4ac2411e47060aefadfa617ab9"}]}, 0x28}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, r4, {0xf, 0x3}, {}, {0x5, 0x8}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x42848}, 0x4000010)

5.185992062s ago: executing program 0 (id=1963):
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000005f00)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a000600"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x20000) (fail_nth: 3)

5.040406864s ago: executing program 4 (id=1966):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000000c0)={0x8}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000080)=@ipv4_newroute={0x1c, 0x1a, 0x1, 0x70bd2b, 0x25dfdbfb, {0xa, 0x80, 0x80, 0x0, 0x0, 0x0, 0xfe}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
bind$alg(r0, &(0x7f0000000540)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)=',', 0x1)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f00000001c0)={'\x00', {0x2, 0x4e22, @empty}})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000080)=@req={0x28, &(0x7f0000000000)={'ip_vti0\x00', @ifru_addrs=@hci={0x1f, 0xffffffffffffffff}}})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000240)=0x2, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000002780)=ANY=[@ANYBLOB="1c0008200203000014"], 0xfb5)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10, {{@in=@remote, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x9}, {0x1, 0x0, 0x80}, 0x0, 0x6e6bb7, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x0)

4.978723906s ago: executing program 0 (id=1967):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000035ffaa20cd0caf104e380102030109021b00010000100009045902019b042a00090582"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="8401000010000100000000000000000020010000000000000000000000000002ac1414bb0000000000000000000000000000000000ec00000000000016000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001000004d26c0000002001000000000000000000000000000000000020000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000200000000000000000000000000000000000000000000000000000a00010000000000000000004c0014006d6434000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080010000480003"], 0x184}}, 0x40)
syz_usb_control_io$printer(r0, 0x0, 0x0)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x0, 0xbfdfffbc}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r3, 0x32d7, 0x0, 0x46, 0x0, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r2, 0x5111)
syz_usb_control_io$printer(r0, &(0x7f00000001c0)={0x14, &(0x7f0000000000)={0x20, 0x6, 0x11, {0x11, 0x31, "3ab7b0600344311ddbb44b5e134b92"}}, &(0x7f0000000040)={0x0, 0x3, 0xe6, @string={0xe6, 0x3, "90e4b2486e954e8ac487d5c63f984e4f05af10b852ab4d1a80d8209987bd74f101f32f1fbc25e99a5aaa3144566ceb06bdb9069d79c391d630d0c1635cb0737dfd0a0566167e5fa49ea0b34501c1a36767186f33451ac0e9c10fa621f3fdace0aac5f40c47ae836e294a13c2bbe7eab4e250caa65ad3d145606724b213fbd18fa460e242f6e261833d0d68ac45bd7bd2977345054ac179e6f90badfe4a228fecc699496f7f00e8d81d6347291c0a9be83379eb98113ce1a0be59c072fc211c32371b3b5544c6bf78d6c611e33a7002eb4b5479761028f7fdce8275cf150f510fe8e6c54a"}}}, &(0x7f0000000580)={0x34, &(0x7f0000000240)={0x40, 0xd, 0xe3, "98377ef3ed6e1dfccfc158367f9c4fca36fa3f522aa1881a3596efa3045d17fd156b1ddebb66b174043115a6b0de7b90ad900e51f1eb35f09d672eff17046959792e9ff8f41695bfcecfee9e03416edae47b46c47b0dc6db5d42d821b2c23baa80aa6068faf5d4e7cb823d11081669507ef517a7302b6129143341f688175f661ec826f6c8d7e5d826be7b93217a8d980736a203b4b18fb8c931f429a90fd7f69dd07545f95a7b31da28a0433b54c92f9c8f2bcfc826d56d66245513668ad3bc578c183e652af4f04e0e56bc23895ac1c48b9b0b3285166bca601d309cb0901d31e6b7"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xf9}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x8}, &(0x7f00000003c0)={0x20, 0x0, 0xfc, {0xfa, "8fe6ca164cd9ee8260446e3a3ef03e3476d367fff353b56f907abdd97e6d8ce73350cd72c3a3e07d47ca9d6c04e99f3dcf80f7905183795c714a687d7b94bfc4c8ba1a8e725bb184291ebe94391aaf7c0c9a63156dc88b4b1732f34359fc64f338dec29ae95d09a64e6444b20b0257fb10da21116eeb9ba4a94853205cc819f6b785ba5bbd92c2d560581b19613748c3f54bac3949aebafe6b791853953e854bdf62318f0a6a14e87e2737479ea4b065948be260792c8da59c270de2fc03e7f3a59ef81be5202961e7a2bbe29ecfd54690b2e7e514871853c0473499b063d4c6c2d4543f0410c93ea7d86caa8b6ae66edc77e57e8f7d7419012b"}}, &(0x7f0000000500)={0x20, 0x1, 0x1, 0x2}, &(0x7f0000000540)={0x20, 0x0, 0x1, 0x2}})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000780)={0x14, &(0x7f0000000640)={0x40, 0x3, 0xf5, {0xf5, 0xa, "3e1d4ef0ca471c6fbf0b79ad36c4167fc8c8d30e263235a001997902b8a7592e66fd4857bea235bee95e5d95bdf7f1a5e7bcc6889c044270c0d63806a45a8440ccb1a98f526ab0902e627e668b7bd7f0526255da915b419488439d2e7bad4a54819d98f456a75d8e9f02c045688b79a7d55c69f9be8cd23972b3dbe8c9aa6f893aae2a3c4aa178add202d4d39181353679627422005ff9091829ed011cc3e5682b725b673fa2524e4068d8d18e8d5d6ce1e97986c49e2232327751f33ad7b6770672f1dbfc18557ea06a20ad5262d75a9c9ea7ad7afe7fa4ebb8357073e12d6e9b1f6b2fafaf84a61e29d922f3c075b9d6f5f4"}}, &(0x7f0000000740)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a00)={0x44, &(0x7f00000007c0)={0x0, 0x10, 0x59, "e10de446fa195e8b9be60962949bedd569123f3fd99ed99349653a72c26022b14ddf3ed98750663cb22a97339f5e71cee03fac0570104edf4bc94a1195f1af35ce86ddd576f3c4d1054472459599b8b79f18a883a51f1f21a9"}, &(0x7f0000000840)={0x0, 0xa, 0x1}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0xc}, &(0x7f00000008c0)={0x20, 0x80, 0x1c, {0xd75, 0x3, 0x2, 0x1, 0x3, 0x1, 0x3, 0x4, 0x5ad2, 0x951, 0xf727, 0x2}}, &(0x7f0000000900)={0x20, 0x85, 0x4, 0x7}, &(0x7f0000000940)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000980)={0x20, 0x87, 0x2, 0x1}, &(0x7f00000009c0)={0x20, 0x89, 0x2}})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000b40)={0x14, &(0x7f0000000ac0)={0x20, 0x6, 0x33, {0x33, 0xe, "39ffd037b8e513672313f07c0f179192032701cba9db3d2a424536bb1ff6a8685f74ed103bb3a1cd86d53b40c16543a4e0"}}, &(0x7f0000000b00)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000d80)={0x44, &(0x7f0000000b80)={0x20, 0x15, 0x11, "50a3dc806bb510c6dda9cefe29335dce56"}, &(0x7f0000000bc0)={0x0, 0xa, 0x1, 0xfc}, &(0x7f0000000c00)={0x0, 0x8, 0x1, 0x7f}, &(0x7f0000000c40)={0x20, 0x80, 0x1c, {0xc, 0x20ef, 0x2, 0x4, 0x81, 0x81, 0xff, 0x2, 0x6, 0x9, 0x2, 0xfff}}, &(0x7f0000000c80)={0x20, 0x85, 0x4, 0x4}, &(0x7f0000000cc0)={0x20, 0x83, 0x2}, &(0x7f0000000d00)={0x20, 0x87, 0x2, 0x2}, &(0x7f0000000d40)={0x20, 0x89, 0x2, 0x1}})
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000200)={0x20}, 0x0, 0x0, 0x0, 0x0})
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x200000e, 0x2172, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x62, &(0x7f0000000140)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x54, 0x0, 0x0, 0x81, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x10, 0x4, 0xca, 0x0, 0x1000, {[@timestamp={0x8, 0xa, 0x80000000, 0xfbc}, @exp_smc={0xfe, 0x6}, @timestamp={0x8, 0xa, 0x2, 0x8a}, @md5sig={0x13, 0x12, "0c39e122bd2f7556512830127a3fa7b7"}]}}}}}}}, 0x0)

4.923878249s ago: executing program 1 (id=1968):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r3, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x4e, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0xa, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r4 = io_uring_setup(0x3eaa, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1a3})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_UNREGISTER_RING_FDS(r4, 0x15, &(0x7f0000003d40)=[{0x0, 0x0, 0x0, 0x0, 0x0}], 0x1)
ioctl$FS_IOC_ENABLE_VERITY(r4, 0x40806685, &(0x7f0000000380)={0x1, 0x3, 0x1000, 0xf6, &(0x7f0000000140)="ed5dcdc9ceaea4009b0dcbad41d40062c7bcc47d91d35aaeff660f6806ec74d09927b38bb60ee6f68709309f66bdbd74aeeef3658383e74eb850664e86a17e9d80be72e660f26ac28b19e513472d2ab3aa3102e9c3d81bd9e2493f52cb7b4bf28a691b526ea63030508c9e58ef10f41befe3bf02d01b1b323e43e6e0413db1a60895ca3a7b2f82e3f97dc6de7d43376c6a8f5ee160a9f4ac9107cc25fd7d1165019337ded97f1049955f1be6de3ebd55822ee7fc61da4738c12c14553cbb97e281b79ae934b12c901d86fa75284d29654174f314c2b6f6ec2546e82e7a30a5f2622b42bf768b7af2fd7f20714955a569ef1a3e920443", 0x7e, 0x0, &(0x7f0000000300)="0cb30c964d33c4146180422950f960102f8661bb16c79656728fb9fca5b87bb1b70e951f8b2d393aa9ee766d51e93139988260fa4316d3747599de06c8f142b0f73188b496131837ff4996a44cc476e998bc745609d307cdf59d70d7b27e80b86b9a0fc2ad5678d14afc8578c449498ea20ad11838c60a101c330256d49f"})

4.758014355s ago: executing program 2 (id=1970):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x30, 0x1, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x8cc}]}]}, 0x30}}, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x14)
ioctl$KVM_X86_SET_MSR_FILTER(r2, 0x4188aec6, &(0x7f0000002cc0)={0x1, [{0x0, 0x68, 0xc, &(0x7f0000000440)="6c85f46c911c9ee62a0068118b"}, {0x3, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x10001, 0x0}, {0x1, 0x0, 0x401, 0x0}, {0x2, 0x0, 0x2, 0x0}, {0x0, 0x0, 0xd, 0x0}, {0x2, 0x0, 0x3fc, 0x0}, {0x3, 0x0, 0x5, 0x0}, {0x1, 0x0, 0x1, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x3468, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x0, 0x0, 0x1, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x2, 0x0, 0x3, 0x0}]})
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf090000000000006609010000000000060000000b000000180100002020702500000000002020207b9af8ff00000000ad9100000000000037010000f8ffffffb702000008000000b70300000500000057000000060000002c93000000000000b5030000000000008500000076000000b70000000000000095"], &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000340), &(0x7f0000000380)=0x4)
sendmsg$nl_netfilter(r6, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000001000)={0x450, 0x8, 0x6, 0x401, 0x70bd29, 0x25dfdbff, {0x5, 0x0, 0x8}, [@generic="c1bc9b4bb09546e8ab9023bf93cdef109346882ead156a41f6d0768296196b47d7f3c8a0a99dd99b57120afd4a277ef79178af3eebd7cc8a37a4c0942191c847701972e953993122deebc9f1050848bdb4bf8f0544fcdc8b28e386a38f95683d6be3", @generic="9b88610b003ee62e55b938510dd094d638ba", @nested={0x18a, 0x8f, 0x0, 0x1, [@typed={0x8, 0xa7, 0x0, 0x0, @u32=0x3}, @nested={0x4, 0x5a}, @nested={0x4, 0x22}, @nested={0x4, 0x22}, @generic="0f90b66f1c5c4ac4067de271f790c019b2880e8d8de81fe25fe413a3fbf12a17d19ebbb12198b1268aa5d74d6cf55fd8c978c63ccf96ae75a13b209df8d392980ffb7aa9f9c60aab5a5a68b708b52f9861de602c95ec5fd6906ec27abbc3178404ab42f7460f608f9459f79fcf1376cd9cbf30bf9710148a026f60efb00efeccf1d0389ec55d9387a7a626041714d3ef0c29012be21af75faa73", @generic="96b00669e13878b97c6c0052f503db5d9fc8c67f98bad597e525d9decec1a80a2c51069e06717151f897bdbddae83523e0d524ab080c14e5c477096d7f0196d7694e78d9170663af109c43b2853cb9ba1c1ecd0dc27cd3832940670bf7b6c45dc9d7bad7093a9b4bb0eca88dfdeaceff147d1f66fe32f276e2d37a6554868a291edffc0ca9cc3c7f2114af29c9f31295b01d961d7b593edba6b6089057218f0d5faec98de50ffba91798fba159d66c3b32953cf3113381d2bf3bf3e56b5d9dc873ca048ac5793582c8845ccfae728de531c0150108193703"]}, @nested={0x168, 0x31, 0x0, 0x1, [@typed={0x14, 0x40, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @nested={0x4, 0x8}, @generic="e4cefb8ae95a20660f54046edd99b1fa05f70c876c7d93987e3189730909bc500e3d6bb1516cb0d2976152a805ec5eb0116fbb79778f4f35892720faac605c50c9a035768cbf7987f2eae9709a7056c4e0f768b8585af8711541fdb6f9aaf6f149206218917ed3ef7f1dd7f85139c6d84821ca", @nested={0x4, 0x12e}, @generic="fda43bb4067b84336b4725c6139ab84e8974c80d3b202421937b3b02244e0d0b5a28a7404c4f7ec9c37c377503af890b68a6678828159536789a584ecda5cda9814fde1d844271c7dd542e898d7d8c9852061ea1aae440e3516e7f104892b3bcba3bd0b5e24a6a68ac97fef0f911d3de155e9a20c8bb0db053a9a0022329099ae8340a0d05369e2e5eeacd10f634d850a079ba5b6079c9e3e1cb181cf2e144f4f14b066d1600d68a384d450041a6c9ec10a54d803b53db11c247705074f7bc974fd6cd4f001f36753aa03bf4eab9895d7babbb2dd6"]}, @typed={0xc, 0x79, 0x0, 0x0, @u64=0x7}, @generic="7d7843b0c6e10588f1704c9498894928fff040374a991a625e27ffe1cff15f7a5c7af511e9e268b2be73fa86c942b1733fecb1beb138856450eda660da4e985ad032118adede51e8a75847358d20450e2fdbb9c4a6b4575430b5127f0477aed66d33a3ff9cf832b297e996f85107730d85992658d5d2273350d4ad34f5e71e9ca7660d0cfb95e286bd72a28bf7b9f6adba86f6e3dabf75331b6914e41c8fdc353f163b3c1cbbf44600eaa2fccc275d971480fa518622423fb72f283c71c7fdd831f4ea5e2b"]}, 0x450}, 0x1, 0x0, 0x0, 0x24040460}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x80}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180), &(0x7f00000002c0)=0x4)
r8 = open$dir(&(0x7f00000003c0)='./file0\x00', 0x200, 0xa6)
getdents64(r8, &(0x7f0000000540)=""/178, 0xb2)

4.475160719s ago: executing program 1 (id=1972):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x4, 0x804, 0x7, 0xf, 0x120000, 0x5, 0x0, 0x8, 0x8000000000000005, 0x2, 0xfffffffffffffffe, 0x101, 0x3, 0x1], 0x8000000, 0x141200})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000480)={0xa, 0x1, 0x7})

4.345571283s ago: executing program 4 (id=1973):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x3156c0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000600)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
pipe(&(0x7f0000000640)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0x1, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, &(0x7f0000000080)=0x1)
r8 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f00000000c0)=0x20)
socket(0x10, 0x803, 0x9)
socket$unix(0x1, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r6, 0x9ab7)
sendto$inet6(r9, &(0x7f0000000240)="8a", 0x1, 0xd1, &(0x7f0000000080)={0xa, 0x4e21, 0x2, @local, 0x9}, 0x1c)

4.046368364s ago: executing program 1 (id=1974):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000000c0)={0x0, 0xffffff87}, 0x8)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000240)={'gretap0\x00', &(0x7f0000000000)=@ethtool_rxfh={0x47, 0x6, 0x7fffffff, 0x80, 0x7, "27bc39", 0x6}})
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000040)={<r2=>0x0, 0x1}, &(0x7f0000000080)=0x8)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000a00)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="405300001e00000125bd7000fcdbdf253f230000000000000000000000000001000004d40a003c007f0002a6dd77000000000000000000000700000006350000"], 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x44)
setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000340)={r2, @in={{0x2, 0x4e20, @rand_addr=0x64010100}}}, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f00000000c0)={r2, @in={{0x2, 0x4e22, @empty}}, 0x3}, 0x90)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x200000000006, 0x4, 0x0, 0x7ffc0002}]})
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$packet_fanout_data(r5, 0x107, 0x16, &(0x7f0000000200)={0x7, &(0x7f00000001c0)=[{0x8, 0x80, 0xe, 0x1896}, {0x827, 0x5, 0x32, 0xbe}, {0x4, 0x1, 0x5, 0x9}, {0x6, 0x1, 0x1, 0x9}, {0x7, 0x5, 0x3, 0xc1}, {0x0, 0x6, 0x5, 0x1ff}, {0x47, 0x5, 0x3, 0x4b80}]}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x88fd537e5c114b6a, 0x40010, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x12)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0xd44, 0x1000009, 0xffffeffffffffffb, 0x10000000, 0x10000, 0x3, 0x4002004c1, 0xa, 0x9, 0x0, 0x1, 0x0, 0x401, 0x0, 0x9, 0x10000008d], 0xddcd0000, 0x100000})
r8 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r8)
readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)=""/35, 0x23}], 0x1)
ptrace$setregs(0xd, r8, 0x2, &(0x7f0000000180))
ptrace$cont(0x21, r8, 0x80000001, 0x4)
ioctl$KVM_X86_SETUP_MCE(r7, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x7b52e4aff0f1e2e1, 0x4})
sendmmsg$inet6(r6, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
shutdown(r1, 0x1)

3.841371099s ago: executing program 1 (id=1975):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0xff, 0x0, 0x0, 0x8001, 0x3}}) (fail_nth: 3)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x100})

3.79933653s ago: executing program 2 (id=1976):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=@newtaction={0x74, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x60, 0x1, [@m_tunnel_key={0x5c, 0x1, 0x0, 0x0, {{0xf}, {0x2c, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @ipv4={'\x00', '\xff\xff', @loopback}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0xb, @loopback={0x400000004000300}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x2004c050}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet6(0xa, 0x5, 0x0)
r3 = socket$inet(0x2, 0x80001, 0x84)
bind$inet(r3, &(0x7f0000000240)={0x2, 0x4e20, @local}, 0x10)
listen(r3, 0x3)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
listen(r2, 0x50)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f0000000780)=[{&(0x7f00000001c0)="480000001400190d09004beafd0d36020a8447000b4e23edbf989a01eb334fdcaa84204a220f00004e20a283abe252d7004f19dfb7f393d735fffffa53371059130c8c49b942feff", 0x48}], 0x1)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x3}]}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x800)
sendmsg$NFT_BATCH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x48, 0x16, 0xa, 0x801, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'geneve0\x00'}]}]}]}], {0x14}}, 0x70}}, 0x24040884)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e65766530"], 0x110}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd00028008"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

3.530502333s ago: executing program 2 (id=1977):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x20000000, @dev={0xfe, 0x80, '\x00', 0x20}, 0xffffffff}, 0x1c)
getsockopt$sock_buf(r1, 0x1, 0x19, 0x0, &(0x7f0000003080))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000840)=ANY=[@ANYRES8=r0, @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000040)=r0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x4814)
sendmsg$NFT_BATCH(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000440)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000088a8200081"], 0x0)

2.662807595s ago: executing program 4 (id=1978):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x10040a1, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000b00)={0xa, 0x4e23, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/130, 0x82}, 0xdb30}], 0x1, 0x40002042, 0x0) (fail_nth: 3)

2.625999377s ago: executing program 2 (id=1979):
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmsg$AUDIT_TRIM(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x10, 0x3f6, 0x100, 0x70bd2d, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000000)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@hopopts_2292={{0x20, 0x29, 0x36, {0x3a, 0x1, '\x00', [@padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}], 0x20}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.522281263s ago: executing program 1 (id=1980):
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0xe45, 0x400000000000009, 0x7ffc, 0x80000001, 0x800000010000, 0x4, 0x4002004c2, 0xfffffffffffffffd, 0x6, 0x0, 0x3ffffc, 0xfffffffffffffffd, 0x7fffffff, 0x20000000009, 0xffff, 0xfffffffffffffff7], 0x100000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0) (fail_nth: 3)

2.521722217s ago: executing program 3 (id=1981):
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0xc8, 0x29, 0x4, {0x2c, 0x16, '\x00', [@enc_lim={0x4, 0x1, 0xfd}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @ra={0x5, 0x2, 0xa7e}, @pad1, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x8, "e80ec8b633e304ec"}]}}}, @hoplimit={{0x14}}, @hopopts={{0xa0, 0x29, 0x36, {0x5e, 0x11, '\x00', [@ra={0x5, 0x2, 0x7}, @pad1, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @empty}}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0x3, 0xc, 0x0, 0xfff, [0x2, 0x966, 0x7, 0xfffffffffffffff7, 0x1, 0x2]}}, @calipso={0x7, 0x20, {0x3, 0x6, 0x3, 0x7, [0x0, 0x8000, 0xffffffffffffff04]}}, @generic={0x1, 0x7, "2bdb86d1ce6a20"}]}}}, @rthdrdstopts={{0x28, 0x29, 0x37, {0x73, 0x1, '\x00', [@calipso={0x7, 0x8, {0x3, 0x0, 0x8, 0x9}}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x0, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x228}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.403808313s ago: executing program 4 (id=1982):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet(0x2b, 0x801, 0x0)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10)
listen(r2, 0xffffffff)
pselect6(0x0, 0x0, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0, 0x0, 0x0)
r3 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0)
sendto$inet6(r3, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, 0x0, 0x400c4)
r5 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r6, 0xc05c6104, &(0x7f0000004180)={"2370491d", 0x0, 0x5, 0x2, 0x8, 0x5, '\x00', "037ec42b", '\x00', "64bdac32", ["e86621d9cc668c391f77c506", "3549ffffffffffffff010800", "2fc7977386a7a0236a9cc1f0", "cf6cce2296b3f853e224c4e0"]})
ioctl$CEC_TRANSMIT(r6, 0xc0386105, &(0x7f0000000480)={0x9, 0x0, 0x1, 0x80, 0xfffffffd, 0xfffffffd, "01e60000000000000034dbb39fe6083a", 0xff, 0x0, 0x0, 0x0, 0x1})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x2, 0x0, 0xf}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0xa}}]}, 0x1c}}, 0x0)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r8, 0x3b82, &(0x7f0000000180)={0x18, r9, 0x1, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}]})
ioctl$IOMMU_IOAS_UNMAP$ALL(r8, 0x3b86, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r8, 0x3ba0, &(0x7f00000006c0)={0x48, 0x1, r9, 0x0, 0x1, 0x202000})
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000000c0)={'team0\x00'})

