last executing test programs:

10.028867128s ago: executing program 2 (id=568):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='P', 0x1}], 0x1, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000140)={0x400, 0x300, 0x0, 0x2000, 0x5, 0x0, 0x0, 0x0, {0x0, 0x401}, {0x0, 0xfffffffd}, {}, {0x0, 0x8, 0xffffffff}, 0x3, 0x3f0, 0x81, 0x11, 0x1, 0x0, 0x0, 0xffffffff, 0x761a, 0x0, 0x3, 0x0, 0x10, 0x1, 0x0, 0x1})
pwritev2(r1, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2, 0x2, 0x1, 0x10)
sendfile(r0, r0, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000280)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x18, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310978042a8bfe1406584a128d7469166f4f07b84819e7df4af14e1df82d", [0x6, 0x9]})
r3 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
unshare(0x2c020400)
fgetxattr(r3, &(0x7f0000000080)=@known='trusted.overlay.origin\x00', &(0x7f00000000c0)=""/122, 0x7a)

8.920668835s ago: executing program 2 (id=571):
socket$packet(0x11, 0x3, 0x300)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,size=8'])
chdir(&(0x7f0000000140)='./file0\x00')
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$UHID_INPUT(r2, &(0x7f0000000240)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b200fedea1c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0xf47)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r2, 0x0)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
syz_emit_ethernet(0xc2, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000280)=0x2)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

8.795807693s ago: executing program 1 (id=573):
r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="03070000000000000000080000006800048004000780130001006272f8390bf7d9f783b48fd37a6d5e"], 0x7c}}, 0x8000)

7.630782405s ago: executing program 1 (id=575):
socket$nl_route(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x4, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$phonet_pipe(0x23, 0x5, 0x2)
r4 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000600)={0x2, @pix={0x80000000, 0xbb46, 0x34324142, 0x0, 0x0, 0x2c9, 0x0, 0xfffffffd}})
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000100)={0x410000, 0x2, 0x2})
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000080)={0x2, @sliced={0x8, [0x1, 0x7, 0x5, 0x3ff, 0x0, 0x2, 0x6, 0x9, 0x1ff, 0xdd, 0x494, 0x139, 0x7, 0x5, 0x5, 0x7, 0x6, 0x9, 0x2, 0x5, 0x1, 0x1, 0xd, 0x6, 0x9, 0x8, 0xf6, 0x5, 0x7, 0x9, 0x4, 0x5, 0x9, 0xe, 0x5, 0x258d, 0x2, 0x9, 0x6, 0x4, 0xe, 0x40, 0x7ff, 0x7, 0x0, 0xdea, 0x5, 0xbb], 0x80000000}})
sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, 0x0, 0x10)
getsockopt$IP_VS_SO_GET_DAEMON(r3, 0x0, 0x487, &(0x7f0000000000), &(0x7f00000000c0)=0x30)
socket(0x29, 0x400000000080803, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(0xffffffffffffffff, 0x2, &(0x7f0000000100)={0x1, 0x4}, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)