1.458691003s ago: executing program 3 (id=1983):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)

1.371272993s ago: executing program 2 (id=1984):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x3156c0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x1, &(0x7f0000000600)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0)
pipe(&(0x7f0000000640)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r5, 0x0, r6, 0x0, 0x1, 0x0)
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, &(0x7f0000000080)=0x1)
r8 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f00000000c0)=0x20)
socket(0x10, 0x803, 0x9)
socket$unix(0x1, 0x1, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in6=@remote, @in6=@remote, 0x0, 0x33, 0x0, 0x0, 0xa, 0x60, 0x30}, {0x0, 0x7f, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x200, 0xfeffffffffffffff}, {0x3, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0xc0d0}, 0x0)
listen(r6, 0x9ab7)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000240)="8a", 0x1, 0xd1, &(0x7f0000000080)={0xa, 0x4e21, 0x2, @local, 0x9}, 0x1c)

1.226990636s ago: executing program 3 (id=1985):
epoll_create1(0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adffa87d2255f674412d020000000000005ab527ee3697f1ec4436dd1164aa93cc5800075557165397000a63f6b9b3f427f6ba6b34f98125f30e697fffffffffffffffa30b273683626e0003254d570dca6b78ad833488cfe4109eaf009edd3e69613d3cd6aaa300006eee8501000000520a0000151d010000000100bf00000000cc587424363dc6ad7f3bbd424c6e6cafbe9309aba218a52001a3cd000041f0db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de4758c1096a1dc52f29e470a000517ebc406e89dcbb7677e6528b0856e31ed9474ac24cf609068f645ce971fc0480737a55ebb0bd701f7ff21e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d933bed759ff232cebc68b91af50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56d06c759da324a39f7f51b870b2851c3f0a1aab71587a21c8f1b3369ebfcba105a6ccdd01b0f04edb256c604f068773f6ff000000000000006ffbfe5ca32142b0195531458b7d1e341c6f864f983d745f5865aad41d2915aae7602a2d6cd415e8351ebc4223f54d6bec664709ff03f1aa3dc7f1580ace9bf2afd28d7157e67fb98d121ad6eb372713255012e028cb2654d493a0b4b35faae176c89b745eda2967199cc936859a537e8e4871d4acf3e3dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0cff28235a3cbb5d33b09bc30cf2880c586272c3f4d79bc36305745cb1cb385e6add14652003c7cdd3324f07d134d3ed07f1c10900000009dd872ec66ea6c718bbd1aa59114000f0be4c6f8df084c5e9734ae30aa9afdc719bf01ab03a9b1074407136b4506000f0916a39d3057d50183612b39e73aeeb6eaf14652dda68e98ef938e6515a94a71836469e2051d9b7eb85f3f2d5ae2c51944da8d7391d6d6b97419a3b7660df4c5124ca425d374b371867a79b31c6617fc3327191fbf514573f0e30d1d60be2168fe6c2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257b84000000b749ccd74089ed6b86f81ca3d247d8f71d290ed1b1a11f7a67125170c88c3b6a50696332226401b110da9c786eeca22debc99335583b54c13c3130978fa069af8223b38ced735c2d905f51ca85ffa4add5647489b3960127696cf2f16625c0c102000000000000009ef52134842e64171f3963841086e3797a4825d081f2d987f05c5341877386ec55d7dc958fd235d6071619a65d4b82d9c162f3556076b80550d961ca74f1ffdaccf0ea5f02e0fca8b27ff3983ab74fd3d560700a1fbb44e77e312b3b129e000302d613916c9bcf9f0000fac73adb6bfb27f88dba816020be760f7b45e001efada800000000000000fdaf4660402f7b3b79a433e08074ea2462974ab2cbd247eb1cfa2638f56daee57ed14bc74de0fd87a9ce638190f3570e0b4c80ef682df22237270955afb6008846557ee3bc09fda6dbb6542e597300eb82a184c96ffde5a30e5433d86666cb045bdd02c804c22ff2635c7bfbf5c0d586cda5e1e88a4d41dee7cc74f822278d124638fec58faeb48afe324369cc51204158bb440df2a694f4cdcaa4f65c22f00000000000000018e7afa1913b81d8d79906958102000000000000000000001ffff0ef89b2a635edb2dd163e863315e84498dfb52b7f54da6398cbedaa42cc17c4563c859656a357770289a61faa95a82bf1cfb7f2fd7252e9322abe282c3344fc6738b4467893b9bf0d1c8130ae6b226900110635376413c29f7c6f7b7e29b9f4bddd5e328661f4046e01f7d7dc22174e5e627a6f608ad53a4168d4d8f7fbc71104512efe8e5d7d934aa289b4db2b870000000000000000000000000000000000000000009b777883a0f9cf4ad155110cd3ace2b322ac31bfa27847dc99c8a69a1ea5b98e525e6393ad7fd9795170e7b11e4fa990b9386910a6a1a66a70eaff01247603c2ff49d3979676bffb3049166ab84a0f061991bd57c2566c10c282352a5105b6164e3f2491e4793e590dcc71de10da96fdff40dd44a2c9882d3aa0f8a797b8fea6efcfb5046b7679f15559cdaa977504c40b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd50c5e22ade17556abb722d9c085b189b5fd1f30e8dc813f60400fde1f88d830b11002135e8e7262f299ed7923bfbe00ad88be179e56b41ff3792cee2fc37eee739c3e3af923e8738d93d583a9cf00b946960fc38cf85aae7cf708f9a9d166f2e352a06d99b8be476d1cc2a53a859ae4fdab2a987925d12422474ac044ffe9fe2bf9bf9bbdf36c4ca89c516647542ac45545337829fa7039d155ebda42d4c14f4ca7f8b5d5842658c62d0a03092b94fa1b19f190000000000000000000000000000009e75a32b9fafeffd890f2759b0fe3add33fa43a4c3995458f86a926ad56b23571c46728c039cd3b4bb7d69dfa27782b953a7b81cc161912b3e5716360686e126311a7e21bfa2efd0f57b90c203528c8f620d3c7b31c7abcffae382f53500f7cd5d00159e5f741d3e2d2cbd1a04b3f39b50a4683daa7d117b7f4a149c954d69d8ab001339e464c8eb5f0c63899010757c9a3b69f4920531b83f71d5a34ef9405819afee15b77c015ea755c95127ff2274bb9a8463ce4b8c08ad70596ad2b2b044e660ed144b9dce372450ea69d25da2b6deed67fac26e765aa7d5532ba1044f62db049486acde2294127cb767c23da7d8f9844d3be5b6aa83ee4ce1876af5130efe1b64ccb6bbd349bcc0e8deec8ab3bd1b35bbc8ab8a152771744baa576b9223d26b5603a7f091be1264cabaf661fe2dbe7990a61f710f923f2337818a3983d06c11a6bee7fccb78a53c56db5c18f920d2194374db665dcadf53b8d0014e682ec721d67a7ab6c817fe53c86f8900000000000000000000000000000060b7b827c56e973a2ab5bc5c558ada68c4ec3762f5957b20b919af5d53c87de056a397bdcb614c34761e2c815698e1f9f5521a385c2910850929040a4eba573e91ca21fc855358120ecd79a5d7007693ef3ff9d2b993d114443d53c53094e516f675b2a7074584714e7a2015e05e507811b4ca89c39281c9ada5f58ceb55893cca783ab09c9a19836a3a2c715b10436a5731549e364679ecd8461a68433ab52b1108831edb9654dc602183c1170d6881647f6dca15d57fb76357d815c5f1000000000000000000f49e327c0b6e511494466cec78650f0a6267"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0xb7, &(0x7f0000000040)=""/175, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x5}, 0xfffffeb9)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000040)={0x18, 0x0, {0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, 'ip6gre0\x00'}}, 0x1e)
close_range(r1, 0xffffffffffffffff, 0x0)
r3 = socket$kcm(0x29, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x803, 0x6)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e2b, 0x2, @empty, 0x5a60}, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@ipv4_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0xff}, [@FRA_SRC={0x8, 0x2, @multicast1}]}, 0x24}}, 0x8000)
sendmmsg$inet(r3, &(0x7f0000004140)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000340)="519a9f7ec62a5849088cc26e1cc34572b175b5ef4a7ff7d91ac3e103ab440784fc68762969eedb11eca4b0d762cd87647270a45aeb595d8ae588", 0x3a}], 0x1}}], 0x1, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r3, 0x89e2, &(0x7f0000000400)={<r6=>r4})
ioctl$sock_kcm_SIOCKCMATTACH(r6, 0x89e0, &(0x7f0000000180)={r4, r0})
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r7, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r8, 0x0, 0x8008000000010, &(0x7f00000003c0)="17000000020001000003d68c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8)
r9 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
setsockopt$sock_int(r9, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)
sendmmsg$inet(r3, &(0x7f00000009c0)=[{{0x0, 0x0, &(0x7f0000000300)}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20004050)
mq_open(&(0x7f0000000080)='trusted.overlay.redirect\x00', 0x40, 0x40, &(0x7f0000000040)={0x2, 0xa, 0x7fff, 0x7})

1.108501763s ago: executing program 1 (id=1986):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x30, 0x1, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x8cc}]}]}, 0x30}}, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x14)
ioctl$KVM_X86_SET_MSR_FILTER(r2, 0x4188aec6, &(0x7f0000002cc0)={0x1, [{0x0, 0x68, 0xc, &(0x7f0000000440)="6c85f46c911c9ee62a0068118b"}, {0x3, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x4, 0x0}, {0x0, 0x0, 0x10001, 0x0}, {0x1, 0x0, 0x401, 0x0}, {0x2, 0x0, 0x2, 0x0}, {0x0, 0x0, 0xd, 0x0}, {0x2, 0x0, 0x3fc, 0x0}, {0x3, 0x0, 0x5, 0x0}, {0x1, 0x0, 0x1, 0x0}, {0x3, 0x0, 0x7, 0x0}, {0x1, 0x0, 0x3468, 0x0}, {0x3, 0x0, 0x1ff, 0x0}, {0x0, 0x0, 0x1, 0x0}, {0x2, 0x0, 0x7, 0x0}, {0x2, 0x0, 0x3, 0x0}]})
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0x1, 0x17, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf090000000000006609010000000000060000000b000000180100002020702500000000002020207b9af8ff00000000ad9100000000000037010000f8ffffffb702000008000000b70300000500000057000000060000002c93000000000000b5030000000000008500000076000000b70000000000000095"], &(0x7f0000000780)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$tipc(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000340), &(0x7f0000000380)=0x4)
sendmsg$nl_netfilter(r6, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000001000)={0x450, 0x8, 0x6, 0x401, 0x70bd29, 0x25dfdbff, {0x5, 0x0, 0x8}, [@generic="c1bc9b4bb09546e8ab9023bf93cdef109346882ead156a41f6d0768296196b47d7f3c8a0a99dd99b57120afd4a277ef79178af3eebd7cc8a37a4c0942191c847701972e953993122deebc9f1050848bdb4bf8f0544fcdc8b28e386a38f95683d6be3", @generic="9b88610b003ee62e55b938510dd094d638ba", @nested={0x18a, 0x8f, 0x0, 0x1, [@typed={0x8, 0xa7, 0x0, 0x0, @u32=0x3}, @nested={0x4, 0x5a}, @nested={0x4, 0x22}, @nested={0x4, 0x22}, @generic="0f90b66f1c5c4ac4067de271f790c019b2880e8d8de81fe25fe413a3fbf12a17d19ebbb12198b1268aa5d74d6cf55fd8c978c63ccf96ae75a13b209df8d392980ffb7aa9f9c60aab5a5a68b708b52f9861de602c95ec5fd6906ec27abbc3178404ab42f7460f608f9459f79fcf1376cd9cbf30bf9710148a026f60efb00efeccf1d0389ec55d9387a7a626041714d3ef0c29012be21af75faa73", @generic="96b00669e13878b97c6c0052f503db5d9fc8c67f98bad597e525d9decec1a80a2c51069e06717151f897bdbddae83523e0d524ab080c14e5c477096d7f0196d7694e78d9170663af109c43b2853cb9ba1c1ecd0dc27cd3832940670bf7b6c45dc9d7bad7093a9b4bb0eca88dfdeaceff147d1f66fe32f276e2d37a6554868a291edffc0ca9cc3c7f2114af29c9f31295b01d961d7b593edba6b6089057218f0d5faec98de50ffba91798fba159d66c3b32953cf3113381d2bf3bf3e56b5d9dc873ca048ac5793582c8845ccfae728de531c0150108193703"]}, @nested={0x168, 0x31, 0x0, 0x1, [@typed={0x14, 0x40, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @nested={0x4, 0x8}, @generic="e4cefb8ae95a20660f54046edd99b1fa05f70c876c7d93987e3189730909bc500e3d6bb1516cb0d2976152a805ec5eb0116fbb79778f4f35892720faac605c50c9a035768cbf7987f2eae9709a7056c4e0f768b8585af8711541fdb6f9aaf6f149206218917ed3ef7f1dd7f85139c6d84821ca", @nested={0x4, 0x12e}, @generic="fda43bb4067b84336b4725c6139ab84e8974c80d3b202421937b3b02244e0d0b5a28a7404c4f7ec9c37c377503af890b68a6678828159536789a584ecda5cda9814fde1d844271c7dd542e898d7d8c9852061ea1aae440e3516e7f104892b3bcba3bd0b5e24a6a68ac97fef0f911d3de155e9a20c8bb0db053a9a0022329099ae8340a0d05369e2e5eeacd10f634d850a079ba5b6079c9e3e1cb181cf2e144f4f14b066d1600d68a384d450041a6c9ec10a54d803b53db11c247705074f7bc974fd6cd4f001f36753aa03bf4eab9895d7babbb2dd6"]}, @typed={0xc, 0x79, 0x0, 0x0, @u64=0x7}, @generic="7d7843b0c6e10588f1704c9498894928fff040374a991a625e27ffe1cff15f7a5c7af511e9e268b2be73fa86c942b1733fecb1beb138856450eda660da4e985ad032118adede51e8a75847358d20450e2fdbb9c4a6b4575430b5127f0477aed66d33a3ff9cf832b297e996f85107730d85992658d5d2273350d4ad34f5e71e9ca7660d0cfb95e286bd72a28bf7b9f6adba86f6e3dabf75331b6914e41c8fdc353f163b3c1cbbf44600eaa2fccc275d971480fa518622423fb72f283c71c7fdd831f4ea5e2b"]}, 0x450}, 0x1, 0x0, 0x0, 0x24040460}, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8, 0x80}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
getsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180), &(0x7f00000002c0)=0x4)
r8 = open$dir(&(0x7f00000003c0)='./file0\x00', 0x200, 0xa6)
getdents64(r8, &(0x7f0000000540)=""/178, 0xb2)

917.003108ms ago: executing program 3 (id=1987):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)={0x24, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x5, 0x5b, '\x00'}]}, 0x24}}, 0x0)

805.280176ms ago: executing program 3 (id=1988):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x28941, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0xdc})
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, 0x3})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"})

498.127994ms ago: executing program 0 (id=1989):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000024c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900030073797a32000000000c00024000000000000000010900010073797a300000000054000000060a01040000000000000000010000000900010073797a310000000008000b40000000030c000640000000000000000314000480100001800b0001007470726f787900000900010073797a30"], 0x7904}, 0x1, 0x0, 0x0, 0x4040}, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x3, 0x4, 0x4, 0x3}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r1, &(0x7f0000000280), &(0x7f0000000300)=""/56}, 0x20)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000580)=@abs={0x1}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xbc3d, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040), 0x2, 0x6}}, 0x20)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4000, 0xffffffff, @mcast2}, {0xa, 0x0, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x800083}}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000100)={<r7=>0x0, 0x280, 0x55a6}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f00000003c0)={r7, @in6={{0xa, 0x4e22, 0x86fa, @remote, 0xfffffff8}}, 0x7, 0x1}, 0x90)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TIOCMSET(r6, 0x5418, &(0x7f0000000000)=0xa)
ioctl$TCSETSW2(r6, 0x402c542c, &(0x7f0000000040)={0x1, 0x806, 0x0, 0x80000007, 0x2, "6d1714a98b08633c45debea890564b7cdcd0f7", 0x6, 0x3})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r9 = openat$cgroup_int(r8, &(0x7f0000000100)='blkio.reset_stats\x00', 0x2, 0x0)
write$cgroup_int(r9, &(0x7f0000000040)=0x2, 0x12)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x6c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2f}, @NFTA_SET_EXPRESSIONS={0x28, 0x12, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x20}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xd}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x102}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb4}}, 0x20050800)

0s ago: executing program 3 (id=1990):
r0 = semget$private(0x0, 0x6, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x31, 0x5, 0x8, 0x80, 0x0, 0x7, 0xbcc, 0x7c78, 0xfa11, 0x2}, 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4004550c, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000140), 0x80401, 0x0)
write$USERIO_CMD_REGISTER(r3, &(0x7f00000001c0), 0x2)
write$USERIO_CMD_SEND_INTERRUPT(r3, &(0x7f0000000200)={0x2, 0x4}, 0x2)
sendmsg$NFT_MSG_GETFLOWTABLE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000c80)=ANY=[@ANYBLOB="14000000170a01080000000000000000020000086f8a8bbb2591e9a339b4c54330c5190e1d9500946bfaef5180229118f1797da18e59c1f014c55a412509d58e4435ad37d7a5c77d8c70a76a22a7cadb169d87eddf95c78fbb532c789d3966e3a37496283893c87bdf6a47af691117"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)
r4 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
r5 = socket(0x80000000000000a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b7000000ff000003bfa30000000000000703000000feffff620af0fff8ffffff71a4f0ff0000000015040200000000001d400200000000004704000001ed000062030000000000001d440000000000007a0a00fe00ffffffdb03000040000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa5b4e377184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7592566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6cb5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94a"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x200000, 0x400}, 0x10, 0xffffffffffffffff}, 0x94)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000340)="d4d7efad020efa27e4b5b271825ef53d030f992ff58468566c6fc090ac508f876b89a6004f4d6aa59f13c8afda4bfc2137c8a1d584595b77c2a5f6a72a6d627f3408", 0x42, 0x10, 0x0, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffe}}, {{0xa, 0x4e23, 0x0, @mcast1}}}, 0x108)
close(r4)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup(r1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xc, 0x2012, r6, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
semtimedop(r0, &(0x7f00000003c0)=[{0x4, 0x4, 0x1800}], 0x1, 0x0)
semop(r0, &(0x7f0000000480)=[{0x1, 0x9}, {0x1, 0x3, 0x800}], 0x2)

kernel console output (not intermixed with test programs):

02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  384.111885][T11247] RSP: 002b:00007fb419e3b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  384.111902][T11247] RAX: ffffffffffffffda RBX: 00007fb4191e5fa0 RCX: 00007fb418f8e17f
[  384.111915][T11247] RDX: 000000000000003e RSI: 0000200000000200 RDI: 00000000000000c8
[  384.111926][T11247] RBP: 00007fb419e3b090 R08: 0000000000000000 R09: 0000000000000000
[  384.111937][T11247] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[  384.111946][T11247] R13: 00007fb4191e6038 R14: 00007fb4191e5fa0 R15: 00007fb41930fa28
[  384.111971][T11247]  </TASK>
[  384.462527][   T30] audit: type=1326 audit(1762807193.385:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.0.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0f18f6c9 code=0x7ffc0000
[  384.557574][   T30] audit: type=1326 audit(1762807193.395:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.0.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f0a0f18f6c9 code=0x7ffc0000
[  384.581589][   T30] audit: type=1326 audit(1762807193.395:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.0.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0f18f6c9 code=0x7ffc0000
[  384.605584][   T30] audit: type=1326 audit(1762807193.395:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.0.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0f18f6c9 code=0x7ffc0000
[  384.628759][   T30] audit: type=1326 audit(1762807193.395:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.0.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f0a0f18f6c9 code=0x7ffc0000
[  384.718940][T11259] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1603'.
[  384.742643][   T30] audit: type=1326 audit(1762807193.395:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.0.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0f18f6c9 code=0x7ffc0000
[  384.901394][   T30] audit: type=1326 audit(1762807193.395:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.0.1594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a0f18f6c9 code=0x7ffc0000
[  384.929231][T11262] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1601'.
[  385.153165][T11278] FAULT_INJECTION: forcing a failure.
[  385.153165][T11278] name failslab, interval 1, probability 0, space 0, times 0
[  385.180703][T11278] CPU: 0 UID: 0 PID: 11278 Comm: syz.0.1605 Not tainted syzkaller #0 PREEMPT(full) 
[  385.180720][T11278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  385.180727][T11278] Call Trace:
[  385.180733][T11278]  <TASK>
[  385.180739][T11278]  dump_stack_lvl+0x189/0x250
[  385.180764][T11278]  ? __pfx____ratelimit+0x10/0x10
[  385.180785][T11278]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.180806][T11278]  ? __pfx__printk+0x10/0x10
[  385.180826][T11278]  ? __pfx___might_resched+0x10/0x10
[  385.180842][T11278]  ? fs_reclaim_acquire+0x7d/0x100
[  385.180862][T11278]  should_fail_ex+0x414/0x560
[  385.180890][T11278]  should_failslab+0xa8/0x100
[  385.180907][T11278]  __kmalloc_noprof+0xcb/0x7f0
[  385.180926][T11278]  ? alloc_pipe_info+0x1fd/0x4d0
[  385.180953][T11278]  alloc_pipe_info+0x1fd/0x4d0
[  385.180979][T11278]  splice_direct_to_actor+0xa5d/0xcc0
[  385.181006][T11278]  ? __lock_acquire+0xab9/0xd20
[  385.181034][T11278]  ? __pfx_aa_file_perm+0x10/0x10
[  385.181051][T11278]  ? __lock_acquire+0xab9/0xd20
[  385.181067][T11278]  ? __pfx_direct_splice_actor+0x10/0x10
[  385.181091][T11278]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  385.181125][T11278]  do_splice_direct+0x181/0x270
[  385.181163][T11278]  ? __pfx_do_splice_direct+0x10/0x10
[  385.181185][T11278]  ? common_file_perm+0x1b5/0x230
[  385.181209][T11278]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  385.181228][T11278]  ? bpf_lsm_file_permission+0x9/0x20
[  385.181246][T11278]  ? security_file_permission+0x75/0x290
[  385.181267][T11278]  ? rw_verify_area+0x255/0x4d0
[  385.181293][T11278]  do_sendfile+0x4da/0x7e0
[  385.181312][T11278]  ? __pfx_vfs_write+0x10/0x10
[  385.181340][T11278]  ? __pfx_do_sendfile+0x10/0x10
[  385.181358][T11278]  ? __fget_files+0x3a0/0x420
[  385.181384][T11278]  __se_sys_sendfile64+0x13e/0x190
[  385.181404][T11278]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  385.181426][T11278]  ? do_syscall_64+0xbe/0xfa0
[  385.181452][T11278]  do_syscall_64+0xfa/0xfa0
[  385.181473][T11278]  ? lockdep_hardirqs_on+0x9c/0x150
[  385.181495][T11278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.181512][T11278]  ? clear_bhb_loop+0x60/0xb0
[  385.181533][T11278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.181548][T11278] RIP: 0033:0x7f0a0f18f6c9
[  385.181563][T11278] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  385.181578][T11278] RSP: 002b:00007f0a0ffd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  385.181597][T11278] RAX: ffffffffffffffda RBX: 00007f0a0f3e6090 RCX: 00007f0a0f18f6c9
[  385.181608][T11278] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000003
[  385.181617][T11278] RBP: 00007f0a0ffd8090 R08: 0000000000000000 R09: 0000000000000000
[  385.181627][T11278] R10: 000000008000002b R11: 0000000000000246 R12: 0000000000000001
[  385.181636][T11278] R13: 00007f0a0f3e6128 R14: 00007f0a0f3e6090 R15: 00007f0a0f50fa28
[  385.181661][T11278]  </TASK>
[  385.215084][ T5900] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  385.944044][T11277] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  385.955780][ T5900] usb 5-1: device descriptor read/64, error -71
[  385.961272][T11277] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  385.981735][T11277] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  385.989434][T11277] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  386.000391][T11277] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  386.006825][T11277] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  386.017999][T11277] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  386.025352][T11277] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  386.039549][T11277] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  386.057225][T11277] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  386.195149][ T5900] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  386.335102][ T5900] usb 5-1: device descriptor read/64, error -71
[  386.350010][   T10] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  386.379947][T11305] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  386.388909][T11305] syzkaller0: entered promiscuous mode
[  386.394497][T11305] syzkaller0: entered allmulticast mode
[  386.412513][T11305] FAULT_INJECTION: forcing a failure.
[  386.412513][T11305] name failslab, interval 1, probability 0, space 0, times 0
[  386.425430][T11305] CPU: 1 UID: 0 PID: 11305 Comm: syz.2.1615 Not tainted syzkaller #0 PREEMPT(full) 
[  386.425452][T11305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  386.425462][T11305] Call Trace:
[  386.425469][T11305]  <TASK>
[  386.425475][T11305]  dump_stack_lvl+0x189/0x250
[  386.425501][T11305]  ? __pfx____ratelimit+0x10/0x10
[  386.425521][T11305]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.425541][T11305]  ? __pfx__printk+0x10/0x10
[  386.425562][T11305]  ? __pfx___might_resched+0x10/0x10
[  386.425578][T11305]  ? fs_reclaim_acquire+0x7d/0x100
[  386.425600][T11305]  should_fail_ex+0x414/0x560
[  386.425628][T11305]  should_failslab+0xa8/0x100
[  386.425647][T11305]  __kmalloc_noprof+0xcb/0x7f0
[  386.425668][T11305]  ? tomoyo_encode+0x28b/0x550
[  386.425694][T11305]  tomoyo_encode+0x28b/0x550
[  386.425722][T11305]  tomoyo_realpath_from_path+0x58d/0x5d0
[  386.425748][T11305]  ? tomoyo_domain+0xd9/0x130
[  386.425769][T11305]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  386.425801][T11305]  tomoyo_path_number_perm+0x1e8/0x5a0
[  386.425825][T11305]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  386.425882][T11305]  ? __fget_files+0x2a/0x420
[  386.425903][T11305]  ? __fget_files+0x3a0/0x420
[  386.425919][T11305]  ? __fget_files+0x2a/0x420
[  386.425939][T11305]  security_file_ioctl+0xcb/0x2d0
[  386.425959][T11305]  __se_sys_ioctl+0x47/0x170
[  386.425979][T11305]  do_syscall_64+0xfa/0xfa0
[  386.425998][T11305]  ? lockdep_hardirqs_on+0x9c/0x150
[  386.426021][T11305]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.426035][T11305]  ? clear_bhb_loop+0x60/0xb0
[  386.426055][T11305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.426071][T11305] RIP: 0033:0x7fb418f8f6c9
[  386.426086][T11305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.426099][T11305] RSP: 002b:00007fb419e3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  386.426117][T11305] RAX: ffffffffffffffda RBX: 00007fb4191e5fa0 RCX: 00007fb418f8f6c9
[  386.426128][T11305] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005
[  386.426137][T11305] RBP: 00007fb419e3b090 R08: 0000000000000000 R09: 0000000000000000
[  386.426149][T11305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.426159][T11305] R13: 00007fb4191e6038 R14: 00007fb4191e5fa0 R15: 00007fb41930fa28
[  386.426187][T11305]  </TASK>
[  386.426204][T11305] ERROR: Out of memory at tomoyo_realpath_from_path.
[  386.507095][   T10] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  386.512702][ T5900] usb usb5-port1: attempt power cycle
[  386.533252][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.543305][T11305] tipc: Resetting bearer <eth:syzkaller0>
[  386.675487][   T10] usb 4-1: config 0 descriptor??
[  386.914468][T11304] tipc: Resetting bearer <eth:syzkaller0>
[  386.944459][   T10] gspca_main: spca508-2.14.0 probing 8086:0110
[  386.945521][T11304] tipc: Disabling bearer <eth:syzkaller0>
[  386.956831][ T5900] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  387.015239][   T50] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  387.025624][ T5900] usb 5-1: device descriptor read/8, error -71
[  387.255244][ T5835] Bluetooth: hci0: command 0x0406 tx timeout
[  387.313610][   T10] gspca_spca508: reg_read err -32
[  387.319506][   T10] gspca_spca508: reg_read err -32
[  387.354448][   T10] gspca_spca508: reg_read err -32
[  387.362900][   T10] gspca_spca508: reg_read err -32
[  387.449977][   T50] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  387.459462][   T50] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.471230][   T50] usb 2-1: Product: syz
[  387.481862][   T50] usb 2-1: Manufacturer: syz
[  387.488801][   T50] usb 2-1: SerialNumber: syz
[  387.502882][   T50] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  387.546000][ T5900] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  387.570771][   T10] gspca_spca508: reg write: error -71
[  387.576448][   T10] spca508 4-1:0.0: probe with driver spca508 failed with error -71
[  387.593242][ T5899] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  387.613526][   T10] usb 4-1: USB disconnect, device number 24
[  387.633867][ T5900] usb 5-1: device descriptor read/8, error -71
[  387.745380][ T5900] usb usb5-port1: unable to enumerate USB device
[  388.025556][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  388.026405][   T53] Bluetooth: hci2: command 0x0406 tx timeout
[  388.046437][   T53] Bluetooth: hci1: command 0x0406 tx timeout
[  388.115195][ T5835] Bluetooth: hci4: command 0x0406 tx timeout
[  388.532431][T11337] FAULT_INJECTION: forcing a failure.
[  388.532431][T11337] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.565384][T11337] CPU: 0 UID: 0 PID: 11337 Comm: syz.4.1624 Not tainted syzkaller #0 PREEMPT(full) 
[  388.565411][T11337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  388.565422][T11337] Call Trace:
[  388.565433][T11337]  <TASK>
[  388.565440][T11337]  dump_stack_lvl+0x189/0x250
[  388.565469][T11337]  ? __pfx____ratelimit+0x10/0x10
[  388.565492][T11337]  ? __pfx_dump_stack_lvl+0x10/0x10
[  388.565514][T11337]  ? __pfx__printk+0x10/0x10
[  388.565532][T11337]  ? __might_fault+0xb0/0x130
[  388.565578][T11337]  should_fail_ex+0x414/0x560
[  388.565614][T11337]  _copy_from_user+0x2d/0xb0
[  388.565636][T11337]  kstrtouint_from_user+0xc4/0x170
[  388.565658][T11337]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  388.565693][T11337]  proc_fail_nth_write+0x88/0x200
[  388.565715][T11337]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  388.565742][T11337]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  388.565765][T11337]  vfs_write+0x27e/0xb30
[  388.565797][T11337]  ? __pfx_vfs_write+0x10/0x10
[  388.565821][T11337]  ? __fget_files+0x2a/0x420
[  388.565842][T11337]  ? __fget_files+0x3a0/0x420
[  388.565857][T11337]  ? __fget_files+0x2a/0x420
[  388.565883][T11337]  ksys_write+0x145/0x250
[  388.565903][T11337]  ? __fget_files+0x2a/0x420
[  388.565921][T11337]  ? __pfx_ksys_write+0x10/0x10
[  388.565946][T11337]  ? do_syscall_64+0xbe/0xfa0
[  388.565972][T11337]  do_syscall_64+0xfa/0xfa0
[  388.565992][T11337]  ? lockdep_hardirqs_on+0x9c/0x150
[  388.566015][T11337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.566031][T11337]  ? clear_bhb_loop+0x60/0xb0
[  388.566050][T11337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.566064][T11337] RIP: 0033:0x7f95f1d8e17f
[  388.566079][T11337] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  388.566092][T11337] RSP: 002b:00007f95f2cc1030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  388.566109][T11337] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f95f1d8e17f
[  388.566120][T11337] RDX: 0000000000000001 RSI: 00007f95f2cc10a0 RDI: 0000000000000008
[  388.566130][T11337] RBP: 00007f95f2cc1090 R08: 0000000000000000 R09: 0000000000000000
[  388.566139][T11337] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  388.566147][T11337] R13: 00007f95f1fe6128 R14: 00007f95f1fe6090 R15: 00007f95f210fa28
[  388.566175][T11337]  </TASK>
[  388.839380][ T5899] usb 2-1: Service connection timeout for: 256
[  388.855292][ T5899] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  388.895672][ T5899] ath9k_htc: Failed to initialize the device
[  388.907290][ T5899] usb 2-1: ath9k_htc: USB layer deinitialized
[  389.177246][T11345] netlink: 'syz.3.1626': attribute type 13 has an invalid length.
[  389.305146][ T5835] Bluetooth: hci0: command 0x0406 tx timeout
[  389.965100][   T50] usb 2-1: USB disconnect, device number 27
[  390.106290][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  390.112419][   T53] Bluetooth: hci1: command 0x0406 tx timeout
[  390.112452][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  390.185377][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  390.240782][T11350] FAULT_INJECTION: forcing a failure.
[  390.240782][T11350] name failslab, interval 1, probability 0, space 0, times 0
[  390.249994][T11352] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1630'.
[  390.262852][T11350] CPU: 0 UID: 0 PID: 11350 Comm: syz.4.1628 Not tainted syzkaller #0 PREEMPT(full) 
[  390.262876][T11350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  390.262887][T11350] Call Trace:
[  390.262895][T11350]  <TASK>
[  390.262902][T11350]  dump_stack_lvl+0x189/0x250
[  390.262929][T11350]  ? __pfx____ratelimit+0x10/0x10
[  390.262952][T11350]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.262974][T11350]  ? __pfx__printk+0x10/0x10
[  390.262995][T11350]  ? __pfx___might_resched+0x10/0x10
[  390.263014][T11350]  ? fs_reclaim_acquire+0x7d/0x100
[  390.263036][T11350]  should_fail_ex+0x414/0x560
[  390.263066][T11350]  should_failslab+0xa8/0x100
[  390.263086][T11350]  __kmalloc_cache_noprof+0x6f/0x6f0
[  390.263108][T11350]  ? trace_contention_end+0x39/0x120
[  390.263127][T11350]  ? vhost_task_create+0xf8/0x320
[  390.263155][T11350]  vhost_task_create+0xf8/0x320
[  390.263175][T11350]  ? arch_stack_walk+0xfc/0x150
[  390.263194][T11350]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  390.263216][T11350]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  390.263240][T11350]  ? __pfx_vhost_task_create+0x10/0x10
[  390.263270][T11350]  ? __pfx_vhost_task_fn+0x10/0x10
[  390.263311][T11350]  kvm_mmu_post_init_vm+0x14c/0x300
[  390.263339][T11350]  kvm_arch_vcpu_ioctl_run+0xdc/0x1cb0
[  390.263372][T11350]  ? __mutex_trylock_common+0x153/0x260
[  390.263397][T11350]  ? __pfx___mutex_trylock_common+0x10/0x10
[  390.263418][T11350]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  390.263444][T11350]  ? rcu_is_watching+0x15/0xb0
[  390.263464][T11350]  ? trace_contention_end+0x39/0x120
[  390.263483][T11350]  ? look_up_lock_class+0x74/0x170
[  390.263505][T11350]  ? register_lock_class+0x51/0x320
[  390.263527][T11350]  ? __lock_acquire+0xab9/0xd20
[  390.263573][T11350]  kvm_vcpu_ioctl+0x95c/0xe90
[  390.263603][T11350]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  390.263649][T11350]  ? __fget_files+0x2a/0x420
[  390.263672][T11350]  ? __fget_files+0x3a0/0x420
[  390.263694][T11350]  ? __fget_files+0x2a/0x420
[  390.263714][T11350]  ? bpf_lsm_file_ioctl+0x9/0x20
[  390.263734][T11350]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  390.263757][T11350]  __se_sys_ioctl+0xfc/0x170
[  390.263782][T11350]  do_syscall_64+0xfa/0xfa0
[  390.263804][T11350]  ? lockdep_hardirqs_on+0x9c/0x150
[  390.263826][T11350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.263844][T11350]  ? clear_bhb_loop+0x60/0xb0
[  390.263865][T11350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.263883][T11350] RIP: 0033:0x7f95f1d8f6c9
[  390.263899][T11350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.263915][T11350] RSP: 002b:00007f95f2ce3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  390.263934][T11350] RAX: ffffffffffffffda RBX: 00007f95f1fe5fa0 RCX: 00007f95f1d8f6c9
[  390.263948][T11350] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  390.263959][T11350] RBP: 00007f95f2ce3090 R08: 0000000000000000 R09: 0000000000000000
[  390.263970][T11350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.263980][T11350] R13: 00007f95f1fe6038 R14: 00007f95f1fe5fa0 R15: 00007f95f210fa28
[  390.264011][T11350]  </TASK>
[  390.698806][T11354] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1629'.
[  390.904144][T11366] netlink: 83 bytes leftover after parsing attributes in process `syz.3.1633'.
[  390.928198][   T30] kauditd_printk_skb: 45 callbacks suppressed
[  390.928214][   T30] audit: type=1326 audit(1762807200.385:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  390.957818][   T30] audit: type=1326 audit(1762807200.405:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  390.983407][   T30] audit: type=1326 audit(1762807200.405:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  391.022308][   T30] audit: type=1326 audit(1762807200.405:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  391.071851][   T30] audit: type=1326 audit(1762807200.405:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  391.094650][   T30] audit: type=1326 audit(1762807200.405:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  391.188293][   T30] audit: type=1326 audit(1762807200.405:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  391.259825][   T30] audit: type=1326 audit(1762807200.405:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  391.324384][T11377] misc userio: No port type given on /dev/userio
[  391.331174][T11377] misc userio: The device must be registered before sending interrupts
[  391.348416][T11374] FAULT_INJECTION: forcing a failure.
[  391.348416][T11374] name failslab, interval 1, probability 0, space 0, times 0
[  391.395475][T11374] CPU: 1 UID: 0 PID: 11374 Comm: syz.2.1638 Not tainted syzkaller #0 PREEMPT(full) 
[  391.395501][T11374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  391.395512][T11374] Call Trace:
[  391.395519][T11374]  <TASK>
[  391.395527][T11374]  dump_stack_lvl+0x189/0x250
[  391.395563][T11374]  ? __pfx____ratelimit+0x10/0x10
[  391.395586][T11374]  ? __pfx_dump_stack_lvl+0x10/0x10
[  391.395608][T11374]  ? __pfx__printk+0x10/0x10
[  391.395628][T11374]  ? __pfx___might_resched+0x10/0x10
[  391.395647][T11374]  ? fs_reclaim_acquire+0x7d/0x100
[  391.395669][T11374]  should_fail_ex+0x414/0x560
[  391.395703][T11374]  should_failslab+0xa8/0x100
[  391.395722][T11374]  __kmalloc_cache_noprof+0x6f/0x6f0
[  391.395745][T11374]  ? trace_contention_end+0x39/0x120
[  391.395764][T11374]  ? vhost_task_create+0xf8/0x320
[  391.395790][T11374]  vhost_task_create+0xf8/0x320
[  391.395811][T11374]  ? arch_stack_walk+0xfc/0x150
[  391.395829][T11374]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  391.395852][T11374]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  391.395875][T11374]  ? __pfx_vhost_task_create+0x10/0x10
[  391.395904][T11374]  ? __pfx_vhost_task_fn+0x10/0x10
[  391.395944][T11374]  kvm_mmu_post_init_vm+0x14c/0x300
[  391.395972][T11374]  kvm_arch_vcpu_ioctl_run+0xdc/0x1cb0
[  391.396003][T11374]  ? __mutex_trylock_common+0x153/0x260
[  391.396024][T11374]  ? __pfx___mutex_trylock_common+0x10/0x10
[  391.396045][T11374]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  391.396071][T11374]  ? rcu_is_watching+0x15/0xb0
[  391.396091][T11374]  ? trace_contention_end+0x39/0x120
[  391.396109][T11374]  ? look_up_lock_class+0x74/0x170
[  391.396135][T11374]  ? register_lock_class+0x51/0x320
[  391.396158][T11374]  ? __lock_acquire+0xab9/0xd20
[  391.396204][T11374]  kvm_vcpu_ioctl+0x95c/0xe90
[  391.396235][T11374]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  391.396278][T11374]  ? __fget_files+0x2a/0x420
[  391.396299][T11374]  ? __fget_files+0x3a0/0x420
[  391.396314][T11374]  ? __fget_files+0x2a/0x420
[  391.396335][T11374]  ? bpf_lsm_file_ioctl+0x9/0x20
[  391.396354][T11374]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  391.396377][T11374]  __se_sys_ioctl+0xfc/0x170
[  391.396401][T11374]  do_syscall_64+0xfa/0xfa0
[  391.396423][T11374]  ? lockdep_hardirqs_on+0x9c/0x150
[  391.396445][T11374]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.396463][T11374]  ? clear_bhb_loop+0x60/0xb0
[  391.396484][T11374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.396500][T11374] RIP: 0033:0x7fb418f8f6c9