7.121169926s ago: executing program 2 (id=576):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket(0xb, 0x4, 0x3)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@ipv4={""/10, ""/2, @remote}}, 0x0, @in=@initdev}}, &(0x7f00000002c0)=0xe8)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001a80), 0xc0c00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000000)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000240)={0x4, "5660359c3245d1c42317afad7d48ed51000000000000000100"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f00000001c0)={0x4, "00ad0100040000000000000016000000000000ff0e0a000000008000"})
setxattr$security_capability(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280), &(0x7f0000000300)=@v3={0x3000000, [{0x401, 0x80000000}, {0x9, 0x5777}], r2}, 0x18, 0x1)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000001a140100000000000000000008000300000000000800", @ANYRES8=r4], 0x20}, 0x1, 0x0, 0x0, 0x4000015}, 0x0)
r6 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})
socket$netlink(0x10, 0x3, 0x0)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20)
sendmsg$alg(r1, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f0000000480)="19a8865f8d80b7aeac749b26e8", 0xd}, {&(0x7f00000004c0)="381dd8ab47360c4acd85e99671a0ab0ba8fd3de093853e39b9b69f4a2f501326c99f2047af89b4c6f8931be3fbf64b81a16357d325752e6a794d62740f2685cd37cb4b23da9c", 0x46}, {&(0x7f0000001b00)="7f64f037db5944f33d36f32c99915d6e16986f47850e16496750e051cbd18f3fbcbb88f944660d2a25e962eb35bd780ae2e207102c14a6d296ce163ed0de9d7357bbc909c082468306c45daded4845bf00e10491842bef21e22d24d4d33302ed6ce867", 0xfffffffffffffcbf}, {&(0x7f00000005c0)="4179fd33c804224e474af2bc706a1a653799e0b52d74948dae635f6b4adcc2cc96bbee01263c8bd08ec66d4b48e1b0b85d00864357880ed8c3147996065aca92c4060bfe038a94813d6648a138fb83c49ae0916e9688b5a51663b5e6f02f2520f2100d7d11bcc5971dcf5f3aa14e5f7aa91bb77ff72de196d6e70aa8eb14198dfe6b94dc323cda938e0b2f48f1a3a4a2bf78a2b83f40c6d7f1fff1ef6057106d2364256d45f792543efdca1894468abf0ac83fb2cf4667da0cfd1c423aa42c145fc0296ad7af7324d2bac6d0d034de4252956d42dbcedb057e6013122033", 0xde}, {&(0x7f00000006c0)="cbaa49d0ece44e8598b36dd5ceb20e048c927b618b25080b5dd2dc618ece226a16ee7678785264b3aa89975918a0636a4148854bd39c88313072ceed9a16fa74437b02280384288675d0506883d6de0b5e24df6ccc1d66ddaa0537edd234c0fe43a8425c53fd59cec0392cdc0afa63f4fd6febb7cd0779aeaa1409c8d21e71dcd5908bb9198dbc1226d01ad4f3466c6590b5159f80d3060c94e01f95e9941af9b84fec1dc9a2818c7559018f991d825ef7ed738e849058e5a8014cc98253b1bb68ff0246c0f77483659b17d7f7c657a5413cd0b47b03dc", 0xd7}, {&(0x7f00000007c0)="618a34f2966707061f455584a094c39d67728bb853ddfee1711a61643a1d66d6a9ccc67f60e3b5ed416850fc457fcbc2872146b8b610a217ce246cc0eab105fca3a4b127f70242c286a7fa1c827721f64124e69de46bd267cfc8444ae1a46f6512909e7eae8e8f2aaa708191149313127adf1aafbdcc0b119140f8e2229bdd31995a29051c611122818c5a8600463aa9a0b3ece83cdcf23137efda1c4fc4a1678573e238550abc8abd004da73c1f72921af797bfdd275392db512a5161cc79e0290146a1f11a7ffca7742ba26695050b605b5a2be188", 0xe6}, {&(0x7f00000008c0)="fd2306cebf2e4a39484c47ed924dd6968afb650ed8394b8b47fd17b867b2be4d8c7a1320ac81fe88afeaaf9bb11f86fe4d27eb5b879f6b887b8b18b6bf71db13adf4f4f2464cafc74c71693fd8866e2c812e28ee4570ba23df32b3db1b350f5cc5b6c1fee77c1e91ea2f7031bf41f492cc0ed5297f936430e650fafca5953c3f7f3b681c9c6a4036466fe1d044fcd205784c870f75a62632adc9f286897655e17e254768bb4f4a06670c370aa9f48c840db26220c0f8baed989795683ad057e94569943aaad0d102b95450537d24787d0a8c634e7f3770541f8adcad9885beb3c185752eb1efc2fb9dce76ca3b4b33fea86e912f0cd2b0cefb35079f35c3c258fa72857026ce31e86a55bd20dff755adbe059cb478d437120c66bd24c322d98fb018b87834a854207e8d6a7c491cc75dce60801fb58ca193714404a854000ba4c7f0a877d0e1a0fb22980e77aeace569983e4dda9b4799784a9f2224a7d788b4ec79a2ac53e088921aa589581c5805c3d8c893e3c2cedda9c6dcc5d839c5613ae751af69ed1dfbd6bb9ea4d7fb860656a1e376858272130cfdc6cfc586313d3b56759106da382d487965800328a0457a4e3e0ff96eb8f2efb78e03394d6b7a347e2a34d942b73aded3367c013aa2a01f2e904a39a910e262a13702dee3a7cfe8fe9ca1f66192b1506ece47a8b8aa17ffaca3a7110ce3881c24a3ebd8dc5ecdc058bdd2b70c98dc7940f859e980a590da888172ccabd06fe4d553929a13102f4588db556156e059aaf444bcc7e04de0d9dd5754d7eac6c24cb83e6a91d0dbf8198820c24c9995b6a2da12361f2851a77fcf69563d7cdc41fc554e7a96e1a49de28c9e0c0d08e580e1c4928db5717e6d12af52877be59f6ccf8f315ef00bdaa5923dece94065c1568c93757877f7bfc4ae61d3ad370859a67662d4556349d69ab44b96d5bcd2313a5f7d6605a74bf45ebe697f63d676945b0c7a2c409c3837fd0a310f3df6758c49dc1e28c0c37b41fd47425353b46da6e7202fcd32219677e21f5b96ace6a3ea4629d1820747dab5ad473485ab169c88c55e196154d01f0e8c9524f30b626156e9f0295bae94cc69e2da72bbde92b0c7857510d56194b9d78fd6431cbb1d9c7dd2283925a60fbf8b8d3ad1eb29d498c6357834d1f1554d9f01a15e538506c7adc1601a2e09a6dc03daa1881a4fce1f4963b1d8e1b26be3eba9a2f155da7d0badc4ac52136f5a8e37515ce8295385e140f78d4782b650d84a0d1d2a67cbbb233ac0eb5df9aea80dd33874f2bd0b9ecd0655c8d1981ecc7802638b9f094b7d18a954c80f704b03102e3f32f2997071036ba985ffa08bad7fd3a84b370c2bb6b7ff2675b204855df43efad5d3c5f300c5523610b9e400f989dc7ce599f2bd41d1697da3bfd3a52da89dce8302d21c2f59b7f744efa0478e7817f004bdc68b864ec9d03ec49a647c716588dad433ec7a1a5346a17e2d95fbff479d6105a694204aeba558ab8cd69c3659f7bd668e55652e7fdf745f3c0389b78e748cd673e18b674916a3477c7aaaff649ead45066591e94fcae5030506e504aac3325f5ad15c66fbc3a3aa31ca321174c532246421854d7b929affe4ad826bbe7cda373d8aa9653aeaecd1044a969eb824eb757f3fb681e5867829c78b7e8306ecc195b40aa43483a92fda07b8461d208233f5f546c85a5aa5aa178a072ca7ae11ccd1fea67956844c6e178c56fd2bede6589dbe87115623cfb6a710f591389ad138c1bc0559c21bdfc986325bf7b94d8bddb94629c69a77dfdf771436ee0443511919d88eee61931774aaf4489382d7d65a83209c021ba9d64b6b05369db46e6fb9ea122a6206643065ca3ff0103dfd8fe0b5595b02c7320bd426ddae6d13187953541375f94f74a8b1f76783dd3f65d5a81182897e132ca830059c4d99b88cfac2a15169c6e8d33ff440b199d34ee78535ed3ded8223eb70d3790bc5840aa14b084ee081be0220a3ccbfa5f36d0ef9f84ec66012236f9ab31fbdc25998369f5a833efb8606634246a0a7326d68825ea774dbe48329ee973581118d739b32c7c27488cf7252761f06f7be86e49664f90afaf6248487b94e1194f1cddc2e48390b11c0687aaa4b160e2cb055b80264700ec4f6cd5bd36017e4b062a4fed3fa1cd82be604c4426fef40ef50c317471c447643b28a49925a0b18161536a2c7662b220e66afd75402421f884ff0622bdcaf44427edd13efb43c75ea49ca3979edb9e328d2729a2d6b44d5caa7cb0b570ae19c7b257143ceb046b997513ef5fcf52f69926f9c08d848e36b6cca6919beff4066cff68ecb841a2f75be21d6ad991aeb488adc825e376dc8441b6050a7fbde025eb196a445b03de2940309c22eabfb8285cfc1a8eb7a6d853efb9b376d59fcd54ca089a48d6f562e2849a6ae177212469006cead41e925b13bdfb3dcc08410f7f9e7d8aa55bfcd09b905dc6c094f55e0d3423781ceeac2a43be3983c647ae76c248090001ffb90d28f37f43bd43c085032a47901728f560947beb81aeb1cf37c4fcd202dcc1e9c159a577958f0bef52d1047425903a016a67a2fa26b33cdb44d84c0cdedc02d77d1f8c69944819ac5ade706ff8436d50b9406fb1ca4c2f2c779969c6ffc3835a54b244ddfdeba109a5cfbb554b45fa461c7bb638c99d278d3cb8aedb30c9f24811f2fd6710107cd2d6efa50e220f0d2e94a943ffe11e7ea97aaccfde337842569799d6bf90ebdbb145756b3c50b9e9525e5938b6b8ca06d10d12b96514b26ffa615b54397e8d125e5f798eef2f36a7643962269fb40816659977b7e43bc2f64d59585b5eb7860ca265b0048c75a6857df71d578abcfd918484d2f99a34aa43d8575c4f9a6f2d49a1a42ef637c1606823ed773366a62a3579ab0c50d88fc2a61268b8b584c2cb61de4b6f0d89d9380423da30d59de5dee54b70027066cc7e0bdef283b6bfd7f9a7b06c05e452947980c4485fea91c5147e60bd471ded35a5797edef45689f1b78bc0f9fa47da0343ea825e53a7411f626d65411a0ae3f9e46b9af7aded1992e6139a4f6daf09c8a60a166a1a77ec6d42ce37d71b1792ef510a50f5e34de09378bd5a37ad29e707d65f06a3f4445360565c89cb0d37b2408da4fdbde7ce5ca6089959d79649a335a236fe3118280adb1a7d0664cc68e7cbe7784a5b855443fa9da9c51a1215800a2f39c2d1ab1e50593743fcd840d97ed0c0aa53a7475de3ad97ad49ace1df1428fc411c3c3716031134cd06f67e3790709865db167211ae582d4b59d2bb694bac9e54f13626b3e340cb1c615de9dc882f2524e4bf6a9e9c5e8ad43358b435f873ab1a2622b0bd3a761fa82e72b40ef45484329ded3bdf2e4f08e50363d78ebdf45e9ada034aefe838b386c385e6dc5ab6d53dbbebf3db4cd01b41c046559e307433f5c6029aa803dcdfc168628b6a7de5cb8d7725e6740c3486ff1906478b0fd65cb1b3916595182cc2a524e3a16429ba9b30a3c8e8c2324f11500249866282f83ac3c169742087f9cd95d61276617a6d27ea58e12e7f481b47ed53f619da9af6c9061cf39f75356269371461d9f059085c85d16cb85aaf4c24e89962337d2a38ba12f8ace00e06bdb478aa5c6646e3c688e6b2779070849023832c80755d56d717fc9f3d3d01d5a67e82d4d19a9fa50e92ebbe5981756b795d7d72215266423ea4a32bf216f54b99e00f6916525e6aa2c7836182624b1c67cfb15c4d78ebd064ccb8200520a285487482800fc4b00e70aa710392c8dfa2a39a91c2229370b582bb0917ecb181c12bc566c1c2c6cc5aae7002e849b95a700d74802d6e56ee0ee7769fc5d700883920b2e7bc502434b0a54fcb90a7f7ef96cfb8839f2f3b8b777d952d8ef76039e194ac76911c546a5c6763d5cb6f468dc37e1d57d533b1703a10674e4463591aec8ae97fb46f0dacb9fbf11a0bf0417008be1fb37eb19bc1083f576329c5a10bcaf5a8beb396a9f5bdb7dda7d0d07b3ca40f471e404096198c960d7717da9fab4baf0d39f7e8f96d193e5f6248148170fc634043acf6f72a99d44865bd5967e1ce92bd4a45c2fad13712e8f84a73500aa2e33739bc4ae5667756f3d3cfa8a8655c4124d6b7ca75196c68daa7ce9216cefaa293de553b79105cacd5aba73a46ac206dc00befac0f2b9fdab79fb8828b5de04c0ff8cf75f8cf3005b8a6259906f3d08fb59302e17d4b42832a048d01b63ec74205b65b83ded2391f4029dedb97d0185a467c19860b86324cab510982d2bd09fce66ccce6ba84de805d29e866075a6a933f75ba50ae3f6605adee743ad7654f6379f2860bfa1d8316ada4bb619559accb6344a72025c58b936ffb2c1297d34adc45ab083a092cfdf88b9f1154f0f33671951d20c6b21076a48056583659d7b6839c513001b38453e2346c55e799c6d3659a64b576f74022f65a19d265a4072df37b46bc89402509f135d1a53a7156b8575be1962291d92d004db65b60193cf58fd451573d17cbe0845569d50b93ec65792578bfefdb2e1eff9883f528afb2157deb322d4212515a447de391df77c6e7d05b691f11d4637207992a3897e4136b904101e07bdd4da01f4b4a19ada43b874bc495c61043ed52d38043cc97bb4a83b2ec18aeacf6b118ed45b33dcb1493d8cf63a83f93a305235e934573a1b08767ef136cd4014ead26dc9563b584b31086025b2652aa40aac2c2d24e5ca3513c19655ef273e2ab9d3310b0fef28c4c7977f752e6c75c94558451de470e67e2b47143c97a50e246ec20edf2c4b9b1513662900350c04dae7d70450c405c9767a284f32919264147ff8f8a5973ef73717f0cc6a23eed567f0ddcd7a916b2106725660f65ac322c3c1e7f3a775580eb0b54dc02c9dc3a409a310a3fe6ad8e668c905fb5bcc26fb70a74f2676545ed6d1a7e44d2c820f518135964434cc856e1ea1aba2f0a07b404784bca65eb58c2d10d3064806708cc658539a67ab709ec306caede1b2a29c14f20a09a388f377e0343dba843becbb4bdd8969bd08d0e35c91904efd8c8232e3852e31aebf4c8ee8a9581071d82164e515c813040e112656bb38a529bb8a6ba218c79ca02fcb119e48369866fe178787f78ddd9ee71ca81d54956765e641fdd71d172e5e18bc6ad15c24d57a0b983daff21ace1dedc670f9126a0a9ec92896cba5b21842de9b7a1f1f1147de847d0394c16c382ff8575867756bc4b5271ba68e6736d065876ca6bb313ad970b2c9662e43cb2b2ff80df9bdac2c1e86863f9ddfdd4fe134e9c4c95283d6ff5ea2a624967073d6b4c8137bb91643861c01974ba454d1d4a9a14e1f2d848a2720610a02a45eda54c081c36b8dc0e02b048e1ce35e43175be0be49c15702cd2180383da19ac6d4f9022bc74602db559599375dc0dc70f32db19b42eddbd8000d53b41e734f29bd4eaa4063d60c29df121581f62922b9f0c907b9b0ac019a73ad627218ec70e1eef5d5a46b948d53f072c727880257f3091cb1f91af9596692225da0693b37086f4c18936ff685d9d2a2c6b0d9d9519ac4889873281ebc2a1bca2f502e533ad651df4666c466af33e1a79ccdabbb2d4d949e443ee7801d2f0deb39e3949070d4c07cee4af85325e7784e160757d88b9d06da0b5c44a90fd112561ebb924478c7b45331f8ef8e3fccab2532f0340b3915686b7c4c060bb3d00710f13ff06cb394329f4f3b0d70269fdaea1d7b242cc66545cdfc36dad21b430da058a152c0ed0253ba5a4b9730292007c97c4d5f38114115fb", 0xfffffffffffffe2e}, {&(0x7f0000001b80)="9e17a9c0a2c11c47af42110637627e21b00b7c302818850ebd8275545875785774b3cb87555f040f2cdf7aea917dc81c4cc8ca0d74adb3e3d3dfe15dc62582dd768be9b58fafdfd34dc1ea447be815beef19aec996aa9a7fd9f5d04486babcd16b0273f20f117863aee6cb47a5b35533b353dbf74b9598a262f0e4b78cc7e37f3d02d37367168a9881f8c6667a2adfbdcab8fbe3222bd24c11d97732fdf347e9a32003c7d30e8452e81be75f3eee422f2c7f024e176989318b54aa319fdd6ebe391a8aa9bb20d2ef8d306bbe10bb1246689d93e464cec2677021293a52270afef63492994fbc03ddc20a8e8cda7cf06b569307db0b04ce8917206dd1686bebd36086f0c595deda108062a146cd1a5bb0dbb51dc06b4dfd", 0x71}, {&(0x7f0000001980)="8560e604d4b29673d17be06cad87031f94aab4c9af4abcf35aae4407caa56b23c7d1cc3dbb79dbb01f47515ee92be0f632cd", 0x32}], 0x9, &(0x7f0000001d00)=ANY=[@ANYRES64=r8], 0x218, 0x7600f68e2ef2f12b}, 0x810)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, r9, 0x0)
ioctl$UFFDIO_COPY(r7, 0xc028aa05, &(0x7f0000000200)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000})
move_pages(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000000/0x1000)=nil], &(0x7f0000000040)=[0x1], 0x0, 0x2)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), r10)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001ac0)=ANY=[@ANYRESDEC=r10, @ANYRES64=0x0, @ANYRESOCT=r0], 0x30}}, 0x8000)