[  391.396515][T11374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.396529][T11374] RSP: 002b:00007fb419e3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  391.396553][T11374] RAX: ffffffffffffffda RBX: 00007fb4191e5fa0 RCX: 00007fb418f8f6c9
[  391.396566][T11374] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  391.396577][T11374] RBP: 00007fb419e3b090 R08: 0000000000000000 R09: 0000000000000000
[  391.396587][T11374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.396598][T11374] R13: 00007fb4191e6038 R14: 00007fb4191e5fa0 R15: 00007fb41930fa28
[  391.396629][T11374]  </TASK>
[  391.409000][   T30] audit: type=1326 audit(1762807200.405:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  391.409045][   T30] audit: type=1326 audit(1762807200.405:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11367 comm="syz.4.1634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f95f1d8f6c9 code=0x7ffc0000
[  392.334593][T11407] FAULT_INJECTION: forcing a failure.
[  392.334593][T11407] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.334633][T11407] CPU: 0 UID: 0 PID: 11407 Comm: syz.2.1645 Not tainted syzkaller #0 PREEMPT(full) 
[  392.334645][T11407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  392.334651][T11407] Call Trace:
[  392.334655][T11407]  <TASK>
[  392.334660][T11407]  dump_stack_lvl+0x189/0x250
[  392.334677][T11407]  ? __pfx____ratelimit+0x10/0x10
[  392.334690][T11407]  ? __pfx_dump_stack_lvl+0x10/0x10
[  392.334702][T11407]  ? __pfx__printk+0x10/0x10
[  392.334712][T11407]  ? __might_fault+0xb0/0x130
[  392.334730][T11407]  should_fail_ex+0x414/0x560
[  392.334747][T11407]  _copy_from_user+0x2d/0xb0
[  392.334760][T11407]  lo_ioctl+0x547/0x1c50
[  392.334778][T11407]  ? __pfx_lo_ioctl+0x10/0x10
[  392.334790][T11407]  ? ima_match_policy+0x10b/0x2150
[  392.334801][T11407]  ? look_up_lock_class+0x74/0x170
[  392.334815][T11407]  ? register_lock_class+0x51/0x320
[  392.334829][T11407]  ? __lock_acquire+0xab9/0xd20
[  392.334843][T11407]  ? process_measurement+0x3d8/0x1a40
[  392.334854][T11407]  ? ima_match_policy+0x10b/0x2150
[  392.334867][T11407]  ? __lock_acquire+0xab9/0xd20
[  392.334877][T11407]  ? __lock_acquire+0xab9/0xd20
[  392.334892][T11407]  ? __lock_acquire+0xab9/0xd20
[  392.334907][T11407]  ? __lock_acquire+0xab9/0xd20
[  392.334926][T11407]  ? is_bpf_text_address+0x26/0x2b0
[  392.334939][T11407]  ? is_bpf_text_address+0x292/0x2b0
[  392.334957][T11407]  ? is_bpf_text_address+0x26/0x2b0
[  392.334976][T11407]  ? kernel_text_address+0xa5/0xe0
[  392.334997][T11407]  ? __kernel_text_address+0xd/0x40
[  392.335017][T11407]  ? unwind_get_return_address+0x4d/0x90
[  392.335035][T11407]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  392.335054][T11407]  ? arch_stack_walk+0xfc/0x150
[  392.335084][T11407]  ? stack_trace_save+0x9c/0xe0
[  392.335105][T11407]  ? __pfx_stack_trace_save+0x10/0x10
[  392.335126][T11407]  ? stack_depot_save_flags+0x40/0x860
[  392.335152][T11407]  ? kasan_save_track+0x4f/0x80
[  392.335165][T11407]  ? kasan_save_track+0x3e/0x80
[  392.335176][T11407]  ? __kasan_save_free_info+0x46/0x50
[  392.335186][T11407]  ? __kasan_slab_free+0x5c/0x80
[  392.335200][T11407]  ? kfree+0x19a/0x6d0
[  392.335210][T11407]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  392.335222][T11407]  ? security_file_ioctl+0xcb/0x2d0
[  392.335232][T11407]  ? __se_sys_ioctl+0x47/0x170
[  392.335243][T11407]  ? do_syscall_64+0xfa/0xfa0
[  392.335254][T11407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.335276][T11407]  ? __asan_memset+0x22/0x50
[  392.335287][T11407]  ? blk_get_meta_cap+0x18c/0x750
[  392.335304][T11407]  ? __pfx_blk_get_meta_cap+0x10/0x10
[  392.335318][T11407]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.335332][T11407]  ? blkdev_common_ioctl+0xff7/0x2550
[  392.335343][T11407]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  392.335355][T11407]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  392.335365][T11407]  ? do_vfs_ioctl+0xbe8/0x1430
[  392.335375][T11407]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  392.335405][T11407]  ? __pfx_lo_ioctl+0x10/0x10
[  392.335418][T11407]  blkdev_ioctl+0x5af/0x6d0
[  392.335429][T11407]  ? __pfx_blkdev_ioctl+0x10/0x10
[  392.335436][T11407]  ? __fget_files+0x3a0/0x420
[  392.335451][T11407]  ? __fget_files+0x2a/0x420
[  392.335462][T11407]  ? bpf_lsm_file_ioctl+0x9/0x20
[  392.335473][T11407]  ? __pfx_blkdev_ioctl+0x10/0x10
[  392.335481][T11407]  __se_sys_ioctl+0xfc/0x170
[  392.335494][T11407]  do_syscall_64+0xfa/0xfa0
[  392.335506][T11407]  ? lockdep_hardirqs_on+0x9c/0x150
[  392.335518][T11407]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.335527][T11407]  ? clear_bhb_loop+0x60/0xb0
[  392.335539][T11407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.335548][T11407] RIP: 0033:0x7fb418f8f6c9
[  392.335558][T11407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.335566][T11407] RSP: 002b:00007fb419e3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  392.335577][T11407] RAX: ffffffffffffffda RBX: 00007fb4191e5fa0 RCX: 00007fb418f8f6c9
[  392.335584][T11407] RDX: 00002000000002c0 RSI: 0000000000004c0a RDI: 0000000000000003
[  392.335590][T11407] RBP: 00007fb419e3b090 R08: 0000000000000000 R09: 0000000000000000
[  392.335596][T11407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.335602][T11407] R13: 00007fb4191e6038 R14: 00007fb4191e5fa0 R15: 00007fb41930fa28
[  392.335618][T11407]  </TASK>
[  393.272558][T11425] netlink: 'syz.4.1648': attribute type 13 has an invalid length.
[  393.886315][T11430] netlink: 'syz.2.1650': attribute type 12 has an invalid length.
[  394.815134][ T5938] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  394.934338][T11388] tty tty1: ldisc open failed (-12), clearing slot 0
[  394.942119][T11415] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  394.965047][ T5938] usb 3-1: Using ep0 maxpacket: 8
[  394.979554][ T5938] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  394.990018][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.021492][ T5938] usb 3-1: Product: syz
[  395.033891][ T5938] usb 3-1: Manufacturer: syz
[  395.058772][ T5938] usb 3-1: SerialNumber: syz
[  395.131993][ T5938] usb 3-1: config 0 descriptor??
[  395.390112][ T5938] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  395.528824][T11451] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1656'.
[  396.464265][T11459] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  396.476902][T11459] syzkaller0: entered promiscuous mode
[  396.592519][T11459] syzkaller0: entered allmulticast mode
[  396.647627][T11472] FAULT_INJECTION: forcing a failure.
[  396.647627][T11472] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  396.724156][T11472] CPU: 1 UID: 0 PID: 11472 Comm: syz.4.1663 Not tainted syzkaller #0 PREEMPT(full) 
[  396.724178][T11472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  396.724188][T11472] Call Trace:
[  396.724195][T11472]  <TASK>
[  396.724202][T11472]  dump_stack_lvl+0x189/0x250
[  396.724231][T11472]  ? __pfx____ratelimit+0x10/0x10
[  396.724252][T11472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  396.724271][T11472]  ? __pfx__printk+0x10/0x10
[  396.724287][T11472]  ? __might_fault+0xb0/0x130
[  396.724315][T11472]  should_fail_ex+0x414/0x560
[  396.724339][T11472]  _copy_from_user+0x2d/0xb0
[  396.724360][T11472]  __sys_sendto+0x25c/0x520
[  396.724379][T11472]  ? __pfx___sys_sendto+0x10/0x10
[  396.724392][T11472]  ? count_memcg_event_mm+0x21/0x260
[  396.724435][T11472]  ? exc_page_fault+0x82/0x100
[  396.724461][T11472]  ? do_user_addr_fault+0xc85/0x1380
[  396.724481][T11472]  __x64_sys_sendto+0xde/0x100
[  396.724498][T11472]  do_syscall_64+0xfa/0xfa0
[  396.724518][T11472]  ? lockdep_hardirqs_on+0x9c/0x150
[  396.724537][T11472]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.724553][T11472]  ? clear_bhb_loop+0x60/0xb0
[  396.724573][T11472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.724589][T11472] RIP: 0033:0x7f95f1d9155c
[  396.724604][T11472] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  396.724617][T11472] RSP: 002b:00007f95f2ce1ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  396.724634][T11472] RAX: ffffffffffffffda RBX: 00007f95f2ce1fc0 RCX: 00007f95f1d9155c
[  396.724646][T11472] RDX: 0000000000000020 RSI: 00007f95f2ce2010 RDI: 0000000000000004
[  396.724657][T11472] RBP: 0000000000000000 R08: 00007f95f2ce1f14 R09: 000000000000000c
[  396.724666][T11472] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  396.724672][T11472] R13: 00007f95f2ce1f68 R14: 00007f95f2ce2010 R15: 0000000000000000
[  396.724688][T11472]  </TASK>
[  397.199020][T11477] fuse: Bad value for 'fd'
[  397.226502][T11459] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  397.235132][T11459] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  397.271146][T11459] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  397.278991][T11459] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  397.315289][T11459] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  397.346794][ T5938] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  397.362292][ T5938] usb 3-1: USB disconnect, device number 19
[  397.467288][ T5900] tipc: Node number set to 912114300
[  397.645152][ T5908] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  397.746572][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  397.746584][   T30] audit: type=1326 audit(1762807207.195:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  397.805719][ T5908] usb 1-1: Using ep0 maxpacket: 16
[  397.811041][   T30] audit: type=1326 audit(1762807207.195:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  397.813249][ T5908] usb 1-1: unable to get BOS descriptor or descriptor too short
[  397.833417][    C0] vkms_vblank_simulate: vblank timer overrun
[  397.893949][   T30] audit: type=1326 audit(1762807207.195:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  397.938078][ T5908] usb 1-1: config 1 has an invalid interface number: 206 but max is 0
[  397.943044][   T30] audit: type=1326 audit(1762807207.195:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  397.988231][ T5908] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  398.015365][ T5908] usb 1-1: config 1 has no interface number 0
[  398.024396][ T5908] usb 1-1: config 1 interface 206 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  398.041048][   T30] audit: type=1326 audit(1762807207.195:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  398.085375][ T5908] usb 1-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a
[  398.095335][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.121383][ T5908] usb 1-1: Product: syz
[  398.128654][ T5908] usb 1-1: Manufacturer: syz
[  398.365760][   T30] audit: type=1326 audit(1762807207.195:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  398.397565][ T5908] usb 1-1: SerialNumber: syz
[  398.407204][   T30] audit: type=1326 audit(1762807207.195:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  398.434070][   T30] audit: type=1326 audit(1762807207.195:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  398.496619][T11504] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1673'.
[  398.581483][   T30] audit: type=1326 audit(1762807207.205:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  398.635290][ T5908] uvcvideo 1-1:1.206: probe with driver uvcvideo failed with error -22
[  398.695197][ T5908] usb 1-1: USB disconnect, device number 22
[  398.743945][   T30] audit: type=1326 audit(1762807207.205:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11487 comm="syz.3.1668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f754578f6c9 code=0x7ffc0000
[  398.766328][    C0] vkms_vblank_simulate: vblank timer overrun
[  398.775060][ T5841] Bluetooth: hci0: command 0x0406 tx timeout
[  399.237872][T11454] tipc: Resetting bearer <eth:syzkaller0>
[  399.272076][T11454] tipc: Disabling bearer <eth:syzkaller0>
[  399.305140][ T5841] Bluetooth: hci3: command 0x0406 tx timeout
[  399.305360][   T53] Bluetooth: hci2: command 0x0406 tx timeout
[  399.311524][ T5841] Bluetooth: hci1: command 0x0406 tx timeout
[  399.394292][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  399.536586][T11519] FAULT_INJECTION: forcing a failure.
[  399.536586][T11519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  399.564704][T11519] CPU: 1 UID: 0 PID: 11519 Comm: syz.2.1678 Not tainted syzkaller #0 PREEMPT(full) 
[  399.564730][T11519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  399.564741][T11519] Call Trace:
[  399.564748][T11519]  <TASK>
[  399.564757][T11519]  dump_stack_lvl+0x189/0x250
[  399.564784][T11519]  ? __pfx____ratelimit+0x10/0x10
[  399.564807][T11519]  ? __pfx_dump_stack_lvl+0x10/0x10
[  399.564829][T11519]  ? __pfx__printk+0x10/0x10
[  399.564858][T11519]  should_fail_ex+0x414/0x560
[  399.564887][T11519]  _copy_from_user+0x2d/0xb0
[  399.564909][T11519]  copy_from_sockptr_offset+0x66/0xa0
[  399.564933][T11519]  do_ipt_set_ctl+0x8ae/0xcd0
[  399.564957][T11519]  ? rcu_is_watching+0x15/0xb0
[  399.564976][T11519]  ? trace_contention_end+0x39/0x120
[  399.564995][T11519]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  399.565031][T11519]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  399.565065][T11519]  ? __pfx_aa_sk_perm+0x10/0x10
[  399.565090][T11519]  nf_setsockopt+0x26f/0x290
[  399.565112][T11519]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  399.565136][T11519]  do_sock_setsockopt+0x17c/0x1b0
[  399.565158][T11519]  __x64_sys_setsockopt+0x13f/0x1b0
[  399.565181][T11519]  do_syscall_64+0xfa/0xfa0
[  399.565202][T11519]  ? lockdep_hardirqs_on+0x9c/0x150
[  399.565224][T11519]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.565241][T11519]  ? clear_bhb_loop+0x60/0xb0
[  399.565261][T11519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  399.565278][T11519] RIP: 0033:0x7fb418f8f6c9
[  399.565294][T11519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  399.565308][T11519] RSP: 002b:00007fb419e3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  399.565327][T11519] RAX: ffffffffffffffda RBX: 00007fb4191e5fa0 RCX: 00007fb418f8f6c9
[  399.565340][T11519] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  399.565351][T11519] RBP: 00007fb419e3b090 R08: 00000000000004c0 R09: 0000000000000000
[  399.565361][T11519] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[  399.565372][T11519] R13: 00007fb4191e6038 R14: 00007fb4191e5fa0 R15: 00007fb41930fa28
[  399.565402][T11519]  </TASK>
[  399.981243][T11515] kvm: kvm [11514]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x809
[  399.990203][T11515] kvm: kvm [11514]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8a
[  400.001767][T11515] kvm: kvm [11514]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x8a
[  400.015866][T11515] kvm: kvm [11514]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x8a
[  400.025671][T11515] kvm: kvm [11514]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x809
[  400.039382][T11515] kvm_intel: kvm [11514]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x809
[  400.319710][T11542] misc userio: No port type given on /dev/userio
[  400.326802][T11542] misc userio: The device must be registered before sending interrupts
[  400.888254][T11551] FAULT_INJECTION: forcing a failure.
[  400.888254][T11551] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.943814][T11551] CPU: 1 UID: 0 PID: 11551 Comm: syz.1.1688 Not tainted syzkaller #0 PREEMPT(full) 
[  400.943840][T11551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  400.943850][T11551] Call Trace:
[  400.943858][T11551]  <TASK>
[  400.943865][T11551]  dump_stack_lvl+0x189/0x250
[  400.943893][T11551]  ? __pfx____ratelimit+0x10/0x10
[  400.943915][T11551]  ? __pfx_dump_stack_lvl+0x10/0x10
[  400.943937][T11551]  ? __pfx__printk+0x10/0x10
[  400.943966][T11551]  should_fail_ex+0x414/0x560
[  400.943996][T11551]  _copy_to_user+0x31/0xb0
[  400.944019][T11551]  simple_read_from_buffer+0xe1/0x170
[  400.944050][T11551]  proc_fail_nth_read+0x1b3/0x220
[  400.944075][T11551]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  400.944098][T11551]  ? rw_verify_area+0x2a6/0x4d0
[  400.944120][T11551]  ? __lock_acquire+0xab9/0xd20
[  400.944135][T11551]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  400.944158][T11551]  vfs_read+0x200/0xa30
[  400.944178][T11551]  ? fdget_pos+0x247/0x320
[  400.944199][T11551]  ? __pfx___mutex_lock+0x10/0x10
[  400.944224][T11551]  ? __pfx_vfs_read+0x10/0x10
[  400.944247][T11551]  ? __fget_files+0x2a/0x420
[  400.944267][T11551]  ? __fget_files+0x3a0/0x420
[  400.944282][T11551]  ? __fget_files+0x2a/0x420
[  400.944307][T11551]  ksys_read+0x145/0x250
[  400.944331][T11551]  ? __pfx_ksys_read+0x10/0x10
[  400.944356][T11551]  ? do_syscall_64+0xbe/0xfa0
[  400.944388][T11551]  do_syscall_64+0xfa/0xfa0
[  400.944408][T11551]  ? lockdep_hardirqs_on+0x9c/0x150
[  400.944429][T11551]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.944447][T11551]  ? clear_bhb_loop+0x60/0xb0
[  400.944468][T11551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.944485][T11551] RIP: 0033:0x7f0709d8e0dc
[  400.944500][T11551] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  400.944515][T11551] RSP: 002b:00007f070ac73030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  400.944533][T11551] RAX: ffffffffffffffda RBX: 00007f0709fe6180 RCX: 00007f0709d8e0dc
[  400.944547][T11551] RDX: 000000000000000f RSI: 00007f070ac730a0 RDI: 0000000000000007
[  400.944558][T11551] RBP: 00007f070ac73090 R08: 0000000000000000 R09: 0000000000000000
[  400.944569][T11551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.944579][T11551] R13: 00007f0709fe6218 R14: 00007f0709fe6180 R15: 00007f070a10fa28
[  400.944610][T11551]  </TASK>
[  401.594480][ T5938] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  401.755051][ T5938] usb 5-1: Using ep0 maxpacket: 32
[  401.795444][ T5938] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[  401.803649][ T5938] usb 5-1: config 0 has an invalid descriptor of length 16, skipping remainder of the config
[  401.855005][ T5938] usb 5-1: config 0 has no interface number 0
[  401.871400][ T5938] usb 5-1: config 0 interface 184 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  402.099834][ T5938] usb 5-1: config 0 interface 184 has no altsetting 0
[  402.127708][ T5938] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  402.137048][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.166865][ T5938] usb 5-1: Product: syz
[  402.181327][ T5938] usb 5-1: Manufacturer: syz
[  402.191487][ T5938] usb 5-1: SerialNumber: syz
[  402.225519][ T5938] usb 5-1: config 0 descriptor??
[  402.247129][ T5938] smsc75xx v1.0.0
[  402.250818][ T5938] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[  402.285334][T11579] x_tables: duplicate underflow at hook 1
[  402.316903][T11579] IPVS: length: 149 != 528
[  402.322153][ T5938] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22
[  402.333048][T11579] netlink: 'syz.2.1701': attribute type 9 has an invalid length.
[  402.543929][ T5908] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  402.705029][ T5908] usb 1-1: Using ep0 maxpacket: 16
[  402.723093][T11594] loop4: detected capacity change from 0 to 7
[  402.734594][T11594] Dev loop4: unable to read RDB block 7
[  402.740726][T11594]  loop4: unable to read partition table
[  402.747325][T11594] loop4: partition table beyond EOD, truncated
[  402.754223][T11594] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[  402.765261][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  402.777385][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  402.789743][ T5908] usb 1-1: New USB device found, idVendor=0c12, idProduct=0030, bcdDevice= 0.00
[  402.799171][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.810713][ T5908] usb 1-1: config 0 descriptor??
[  402.988814][T11599] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1705'.
[  403.267285][ T5908] usbhid 1-1:0.0: can't add hid device: -71
[  403.276460][ T5908] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  403.302933][ T5908] usb 1-1: USB disconnect, device number 23
[  404.065853][T11622] misc userio: No port type given on /dev/userio
[  404.072684][T11622] misc userio: The device must be registered before sending interrupts
[  404.329751][ T5938] usb 5-1: USB disconnect, device number 29
[  404.687538][T11640] netlink: 'syz.0.1714': attribute type 13 has an invalid length.
[  405.105093][ T5908] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  405.275232][ T5908] usb 4-1: Using ep0 maxpacket: 32
[  405.284414][ T5908] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  405.294201][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.400686][ T5908] usb 4-1: Product: syz
[  405.418460][ T5908] usb 4-1: Manufacturer: syz
[  405.433348][ T5908] usb 4-1: SerialNumber: syz
[  405.649022][ T5908] usb 4-1: config 0 descriptor??
[  405.865979][ T5908] airspy 4-1:0.0: usb_control_msg() failed -71 request 09
[  406.284720][ T5908] airspy 4-1:0.0: Could not detect board
[  406.294888][ T5908] airspy 4-1:0.0: probe with driver airspy failed with error -71
[  406.356310][ T5908] usb 4-1: USB disconnect, device number 25
[  407.705079][ T5938] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  408.025537][ T5938] usb 2-1: config 109 has an invalid interface number: 163 but max is 0
[  408.033940][ T5938] usb 2-1: config 109 has no interface number 0
[  408.033978][ T5938] usb 2-1: config 109 interface 163 has no altsetting 0
[  408.042376][ T5938] usb 2-1: New USB device found, idVendor=061d, idProduct=c160, bcdDevice=9b.c9
[  408.042404][ T5938] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.042423][ T5938] usb 2-1: Product: syz
[  408.042436][ T5938] usb 2-1: Manufacturer: syz
[  408.042450][ T5938] usb 2-1: SerialNumber: syz
[  408.266271][T11684] fuse: Bad value for 'fd'
[  408.350555][ T5938] quatech2 2-1:109.163: Quatech 2nd gen USB to Serial Driver converter detected