7.118904395s ago: executing program 4 (id=577):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$tipc(0x1e, 0x2, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$TCSETAW(0xffffffffffffffff, 0x5407, &(0x7f0000000040)={0x7f, 0x5, 0x7, 0x4, 0x8, "03f37fe99f4da288"})
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x42080, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a69700000000500040000ffed000900020073797a3200000000240007800c00028008000140ffffffff0c0001800800014080ffffff050014000200000005000500020000000500010006"], 0x6c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0xd4581, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x9d3, &(0x7f00000000c0)={0x0, 0x79af, 0x100, 0x8000, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_setup(0x3c20, &(0x7f0000000400)={0x0, 0x2050, 0x3380, 0x8003, 0xd2}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"})

5.748098513s ago: executing program 4 (id=579):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000002040)=@security={'security\x00', 0xe, 0x2, 0x370, 0xffffffff, 0x1b8, 0x1b8, 0x1b8, 0xffffffff, 0xffffffff, 0x378, 0x378, 0x378, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x6, 0x0, "ac944f29d80885570298ab27aba75082ef72615aae280cb1875cd3d97ca9"}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "3a691901000000703fe193000f3e34e1c27647d8f89d00"}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d0)
write$UHID_INPUT(r1, &(0x7f0000000000)={0x8, {"a2e3ad214fc752f91b5d30f70b06d038e7ff7fc6e5539b385d098b089b3b08381a090890e0878f0e1ac6e7049b3344959b609a240c872adb988f7e0319520100ffe8d178708c523c921b1b5b31360d095d0636cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08c4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e800ba9abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40d4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889632b3570243f989cce3803f465e41e610c2021d653a5520094ec79553299388b0000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a72eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c2d88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b19bb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0545359bafffa452370000000010403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae2d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e709000000000000004fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83000000000000010058b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff7544130700000000000000f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc6c71737b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b93903000000000000001c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f9354b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c558069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae0000000000000007eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c73144f8e4a737afae5136651b1b9bd522d6039947329710309d83fdd9d8b4ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c10613d17ca51075f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb401000000608d6f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655bff4801784c416b22f73d32d678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d7000bdbfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d6245939241a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f4820000000000000900a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78cd7d79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2e0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77900b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15f2dbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af500ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000eeffffffffffffff00000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000140)={0x1, r3})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x13)
r4 = syz_usb_connect(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="120110017a953210ac0504c777620102030109022d0001080540040904270102fffd01000921e700070122b30409050c0200020103400905df02"], 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x2f, 0x42, 0x40}, 0x48)
r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x11, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000b300000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
fdatasync(r6)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000240), 0x1003, r5, 0x0, 0xa00369a4}, 0x38)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
connect$bt_l2cap(r7, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
connect$bt_l2cap(r7, &(0x7f0000000080)={0x1f, 0x83}, 0xe)
syz_usb_control_io$hid(r4, &(0x7f0000000bc0)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX=r6], 0x0, 0x0}, 0x0)
r8 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0x7040, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r9}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r10 = getpid()
sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r11=>0xffffffffffffffff})
connect$unix(r11, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)

5.596189091s ago: executing program 1 (id=580):
socket$inet6_mptcp(0xa, 0x1, 0x106)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000021000000000000000000001085"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='task_rename\x00', r1}, 0x18)
prctl$PR_SET_NAME(0xf, &(0x7f0000000140)='+}[@\x00')