[  408.373941][ T5938] usb 2-1: qt2_attach - failed to power on unit: -71
[  408.400254][ T5938] quatech2 2-1:109.163: probe with driver quatech2 failed with error -71
[  408.453497][ T5938] usb 2-1: USB disconnect, device number 28
[  408.871689][T11716] FAULT_INJECTION: forcing a failure.
[  408.871689][T11716] name failslab, interval 1, probability 0, space 0, times 0
[  408.928426][T11716] CPU: 1 UID: 0 PID: 11716 Comm: syz.0.1740 Not tainted syzkaller #0 PREEMPT(full) 
[  408.928443][T11716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  408.928450][T11716] Call Trace:
[  408.928454][T11716]  <TASK>
[  408.928459][T11716]  dump_stack_lvl+0x189/0x250
[  408.928477][T11716]  ? __pfx____ratelimit+0x10/0x10
[  408.928491][T11716]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.928503][T11716]  ? __pfx__printk+0x10/0x10
[  408.928516][T11716]  ? __pfx___might_resched+0x10/0x10
[  408.928526][T11716]  ? fs_reclaim_acquire+0x7d/0x100
[  408.928538][T11716]  should_fail_ex+0x414/0x560
[  408.928561][T11716]  should_failslab+0xa8/0x100
[  408.928573][T11716]  kmem_cache_alloc_node_noprof+0x77/0x710
[  408.928586][T11716]  ? __alloc_skb+0x112/0x2d0
[  408.928595][T11716]  ? netlink_autobind+0xdb/0x300
[  408.928607][T11716]  __alloc_skb+0x112/0x2d0
[  408.928618][T11716]  netlink_sendmsg+0x5c6/0xb30
[  408.928633][T11716]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.928644][T11716]  ? aa_sock_msg_perm+0xf1/0x1d0
[  408.928658][T11716]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  408.928668][T11716]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.928678][T11716]  __sock_sendmsg+0x21c/0x270
[  408.928693][T11716]  ____sys_sendmsg+0x505/0x830
[  408.928706][T11716]  ? __pfx_____sys_sendmsg+0x10/0x10
[  408.928721][T11716]  ? import_iovec+0x74/0xa0
[  408.928734][T11716]  ___sys_sendmsg+0x21f/0x2a0
[  408.928745][T11716]  ? __pfx____sys_sendmsg+0x10/0x10
[  408.928772][T11716]  ? __fget_files+0x2a/0x420
[  408.928781][T11716]  ? __fget_files+0x3a0/0x420
[  408.928795][T11716]  __x64_sys_sendmsg+0x19b/0x260
[  408.928808][T11716]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  408.928823][T11716]  ? __pfx_ksys_write+0x10/0x10
[  408.928839][T11716]  ? do_syscall_64+0xbe/0xfa0
[  408.928854][T11716]  do_syscall_64+0xfa/0xfa0
[  408.928865][T11716]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.928878][T11716]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.928888][T11716]  ? clear_bhb_loop+0x60/0xb0
[  408.928899][T11716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.928908][T11716] RIP: 0033:0x7f0a0f18f6c9
[  408.928918][T11716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.928925][T11716] RSP: 002b:00007f0a0fff9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  408.928936][T11716] RAX: ffffffffffffffda RBX: 00007f0a0f3e5fa0 RCX: 00007f0a0f18f6c9
[  408.928943][T11716] RDX: 0000000020004880 RSI: 00002000000001c0 RDI: 0000000000000003
[  408.928949][T11716] RBP: 00007f0a0fff9090 R08: 0000000000000000 R09: 0000000000000000
[  408.928955][T11716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.928961][T11716] R13: 00007f0a0f3e6038 R14: 00007f0a0f3e5fa0 R15: 00007f0a0f50fa28
[  408.928976][T11716]  </TASK>
[  409.353311][T11718] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.363566][T11721] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.381034][T11719] tipc: Disabling bearer <eth:syzkaller0>
[  409.389878][T11718] syzkaller0: entered promiscuous mode
[  409.395756][T11718] syzkaller0: entered allmulticast mode
[  409.461188][T11718] tipc: Resetting bearer <eth:syzkaller0>
[  409.519786][T11717] tipc: Resetting bearer <eth:syzkaller0>
[  409.593401][T11717] tipc: Disabling bearer <eth:syzkaller0>
[  410.125411][ T5908] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  410.267319][T11754] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  410.285207][ T5908] usb 2-1: Using ep0 maxpacket: 16
[  410.293290][T11753] tipc: Disabling bearer <eth:syzkaller0>
[  410.301360][ T5908] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  410.314286][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  410.341468][ T5908] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  410.356202][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.364761][ T5908] usb 2-1: Product: syz
[  410.379361][ T5908] usb 2-1: Manufacturer: syz
[  410.384044][ T5908] usb 2-1: SerialNumber: syz
[  410.392207][ T5908] usb 2-1: config 0 descriptor??
[  410.413321][ T5908] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  410.428622][T11759] FAULT_INJECTION: forcing a failure.
[  410.428622][T11759] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  410.434911][ T5908] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  410.449792][T11759] CPU: 1 UID: 0 PID: 11759 Comm: syz.0.1756 Not tainted syzkaller #0 PREEMPT(full) 
[  410.449815][T11759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  410.449825][T11759] Call Trace:
[  410.449832][T11759]  <TASK>
[  410.449840][T11759]  dump_stack_lvl+0x189/0x250
[  410.449867][T11759]  ? __pfx____ratelimit+0x10/0x10
[  410.449889][T11759]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.449911][T11759]  ? __pfx__printk+0x10/0x10
[  410.449928][T11759]  ? __might_fault+0xb0/0x130
[  410.449962][T11759]  should_fail_ex+0x414/0x560
[  410.449991][T11759]  _copy_from_user+0x2d/0xb0
[  410.450012][T11759]  inet6_ioctl+0x180/0x280
[  410.450031][T11759]  ? __pfx_inet6_ioctl+0x10/0x10
[  410.450059][T11759]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  410.450088][T11759]  sock_do_ioctl+0xdc/0x300
[  410.450113][T11759]  ? __pfx_sock_do_ioctl+0x10/0x10
[  410.450148][T11759]  sock_ioctl+0x576/0x790
[  410.450171][T11759]  ? __pfx_sock_ioctl+0x10/0x10
[  410.450193][T11759]  ? __fget_files+0x3a0/0x420
[  410.450209][T11759]  ? __fget_files+0x2a/0x420
[  410.450228][T11759]  ? bpf_lsm_file_ioctl+0x9/0x20
[  410.450247][T11759]  ? __pfx_sock_ioctl+0x10/0x10
[  410.450267][T11759]  __se_sys_ioctl+0xfc/0x170
[  410.450287][T11759]  do_syscall_64+0xfa/0xfa0
[  410.450305][T11759]  ? lockdep_hardirqs_on+0x9c/0x150
[  410.450325][T11759]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.450340][T11759]  ? clear_bhb_loop+0x60/0xb0
[  410.450356][T11759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.450372][T11759] RIP: 0033:0x7f0a0f18f6c9
[  410.450387][T11759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.450401][T11759] RSP: 002b:00007f0a0fff9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  410.450430][T11759] RAX: ffffffffffffffda RBX: 00007f0a0f3e5fa0 RCX: 00007f0a0f18f6c9
[  410.450443][T11759] RDX: 0000200000000140 RSI: 000000000000890b RDI: 0000000000000004
[  410.450455][T11759] RBP: 00007f0a0fff9090 R08: 0000000000000000 R09: 0000000000000000
[  410.450466][T11759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.450476][T11759] R13: 00007f0a0f3e6038 R14: 00007f0a0f3e5fa0 R15: 00007f0a0f50fa28
[  410.450505][T11759]  </TASK>
[  410.729751][T11761] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  410.738535][T11761] syzkaller0: entered promiscuous mode
[  410.744277][T11761] syzkaller0: entered allmulticast mode
[  410.757183][T11761] tipc: Resetting bearer <eth:syzkaller0>
[  410.764637][T11760] tipc: Resetting bearer <eth:syzkaller0>
[  410.780983][T11760] tipc: Disabling bearer <eth:syzkaller0>
[  410.864744][T11763] netlink: 'syz.0.1758': attribute type 21 has an invalid length.
[  410.878687][T11763] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1758'.
[  410.890386][T11763] netlink: 'syz.0.1758': attribute type 5 has an invalid length.
[  410.900048][T11763] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1758'.
[  410.913771][T11763] netlink: 'syz.0.1758': attribute type 32 has an invalid length.
[  411.015104][ T5908] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  411.030365][ T5908] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  411.040286][T11739] netlink: zone id is out of range
[  411.053052][ T5908] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  411.068372][ T5908] em28xx 2-1:0.0: No AC97 audio processor
[  411.205999][T11769] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  411.213582][T11769] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  411.425411][ T5938] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  411.430795][T11780] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  411.908330][ T5938] usb 5-1: device descriptor read/64, error -71
[  411.919303][T11779] tipc: Disabling bearer <eth:syzkaller0>
[  412.059614][T11786] FAULT_INJECTION: forcing a failure.
[  412.059614][T11786] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.073032][T11786] CPU: 1 UID: 0 PID: 11786 Comm: syz.2.1767 Not tainted syzkaller #0 PREEMPT(full) 
[  412.073056][T11786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  412.073066][T11786] Call Trace:
[  412.073073][T11786]  <TASK>
[  412.073081][T11786]  dump_stack_lvl+0x189/0x250
[  412.073109][T11786]  ? __pfx____ratelimit+0x10/0x10
[  412.073132][T11786]  ? __pfx_dump_stack_lvl+0x10/0x10
[  412.073154][T11786]  ? __pfx__printk+0x10/0x10
[  412.073171][T11786]  ? __might_fault+0xb0/0x130
[  412.073214][T11786]  should_fail_ex+0x414/0x560
[  412.073240][T11786]  _copy_from_user+0x2d/0xb0
[  412.073259][T11786]  kvm_vm_ioctl_set_pmu_event_filter+0xac/0x620
[  412.073278][T11786]  ? look_up_lock_class+0x74/0x170
[  412.073301][T11786]  ? __pfx_kvm_vm_ioctl_set_pmu_event_filter+0x10/0x10
[  412.073325][T11786]  ? __lock_acquire+0xab9/0xd20
[  412.073350][T11786]  kvm_arch_vm_ioctl+0xa5c/0x1700
[  412.073371][T11786]  ? __pfx_kvm_arch_vm_ioctl+0x10/0x10
[  412.073388][T11786]  ? ima_match_policy+0x10b/0x2150
[  412.073414][T11786]  ? __lock_acquire+0xab9/0xd20
[  412.073433][T11786]  ? __lock_acquire+0xab9/0xd20
[  412.073459][T11786]  ? __lock_acquire+0xab9/0xd20
[  412.073486][T11786]  ? __lock_acquire+0xab9/0xd20
[  412.073521][T11786]  ? is_bpf_text_address+0x26/0x2b0
[  412.073545][T11786]  ? is_bpf_text_address+0x292/0x2b0
[  412.073563][T11786]  ? is_bpf_text_address+0x26/0x2b0
[  412.073584][T11786]  ? kernel_text_address+0xa5/0xe0
[  412.073609][T11786]  ? __kernel_text_address+0xd/0x40
[  412.073631][T11786]  ? unwind_get_return_address+0x4d/0x90
[  412.073651][T11786]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  412.073673][T11786]  ? arch_stack_walk+0xfc/0x150
[  412.073702][T11786]  ? stack_trace_save+0x9c/0xe0
[  412.073722][T11786]  ? __pfx_stack_trace_save+0x10/0x10
[  412.073745][T11786]  ? stack_depot_save_flags+0x40/0x860
[  412.073774][T11786]  ? kasan_save_track+0x4f/0x80
[  412.073794][T11786]  ? kasan_save_track+0x3e/0x80
[  412.073814][T11786]  ? __kasan_save_free_info+0x46/0x50
[  412.073830][T11786]  ? __kasan_slab_free+0x5c/0x80
[  412.073851][T11786]  ? kfree+0x19a/0x6d0
[  412.073868][T11786]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  412.073887][T11786]  ? security_file_ioctl+0xcb/0x2d0
[  412.073903][T11786]  ? __se_sys_ioctl+0x47/0x170
[  412.073919][T11786]  ? do_syscall_64+0xfa/0xfa0
[  412.073938][T11786]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.073963][T11786]  kvm_vm_ioctl+0x85f/0xc60
[  412.073985][T11786]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  412.074019][T11786]  ? kasan_quarantine_put+0xdd/0x220
[  412.074040][T11786]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.074081][T11786]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  412.074107][T11786]  ? do_vfs_ioctl+0xbe8/0x1430
[  412.074126][T11786]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  412.074147][T11786]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  412.074208][T11786]  ? __fget_files+0x2a/0x420
[  412.074229][T11786]  ? __fget_files+0x3a0/0x420
[  412.074243][T11786]  ? __fget_files+0x2a/0x420
[  412.074260][T11786]  ? bpf_lsm_file_ioctl+0x9/0x20
[  412.074280][T11786]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  412.074299][T11786]  __se_sys_ioctl+0xfc/0x170
[  412.074323][T11786]  do_syscall_64+0xfa/0xfa0
[  412.074344][T11786]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.074364][T11786]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.074380][T11786]  ? clear_bhb_loop+0x60/0xb0
[  412.074399][T11786]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.074414][T11786] RIP: 0033:0x7fb418f8f6c9
[  412.074430][T11786] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.074445][T11786] RSP: 002b:00007fb419e3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  412.074463][T11786] RAX: ffffffffffffffda RBX: 00007fb4191e5fa0 RCX: 00007fb418f8f6c9
[  412.074475][T11786] RDX: 0000200000000900 RSI: 000000004020aeb2 RDI: 0000000000000004
[  412.074486][T11786] RBP: 00007fb419e3b090 R08: 0000000000000000 R09: 0000000000000000
[  412.074497][T11786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.074507][T11786] R13: 00007fb4191e6038 R14: 00007fb4191e5fa0 R15: 00007fb41930fa28
[  412.074536][T11786]  </TASK>
[  412.496222][T11789] FAULT_INJECTION: forcing a failure.
[  412.496222][T11789] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  412.509631][T11789] CPU: 0 UID: 0 PID: 11789 Comm: syz.3.1768 Not tainted syzkaller #0 PREEMPT(full) 
[  412.509656][T11789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  412.509667][T11789] Call Trace:
[  412.509675][T11789]  <TASK>
[  412.509683][T11789]  dump_stack_lvl+0x189/0x250
[  412.509711][T11789]  ? __pfx____ratelimit+0x10/0x10
[  412.509734][T11789]  ? __pfx_dump_stack_lvl+0x10/0x10
[  412.509757][T11789]  ? __pfx__printk+0x10/0x10
[  412.509788][T11789]  should_fail_ex+0x414/0x560
[  412.509818][T11789]  _copy_to_user+0x31/0xb0
[  412.509842][T11789]  simple_read_from_buffer+0xe1/0x170
[  412.509871][T11789]  proc_fail_nth_read+0x1b3/0x220
[  412.509897][T11789]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.509922][T11789]  ? rw_verify_area+0x2a6/0x4d0
[  412.509944][T11789]  ? __lock_acquire+0xab9/0xd20
[  412.509960][T11789]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  412.509983][T11789]  vfs_read+0x200/0xa30
[  412.510004][T11789]  ? fdget_pos+0x247/0x320
[  412.510026][T11789]  ? __pfx___mutex_lock+0x10/0x10
[  412.510051][T11789]  ? __pfx_vfs_read+0x10/0x10
[  412.510076][T11789]  ? __fget_files+0x2a/0x420
[  412.510098][T11789]  ? __fget_files+0x3a0/0x420
[  412.510114][T11789]  ? __fget_files+0x2a/0x420
[  412.510140][T11789]  ksys_read+0x145/0x250
[  412.510165][T11789]  ? __pfx_ksys_read+0x10/0x10
[  412.510224][T11789]  ? do_syscall_64+0xbe/0xfa0
[  412.510251][T11789]  do_syscall_64+0xfa/0xfa0
[  412.510272][T11789]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.510295][T11789]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.510312][T11789]  ? clear_bhb_loop+0x60/0xb0
[  412.510332][T11789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.510346][T11789] RIP: 0033:0x7f754578e0dc
[  412.510361][T11789] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  412.510375][T11789] RSP: 002b:00007f7546690030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  412.510392][T11789] RAX: ffffffffffffffda RBX: 00007f75459e5fa0 RCX: 00007f754578e0dc
[  412.510405][T11789] RDX: 000000000000000f RSI: 00007f75466900a0 RDI: 0000000000000006
[  412.510415][T11789] RBP: 00007f7546690090 R08: 0000000000000000 R09: 0000000000000000
[  412.510425][T11789] R10: 0000200000001040 R11: 0000000000000246 R12: 0000000000000001
[  412.510436][T11789] R13: 00007f75459e6038 R14: 00007f75459e5fa0 R15: 00007f7545b0fa28
[  412.510466][T11789]  </TASK>
[  412.747038][    C0] vkms_vblank_simulate: vblank timer overrun
[  412.753123][ T5938] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  412.788836][T11791] FAULT_INJECTION: forcing a failure.
[  412.788836][T11791] name failslab, interval 1, probability 0, space 0, times 0
[  412.801587][T11791] CPU: 0 UID: 0 PID: 11791 Comm: syz.0.1769 Not tainted syzkaller #0 PREEMPT(full) 
[  412.801612][T11791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  412.801623][T11791] Call Trace:
[  412.801631][T11791]  <TASK>
[  412.801639][T11791]  dump_stack_lvl+0x189/0x250
[  412.801666][T11791]  ? __pfx____ratelimit+0x10/0x10
[  412.801689][T11791]  ? __pfx_dump_stack_lvl+0x10/0x10
[  412.801712][T11791]  ? __pfx__printk+0x10/0x10
[  412.801733][T11791]  ? __pfx_fib_rules_lookup+0x10/0x10
[  412.801753][T11791]  ? l3mdev_update_flow+0x29/0x640
[  412.801775][T11791]  should_fail_ex+0x414/0x560
[  412.801806][T11791]  should_failslab+0xa8/0x100
[  412.801826][T11791]  kmem_cache_alloc_noprof+0x74/0x6e0
[  412.801848][T11791]  ? __pfx_find_exception+0x10/0x10
[  412.801871][T11791]  ? dst_alloc+0x105/0x170
[  412.801896][T11791]  dst_alloc+0x105/0x170
[  412.801920][T11791]  ip_route_output_key_hash_rcu+0x1560/0x23e0
[  412.801952][T11791]  ? ip_route_output_key_hash+0xc1/0x280
[  412.801977][T11791]  ip_route_output_key_hash+0x174/0x280
[  412.801998][T11791]  ? __lock_acquire+0xab9/0xd20
[  412.802018][T11791]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  412.802058][T11791]  ip_route_output_flow+0x2a/0x150
[  412.802077][T11791]  ? security_sk_classify_flow+0x70/0x180
[  412.802101][T11791]  raw_sendmsg+0x1039/0x18b0
[  412.802140][T11791]  ? __pfx_raw_sendmsg+0x10/0x10
[  412.802184][T11791]  ? aa_sk_perm+0x81e/0x950
[  412.802218][T11791]  ? __pfx_aa_sk_perm+0x10/0x10
[  412.802239][T11791]  ? tomoyo_socket_sendmsg_permission+0x216/0x300
[  412.802269][T11791]  ? sock_rps_record_flow+0x19/0x410
[  412.802296][T11791]  ? inet_sendmsg+0x2f4/0x370
[  412.802312][T11791]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  412.802334][T11791]  __sock_sendmsg+0x19c/0x270
[  412.802361][T11791]  ____sys_sendmsg+0x505/0x830
[  412.802386][T11791]  ? __pfx_____sys_sendmsg+0x10/0x10
[  412.802414][T11791]  ? import_iovec+0x74/0xa0
[  412.802439][T11791]  ___sys_sendmsg+0x21f/0x2a0
[  412.802461][T11791]  ? __pfx____sys_sendmsg+0x10/0x10
[  412.802516][T11791]  ? __fget_files+0x2a/0x420
[  412.802532][T11791]  ? __fget_files+0x3a0/0x420
[  412.802560][T11791]  __x64_sys_sendmsg+0x19b/0x260
[  412.802583][T11791]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  412.802612][T11791]  ? __pfx_ksys_write+0x10/0x10
[  412.802639][T11791]  ? do_syscall_64+0xbe/0xfa0
[  412.802666][T11791]  do_syscall_64+0xfa/0xfa0
[  412.802687][T11791]  ? lockdep_hardirqs_on+0x9c/0x150
[  412.802710][T11791]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.802727][T11791]  ? clear_bhb_loop+0x60/0xb0
[  412.802749][T11791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  412.802766][T11791] RIP: 0033:0x7f0a0f18f6c9
[  412.802784][T11791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  412.802799][T11791] RSP: 002b:00007f0a0fff9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  412.802818][T11791] RAX: ffffffffffffffda RBX: 00007f0a0f3e5fa0 RCX: 00007f0a0f18f6c9
[  412.802832][T11791] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000003
[  412.802844][T11791] RBP: 00007f0a0fff9090 R08: 0000000000000000 R09: 0000000000000000
[  412.802855][T11791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  412.802866][T11791] R13: 00007f0a0f3e6038 R14: 00007f0a0f3e5fa0 R15: 00007f0a0f50fa28
[  412.802898][T11791]  </TASK>
[  413.127169][    C0] vkms_vblank_simulate: vblank timer overrun
[  413.178360][ T5900] usb 2-1: USB disconnect, device number 29
[  413.206347][ T5900] em28xx 2-1:0.0: Disconnecting em28xx
[  413.214726][ T5938] usb 5-1: device descriptor read/64, error -71
[  413.231601][ T5900] em28xx 2-1:0.0: Freeing device
[  413.345483][ T5938] usb usb5-port1: attempt power cycle
[  413.425063][ T5908] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  413.477341][T11805] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  413.484878][T11805] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  413.651826][ T5908] usb 4-1: Using ep0 maxpacket: 8
[  413.675891][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.695549][ T5938] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  413.697000][ T5908] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  413.716569][ T5899] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  413.745628][ T5938] usb 5-1: device descriptor read/8, error -71
[  413.764806][ T5908] usb 4-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00
[  413.802885][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.828655][ T5908] usb 4-1: config 0 descriptor??
[  413.886783][ T5899] usb 3-1: device descriptor read/64, error -71
[  413.986589][ T5938] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  414.025966][ T5938] usb 5-1: device descriptor read/8, error -71
[  414.125079][ T5899] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  414.135589][ T5938] usb usb5-port1: unable to enumerate USB device
[  414.260302][T11812] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  414.275331][ T5899] usb 3-1: device descriptor read/64, error -71
[  414.282001][ T5908] topre 0003:0853:0146.0006: hidraw0: USB HID v0.00 Device [HID 0853:0146] on usb-dummy_hcd.3-1/input0
[  414.344660][   T30] kauditd_printk_skb: 43 callbacks suppressed
[  414.344677][   T30] audit: type=1804 audit(1762807223.795:423): pid=11809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1776" name="/newroot/374/file1" dev="fuse" ino=1 res=1 errno=0
[  414.405502][ T5899] usb usb3-port1: attempt power cycle
[  414.466806][ T5908] usb 4-1: USB disconnect, device number 26
[  414.487811][T11811] tipc: Disabling bearer <eth:syzkaller0>
[  414.755237][ T5899] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  414.779390][ T5899] usb 3-1: device descriptor read/8, error -71
[  415.035084][ T5899] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  415.069522][ T5899] usb 3-1: device descriptor read/8, error -71
[  415.375088][ T5899] usb usb3-port1: unable to enumerate USB device
[  415.505381][ T5908] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  415.675121][ T5908] usb 4-1: Using ep0 maxpacket: 32