5.28829894s ago: executing program 3 (id=581):
syz_open_dev$tty20(0xc, 0x4, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10001}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, &(0x7f0000000000)=@framed, 0x0}, 0x94)
sendmmsg$inet(r0, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00000005c0)={0x4000000, 0x0, 0x0}, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x80005, 0x6f}, 0x2c)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r5, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e20, 0x3, 'lc\x00', 0x2, 0x3, 0x4e}, {@private=0xa010102, 0x4e20, 0x2, 0xa, 0x80012d58, 0x12d5c}}, 0x44)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r6, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'sed\x00', 0x6, 0x3, 0x1815}, {@private=0xa010102, 0xce20, 0x4, 0xa, 0x80812f58, 0x12d5c}}, 0x44)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r7, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', <r9=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r7, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r7, &(0x7f00000001c0)={0x2c, 0x8, r9, 0x1000000}, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r3)
sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x14, r10, 0x101, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000014}, 0x8000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)

5.193468002s ago: executing program 1 (id=582):
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f00000000c0)=0x8)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000180)}, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/tcp6\x00')
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4000, &(0x7f0000000040)=0x200, 0x7, 0x5)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x1000087}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setpriority(0x2, 0x0, 0x7)
r3 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000200)={'wg2\x00'})
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r4, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x48015}, 0x40000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
pread64(r1, &(0x7f00000000c0)=""/169, 0xa9, 0x4fd7)

5.036059023s ago: executing program 2 (id=583):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef171e7206d30102430109021200010000000009040000000206"], 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0015"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
dup3(r4, r2, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x2000000, &(0x7f0000000280)="10"})
syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="401604000000af0800e0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.001407472s ago: executing program 1 (id=584):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="b738256a3bbaa9b731508d422286b9f13b8a8a1e4f511cab160d95a211cc6e6f250b113eb3f8e8805d560a5805323ea7bbfde74ce94a2fb3ce4bc91f292b94beee914483aaea652583b85b422676b9bad5ff6131bfdc9b12085244386908b57956a21716ddbb517e630d9e931557a3bd86110d9c4f695e82d6600d7d2cc248d74ff40c9cf280a229123cf0bb015bd03445ae10319e0a9918"], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="f3f969fa9643226ef0f783504ee27a71a4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$misdntimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x280401, 0x0)

3.880340479s ago: executing program 3 (id=585):
r0 = socket$kcm(0x10, 0x5, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fspick(r1, &(0x7f0000000000)='.\x00', 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000100)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000000040)={0x10, 0x0, r2}, 0x10)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="18000000150081054e81f782db44b9040a1d3b020a000000", 0x18}], 0x1, 0x0, 0x0, 0x7400}, 0x4000)

3.828591235s ago: executing program 0 (id=586):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f00000002c0)={{}, {0x1, 0x6}, [], {0x4, 0x4}, [{0x8, 0x6}], {0x10, 0x4}, {0x20, 0x2}}, 0xc, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x2c, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@generic="cd0170a0"]}]}, 0x2c}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)

3.828027383s ago: executing program 3 (id=587):
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f0000000500)=ANY=[@ANYBLOB="0001", @ANYRES32])
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
request_key(&(0x7f00000001c0)='rxrpc_s\x00', &(0x7f0000001ffb)={'syz', 0x1, 0x7}, &(0x7f0000001fee)='y\xa9rustV\x1eS=\xd4\x16\x95:e\x00\x00\x00', 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b00)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0e3ccae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb950368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000100)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
add_key$fscrypt_provisioning(0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="02000000000000009417374c0753eeae96bd9e18f9587e932f070752c2c50eea5fdca27e4863715d8e194873c541b0cfaea02c6bfa194501071d4daab110115d45b1fb417134001299a8eea3e6c57e9cca3eff66b32eb46b34bf7683c2bf618a43b96a14413bffde2aeff86dd0ff627558a3e618e1f38aa82dd6270e530a6fc479c1f067314eba672d45b696d9b7ac3a0480090ddbcbd1bde3e96fb9047af9d5e71e594155e16bc0168ebd006dca90ab4f621a074a1dab8a6add5cd62575f63973bb1b78e96290a65c8ba2f2f07d997759dfc5f8c19f037675b5c5b60b1abd0000000002e0d0d3a9e66b0c9cae1036f660906723dc54b4a07d12529aacb1"], 0xc, 0xfffffffffffffffe)
add_key(&(0x7f00000002c0)='ceph\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r6 = dup(r5)
getsockopt$inet6_buf(r6, 0x29, 0x32, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, 0x0)
setxattr$security_capability(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), &(0x7f0000000500)=@v1={0x1000000, [{0xa6b5, 0xa}]}, 0xc, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="200000002d0001000000ea001000000004000080050011802eff"], 0x20}], 0x1}, 0x300)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)
sendto$inet6(r0, &(0x7f0000847fff)="1f", 0x1, 0x48600, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c)

3.678207481s ago: executing program 0 (id=588):
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={0x0, 0x10000}, &(0x7f00000000c0)=0x8)
r1 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000180)}, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/tcp6\x00')
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x7, 0x1000087}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(r3, 0x6, &(0x7f0000000040)=0x4f)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setpriority(0x2, 0x0, 0x7)
r5 = socket$inet6(0xa, 0x1, 0x8010000000000084)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r6, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f00000003c0)={0x68, 0x2, 0x8, 0x201, 0x0, 0x0, {0x1, 0x0, 0x2}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_SYN_RECV={0x8, 0x2, 0x1, 0x0, 0x2ec}, @CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x4}]}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xc}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x653}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x7fffffff}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x48015}, 0x40000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pimreg1\x00', 0x42a5e4b325a47b02})
pread64(r2, &(0x7f00000000c0)=""/169, 0xa9, 0x4fd7)

2.628186629s ago: executing program 3 (id=589):
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x4040)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
r3 = socket$netlink(0x10, 0x3, 0x400000000000004)
socket$xdp(0x2c, 0x3, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="640100000001010400000000000000000a0000003c0001802c000180140003000000000000000000000000000000000014000400200100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe80000000000000000000000000000014000400ff0200000000000000000000000000010c00028005000100000000000800", @ANYRESHEX=0x0], 0x164}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000280)=0x2)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r5, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