[  415.682037][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  415.708859][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  415.734706][ T5908] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  415.760000][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.771909][ T5908] usb 4-1: config 0 descriptor??
[  415.909478][T11835] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  415.917636][T11835] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  416.222951][ T5908] savu 0003:1E7D:2D5A.0007: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  416.503206][ T5908] usb 4-1: USB disconnect, device number 27
[  417.042142][T11868] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  417.050714][T11868] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  417.545399][ T5908] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  417.745277][ T5908] usb 5-1: device descriptor read/64, error -71
[  417.995407][ T5908] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  418.165136][ T5908] usb 5-1: device descriptor read/64, error -71
[  418.288096][ T5908] usb usb5-port1: attempt power cycle
[  418.620427][T11894] syzkaller1: entered promiscuous mode
[  418.630274][T11894] syzkaller1: entered allmulticast mode
[  418.665987][ T5908] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  418.686084][ T5908] usb 5-1: device descriptor read/8, error -71
[  418.857135][T11900] misc userio: No port type given on /dev/userio
[  418.865291][T11900] misc userio: The device must be registered before sending interrupts
[  418.955053][ T5908] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  419.045803][ T5908] usb 5-1: device descriptor read/8, error -71
[  419.175427][ T5908] usb usb5-port1: unable to enumerate USB device
[  420.026747][T11920] netlink: 'syz.2.1811': attribute type 13 has an invalid length.
[  420.535069][ T5938] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  420.755877][ T5938] usb 5-1: device descriptor read/64, error -71
[  421.015056][ T5938] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  421.340862][ T5938] usb 5-1: device descriptor read/64, error -71
[  421.521382][ T5938] usb usb5-port1: attempt power cycle
[  421.792519][T11957] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1823'.
[  421.824469][T11957] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1823'.
[  421.844678][T11959] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1824'.
[  421.869346][ T5938] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  421.926732][ T5938] usb 5-1: device descriptor read/8, error -71
[  421.970079][T11957] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1823'.
[  422.074914][T11957] FAULT_INJECTION: forcing a failure.
[  422.074914][T11957] name failslab, interval 1, probability 0, space 0, times 0
[  422.150152][T11957] CPU: 1 UID: 0 PID: 11957 Comm: syz.0.1823 Not tainted syzkaller #0 PREEMPT(full) 
[  422.150177][T11957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  422.150187][T11957] Call Trace:
[  422.150194][T11957]  <TASK>
[  422.150209][T11957]  dump_stack_lvl+0x189/0x250
[  422.150240][T11957]  ? __pfx____ratelimit+0x10/0x10
[  422.150254][T11957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.150266][T11957]  ? __pfx__printk+0x10/0x10
[  422.150280][T11957]  ? __pfx___might_resched+0x10/0x10
[  422.150291][T11957]  ? fs_reclaim_acquire+0x7d/0x100
[  422.150303][T11957]  should_fail_ex+0x414/0x560
[  422.150321][T11957]  should_failslab+0xa8/0x100
[  422.150333][T11957]  kmem_cache_alloc_node_noprof+0x77/0x710
[  422.150346][T11957]  ? __lock_acquire+0xab9/0xd20
[  422.150356][T11957]  ? __alloc_skb+0x112/0x2d0
[  422.150369][T11957]  __alloc_skb+0x112/0x2d0
[  422.150380][T11957]  netlink_sendmsg+0x5c6/0xb30
[  422.150395][T11957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  422.150407][T11957]  ? aa_sock_msg_perm+0xf1/0x1d0
[  422.150422][T11957]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  422.150432][T11957]  ? __pfx_netlink_sendmsg+0x10/0x10
[  422.150442][T11957]  __sock_sendmsg+0x21c/0x270
[  422.150459][T11957]  __sys_sendto+0x3bd/0x520
[  422.150470][T11957]  ? __pfx___sys_sendto+0x10/0x10
[  422.150478][T11957]  ? count_memcg_event_mm+0x21/0x260
[  422.150502][T11957]  ? exc_page_fault+0x82/0x100
[  422.150518][T11957]  ? do_user_addr_fault+0xc85/0x1380
[  422.150531][T11957]  __x64_sys_sendto+0xde/0x100
[  422.150542][T11957]  do_syscall_64+0xfa/0xfa0
[  422.150555][T11957]  ? lockdep_hardirqs_on+0x9c/0x150
[  422.150567][T11957]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.150578][T11957]  ? clear_bhb_loop+0x60/0xb0
[  422.150589][T11957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.150600][T11957] RIP: 0033:0x7f0a0f19155c
[  422.150610][T11957] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  422.150619][T11957] RSP: 002b:00007f0a0fff7ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  422.150630][T11957] RAX: ffffffffffffffda RBX: 00007f0a0fff7fc0 RCX: 00007f0a0f19155c
[  422.150638][T11957] RDX: 0000000000000024 RSI: 00007f0a0fff8010 RDI: 0000000000000003
[  422.150645][T11957] RBP: 0000000000000000 R08: 00007f0a0fff7f14 R09: 000000000000000c
[  422.150651][T11957] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  422.150657][T11957] R13: 00007f0a0fff7f68 R14: 00007f0a0fff8010 R15: 0000000000000000
[  422.150673][T11957]  </TASK>
[  422.305173][ T5908] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  422.329479][ T5938] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  422.436821][ T5938] usb 5-1: device descriptor read/8, error -71
[  422.545329][ T5938] usb usb5-port1: unable to enumerate USB device
[  422.866989][ T5908] usb 3-1: Using ep0 maxpacket: 8
[  422.881293][ T5908] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  422.890761][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.914243][ T5908] usb 3-1: Product: syz
[  422.929282][ T5908] usb 3-1: Manufacturer: syz
[  422.939599][ T5908] usb 3-1: SerialNumber: syz
[  422.955189][ T5908] usb 3-1: config 0 descriptor??
[  422.966761][ T5908] gspca_main: sq905-2.14.0 probing 2770:9120
[  423.752507][T11960] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.761902][T11960] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.791919][T11960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1824'.
[  424.065664][ T5908] gspca_sq905: sq905_command: usb_control_msg failed (-110)
[  424.073155][ T5908] sq905 3-1:0.0: probe with driver sq905 failed with error -110
[  424.906422][ T5908] usb 3-1: USB disconnect, device number 24
[  425.246400][T11997] FAULT_INJECTION: forcing a failure.
[  425.246400][T11997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  425.333275][T11997] CPU: 0 UID: 0 PID: 11997 Comm: syz.4.1836 Not tainted syzkaller #0 PREEMPT(full) 
[  425.333307][T11997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  425.333319][T11997] Call Trace:
[  425.333326][T11997]  <TASK>
[  425.333333][T11997]  dump_stack_lvl+0x189/0x250
[  425.333365][T11997]  ? __pfx____ratelimit+0x10/0x10
[  425.333389][T11997]  ? __pfx_dump_stack_lvl+0x10/0x10
[  425.333411][T11997]  ? __pfx__printk+0x10/0x10
[  425.333439][T11997]  should_fail_ex+0x414/0x560
[  425.333471][T11997]  _copy_to_user+0x31/0xb0
[  425.333493][T11997]  simple_read_from_buffer+0xe1/0x170
[  425.333521][T11997]  proc_fail_nth_read+0x1b3/0x220
[  425.333548][T11997]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  425.333573][T11997]  ? rw_verify_area+0x2a6/0x4d0
[  425.333594][T11997]  ? __lock_acquire+0xab9/0xd20
[  425.333611][T11997]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  425.333635][T11997]  vfs_read+0x200/0xa30
[  425.333657][T11997]  ? fdget_pos+0x247/0x320
[  425.333676][T11997]  ? __pfx___mutex_lock+0x10/0x10
[  425.333699][T11997]  ? __pfx_vfs_read+0x10/0x10
[  425.333721][T11997]  ? __fget_files+0x2a/0x420
[  425.333741][T11997]  ? __fget_files+0x3a0/0x420
[  425.333754][T11997]  ? __fget_files+0x2a/0x420
[  425.333776][T11997]  ksys_read+0x145/0x250
[  425.333795][T11997]  ? __fget_files+0x2a/0x420
[  425.333812][T11997]  ? __pfx_ksys_read+0x10/0x10
[  425.333836][T11997]  ? do_syscall_64+0xbe/0xfa0
[  425.333862][T11997]  do_syscall_64+0xfa/0xfa0
[  425.333882][T11997]  ? lockdep_hardirqs_on+0x9c/0x150
[  425.333904][T11997]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.333921][T11997]  ? clear_bhb_loop+0x60/0xb0
[  425.333941][T11997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.333958][T11997] RIP: 0033:0x7f95f1d8e0dc
[  425.333975][T11997] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  425.333989][T11997] RSP: 002b:00007f95f2ce3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  425.334009][T11997] RAX: ffffffffffffffda RBX: 00007f95f1fe5fa0 RCX: 00007f95f1d8e0dc
[  425.334022][T11997] RDX: 000000000000000f RSI: 00007f95f2ce30a0 RDI: 0000000000000005
[  425.334034][T11997] RBP: 00007f95f2ce3090 R08: 0000000000000000 R09: 0000000000000000
[  425.334045][T11997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  425.334056][T11997] R13: 00007f95f1fe6038 R14: 00007f95f1fe5fa0 R15: 00007f95f210fa28
[  425.334086][T11997]  </TASK>
[  425.875048][ T5908] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  426.125187][ T5908] usb 5-1: Using ep0 maxpacket: 8
[  426.153411][ T5908] usb 5-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  426.175185][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.207189][ T5908] usb 5-1: Product: syz
[  426.217023][ T5908] usb 5-1: Manufacturer: syz
[  426.229723][ T5908] usb 5-1: SerialNumber: syz
[  426.259648][ T5908] usb 5-1: config 0 descriptor??
[  426.351698][ T5908] gspca_main: vc032x-2.14.0 probing 046d:0896
[  426.481346][T12000] loop9: detected capacity change from 0 to 7
[  426.509711][ T5908] gspca_vc032x: reg_r err -32
[  426.514693][T12011] netlink: 1084 bytes leftover after parsing attributes in process `syz.3.1839'.
[  426.535664][T12000] Dev loop9: unable to read RDB block 7
[  426.542966][ T5908] vc032x 5-1:0.0: probe with driver vc032x failed with error -32
[  426.551821][T12000]  loop9: unable to read partition table
[  426.585304][T12000] loop9: partition table beyond EOD, truncated
[  426.591700][T12000] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  426.624901][ T5908] usb 5-1: USB disconnect, device number 42
[  427.069735][T12017] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1841'.
[  427.104560][T12017] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1841'.
[  427.513947][T12025] team0: Caught tx_queue_len zero misconfig
[  427.687242][T12032] syzkaller0: entered promiscuous mode
[  427.703243][T12032] syzkaller0: entered allmulticast mode
[  427.725055][T12027] FAULT_INJECTION: forcing a failure.
[  427.725055][T12027] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  427.742953][T12027] CPU: 0 UID: 0 PID: 12027 Comm: syz.1.1845 Not tainted syzkaller #0 PREEMPT(full) 
[  427.742970][T12027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  427.742977][T12027] Call Trace:
[  427.742982][T12027]  <TASK>
[  427.742987][T12027]  dump_stack_lvl+0x189/0x250
[  427.743006][T12027]  ? __pfx____ratelimit+0x10/0x10
[  427.743020][T12027]  ? __pfx_dump_stack_lvl+0x10/0x10
[  427.743032][T12027]  ? __pfx__printk+0x10/0x10
[  427.743043][T12027]  ? __might_fault+0xb0/0x130
[  427.743062][T12027]  should_fail_ex+0x414/0x560
[  427.743080][T12027]  _copy_from_iter+0x404/0x1790
[  427.743099][T12027]  ? __pfx__copy_from_iter+0x10/0x10
[  427.743112][T12027]  ? dev_get_by_index+0x22/0x2e0
[  427.743124][T12027]  ? dev_get_by_index+0x22/0x2e0
[  427.743139][T12027]  packet_sendmsg+0x3072/0x5080
[  427.743159][T12027]  ? match_mnt_path_str+0x924/0xb40
[  427.743179][T12027]  ? __lock_acquire+0xab9/0xd20
[  427.743190][T12027]  ? __pfx___might_resched+0x10/0x10
[  427.743209][T12027]  ? __pfx_packet_sendmsg+0x10/0x10
[  427.743222][T12027]  ? aa_sk_perm+0x81e/0x950
[  427.743237][T12027]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  427.743255][T12027]  ? __lock_acquire+0xab9/0xd20
[  427.743263][T12027]  ? aa_sock_msg_perm+0xf1/0x1d0
[  427.743278][T12027]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  427.743288][T12027]  ? __pfx_packet_sendmsg+0x10/0x10
[  427.743302][T12027]  __sock_sendmsg+0x21c/0x270
[  427.743317][T12027]  ____sys_sendmsg+0x505/0x830
[  427.743331][T12027]  ? __pfx_____sys_sendmsg+0x10/0x10
[  427.743346][T12027]  ? import_iovec+0x74/0xa0
[  427.743360][T12027]  ___sys_sendmsg+0x21f/0x2a0
[  427.743371][T12027]  ? __pfx____sys_sendmsg+0x10/0x10
[  427.743399][T12027]  ? __fget_files+0x2a/0x420
[  427.743409][T12027]  ? __fget_files+0x3a0/0x420
[  427.743423][T12027]  __x64_sys_sendmsg+0x19b/0x260
[  427.743435][T12027]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  427.743450][T12027]  ? __pfx_ksys_write+0x10/0x10
[  427.743466][T12027]  ? do_syscall_64+0xbe/0xfa0
[  427.743481][T12027]  do_syscall_64+0xfa/0xfa0
[  427.743493][T12027]  ? lockdep_hardirqs_on+0x9c/0x150
[  427.743506][T12027]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.743515][T12027]  ? clear_bhb_loop+0x60/0xb0
[  427.743527][T12027]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  427.743537][T12027] RIP: 0033:0x7f0709d8f6c9
[  427.743547][T12027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  427.743556][T12027] RSP: 002b:00007f070acb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  427.743568][T12027] RAX: ffffffffffffffda RBX: 00007f0709fe5fa0 RCX: 00007f0709d8f6c9
[  427.743575][T12027] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  427.743581][T12027] RBP: 00007f070acb5090 R08: 0000000000000000 R09: 0000000000000000
[  427.743587][T12027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  427.743593][T12027] R13: 00007f0709fe6038 R14: 00007f0709fe5fa0 R15: 00007f070a10fa28
[  427.743609][T12027]  </TASK>
[  428.445598][T12040] dvmrp1: tun_chr_ioctl cmd 35111
[  428.593762][T12046] deleting an unspecified loop device is not supported.
[  428.696540][ T5908] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  428.736463][T12048] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  428.757852][T12047] tipc: Disabling bearer <eth:syzkaller0>
[  428.988143][ T5908] usb 2-1: Using ep0 maxpacket: 32
[  429.002165][ T5908] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  429.017686][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  429.144774][ T5908] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  429.234093][ T5908] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  429.248356][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.416202][T12070] netlink: 'syz.4.1857': attribute type 13 has an invalid length.
[  429.435620][T12071] netlink: 1084 bytes leftover after parsing attributes in process `syz.2.1856'.
[  429.753016][ T5908] usb 2-1: config 0 descriptor??
[  429.760814][T12042] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  429.770532][ T5908] hub 2-1:0.0: USB hub found
[  429.993456][ T5908] hub 2-1:0.0: 2 ports detected
[  430.724794][T12082] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1863'.
[  430.831402][ T5908] usb 2-1: USB disconnect, device number 30
[  431.507165][T12088] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1862'.
[  431.701817][T12095] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  432.166263][T12110] misc userio: No port type given on /dev/userio
[  432.174229][T12110] misc userio: The device must be registered before sending interrupts
[  432.199359][ T5899] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  432.310501][T12106] netlink: 1084 bytes leftover after parsing attributes in process `syz.2.1870'.
[  432.978394][ T5899] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  433.005017][ T5899] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  433.045137][ T5899] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  433.055053][ T5899] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  433.083607][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.118693][ T5899] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  433.288578][ T5899] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -12
[  433.331868][T12100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  433.340833][T12100] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  433.622243][ T5908] usb 4-1: USB disconnect, device number 28
[  433.719422][ T5899] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  433.753371][T12122] netlink: 43 bytes leftover after parsing attributes in process `syz.2.1872'.
[  434.016110][ T5899] usb 5-1: Using ep0 maxpacket: 32
[  434.026536][ T5899] usb 5-1: unable to get BOS descriptor or descriptor too short
[  434.038278][ T5899] usb 5-1: config 5 has an invalid interface number: 52 but max is 0
[  434.058363][T12129] binder: BINDER_SET_CONTEXT_MGR already set
[  434.074428][ T5899] usb 5-1: config 5 has no interface number 0
[  434.090145][ T5899] usb 5-1: config 5 interface 52 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  434.090474][T12129] binder: 12128:12129 ioctl 4018620d 200000000480 returned -16
[  434.149845][ T5899] usb 5-1: string descriptor 0 read error: -22
[  434.156372][ T5899] usb 5-1: New USB device found, idVendor=16ca, idProduct=1502, bcdDevice=51.58
[  434.168524][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.183439][T12117] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  434.224535][ T5899] aircable 5-1:5.52: aircable converter detected
[  434.262734][ T5899] usb 5-1: aircable converter now attached to ttyUSB0
[  434.567306][ T5899] usb 5-1: USB disconnect, device number 43
[  434.577020][ T5899] aircable ttyUSB0: aircable converter now disconnected from ttyUSB0
[  434.672500][ T5899] aircable 5-1:5.52: device disconnected
[  434.928898][T12150] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1880'.
[  434.939793][T12150] team0: Caught tx_queue_len zero misconfig
[  434.988347][T12150] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  436.142394][T12181] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1889'.
[  436.439011][T12188] misc userio: No port type given on /dev/userio
[  436.447166][T12188] misc userio: The device must be registered before sending interrupts
[  436.808626][T12197] xt_TPROXY: Can be used only with -p tcp or -p udp
[  436.816863][ T5938] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  437.039435][ T5938] usb 5-1: Using ep0 maxpacket: 16
[  437.076062][ T5938] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  437.086416][ T5938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.110761][ T5938] usb 5-1: config 0 descriptor??
[  437.124485][ T5938] gspca_main: sonixj-2.14.0 probing 0471:0327
[  437.469890][T12208] FAULT_INJECTION: forcing a failure.
[  437.469890][T12208] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  437.546051][T12208] CPU: 0 UID: 0 PID: 12208 Comm: syz.0.1896 Not tainted syzkaller #0 PREEMPT(full) 
[  437.546076][T12208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  437.546087][T12208] Call Trace:
[  437.546095][T12208]  <TASK>
[  437.546104][T12208]  dump_stack_lvl+0x189/0x250
[  437.546130][T12208]  ? __pfx____ratelimit+0x10/0x10
[  437.546151][T12208]  ? __pfx_dump_stack_lvl+0x10/0x10
[  437.546171][T12208]  ? __pfx__printk+0x10/0x10
[  437.546199][T12208]  should_fail_ex+0x414/0x560
[  437.546228][T12208]  _copy_to_user+0x31/0xb0
[  437.546250][T12208]  simple_read_from_buffer+0xe1/0x170
[  437.546278][T12208]  proc_fail_nth_read+0x1b3/0x220
[  437.546308][T12208]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  437.546331][T12208]  ? rw_verify_area+0x2a6/0x4d0
[  437.546354][T12208]  ? __lock_acquire+0xab9/0xd20
[  437.546370][T12208]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  437.546392][T12208]  vfs_read+0x200/0xa30
[  437.546414][T12208]  ? fdget_pos+0x247/0x320
[  437.546434][T12208]  ? __pfx___mutex_lock+0x10/0x10
[  437.546455][T12208]  ? __pfx_vfs_read+0x10/0x10
[  437.546476][T12208]  ? __fget_files+0x2a/0x420
[  437.546494][T12208]  ? __fget_files+0x3a0/0x420
[  437.546508][T12208]  ? __fget_files+0x2a/0x420
[  437.546530][T12208]  ksys_read+0x145/0x250
[  437.546554][T12208]  ? __pfx_ksys_read+0x10/0x10
[  437.546580][T12208]  ? do_syscall_64+0xbe/0xfa0
[  437.546607][T12208]  do_syscall_64+0xfa/0xfa0
[  437.546627][T12208]  ? lockdep_hardirqs_on+0x9c/0x150
[  437.546649][T12208]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.546675][T12208]  ? clear_bhb_loop+0x60/0xb0
[  437.546694][T12208]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.546710][T12208] RIP: 0033:0x7f0a0f18e0dc
[  437.546725][T12208] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  437.546738][T12208] RSP: 002b:00007f0a0fff9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  437.546756][T12208] RAX: ffffffffffffffda RBX: 00007f0a0f3e5fa0 RCX: 00007f0a0f18e0dc
[  437.546769][T12208] RDX: 000000000000000f RSI: 00007f0a0fff90a0 RDI: 0000000000000004
[  437.546780][T12208] RBP: 00007f0a0fff9090 R08: 0000000000000000 R09: 0000000000000000
[  437.546791][T12208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.546802][T12208] R13: 00007f0a0f3e6038 R14: 00007f0a0f3e5fa0 R15: 00007f0a0f50fa28
[  437.546832][T12208]  </TASK>
[  437.985067][ T5899] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  438.135080][ T5899] usb 3-1: Using ep0 maxpacket: 32
[  438.145366][ T5899] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.188910][T12216] FAULT_INJECTION: forcing a failure.
[  438.188910][T12216] name failslab, interval 1, probability 0, space 0, times 0
[  438.201856][T12216] CPU: 1 UID: 0 PID: 12216 Comm: syz.1.1899 Not tainted syzkaller #0 PREEMPT(full) 
[  438.201879][T12216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  438.201890][T12216] Call Trace:
[  438.201898][T12216]  <TASK>
[  438.201906][T12216]  dump_stack_lvl+0x189/0x250
[  438.201934][T12216]  ? __pfx____ratelimit+0x10/0x10
[  438.201958][T12216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  438.201979][T12216]  ? __pfx__printk+0x10/0x10
[  438.202003][T12216]  ? __pfx___might_resched+0x10/0x10
[  438.202019][T12216]  ? fs_reclaim_acquire+0x7d/0x100