1.814181045s ago: executing program 4 (id=590):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'netdevsim0\x00', <r2=>0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000040)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001200)=ANY=[@ANYBLOB="61124c00000000006113300000000000bf300000000000002500070007ffffffbd0201000000000095002000000000006916320000000000bf6700000000000004070000b964b01a4607feff00200000540700000ee60090bf050000000000000c5700000000000065070000d23700002c030000000000001f75000000000000bf54000000000000070000000400f9ffad430100000000007c000000000000000500000000000000950000000000000032ed3c5be95e5db67754bb12dc8c4ed68ecf264e0f84f9f17d3c30e3c7bdd2d17f2f175455000078af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd390700000500000000f18c30907d7bee45a0100000fe9de56c9d05000000c6c60bef0d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cac3f055af65727546e7c955ccefa1f6ab689ffffff7f63ede202fa4e0a2127b8b83c71a51445dc8dfd13ff15f852a39e5b2ab7bcb8f512036a5ba6d04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6901fcecc8158f0200000000c8fb735fd552bdc268694aeb0763f65e439ec1120843e326c819b6cf5c8ac86f8a297dff0445a13d0045fb3cda30a673a6037ed8c85f21ec2c081bdce431e56723888fb126a19bc1172b84b3ebe174aba210d739a018f9bbec63222d20cecac4d03723f1c921b5bbf7949632cacfdd32b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb400001e3abd5dedd3f7d2cf5834f2af97787f696649a46e17e090000000000000045eac1720e83b7838e3eede14308d582685e1becd6f35154bcb400000000000000000000008129277dc467148670ad3e2b26539cebca8f4ddc211bc3ccf0bd9d42ca019dd5d022cf74686e9fbe2562979eaed840a7afaab43176e65ec1118d46d1e827f3472f4445d353887a5ad103649afa1769080584f800031e03a651bb04000000ab04871bc47287cd31cc43ea0ffb567b4040c1458d0320ce7d0000413a0000000000000000005f37983f84e98a523d80bd56a57fa82b82f639601ae899a559944cb9a62a29ab028acfc1cb26a0f6a5480a55d624a0c544ba0dc828c22fe30000aa391598000000437d57fcf8295f63a70837f5cd4e5e77964522dc7ca3aa3476b7f2d851d27fd4de6eabb43e0799dc8d9fb7dc6c523ffbd74a6a40e4acb1ac872ade9d1f2ab779b8dbe843aeeda0426c767c00327b8c95b2bb6ddb55117669d9598c0f3598073f3a921c76beceff7e4fbfea5011db9020823b83abe54346c7af0a99fa077ffe7000feb9e44023a1749eb1d0d572b77d6e0d0fcd74031c8ef2629f5ecff4626746d6abe98a255e92c3c4f79bfcd0d91741380000cfeb73dec68ed56b5d3dfdf0cb8b71ad79000000000000000000000000000000dd434a25e95d0ec29d3adaccf89d0888031ecdfdb4dfbe444673be099ece7e4009c76c7108ef0a7e59fd6d906fbc3c9b412e0478cfee4485f423c63f49db43833c92eeeb647cebd4d7a93a17bcbb6bae5ff876375d4fe39cc2d292691672cc18ca372104ceb83a35ecedd97fc191d8f64d2b1d60c6d12911aada66c26aa4802c3514c3d92ec905000000b13f14c3f2ed6c64ec90000022d600000000000000000000028026b80c3899543223a6079ee96198b9a326db3be3a48af415ca28ca51c502550044ed8e29af8d763ef9b1f31befcad2ce5394601c7cdc233ba3d4ce26ed703dcb9fb3ad650f77e339768924dfdbeead13b88371154d743544a6091ec93e0d3fd5b4dc42911c17d51f964727bfd5cc5ba15370f6e1141d2271eded0b15e4316a1e4623272beb249a0928c417720be14c898f397411c88a7bcf3df46ab3efe7cd5e160c2afd3cc945f75011a102d952c7ad17a58d9be6910023a26faea764fae160cc2260bd028162917807ce89e11b5f261052ee0dde18efa1d802af2b7beecaaa61e7a726571df5cf6f8af41933cea0d0343261bccf64ca1c81045153eafbefdb91fbdff9ee3307d4a1837963b2dc2a3698d90e7915b098f19392e792adaea86052f4e948184001b6494e906925a092483adc7e9c8f7a29d226763c100aecae7f00619c36bceb9fb6dd7e55487d8485e498fdfc377fd3d266d21d46ab2f6b2ce22cd0aebba9b0ffbfe8ec3143c3734967c90b16ebbeeae1ce2baaae05aed6bf0f40c8a323f9235dc99698bd0b800067a901a79daada03cc77e74feb98b1586946b452764ff917a8ecc10e529c5bea49cad70e22df522c2803b6ef65df70223c6e22c3433e322d8dbd6e9b040065a9d6b3d5ae276cffe935d559bea88e1aa36b4e6c19e78457904297e77370e013b705a96548d47c609a93c45f4d1382b39c05dcc07d5b49ad75ddb3ce5b5b9416e03995da046c7aa5e6fc1a6f5d663380967ccef9de49a90ced031335e3219ebd9d06c257a50497ec523f5ff7361261ccfe239d603364a42e2e81fc068fcbb9792b673827fe7018a988fbce55bb74cdb327ce27e134548032a307871cea4c89d4b77b8743fb3cb72cc280b9f62e4f92f46a19600b802cba88b7d0a938d9e0e6cfe5d66b8748d004179e5b6025c0e1050faec7ecd9de190a975db2f8c06a551236278c4766d7e22e3b85168c9851de6266c791252f919b4f8b25055e786734e5142e4666c67aef5b7b2f88c6640995434aa8636993089c73f196c54ae829ad4307132655b075ae534fa7f1ea9a17e62357b0bd2bd1d62d34bfc136464025013665b1cf26a863a5cb3e8acc806611792add8254e705fefd2a44d5b15e3b36f6b75c97c9c04c511d8cf9e24c61c8284a913a381cb1a56c4f3f265a09628878040000000000000017b68afd95d4abd79286692439ee7acca2adc3d83d72b1b778e30c2bf2efbbcd054cf51f5705eb0faa8a0d9f18135cb1d8d567c3436fa697b72c5035d98b9e4f7f3379c0b3339debc78352b2e65299223d7ef2bd540e78167a3ac92a4c4f826f6d0e5c4ebf4f7a70c03e2f5ddbebf168586331eb5995d2288a167b7c6b20b32116b0c528dab6d0c4fe2ee402348104bc5d4012babedee898c6d3e1017be2e9bc759d3ab4d615f5000000000000000000000000000000000000000000007fff0000000000e693e314adf7dc9f517d04f1e6ca367d30d31d3647c6059db6e1e9529eb1623ef99e2d9ac2ab4872f8e784b07a31110bef6d000000a6f9e89e6d50ee06ce716f94da60f1f22db669560d296287c13c92070000ee7553eb2df17a39542fa88d09f000e88a90cf4406b9000000000000000000000000f441d6a6f516c235c6f5863e7f454ee0e16b9aa2593eb31fa3836703e7765aaeb77a8770e518efaa6d3dd85e03b3b133eb749057cea9af75a0e6f633532f2891b8e263cb6eecea691842827bc7c887081c8d320642389f5f0c42dba0ff75a257310f2d92cb1d1e16468949f5675262ee6609cf26ae4a8f5eac0ebf318e735930b01d8f586e34537bcff7d6196f494cdcf3a712078d745db0f5687a78ee6d000b3d171a0f08299b52d207f32e9da311ca090000003a42732808515eec574f892622c5be497fc3d9ca122d7c18b9e54637812c8debc61f0e42d838e44a819b74bce1a56108bb0f72c4a02475920532309c55b2c9ae9f281391ec5cc72a5e94cca1cbf1a706ec201eedfa5fbdb537a0c52bd45a9f966c25616cec30c3ea3246cb8e6aac7cf273638e6656a3e4ccadc348f0172028c99cc5f6d5c6d09ed65aa54549e73c28b7c8ad06ad3c5e3c27eec0eff1a6c84f1189919eefcee8072d1f88cb781e4cdb04af00ac92f1080211c4bee74381a0e31021918f27863fdbafb50f70857d52a1f7df51935a80b1980a4778d35f183ea517f55a98c5a471f3521956f8da6a4ccf2071095305701ab3f3ae43f06e91bc7d85e3800b46926944fba9805a985e63e53a62232fcd3f01dbe1728f300e247a7ebe344f9749818ff3961b2a42664ccd680a90bbb6ab400e286acc8f9febef64594777f848ed1cf980a3da2f0f7745760a05887d0c28060d613dd6539d392fc21fee0b5131609664b821d7a994e6c5965a4fa1ec1790c54e54586907dcc5a071ba22251e2de8bac16e79da9c2444d52facb7ab49420900000000000000f888a94365b99b72796fde1b922fc9ae09b526efca65faf1546c17cbb1d2d2fd12cb1a49cad501a3ca218c595b667b634606c57987ebfb0783a4948e4561d5cda158fe74453ff4a837be14d6a483842c57d6005b544b4f80003386edfd3d4a88a667bd41eefe0d808abed08a29e6bc370a80cc0366fb4080bfbaaa946fd47ab662c79c846e403910bbc3a48bb276cbb08a8eab145c06221ef16a238e3d50ad18aea9a2cec97d3c2d0569caabe2bffe02506bc9cb7294c5d020536dd5e7a6351642112df3b55d0215aaec7e45598995e79699e47567e353e68b03f82be860b188554b734e1192f9c1a867b815ef52cdc3307c0cc9be0000fdde69c350e59f11f1d26a4d04d8c8b2c4a4d23ee931d14bc7807db773a614b670acf46f83f7c65a0f8d43c5f647e1f0d27c46d4b686e867e9b0be76a7978a8f962bb5a070df97f2bf7612115cfe5ebdc7ad0bc5a5f3ace25347d0e5c347279d55aa67a967380000000000000000000000000000000000000000000000ed0942d980c754c6c69ef65c375ad018824f78b260d5f51bc3feba504408a8c8141d84f3f417603b5081680faa8cf38dbe4ae19e936511966965ce268b6345a0001c0f26a32e0a999fc869292e939dcf89b9bfd794f9c12d41959a00688cca43015a9eec58f647796adea520cd2abeb0b55c22949d10e5a05fee4543fdc1e02554a55b5fef2427a6e5708edc38fac53c2f961945a3f83cdf01979939b49bc6b1aef8c733401bbe473de8d64efbe0d123739f387d1c0d9e74f2175c174ada1678c7db79492e8dd0f34e2ccf419cf7f14ffa408b50a52685b36aed14aa22ad928191d5a2697646edc52a1c0c5d720ae690add2b34aed161f51cc1cb424f76098e1e1921e5a405f9d298a8461f2da30e47b7c6ed7c95c84c745f58723e4cddffae3b53b5b947f9435e589f9ae55b30ecd3827b2de5df31976870823da8058c2538c04e397f3d0ef90c11c74da984fa558697ecb57224ce8fa6f79aadbd7dbf3678e74d790bc2ee72769a3ada1dd504f8e4133ce1effd446bc9a2f139e65cc4bd83912af3122352506c7c2191b3705113a5ce1c99193886d6008d3565b00000000000000000000000000000000001c260fc175785ca04e31790f542c0f17b6599e93134792eae9878638b299e1d2b38d367be0d5c99d179c6bde265caebbae48bae74338f9d4f12f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe50}, 0x48)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20080, 0x0)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x5c}, 0x1, 0x0, 0x0, 0xc004}, 0x48000)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe4000/0x18000)=nil, &(0x7f0000000600)=[@text32={0x20, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="04000000000000008504"])
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}, @IFLA_MACVLAN_FLAGS={0x6, 0x2, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r2}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x54}}, 0x0)

1.796087389s ago: executing program 0 (id=591):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x2, 0x4, 0x6, 0x1, 0x1000, 0xffffffffffffffff, 0xfffffffc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000800007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r2, &(0x7f0000000180), 0x40010)

674.402279ms ago: executing program 2 (id=592):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=@base={0x10, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x7ff}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r0}, &(0x7f0000000000), &(0x7f0000000080)=r1}, 0x20)

673.667569ms ago: executing program 4 (id=593):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000280)={'syzkaller0\x00', 0x20})

620.318814ms ago: executing program 0 (id=594):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000001d71188e000000000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

417.253611ms ago: executing program 0 (id=595):
openat$tun(0xffffffffffffff9c, &(0x7f0000002980), 0x84800, 0x0)

388.194645ms ago: executing program 4 (id=596):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r1, 0x1, 0x25, &(0x7f0000000080)=r0, 0x4)

352.569075ms ago: executing program 3 (id=597):
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xf, 0x4, 0x4, 0x7}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000001100)={r0, &(0x7f0000000100), &(0x7f0000000000)=""/95, 0x2}, 0x20)

280.375635ms ago: executing program 2 (id=598):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32], 0x48)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x600801, 0x0)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_devices(r0, &(0x7f0000000840)=ANY=[@ANYBLOB="1e0308004d6b71ef288563"], 0xffdd)

152.179597ms ago: executing program 0 (id=599):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x1}, 0x50)

108.002756ms ago: executing program 4 (id=600):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000440)={{0xeeef0000, 0x2, 0xc, 0x2, 0x6, 0x6, 0xb0, 0x6, 0x3, 0x7, 0x7a, 0x1}, {0xeeeeb000, 0x5000, 0x3, 0x50, 0x3, 0x8, 0x4, 0x4, 0x5, 0x80, 0x51, 0x8}, {0x8000000, 0x6000, 0x10, 0x83, 0x6, 0xd, 0xab, 0x4, 0x0, 0xa8, 0x9, 0x81}, {0x0, 0x0, 0xf, 0x7, 0x6, 0x9, 0x7f, 0x6, 0x2, 0x6, 0x5, 0xb}, {0xdddd0000, 0x1, 0x0, 0xa, 0x6, 0x6, 0x20, 0x1, 0x6, 0x6, 0x7, 0x62}, {0xf000, 0x3000, 0xb, 0xf8, 0x3, 0x5, 0x7, 0x1, 0x6, 0x5, 0x4, 0x4}, {0xd000, 0x2, 0x3, 0x4, 0xff, 0x5, 0xe, 0x6, 0x9, 0x10, 0x7, 0x1}, {0xf000, 0xd000, 0xa, 0x2, 0xd1, 0x22, 0x10, 0x6, 0xff, 0x7, 0x7, 0x7}, {0xdddd0000, 0x5}, {0x3000, 0x1}, 0x8000000a, 0x0, 0x5000, 0x62010, 0xd, 0x0, 0x3000, [0xfffffffffffffffd, 0x8, 0x6, 0x7]})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x8, 0xc5, 0x0, 0x6, 0x19, 0x4, 0x6, 0x1, 0x3, 0x0, 0x1, 0x0, 0x3, 0x40, 0x6, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x101})

75.495908ms ago: executing program 3 (id=601):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x5)
r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r6, 0x300000b, 0x11, r4, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r7, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

0s ago: executing program 1 (id=602):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f0000000240)=[@uexit={0x0, 0x18, 0x8}, @uexit={0x0, 0x18, 0x5}, @wrmsr={0x1e, 0x20, {0xc0011030, 0xffff}}, @cpuid={0x14, 0x18, {0x8001, 0x9054}}, @rdmsr={0x32, 0x18, {0x26c}}, @wr_crn={0x46, 0x20, {0x0, 0x1}}, @uexit={0x0, 0x18, 0xffffffffffffffff}, @wrmsr={0x1e, 0x20, {0xb21, 0x1000}}, @code={0xa, 0x5c, {"b9c90900000f322e0f005ea266b8ac000f00d066bad004ed3e400f6bc9430fc7716e67400fc72bc74424000a000000c744240205000000ff1c240f20d835200000000f22d866baa00066ed"}}, @cpuid={0x14, 0x18, {0xffffff18, 0xe1}}], 0x14c})
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x70003, 0x0, [0x7, 0xb, 0x2, 0x9, 0x7, 0x6, 0x3000000002, 0xffffffffffffffed]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