[  438.202039][T12216]  should_fail_ex+0x414/0x560
[  438.202069][T12216]  should_failslab+0xa8/0x100
[  438.202086][T12216]  __kmalloc_noprof+0xcb/0x7f0
[  438.202108][T12216]  ? sock_kmalloc+0xd6/0x160
[  438.202138][T12216]  sock_kmalloc+0xd6/0x160
[  438.202159][T12216]  skcipher_recvmsg+0x571/0x11d0
[  438.202202][T12216]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  438.202228][T12216]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  438.202248][T12216]  ? security_socket_recvmsg+0x7e/0x2e0
[  438.202267][T12216]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  438.202288][T12216]  sock_recvmsg+0x22c/0x270
[  438.202314][T12216]  ____sys_recvmsg+0x1c9/0x460
[  438.202344][T12216]  ? __pfx_____sys_recvmsg+0x10/0x10
[  438.202378][T12216]  ? import_iovec+0x74/0xa0
[  438.202403][T12216]  ___sys_recvmsg+0x1b5/0x510
[  438.202427][T12216]  ? __pfx____sys_recvmsg+0x10/0x10
[  438.202470][T12216]  ? __fget_files+0x3a0/0x420
[  438.202498][T12216]  __x64_sys_recvmsg+0x198/0x260
[  438.202521][T12216]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  438.202550][T12216]  ? __pfx_ksys_write+0x10/0x10
[  438.202577][T12216]  ? do_syscall_64+0xbe/0xfa0
[  438.202603][T12216]  do_syscall_64+0xfa/0xfa0
[  438.202624][T12216]  ? lockdep_hardirqs_on+0x9c/0x150
[  438.202649][T12216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.202665][T12216]  ? clear_bhb_loop+0x60/0xb0
[  438.202685][T12216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.202702][T12216] RIP: 0033:0x7f0709d8f6c9
[  438.202720][T12216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  438.202735][T12216] RSP: 002b:00007f070acb5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  438.202755][T12216] RAX: ffffffffffffffda RBX: 00007f0709fe5fa0 RCX: 00007f0709d8f6c9
[  438.202765][T12216] RDX: 0000000000002100 RSI: 00002000000005c0 RDI: 0000000000000004
[  438.202777][T12216] RBP: 00007f070acb5090 R08: 0000000000000000 R09: 0000000000000000
[  438.202788][T12216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  438.202799][T12216] R13: 00007f0709fe6038 R14: 00007f0709fe5fa0 R15: 00007f070a10fa28
[  438.202837][T12216]  </TASK>
[  438.443309][ T5899] usb 3-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=8a.0a
[  438.445401][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.479406][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.485384][    C1] hrtimer: interrupt took 280453460 ns
[  438.491491][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.499755][ T5899] usb 3-1: Product: syz
[  438.510641][ T5899] usb 3-1: Manufacturer: syz
[  438.515446][ T5899] usb 3-1: SerialNumber: syz
[  438.529975][ T5899] usb 3-1: config 0 descriptor??
[  438.585426][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.830258][ T5938] usb 3-1: USB disconnect, device number 25
[  439.563408][ T5899] usb 5-1: USB disconnect, device number 44
[  440.189835][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  440.210674][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  441.395100][ T5899] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  441.666091][ T5899] usb 4-1: Using ep0 maxpacket: 32
[  441.688253][ T5899] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  441.720306][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  441.743312][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  441.761673][ T5899] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  441.774530][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.799393][ T5899] usb 4-1: config 0 descriptor??
[  441.810227][T12256] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  441.830254][ T5899] hub 4-1:0.0: USB hub found
[  442.189483][T12280] vivid-000: disconnect
[  442.214179][ T5899] hub 4-1:0.0: 2 ports detected
[  442.235520][ T5938] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  442.439434][ T5938] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  442.451417][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  442.461826][ T5938] usb 3-1: Product: syz
[  442.485649][ T5938] usb 3-1: Manufacturer: syz
[  442.504824][ T5938] usb 3-1: SerialNumber: syz
[  442.554124][ T5938] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  442.602258][ T5900] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  442.787366][T12256] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  442.797319][T12256] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  443.134361][ T5899] usb 4-1: USB disconnect, device number 29
[  443.135408][T12270] vivid-000: reconnect
[  443.168205][T12276] loop2: detected capacity change from 0 to 7
[  443.201528][T12276] Dev loop2: unable to read RDB block 7
[  443.210809][T12276]  loop2: unable to read partition table
[  443.221229][T12276] loop2: partition table beyond EOD, truncated
[  443.249752][T12276] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  443.295690][ T5955] usb 3-1: USB disconnect, device number 26
[  443.635078][ T5900] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  443.682877][ T5900] ath9k_htc: Failed to initialize the device
[  443.700233][ T5955] usb 3-1: ath9k_htc: USB layer deinitialized
[  443.944302][T12300] netlink: 'syz.2.1922': attribute type 10 has an invalid length.
[  443.983665][T12300] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.991436][T12300] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.117238][ T5899] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  444.325122][ T5899] usb 1-1: Using ep0 maxpacket: 16
[  444.333303][ T5899] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00
[  444.348311][ T5899] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  444.377970][ T5899] usb 1-1: config 0 descriptor??
[  444.400021][ T5899] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  444.599072][ T5899] usb 1-1: Detected FT232A
[  444.611962][ T5899] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  444.661383][ T5899] usb 1-1: USB disconnect, device number 24
[  444.699288][ T5899] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  444.736786][ T5899] ftdi_sio 1-1:0.0: device disconnected
[  445.170822][T12328] syzkaller0: entered promiscuous mode
[  445.194230][T12328] syzkaller0: entered allmulticast mode
[  446.460078][T12359] netlink: 'syz.0.1938': attribute type 11 has an invalid length.
[  446.595690][T12359] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1938'.
[  446.655043][ T5899] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  446.810056][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  446.821938][ T5899] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  446.846050][T12365] FAULT_INJECTION: forcing a failure.
[  446.846050][T12365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  446.861765][ T5899] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  446.896733][T12365] CPU: 1 UID: 0 PID: 12365 Comm: syz.0.1939 Not tainted syzkaller #0 PREEMPT(full) 
[  446.896758][T12365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  446.896776][T12365] Call Trace:
[  446.896783][T12365]  <TASK>
[  446.896791][T12365]  dump_stack_lvl+0x189/0x250
[  446.896819][T12365]  ? __pfx____ratelimit+0x10/0x10
[  446.896842][T12365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  446.896864][T12365]  ? __pfx__printk+0x10/0x10
[  446.896883][T12365]  ? __might_fault+0xb0/0x130
[  446.896916][T12365]  should_fail_ex+0x414/0x560
[  446.896946][T12365]  _copy_from_user+0x2d/0xb0
[  446.896968][T12365]  kvm_vm_ioctl_set_pmu_event_filter+0xac/0x620
[  446.896989][T12365]  ? look_up_lock_class+0x74/0x170
[  446.897013][T12365]  ? __pfx_kvm_vm_ioctl_set_pmu_event_filter+0x10/0x10
[  446.897040][T12365]  ? __lock_acquire+0xab9/0xd20
[  446.897067][T12365]  kvm_arch_vm_ioctl+0xa5c/0x1700
[  446.897092][T12365]  ? __pfx_kvm_arch_vm_ioctl+0x10/0x10
[  446.897110][T12365]  ? ima_match_policy+0x10b/0x2150
[  446.897135][T12365]  ? __lock_acquire+0xab9/0xd20
[  446.897155][T12365]  ? __lock_acquire+0xab9/0xd20
[  446.897184][T12365]  ? __lock_acquire+0xab9/0xd20
[  446.897211][T12365]  ? __lock_acquire+0xab9/0xd20
[  446.897247][T12365]  ? is_bpf_text_address+0x26/0x2b0
[  446.897270][T12365]  ? is_bpf_text_address+0x292/0x2b0
[  446.897288][T12365]  ? is_bpf_text_address+0x26/0x2b0
[  446.897309][T12365]  ? kernel_text_address+0xa5/0xe0
[  446.897334][T12365]  ? __kernel_text_address+0xd/0x40
[  446.897356][T12365]  ? unwind_get_return_address+0x4d/0x90
[  446.897377][T12365]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  446.897399][T12365]  ? arch_stack_walk+0xfc/0x150
[  446.897430][T12365]  ? stack_trace_save+0x9c/0xe0
[  446.897451][T12365]  ? __pfx_stack_trace_save+0x10/0x10
[  446.897474][T12365]  ? stack_depot_save_flags+0x40/0x860
[  446.897506][T12365]  ? kasan_save_track+0x4f/0x80
[  446.897527][T12365]  ? kasan_save_track+0x3e/0x80
[  446.897547][T12365]  ? __kasan_save_free_info+0x46/0x50
[  446.897565][T12365]  ? __kasan_slab_free+0x5c/0x80
[  446.897586][T12365]  ? kfree+0x19a/0x6d0
[  446.897604][T12365]  ? tomoyo_path_number_perm+0x47a/0x5a0
[  446.897624][T12365]  ? security_file_ioctl+0xcb/0x2d0
[  446.897642][T12365]  ? __se_sys_ioctl+0x47/0x170
[  446.897661][T12365]  ? do_syscall_64+0xfa/0xfa0
[  446.897681][T12365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.897708][T12365]  kvm_vm_ioctl+0x85f/0xc60
[  446.897731][T12365]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  446.897776][T12365]  ? kasan_quarantine_put+0xdd/0x220
[  446.897799][T12365]  ? lockdep_hardirqs_on+0x9c/0x150
[  446.897829][T12365]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  446.897854][T12365]  ? do_vfs_ioctl+0xbe8/0x1430
[  446.897874][T12365]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  446.897896][T12365]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  446.897951][T12365]  ? __fget_files+0x2a/0x420
[  446.897972][T12365]  ? __fget_files+0x3a0/0x420
[  446.897988][T12365]  ? __fget_files+0x2a/0x420
[  446.898007][T12365]  ? bpf_lsm_file_ioctl+0x9/0x20
[  446.898027][T12365]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  446.898047][T12365]  __se_sys_ioctl+0xfc/0x170
[  446.898071][T12365]  do_syscall_64+0xfa/0xfa0
[  446.898091][T12365]  ? lockdep_hardirqs_on+0x9c/0x150
[  446.898113][T12365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.898130][T12365]  ? clear_bhb_loop+0x60/0xb0
[  446.898151][T12365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.898168][T12365] RIP: 0033:0x7f0a0f18f6c9
[  446.898184][T12365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.898199][T12365] RSP: 002b:00007f0a0ffd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  446.898220][T12365] RAX: ffffffffffffffda RBX: 00007f0a0f3e6090 RCX: 00007f0a0f18f6c9
[  446.898233][T12365] RDX: 0000200000000900 RSI: 000000004020aeb2 RDI: 0000000000000004
[  446.898245][T12365] RBP: 00007f0a0ffd8090 R08: 0000000000000000 R09: 0000000000000000
[  446.898255][T12365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  446.898266][T12365] R13: 00007f0a0f3e6128 R14: 00007f0a0f3e6090 R15: 00007f0a0f50fa28
[  446.898296][T12365]  </TASK>
[  446.900569][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.329586][T12370] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1940'.
[  447.415897][ T5899] usb 3-1: config 0 descriptor??
[  447.476466][T12375] netlink: 'syz.1.1943': attribute type 10 has an invalid length.
[  447.520225][T12375] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  447.530980][T12375] team0: Failed to send options change via netlink (err -105)
[  447.562383][T12375] team0: Port device netdevsim0 added
[  447.897772][ T5899] pyra 0003:1E7D:2CF6.0008: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.2-1/input0
[  447.966191][T12381] kvm: kvm [12380]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x809
[  447.975476][T12381] kvm: kvm [12380]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8a
[  447.992438][T12381] kvm: kvm [12380]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x8a
[  448.006243][T12381] kvm: kvm [12380]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x8a
[  448.015298][T12381] kvm: kvm [12380]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x809
[  448.027950][T12381] kvm_intel: kvm [12380]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x809
[  448.265834][ T5908] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  448.474581][T12395] misc userio: No port type given on /dev/userio
[  448.482668][T12395] misc userio: The device must be registered before sending interrupts
[  448.595106][ T5908] usb 4-1: config 255 has too many interfaces: 223, using maximum allowed: 32
[  448.604954][ T5908] usb 4-1: config 255 has 1 interface, different from the descriptor's value: 223
[  448.640928][ T5908] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  448.657377][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.665958][ T5908] usb 4-1: Product: syz
[  448.685128][ T5908] usb 4-1: Manufacturer: syz
[  448.692468][ T5908] usb 4-1: SerialNumber: syz
[  448.717771][ T5908] gspca_main: sq930x-2.14.0 probing 2770:930c
[  449.026599][T12390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.037790][T12405] misc userio: No port type given on /dev/userio
[  449.046442][T12405] misc userio: The device must be registered before sending interrupts
[  449.085673][T12390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  449.486435][T12407] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  450.095115][ T5899] pyra 0003:1E7D:2CF6.0008: couldn't init struct pyra_device
[  450.143956][ T5899] pyra 0003:1E7D:2CF6.0008: couldn't install mouse
[  450.182701][ T5899] pyra 0003:1E7D:2CF6.0008: probe with driver pyra failed with error -71
[  450.299897][ T5899] usb 3-1: USB disconnect, device number 27
[  450.395307][ T5908] gspca_sq930x: ucbus_write failed -110
[  450.401153][ T5908] sq930x 4-1:255.0: probe with driver sq930x failed with error -110
[  450.960987][T12430] FAULT_INJECTION: forcing a failure.
[  450.960987][T12430] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  451.066901][T12430] CPU: 0 UID: 0 PID: 12430 Comm: syz.2.1957 Not tainted syzkaller #0 PREEMPT(full) 
[  451.066922][T12430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  451.066929][T12430] Call Trace:
[  451.066933][T12430]  <TASK>
[  451.066939][T12430]  dump_stack_lvl+0x189/0x250
[  451.066958][T12430]  ? __pfx____ratelimit+0x10/0x10
[  451.066972][T12430]  ? __pfx_dump_stack_lvl+0x10/0x10
[  451.066984][T12430]  ? __pfx__printk+0x10/0x10
[  451.066995][T12430]  ? __might_fault+0xb0/0x130
[  451.067014][T12430]  should_fail_ex+0x414/0x560
[  451.067032][T12430]  _copy_from_user+0x2d/0xb0
[  451.067046][T12430]  ucma_reject+0xae/0x340
[  451.067061][T12430]  ? __pfx_ucma_reject+0x10/0x10
[  451.067093][T12430]  ucma_write+0x249/0x2e0
[  451.067106][T12430]  ? __pfx_ucma_write+0x10/0x10
[  451.067116][T12430]  ? security_file_permission+0x75/0x290
[  451.067130][T12430]  ? rw_verify_area+0x255/0x4d0
[  451.067146][T12430]  vfs_writev+0x4b6/0x960
[  451.067157][T12430]  ? __pfx_ucma_write+0x10/0x10
[  451.067170][T12430]  ? __pfx_vfs_writev+0x10/0x10
[  451.067187][T12430]  ? __fget_files+0x2a/0x420
[  451.067199][T12430]  ? __fget_files+0x3a0/0x420
[  451.067208][T12430]  ? __fget_files+0x2a/0x420
[  451.067221][T12430]  do_writev+0x14d/0x2d0
[  451.067233][T12430]  ? __pfx_do_writev+0x10/0x10
[  451.067245][T12430]  ? do_syscall_64+0xbe/0xfa0
[  451.067260][T12430]  do_syscall_64+0xfa/0xfa0
[  451.067272][T12430]  ? lockdep_hardirqs_on+0x9c/0x150
[  451.067285][T12430]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.067294][T12430]  ? clear_bhb_loop+0x60/0xb0
[  451.067306][T12430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.067325][T12430] RIP: 0033:0x7fb418f8f6c9
[  451.067335][T12430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.067344][T12430] RSP: 002b:00007fb419e3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  451.067356][T12430] RAX: ffffffffffffffda RBX: 00007fb4191e5fa0 RCX: 00007fb418f8f6c9
[  451.067363][T12430] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000009
[  451.067369][T12430] RBP: 00007fb419e3b090 R08: 0000000000000000 R09: 0000000000000000
[  451.067376][T12430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.067381][T12430] R13: 00007fb4191e6038 R14: 00007fb4191e5fa0 R15: 00007fb41930fa28
[  451.067397][T12430]  </TASK>
[  451.734215][T12435] syzkaller0: entered promiscuous mode
[  451.739894][T12435] syzkaller0: entered allmulticast mode
[  451.775263][   T50] usb 4-1: USB disconnect, device number 30
[  452.516500][T12457] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'.
[  452.748965][T12461] netlink: 1084 bytes leftover after parsing attributes in process `syz.2.1970'.
[  452.775293][ T5900] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  452.946518][ T5900] usb 1-1: Using ep0 maxpacket: 32
[  452.958729][ T5900] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[  452.972582][ T5900] usb 1-1: config 0 has no interface number 0
[  452.980705][ T5900] usb 1-1: config 0 interface 89 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  452.993387][ T5900] usb 1-1: config 0 interface 89 has no altsetting 0
[  453.011723][ T5900] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  453.020970][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.047017][ T5900] usb 1-1: Product: syz
[  453.058155][ T5900] usb 1-1: Manufacturer: syz
[  453.126053][T12473] geneve2: entered allmulticast mode
[  453.137636][ T5900] usb 1-1: SerialNumber: syz
[  453.155349][ T5900] usb 1-1: config 0 descriptor??
[  453.162927][ T5900] em28xx 1-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  453.172794][ T5900] em28xx 1-1:0.89: Video interface 89 found:
[  453.721275][T12486] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.1976'.
[  453.992581][ T5900] em28xx 1-1:0.89: unknown em28xx chip ID (0)
[  454.038750][T12491] FAULT_INJECTION: forcing a failure.
[  454.038750][T12491] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.141141][T12491] CPU: 1 UID: 0 PID: 12491 Comm: syz.1.1975 Not tainted syzkaller #0 PREEMPT(full) 
[  454.141167][T12491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  454.141178][T12491] Call Trace:
[  454.141185][T12491]  <TASK>
[  454.141193][T12491]  dump_stack_lvl+0x189/0x250
[  454.141224][T12491]  ? __pfx____ratelimit+0x10/0x10
[  454.141245][T12491]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.141274][T12491]  ? __pfx__printk+0x10/0x10
[  454.141292][T12491]  ? __might_fault+0xb0/0x130
[  454.141322][T12491]  should_fail_ex+0x414/0x560
[  454.141351][T12491]  _copy_from_user+0x2d/0xb0
[  454.141374][T12491]  sock_do_ioctl+0x182/0x300
[  454.141400][T12491]  ? __pfx_sock_do_ioctl+0x10/0x10
[  454.141437][T12491]  sock_ioctl+0x576/0x790
[  454.141461][T12491]  ? __pfx_sock_ioctl+0x10/0x10
[  454.141486][T12491]  ? __fget_files+0x3a0/0x420
[  454.141503][T12491]  ? __fget_files+0x2a/0x420
[  454.141523][T12491]  ? bpf_lsm_file_ioctl+0x9/0x20
[  454.141543][T12491]  ? __pfx_sock_ioctl+0x10/0x10
[  454.141563][T12491]  __se_sys_ioctl+0xfc/0x170
[  454.141588][T12491]  do_syscall_64+0xfa/0xfa0
[  454.141610][T12491]  ? lockdep_hardirqs_on+0x9c/0x150
[  454.141634][T12491]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.141651][T12491]  ? clear_bhb_loop+0x60/0xb0
[  454.141672][T12491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.141689][T12491] RIP: 0033:0x7f0709d8f6c9
[  454.141706][T12491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.141721][T12491] RSP: 002b:00007f070acb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  454.141740][T12491] RAX: ffffffffffffffda RBX: 00007f0709fe5fa0 RCX: 00007f0709d8f6c9
[  454.141754][T12491] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003
[  454.141766][T12491] RBP: 00007f070acb5090 R08: 0000000000000000 R09: 0000000000000000
[  454.141777][T12491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.141788][T12491] R13: 00007f0709fe6038 R14: 00007f0709fe5fa0 R15: 00007f070a10fa28
[  454.141818][T12491]  </TASK>
[  454.167961][T12494] fuse: Unknown parameter '0x0000000000000004'
[  454.170640][    C1] vkms_vblank_simulate: vblank timer overrun
[  454.359433][    C1] vkms_vblank_simulate: vblank timer overrun
[  454.465458][    C1] vkms_vblank_simulate: vblank timer overrun
[  454.685516][ T5900] em28xx 1-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  454.693841][ T5900] em28xx 1-1:0.89: board has no eeprom
[  454.855563][T12502] FAULT_INJECTION: forcing a failure.
[  454.855563][T12502] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  454.885739][T12502] CPU: 1 UID: 0 PID: 12502 Comm: syz.4.1978 Not tainted syzkaller #0 PREEMPT(full) 
[  454.885764][T12502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  454.885775][T12502] Call Trace:
[  454.885784][T12502]  <TASK>
[  454.885792][T12502]  dump_stack_lvl+0x189/0x250
[  454.885822][T12502]  ? __pfx____ratelimit+0x10/0x10
[  454.885843][T12502]  ? __pfx_dump_stack_lvl+0x10/0x10
[  454.885865][T12502]  ? __pfx__printk+0x10/0x10
[  454.885885][T12502]  ? fs_reclaim_acquire+0x7d/0x100
[  454.885911][T12502]  should_fail_ex+0x414/0x560
[  454.885941][T12502]  prepare_alloc_pages+0x213/0x610
[  454.885973][T12502]  __alloc_frozen_pages_noprof+0x123/0x370
[  454.885995][T12502]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  454.886017][T12502]  ? count_memcg_event_mm+0x21/0x260
[  454.886041][T12502]  ? policy_nodemask+0x27c/0x720
[  454.886057][T12502]  ? __lock_acquire+0xab9/0xd20
[  454.886080][T12502]  alloc_pages_mpol+0x232/0x4a0
[  454.886102][T12502]  vma_alloc_folio_noprof+0xe4/0x200
[  454.886122][T12502]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  454.886153][T12502]  folio_prealloc+0x30/0x180
[  454.886179][T12502]  __handle_mm_fault+0x2a8b/0x5400
[  454.886216][T12502]  ? __pfx___handle_mm_fault+0x10/0x10
[  454.886255][T12502]  ? find_vma+0xe7/0x160
[  454.886276][T12502]  ? __pfx_find_vma+0x10/0x10
[  454.886302][T12502]  handle_mm_fault+0x40a/0x8e0
[  454.886335][T12502]  do_user_addr_fault+0x764/0x1380