sb 1-1: config 4 interface 0 has no altsetting 0
[  109.204045][   T43] usb 1-1: string descriptor 0 read error: -22
[  109.215944][   T43] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  109.238761][ T5915] usb 5-1: USB disconnect, device number 2
[  109.318696][ T5952] hid-multitouch 0003:1FD2:6007.0001: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  109.953017][ T6037] Zero length message leads to an empty skb
[  110.005194][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  110.006100][ T5952] usb 3-1: USB disconnect, device number 3
[  110.147497][   T43] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  110.208638][ T5850] udevd[5850]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  110.255098][   T43] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  110.280661][   T43] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  110.453864][   T43] usb 1-1: media controller created
[  110.480086][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  111.399202][ T6038] fido_id[6038]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  111.684905][ T6040] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  111.694827][ T6046] trusted_key: syz.4.23 sent an empty control message without MSG_MORE.
[  111.726692][ T6046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23'.
[  111.744823][ T5952] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  111.770050][ T6057] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  111.776413][ T6046] netlink: 8 bytes leftover after parsing attributes in process `syz.4.23'.
[  111.936717][ T5952] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  111.990649][ T5952] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  112.086142][ T5952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  112.104556][ T5952] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  112.116019][ T6061] netlink: 'syz.2.28': attribute type 1 has an invalid length.
[  112.128340][ T5952] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  112.200963][ T6065] netlink: 'syz.1.27': attribute type 1 has an invalid length.
[  112.208705][ T6065] netlink: 'syz.1.27': attribute type 4 has an invalid length.
[  112.216551][ T6065] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.27'.
[  112.590550][   T43] zl10353_read_register: readreg error (reg=127, ret==0)
[  112.714705][ T6065] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  112.776146][ T6061] 8021q: adding VLAN 0 to HW filter on device bond1
[  112.904438][ T5952] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  112.915268][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  112.971287][ T5952] usb 4-1: Product: syz
[  112.975620][ T5952] usb 4-1: Manufacturer: syz
[  112.980256][ T5952] usb 4-1: SerialNumber: syz
[  113.010973][ T5915] usb 5-1: new full-speed USB device number 3 using dummy_hcd
[  113.047699][ T5952] usb 4-1: config 0 descriptor??
[  113.101087][   T43] usb 1-1: USB disconnect, device number 4
[  113.205544][ T5915] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  113.236477][ T5915] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  113.299795][ T5952] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  113.327393][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  113.359402][ T5952] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  113.388930][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  113.431543][ T5915] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  113.507657][ T5952] radio-si470x 4-1:0.0: software version 0, hardware version 0
[  113.663234][ T5952] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  113.740178][ T5915] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  113.911597][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  113.951233][ T5952] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  114.035916][ T5915] usb 5-1: Product: syz
[  114.060672][ T5915] usb 5-1: Manufacturer: syz
[  114.081060][ T5952] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[  114.088733][ T5915] usb 5-1: SerialNumber: syz
[  114.147771][ T5915] usb 5-1: config 0 descriptor??
[  114.398553][ T5915] radio-si470x 5-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  114.407310][ T5915] radio-si470x 5-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  114.756209][ T5915] radio-si470x 5-1:0.0: software version 0, hardware version 0
[  114.826245][ T5915] radio-si470x 5-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  114.841910][ T5915] radio-si470x 5-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  115.153547][ T5952] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71
[  115.382816][ T5952] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -71
[  115.391385][ T5915] radio-si470x 5-1:0.0: submitting int urb failed (-90)
[  115.411243][ T5952] usb 4-1: USB disconnect, device number 3
[  115.475343][ T6095] binder: 6092:6095 ioctl c0306201 0 returned -14
[  116.343185][ T5915] radio-si470x 5-1:0.0: si470x_get_report: usb_control_msg returned -32
[  116.358388][ T5915] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -22
[  116.544261][ T5915] usb 5-1: USB disconnect, device number 3
[  117.236303][ T6110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  117.512592][ T6115] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  117.628095][ T6121] netlink: 'syz.2.43': attribute type 12 has an invalid length.
[  117.706770][ T6121] netlink: 'syz.2.43': attribute type 29 has an invalid length.
[  117.756383][ T6121] netlink: 148 bytes leftover after parsing attributes in process `syz.2.43'.
[  118.983678][ T5952] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  119.420456][ T5952] usb 1-1: Using ep0 maxpacket: 16
[  119.457392][ T5952] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  119.500896][ T5952] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C
[  119.540116][ T5952] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[  119.574869][ T5952] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  119.604325][ T6139] netlink: 100 bytes leftover after parsing attributes in process `syz.2.48'.
[  119.620980][ T5952] usb 1-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f
[  119.669474][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  119.778651][ T5952] usb 1-1: Product: syz
[  120.170839][ T5952] usb 1-1: Manufacturer: syz
[  120.175530][ T5952] usb 1-1: SerialNumber: syz
[  120.240229][ T6146] syz.4.49: attempt to access beyond end of device
[  120.240229][ T6146] loop4: rw=2048, sector=2, nr_sectors = 1 limit=0
[  120.254526][ T6146] hfsplus: unable to find HFS+ superblock
[  120.352650][ T5952] usb 1-1: config 0 descriptor??
[  121.033681][ T6148] binder: 6147:6148 ioctl c0306201 0 returned -14
[  121.065815][ T5952] rc_core: IR keymap rc-xbox-dvd not found
[  121.585571][ T6131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  121.808862][ T5952] Registered IR keymap rc-empty
[  121.815104][ T5952] rc rc0: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  121.825646][ T5952] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input7
[  121.940960][ T6131] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  122.003686][   T30] audit: type=1326 audit(1754522082.983:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6156 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  122.112825][   T30] audit: type=1326 audit(1754522082.983:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6156 comm="syz.3.52" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  122.669008][ T6170] ceph: No mds server is up or the cluster is laggy
[  122.686843][ T5916] libceph: connect (1)[c::]:6789 error -101
[  122.688154][ T5916] libceph: mon0 (1)[c::]:6789 connect error
[  122.942759][   T30] audit: type=1326 audit(1754522083.873:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6169 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  123.299989][   T30] audit: type=1326 audit(1754522083.873:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6169 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  123.450414][   T30] audit: type=1326 audit(1754522083.983:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6169 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  123.599034][   T30] audit: type=1326 audit(1754522084.223:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6169 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  123.620379][    C1] vkms_vblank_simulate: vblank timer overrun
[  123.649655][ T6181] fuse: root generation should be zero
[  123.684308][   T30] audit: type=1326 audit(1754522084.223:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6169 comm="syz.1.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  123.689692][ T5916] usb 1-1: USB disconnect, device number 5
[  123.706073][    C0] xbox_remote 1-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19
[  123.839253][ T6189] netlink: 'syz.4.60': attribute type 1 has an invalid length.
[  123.964953][ T6189] netlink: 144 bytes leftover after parsing attributes in process `syz.4.60'.
[  124.121600][ T6189] netlink: 28 bytes leftover after parsing attributes in process `syz.4.60'.
[  124.719555][ T6197] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[6197]
[  126.226218][   T30] audit: type=1326 audit(1754522087.233:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6205 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  126.349174][   T30] audit: type=1326 audit(1754522087.273:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6205 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  126.635186][ T6218] netlink: 'syz.3.67': attribute type 2 has an invalid length.
[  126.704940][ T6218] : entered promiscuous mode
[  127.205645][ T6225] overlayfs: statfs failed on './file0'
[  127.591142][   T43] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  127.810819][   T43] usb 3-1: Using ep0 maxpacket: 16
[  127.827159][ T6235] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[6235]
[  128.303877][   T43] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.304303][ T6239] netlink: 'syz.3.74': attribute type 1 has an invalid length.
[  128.346562][ T6240] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  128.390624][   T43] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.429381][   T43] usb 3-1: config 0 interface 0 has no altsetting 0
[  128.434288][ T6239] netlink: 144 bytes leftover after parsing attributes in process `syz.3.74'.
[  128.450527][   T43] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  128.470152][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.478381][ T6239] netlink: 28 bytes leftover after parsing attributes in process `syz.3.74'.
[  128.571127][   T43] usb 3-1: config 0 descriptor??
[  129.131146][ T5946] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  129.332023][ T5946] usb 2-1: Using ep0 maxpacket: 8
[  129.397771][ T5946] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  129.539897][ T5946] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  129.704777][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.761803][ T5946] usb 2-1: config 0 descriptor??
[  129.897731][   T43] usb 3-1: USB disconnect, device number 4
[  130.190102][ T5946] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  130.210491][ T6256] random: crng reseeded on system resumption
[  130.391289][ T5952] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  130.608322][ T5952] usb 1-1: Using ep0 maxpacket: 16
[  130.670887][ T6269] cgroup: Invalid name
[  130.685192][ T6268] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  130.760160][ T6269] program syz.2.80 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  130.863527][ T6268] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  130.910496][ T5952] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.968570][ T5952] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  131.013969][ T6268] netlink: 60 bytes leftover after parsing attributes in process `syz.1.77'.