[  454.886371][T12502]  exc_page_fault+0x82/0x100
[  454.886398][T12502]  asm_exc_page_fault+0x26/0x30
[  454.886416][T12502] RIP: 0010:put_cmsg+0x387/0x5f0
[  454.886438][T12502] Code: ff 09 9c f8 48 83 fd 01 76 4f 4c 89 fb 49 83 c7 02 48 83 c5 fe 48 89 d8 48 c1 e8 03 42 0f b6 04 20 84 c0 75 1f 41 0f b7 47 fe <66> 41 89 45 00 48 83 fd 01 76 2b 49 83 c5 02 e8 e5 04 9c f8 48 83
[  454.886453][T12502] RSP: 0018:ffffc900037c7400 EFLAGS: 00050246
[  454.886471][T12502] RAX: 0000000000000001 RBX: ffffc900037c7568 RCX: ffff88802663dac0
[  454.886485][T12502] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[  454.886496][T12502] RBP: 0000000000000000 R08: ffffc900037c7560 R09: 0000000000000002
[  454.886509][T12502] R10: 000000000000c0fe R11: 0000000000000000 R12: dffffc0000000000
[  454.886521][T12502] R13: 0000200000002000 R14: 0000000000000002 R15: ffffc900037c756a
[  454.886564][T12502]  ipv6_recv_error+0xeb1/0x1490
[  454.886596][T12502]  ? __pfx_ipv6_recv_error+0x10/0x10
[  454.886613][T12502]  ? up_write+0x1c4/0x420
[  454.886633][T12502]  ? aa_label_sk_perm+0x4cd/0x630
[  454.886665][T12502]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  454.886695][T12502]  udpv6_recvmsg+0x1f2/0x1590
[  454.886738][T12502]  ? __pfx_udpv6_recvmsg+0x10/0x10
[  454.886763][T12502]  ? aa_sk_perm+0x81e/0x950
[  454.886785][T12502]  ? __pfx_udpv6_recvmsg+0x10/0x10
[  454.886804][T12502]  inet6_recvmsg+0x1ee/0x6b0
[  454.886824][T12502]  ? __pfx_aa_sk_perm+0x10/0x10
[  454.886843][T12502]  ? __lock_acquire+0xab9/0xd20
[  454.886863][T12502]  ? __pfx_inet6_recvmsg+0x10/0x10
[  454.886886][T12502]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  454.886903][T12502]  ? security_socket_recvmsg+0x7e/0x2e0
[  454.886926][T12502]  sock_recvmsg+0x105/0x270
[  454.886959][T12502]  ____sys_recvmsg+0x1c9/0x460
[  454.886988][T12502]  ? __pfx_____sys_recvmsg+0x10/0x10
[  454.887024][T12502]  ? import_iovec+0x74/0xa0
[  454.887049][T12502]  ___sys_recvmsg+0x1b5/0x510
[  454.887075][T12502]  ? __pfx____sys_recvmsg+0x10/0x10
[  454.887120][T12502]  ? __fget_files+0x3a0/0x420
[  454.887149][T12502]  do_recvmmsg+0x307/0x770
[  454.887177][T12502]  ? __pfx_do_recvmmsg+0x10/0x10
[  454.887209][T12502]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  454.887252][T12502]  __x64_sys_recvmmsg+0x190/0x240
[  454.887275][T12502]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  454.887299][T12502]  ? do_syscall_64+0xbe/0xfa0
[  454.887326][T12502]  do_syscall_64+0xfa/0xfa0
[  454.887347][T12502]  ? lockdep_hardirqs_on+0x9c/0x150
[  454.887370][T12502]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.887387][T12502]  ? clear_bhb_loop+0x60/0xb0
[  454.887409][T12502]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.887426][T12502] RIP: 0033:0x7f95f1d8f6c9
[  454.887443][T12502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.887457][T12502] RSP: 002b:00007f95f2ce3038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  454.887475][T12502] RAX: ffffffffffffffda RBX: 00007f95f1fe5fa0 RCX: 00007f95f1d8f6c9
[  454.887489][T12502] RDX: 0000000000000001 RSI: 0000200000000940 RDI: 0000000000000003
[  454.887500][T12502] RBP: 00007f95f2ce3090 R08: 0000000000000000 R09: 0000000000000000
[  454.887511][T12502] R10: 0000000040002042 R11: 0000000000000246 R12: 0000000000000001
[  454.887523][T12502] R13: 00007f95f1fe6038 R14: 00007f95f1fe5fa0 R15: 00007f95f210fa28
[  454.887554][T12502]  </TASK>
[  454.895521][T12499] FAULT_INJECTION: forcing a failure.
[  454.895521][T12499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  455.045061][ T5900] em28xx 1-1:0.89: Identified as Terratec Grabby (card=67)
[  455.127667][T12499] CPU: 0 UID: 0 PID: 12499 Comm: syz.1.1980 Not tainted syzkaller #0 PREEMPT(full) 
[  455.127691][T12499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  455.127703][T12499] Call Trace:
[  455.127711][T12499]  <TASK>
[  455.127719][T12499]  dump_stack_lvl+0x189/0x250
[  455.127746][T12499]  ? __pfx____ratelimit+0x10/0x10
[  455.127769][T12499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  455.127791][T12499]  ? __pfx__printk+0x10/0x10
[  455.127823][T12499]  should_fail_ex+0x414/0x560
[  455.127852][T12499]  __kvm_read_guest_page+0x18d/0x240
[  455.127880][T12499]  kvm_fetch_guest_virt+0x12b/0x170
[  455.127904][T12499]  ? __pfx_kvm_fetch_guest_virt+0x10/0x10
[  455.127924][T12499]  __do_insn_fetch_bytes+0x2fc/0x6d0
[  455.127953][T12499]  ? __pfx___do_insn_fetch_bytes+0x10/0x10
[  455.127991][T12499]  x86_decode_insn+0x31d/0x5470
[  455.128020][T12499]  ? __lock_acquire+0xab9/0xd20
[  455.128049][T12499]  ? __lock_acquire+0xab9/0xd20
[  455.128075][T12499]  ? __pfx_x86_decode_insn+0x10/0x10
[  455.128106][T12499]  ? is_bpf_text_address+0x26/0x2b0
[  455.128134][T12499]  ? __asan_memset+0x22/0x50
[  455.128156][T12499]  ? init_decode_cache+0x78/0x90
[  455.128186][T12499]  ? init_emulate_ctxt+0x4d6/0x660
[  455.128211][T12499]  ? __pfx_init_emulate_ctxt+0x10/0x10
[  455.128232][T12499]  ? __lock_acquire+0xab9/0xd20
[  455.128257][T12499]  x86_emulate_instruction+0x61b/0x1f90
[  455.128292][T12499]  ? vmx_vcpu_run+0xe92/0x2b70
[  455.128314][T12499]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  455.128337][T12499]  ? __pfx_handle_mmio_page_fault+0x10/0x10
[  455.128360][T12499]  ? __pfx___kvm_io_bus_write+0x10/0x10
[  455.128393][T12499]  kvm_mmu_page_fault+0x91a/0xb70
[  455.128422][T12499]  vmx_handle_exit+0xd9e/0x18c0
[  455.128443][T12499]  ? vcpu_run+0x361b/0x7040
[  455.128471][T12499]  vcpu_run+0x43aa/0x7040
[  455.128501][T12499]  ? vcpu_run+0x361b/0x7040
[  455.128568][T12499]  ? __pfx_vcpu_run+0x10/0x10
[  455.128584][T12499]  ? __pfx_x86_emulate_instruction+0x10/0x10
[  455.128605][T12499]  ? complete_emulated_mmio+0x18e/0x7a0
[  455.128629][T12499]  ? __asan_memcpy+0x40/0x70
[  455.128654][T12499]  ? complete_emulated_mmio+0x4d2/0x7a0
[  455.128686][T12499]  kvm_arch_vcpu_ioctl_run+0x116c/0x1cb0
[  455.128718][T12499]  ? __mutex_trylock_common+0x153/0x260
[  455.128742][T12499]  ? kvm_arch_vcpu_ioctl_run+0x293/0x1cb0
[  455.128766][T12499]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  455.128792][T12499]  ? rcu_is_watching+0x15/0xb0
[  455.128812][T12499]  ? trace_contention_end+0x39/0x120
[  455.128832][T12499]  ? __mutex_lock+0x335/0x1350
[  455.128863][T12499]  ? kasan_quarantine_put+0xdd/0x220
[  455.128884][T12499]  ? lockdep_hardirqs_on+0x9c/0x150
[  455.128906][T12499]  ? kvm_vcpu_ioctl+0x22e/0xe90
[  455.128931][T12499]  ? __pfx___mutex_lock+0x10/0x10
[  455.128954][T12499]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  455.128979][T12499]  ? do_vfs_ioctl+0xbe8/0x1430
[  455.129000][T12499]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  455.129022][T12499]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  455.129046][T12499]  kvm_vcpu_ioctl+0x95c/0xe90
[  455.129074][T12499]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  455.129118][T12499]  ? __fget_files+0x2a/0x420
[  455.129139][T12499]  ? __fget_files+0x3a0/0x420
[  455.129154][T12499]  ? __fget_files+0x2a/0x420
[  455.129174][T12499]  ? bpf_lsm_file_ioctl+0x9/0x20
[  455.129199][T12499]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  455.129221][T12499]  __se_sys_ioctl+0xfc/0x170
[  455.129244][T12499]  do_syscall_64+0xfa/0xfa0
[  455.129265][T12499]  ? lockdep_hardirqs_on+0x9c/0x150
[  455.129287][T12499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.129304][T12499]  ? clear_bhb_loop+0x60/0xb0
[  455.129325][T12499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.129342][T12499] RIP: 0033:0x7f0709d8f6c9
[  455.129357][T12499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.129372][T12499] RSP: 002b:00007f070acb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  455.129391][T12499] RAX: ffffffffffffffda RBX: 00007f0709fe5fa0 RCX: 00007f0709d8f6c9
[  455.129404][T12499] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008
[  455.129415][T12499] RBP: 00007f070acb5090 R08: 0000000000000000 R09: 0000000000000000
[  455.129426][T12499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.129437][T12499] R13: 00007f0709fe6038 R14: 00007f0709fe5fa0 R15: 00007f070a10fa28
[  455.129467][T12499]  </TASK>
[  455.406970][T12514] netlink: 27 bytes leftover after parsing attributes in process `syz.4.1982'.
[  455.416200][ T5900] em28xx 1-1:0.89: analog set to bulk mode.
[  455.755942][    C1] vkms_vblank_simulate: vblank timer overrun
[  455.829411][ T5938] em28xx 1-1:0.89: Registering V4L2 extension
[  456.162736][ T5938] em28xx 1-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  456.219398][ T5938] em28xx 1-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  456.219703][ T5899] usb 1-1: USB disconnect, device number 25
[  456.249693][ T5899] em28xx 1-1:0.89: Disconnecting em28xx
[  456.365093][ T5938] em28xx 1-1:0.89: Config register raw data: 0xffffffed
[  456.424212][T12532] netlink: 1084 bytes leftover after parsing attributes in process `syz.1.1986'.
[  456.478963][ T5938] em28xx 1-1:0.89: AC97 chip type couldn't be determined
[  456.506651][ T5938] em28xx 1-1:0.89: No AC97 audio processor
[  456.581807][ T5938] usb 1-1: Decoder not found
[  456.607670][ T5938] em28xx 1-1:0.89: failed to create media graph
[  456.817006][T12540] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  457.316978][ T5938] em28xx 1-1:0.89: V4L2 device video103 deregistered
[  457.340207][ T5938] em28xx 1-1:0.89: Registering snapshot button...
[  457.344065][T12538] ==================================================================
[  457.349370][ T5938] input: em28xx snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.89/input/input22
[  457.354708][T12538] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[  457.354739][T12538] Read of size 8 at addr ffff88807bf04740 by task v4l_id/12538
[  457.371474][ T5938] em28xx 1-1:0.89: Remote control support is not available for this card.
[  457.372556][T12538] 
[  457.372570][T12538] CPU: 0 UID: 0 PID: 12538 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  457.372589][T12538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  457.372599][T12538] Call Trace:
[  457.372607][T12538]  <TASK>
[  457.372617][T12538]  dump_stack_lvl+0x189/0x250
[  457.372643][T12538]  ? __virt_addr_valid+0x1c8/0x5c0
[  457.372665][T12538]  ? rcu_is_watching+0x15/0xb0
[  457.372684][T12538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.372704][T12538]  ? rcu_is_watching+0x15/0xb0
[  457.372722][T12538]  ? lock_release+0x4b/0x3e0
[  457.372743][T12538]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  457.372766][T12538]  ? __virt_addr_valid+0x1c8/0x5c0
[  457.372786][T12538]  ? __virt_addr_valid+0x4a5/0x5c0
[  457.372809][T12538]  print_report+0xca/0x240
[  457.372828][T12538]  ? v4l2_fh_open+0xac/0x420
[  457.372845][T12538]  kasan_report+0x118/0x150
[  457.372863][T12538]  ? v4l2_fh_open+0xac/0x420
[  457.372882][T12538]  v4l2_fh_open+0xac/0x420
[  457.372898][T12538]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  457.372923][T12538]  em28xx_v4l2_open+0x157/0x9a0
[  457.372951][T12538]  v4l2_open+0x1bf/0x3a0
[  457.372970][T12538]  chrdev_open+0x4cc/0x5e0
[  457.372986][T12538]  ? __pfx_chrdev_open+0x10/0x10
[  457.373003][T12538]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  457.373023][T12538]  ? __pfx_chrdev_open+0x10/0x10
[  457.373038][T12538]  do_dentry_open+0x953/0x13f0
[  457.373062][T12538]  vfs_open+0x3b/0x340
[  457.373077][T12538]  ? path_openat+0x2ecd/0x3830
[  457.373099][T12538]  path_openat+0x2ee5/0x3830
[  457.373131][T12538]  ? __pfx_path_openat+0x10/0x10
[  457.373158][T12538]  do_filp_open+0x1fa/0x410
[  457.373177][T12538]  ? __lock_acquire+0xab9/0xd20
[  457.373193][T12538]  ? __pfx_do_filp_open+0x10/0x10
[  457.373222][T12538]  ? _raw_spin_unlock+0x28/0x50
[  457.373240][T12538]  ? alloc_fd+0x64c/0x6c0
[  457.373267][T12538]  do_sys_openat2+0x121/0x1c0
[  457.373286][T12538]  ? __pfx_do_sys_openat2+0x10/0x10
[  457.373306][T12538]  ? exc_page_fault+0x82/0x100
[  457.373328][T12538]  ? do_user_addr_fault+0xc85/0x1380
[  457.373347][T12538]  __x64_sys_openat+0x138/0x170
[  457.373367][T12538]  do_syscall_64+0xfa/0xfa0
[  457.373388][T12538]  ? lockdep_hardirqs_on+0x9c/0x150
[  457.373409][T12538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.373426][T12538]  ? clear_bhb_loop+0x60/0xb0
[  457.373443][T12538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.373460][T12538] RIP: 0033:0x7f91d30a7407
[  457.373476][T12538] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  457.373491][T12538] RSP: 002b:00007ffdb3d43c30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  457.373510][T12538] RAX: ffffffffffffffda RBX: 00007f91d379e880 RCX: 00007f91d30a7407
[  457.373523][T12538] RDX: 0000000000000000 RSI: 00007ffdb3d45f1c RDI: ffffffffffffff9c
[  457.373535][T12538] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  457.373545][T12538] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  457.373556][T12538] R13: 00007ffdb3d43e80 R14: 00007f91d3905000 R15: 0000563f8ab274d8
[  457.373574][T12538]  </TASK>
[  457.373581][T12538] 
[  457.692854][T12538] Allocated by task 5938:
[  457.697174][T12538]  kasan_save_track+0x3e/0x80
[  457.701841][T12538]  __kasan_kmalloc+0x93/0xb0
[  457.706414][T12538]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  457.711773][T12538]  em28xx_v4l2_init+0x10b/0x2e70
[  457.716699][T12538]  em28xx_init_extension+0x120/0x1c0
[  457.721963][T12538]  process_scheduled_works+0xae1/0x17b0
[  457.727488][T12538]  worker_thread+0x8a0/0xda0
[  457.732058][T12538]  kthread+0x711/0x8a0
[  457.736110][T12538]  ret_from_fork+0x4bc/0x870
[  457.740680][T12538]  ret_from_fork_asm+0x1a/0x30
[  457.745429][T12538] 
[  457.747731][T12538] Freed by task 5938:
[  457.751706][T12538]  kasan_save_track+0x3e/0x80
[  457.756368][T12538]  __kasan_save_free_info+0x46/0x50
[  457.761550][T12538]  __kasan_slab_free+0x5c/0x80
[  457.766300][T12538]  kfree+0x19a/0x6d0
[  457.770179][T12538]  em28xx_v4l2_init+0x1683/0x2e70
[  457.775187][T12538]  em28xx_init_extension+0x120/0x1c0
[  457.780455][T12538]  process_scheduled_works+0xae1/0x17b0
[  457.785990][T12538]  worker_thread+0x8a0/0xda0
[  457.790570][T12538]  kthread+0x711/0x8a0
[  457.794667][T12538]  ret_from_fork+0x4bc/0x870
[  457.799245][T12538]  ret_from_fork_asm+0x1a/0x30
[  457.803989][T12538] 
[  457.806294][T12538] The buggy address belongs to the object at ffff88807bf04000
[  457.806294][T12538]  which belongs to the cache kmalloc-8k of size 8192
[  457.820331][T12538] The buggy address is located 1856 bytes inside of
[  457.820331][T12538]  freed 8192-byte region [ffff88807bf04000, ffff88807bf06000)
[  457.834282][T12538] 
[  457.836588][T12538] The buggy address belongs to the physical page:
[  457.842999][T12538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bf00
[  457.851758][T12538] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  457.860244][T12538] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  457.867784][T12538] page_type: f5(slab)
[  457.871749][T12538] raw: 00fff00000000040 ffff88801a027280 ffffea0001553c00 dead000000000002
[  457.880311][T12538] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  457.888894][T12538] head: 00fff00000000040 ffff88801a027280 ffffea0001553c00 dead000000000002
[  457.897542][T12538] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  457.906194][T12538] head: 00fff00000000003 ffffea0001efc001 00000000ffffffff 00000000ffffffff
[  457.914844][T12538] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  457.923486][T12538] page dumped because: kasan: bad access detected
[  457.929886][T12538] page_owner tracks the page as allocated
[  457.935599][T12538] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11488, tgid 11487 (syz.3.1668), ts 397746114684, free_ts 397704452734
[  457.957114][T12538]  post_alloc_hook+0x240/0x2a0
[  457.961874][T12538]  get_page_from_freelist+0x2365/0x2440
[  457.967402][T12538]  __alloc_frozen_pages_noprof+0x181/0x370
[  457.973188][T12538]  alloc_pages_mpol+0x232/0x4a0
[  457.978017][T12538]  allocate_slab+0x96/0x350
[  457.982501][T12538]  ___slab_alloc+0xf56/0x1990
[  457.987157][T12538]  __slab_alloc+0x65/0x100
[  457.991552][T12538]  __kmalloc_cache_noprof+0x411/0x6f0
[  457.996911][T12538]  audit_log_d_path+0xb8/0x1a0
[  458.001668][T12538]  audit_log_d_path_exe+0x42/0x70
[  458.006692][T12538]  audit_log_task+0x2b3/0x3c0
[  458.011352][T12538]  audit_seccomp+0x86/0x190
[  458.015835][T12538]  __seccomp_filter+0xce4/0x1e10
[  458.020764][T12538]  syscall_trace_enter+0xaa/0x160
[  458.025769][T12538]  do_syscall_64+0xd3/0xfa0
[  458.030265][T12538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.036137][T12538] page last free pid 5818 tgid 5818 stack trace:
[  458.042440][T12538]  __free_frozen_pages+0xbc4/0xd30
[  458.047538][T12538]  __folio_put+0x21b/0x2c0
[  458.051936][T12538]  skb_release_data+0x49a/0x7c0
[  458.056769][T12538]  __kfree_skb+0x55/0x70
[  458.060994][T12538]  tcp_ack+0x2266/0x6950
[  458.065309][T12538]  tcp_rcv_established+0x93c/0x2670
[  458.070492][T12538]  tcp_v4_do_rcv+0xa90/0x1430
[  458.075150][T12538]  tcp_v4_rcv+0x2675/0x2f20
[  458.079634][T12538]  ip_protocol_deliver_rcu+0x221/0x440
[  458.085089][T12538]  ip_local_deliver_finish+0x3bb/0x6f0
[  458.090527][T12538]  NF_HOOK+0x30c/0x3a0
[  458.094581][T12538]  ip_sublist_rcv_finish+0x221/0x2a0
[  458.099849][T12538]  ip_sublist_rcv+0x74c/0xa10
[  458.104508][T12538]  ip_list_rcv+0x3e2/0x430
[  458.108909][T12538]  __netif_receive_skb_list_core+0x7d2/0x800
[  458.114877][T12538]  netif_receive_skb_list_internal+0x96f/0xcb0
[  458.121033][T12538] 
[  458.123352][T12538] Memory state around the buggy address:
[  458.128968][T12538]  ffff88807bf04600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  458.137012][T12538]  ffff88807bf04680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  458.145056][T12538] >ffff88807bf04700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  458.153106][T12538]                                            ^
[  458.159268][T12538]  ffff88807bf04780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  458.167306][T12538]  ffff88807bf04800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  458.175354][T12538] ==================================================================
[  458.220306][ T5899] em28xx 1-1:0.89: Closing input extension
[  458.227920][ T5899] em28xx 1-1:0.89: Deregistering snapshot button
[  458.348530][T12543] blkio.reset_stats is deprecated
[  458.383785][T12538] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  458.391003][T12538] CPU: 1 UID: 0 PID: 12538 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  458.400001][T12538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  458.410120][T12538] Call Trace:
[  458.413381][T12538]  <TASK>
[  458.416293][T12538]  dump_stack_lvl+0x99/0x250
[  458.420869][T12538]  ? __asan_memcpy+0x40/0x70
[  458.425455][T12538]  ? __pfx_dump_stack_lvl+0x10/0x10
[  458.430632][T12538]  ? __pfx__printk+0x10/0x10
[  458.435202][T12538]  vpanic+0x237/0x6d0
[  458.439161][T12538]  ? __pfx_vpanic+0x10/0x10
[  458.443641][T12538]  ? preempt_schedule+0xae/0xc0
[  458.448468][T12538]  ? __pfx_preempt_schedule+0x10/0x10
[  458.453833][T12538]  panic+0xb9/0xc0
[  458.457538][T12538]  ? __pfx_panic+0x10/0x10
[  458.461945][T12538]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  458.467847][T12538]  ? is_module_address+0x17/0xf0
[  458.472854][T12538]  ? v4l2_fh_open+0xac/0x420
[  458.477418][T12538]  check_panic_on_warn+0x89/0xb0
[  458.482355][T12538]  ? v4l2_fh_open+0xac/0x420
[  458.486918][T12538]  end_report+0x78/0x160
[  458.491134][T12538]  kasan_report+0x129/0x150
[  458.495614][T12538]  ? v4l2_fh_open+0xac/0x420
[  458.500177][T12538]  v4l2_fh_open+0xac/0x420
[  458.504570][T12538]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  458.510535][T12538]  em28xx_v4l2_open+0x157/0x9a0
[  458.515367][T12538]  v4l2_open+0x1bf/0x3a0
[  458.519587][T12538]  chrdev_open+0x4cc/0x5e0
[  458.523985][T12538]  ? __pfx_chrdev_open+0x10/0x10
[  458.528896][T12538]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  458.535201][T12538]  ? __pfx_chrdev_open+0x10/0x10
[  458.540117][T12538]  do_dentry_open+0x953/0x13f0
[  458.544860][T12538]  vfs_open+0x3b/0x340
[  458.548905][T12538]  ? path_openat+0x2ecd/0x3830
[  458.553644][T12538]  path_openat+0x2ee5/0x3830
[  458.558219][T12538]  ? __pfx_path_openat+0x10/0x10
[  458.563153][T12538]  do_filp_open+0x1fa/0x410
[  458.567663][T12538]  ? __lock_acquire+0xab9/0xd20
[  458.572507][T12538]  ? __pfx_do_filp_open+0x10/0x10
[  458.577513][T12538]  ? _raw_spin_unlock+0x28/0x50
[  458.582341][T12538]  ? alloc_fd+0x64c/0x6c0
[  458.586652][T12538]  do_sys_openat2+0x121/0x1c0
[  458.591313][T12538]  ? __pfx_do_sys_openat2+0x10/0x10
[  458.596487][T12538]  ? exc_page_fault+0x82/0x100
[  458.601244][T12538]  ? do_user_addr_fault+0xc85/0x1380
[  458.606504][T12538]  __x64_sys_openat+0x138/0x170
[  458.611331][T12538]  do_syscall_64+0xfa/0xfa0
[  458.616082][T12538]  ? lockdep_hardirqs_on+0x9c/0x150
[  458.621274][T12538]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.627314][T12538]  ? clear_bhb_loop+0x60/0xb0
[  458.631968][T12538]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  458.637841][T12538] RIP: 0033:0x7f91d30a7407
[  458.642253][T12538] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  458.661923][T12538] RSP: 002b:00007ffdb3d43c30 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  458.670315][T12538] RAX: ffffffffffffffda RBX: 00007f91d379e880 RCX: 00007f91d30a7407
[  458.678352][T12538] RDX: 0000000000000000 RSI: 00007ffdb3d45f1c RDI: ffffffffffffff9c
[  458.686308][T12538] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  458.694265][T12538] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  458.702213][T12538] R13: 00007ffdb3d43e80 R14: 00007f91d3905000 R15: 0000563f8ab274d8
[  458.710165][T12538]  </TASK>
[  458.713478][T12538] Kernel Offset: disabled
[  458.717791][T12538] Rebooting in 86400 seconds..