[  131.169903][ T5952] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  131.189831][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.207506][ T5952] usb 1-1: Product: syz
[  131.212250][ T5952] usb 1-1: Manufacturer: syz
[  131.217035][ T5952] usb 1-1: SerialNumber: syz
[  131.444232][ T5952] usb 1-1: 0:2 : does not exist
[  131.487217][ T5952] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  131.605070][ T6281] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  131.636312][ T5952] usb 1-1: USB disconnect, device number 6
[  131.786449][ T6009] udevd[6009]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  132.077456][ T6288] FAULT_INJECTION: forcing a failure.
[  132.077456][ T6288] name failslab, interval 1, probability 0, space 0, times 0
[  132.090350][ T6288] CPU: 0 UID: 0 PID: 6288 Comm: syz.3.84 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  132.090378][ T6288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  132.090399][ T6288] Call Trace:
[  132.090413][ T6288]  <TASK>
[  132.090429][ T6288]  dump_stack_lvl+0x189/0x250
[  132.090458][ T6288]  ? irqentry_exit+0x74/0x90
[  132.090484][ T6288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.090529][ T6288]  should_fail_ex+0x414/0x560
[  132.090558][ T6288]  should_failslab+0xa8/0x100
[  132.090584][ T6288]  __kmalloc_noprof+0xcb/0x4f0
[  132.090604][ T6288]  ? kfree+0x4d/0x440
[  132.090634][ T6288]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  132.090669][ T6288]  tomoyo_realpath_from_path+0xe3/0x5d0
[  132.090701][ T6288]  ? tomoyo_domain+0xda/0x130
[  132.090748][ T6288]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  132.090772][ T6288]  tomoyo_path_number_perm+0x1e8/0x5a0
[  132.090800][ T6288]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  132.090824][ T6288]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  132.090858][ T6288]  ? trace_irq_disable+0x37/0x110
[  132.090888][ T6288]  ? preempt_schedule_irq+0xde/0x150
[  132.090928][ T6288]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  132.090986][ T6288]  ? __rcu_read_unlock+0x84/0xe0
[  132.091017][ T6288]  ? __fget_files+0x2a/0x420
[  132.091041][ T6288]  ? __fget_files+0x3a0/0x420
[  132.091064][ T6288]  ? __fget_files+0x2a/0x420
[  132.091093][ T6288]  security_file_ioctl+0xcb/0x2d0
[  132.091122][ T6288]  __se_sys_ioctl+0x47/0x170
[  132.091158][ T6288]  do_syscall_64+0xfa/0x3b0
[  132.091185][ T6288]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.091206][ T6288]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  132.091227][ T6288]  ? clear_bhb_loop+0x60/0xb0
[  132.091254][ T6288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.091276][ T6288] RIP: 0033:0x7f741738ebe9
[  132.091301][ T6288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.091319][ T6288] RSP: 002b:00007f7418123038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  132.091342][ T6288] RAX: ffffffffffffffda RBX: 00007f74175b6180 RCX: 00007f741738ebe9
[  132.091358][ T6288] RDX: 0000200000000340 RSI: 0000000080184132 RDI: 0000000000000009
[  132.091372][ T6288] RBP: 00007f7418123090 R08: 0000000000000000 R09: 0000000000000000
[  132.091385][ T6288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  132.091397][ T6288] R13: 00007f74175b6218 R14: 00007f74175b6180 R15: 00007ffc808597d8
[  132.091438][ T6288]  </TASK>
[  132.341568][ T6288] ERROR: Out of memory at tomoyo_realpath_from_path.
[  132.517159][ T6289] netlink: 'syz.4.83': attribute type 1 has an invalid length.
[  132.666935][ T6290] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  132.921088][ T5916] usb 2-1: USB disconnect, device number 2
[  134.682427][ T6312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.92'.
[  134.691379][ T6312] netlink: 24 bytes leftover after parsing attributes in process `syz.1.92'.
[  134.700624][ T6312] netlink: 8 bytes leftover after parsing attributes in process `syz.1.92'.
[  134.711176][ T6312] netlink: 24 bytes leftover after parsing attributes in process `syz.1.92'.
[  135.041283][ T5970] usb 3-1: new low-speed USB device number 5 using dummy_hcd
[  135.296810][ T6311] nvme_fabrics: missing parameter 'transport=%s'
[  135.426012][ T6312] sctp: failed to load transform for md5: -2
[  135.456001][ T6311] nvme_fabrics: missing parameter 'nqn=%s'
[  135.593843][ T5970] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  135.782710][ T5970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.222192][ T5970] usb 3-1: config 0 descriptor??
[  136.932894][   T43] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  136.983806][ T6335] netlink: 16 bytes leftover after parsing attributes in process `syz.2.91'.
[  136.994399][ T6335] netlink: 4 bytes leftover after parsing attributes in process `syz.2.91'.
[  137.005056][ T6335] netlink: 16 bytes leftover after parsing attributes in process `syz.2.91'.
[  137.014138][ T6335] netlink: 20 bytes leftover after parsing attributes in process `syz.2.91'.
[  137.231065][ T5970] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  137.307107][ T5970] asix 3-1:0.0: probe with driver asix failed with error -61
[  137.334491][ T6337] xt_l2tp: invalid flags combination: 8
[  137.387763][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  137.419377][ T6339] netlink: 92 bytes leftover after parsing attributes in process `syz.4.96'.
[  137.428728][ T6339] netlink: 31 bytes leftover after parsing attributes in process `syz.4.96'.
[  138.002939][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  138.278384][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  138.285071][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  138.315757][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  138.377047][   T43] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  138.667237][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.687929][   T43] usb 4-1: config 0 descriptor??
[  138.701369][ T5916] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  138.764430][ T6352] ubi31: attaching mtd0
[  138.773631][ T6352] ubi31: scanning is finished
[  138.778449][ T6352] ubi31: empty MTD device detected
[  139.400141][ T5952] usb 3-1: USB disconnect, device number 5
[  139.608575][ T6356] bridge0: entered promiscuous mode
[  139.614660][ T6356] macvlan2: entered promiscuous mode
[  139.675238][ T6352] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  139.680840][ T5916] usb 1-1: Using ep0 maxpacket: 32
[  139.683260][ T6352] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  139.693074][ T5916] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  139.695669][ T6352] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  139.703694][ T5916] usb 1-1: config 0 has no interface number 0
[  139.710681][ T6352] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  139.710787][ T6352] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  139.710808][ T6352] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  139.741540][ T6352] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3135044557
[  139.752506][ T6352] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  139.763517][ T6357] ubi31: background thread "ubi_bgt31d" started, PID 6357
[  139.784944][ T5916] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  139.797709][   T43] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  139.838906][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  139.866629][ T5916] usb 1-1: Product: syz
[  139.880978][ T5916] usb 1-1: Manufacturer: syz
[  139.893624][ T6359] netlink: 300 bytes leftover after parsing attributes in process `syz.4.99'.
[  139.902937][ T5916] usb 1-1: SerialNumber: syz
[  139.915076][ T5916] usb 1-1: config 0 descriptor??
[  139.937301][ T5916] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  140.133589][ T6362] netlink: 'syz.2.101': attribute type 1 has an invalid length.
[  140.213336][ T6364] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  140.480628][ T6334] netlink: 40 bytes leftover after parsing attributes in process `syz.3.95'.
[  140.529562][ T5916] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  140.611489][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  140.867308][ T5916] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  140.995947][ T5916] usb 1-1: USB disconnect, device number 7
[  141.012469][ T5821] usb 4-1: reset high-speed USB device number 4 using dummy_hcd
[  141.082838][ T5916] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  141.149698][ T5916] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  141.187457][ T5916] quatech2 1-1:0.51: device disconnected
[  141.711425][ T6369] syz.0.103 uses obsolete (PF_INET,SOCK_PACKET)
[  141.944451][ T6372] netlink: 'syz.1.104': attribute type 1 has an invalid length.
[  141.953244][ T6372] netlink: 224 bytes leftover after parsing attributes in process `syz.1.104'.
[  142.027401][ T5952] usb 4-1: USB disconnect, device number 4
[  142.030987][ T5834] IPVS: starting estimator thread 0...
[  142.521803][ T6376] IPVS: using max 22 ests per chain, 52800 per kthread
[  142.685118][ T6379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.105'.
[  143.008665][ T6379] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  143.026617][ T6379] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.036702][ T6379] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  143.071662][ T6379] batman_adv: batadv0: Removing interface: batadv_slave_1
[  143.182738][ T6385] netlink: set zone limit has 4 unknown bytes
[  143.693953][ T6404] netlink: 'syz.2.111': attribute type 10 has an invalid length.
[  144.539092][ T6404] team0: Device ipvlan1 failed to register rx_handler
[  144.614649][ T6404] syz.2.111 (6404) used greatest stack depth: 19496 bytes left
[  144.687912][ T6408] netlink: 'syz.3.112': attribute type 1 has an invalid length.
[  144.762155][ T6409] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  145.391091][ T5915] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  145.462630][    C0] raw-gadget.0 gadget.2: ignoring, device is not running
[  145.616427][ T5915] usb 3-1: device descriptor read/64, error -32
[  146.022615][ T6418] xt_CONNSECMARK: invalid mode: 0
[  146.040916][ T5915] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  146.420584][ T6424] netlink: 4 bytes leftover after parsing attributes in process `syz.4.117'.
[  146.430804][ T6424] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  146.440579][ T6424] batman_adv: batadv0: Removing interface: batadv_slave_0
[  146.700937][ T5915] usb 3-1: Using ep0 maxpacket: 32
[  146.709681][ T5915] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  146.728399][ T5915] usb 3-1: config 0 has no interface number 0
[  146.740090][ T6424] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  146.752208][ T5915] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  146.761859][ T6424] batman_adv: batadv0: Removing interface: batadv_slave_1
[  146.769252][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.802045][ T5915] usb 3-1: Product: syz
[  146.822779][ T5915] usb 3-1: Manufacturer: syz
[  146.874100][ T5915] usb 3-1: SerialNumber: syz
[  146.926295][ T5915] usb 3-1: config 0 descriptor??
[  146.939118][ T5915] smsc95xx v2.0.0
[  147.339352][ T6432] netlink: 300 bytes leftover after parsing attributes in process `syz.1.119'.
[  147.435475][ T6434] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  147.972073][ T5915] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71
[  147.991615][ T5915] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  148.010317][ T5915] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  148.044441][ T5915] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  148.079088][ T5915] usb 3-1: USB disconnect, device number 7
[  148.423623][   T30] audit: type=1326 audit(1754522109.423:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6442 comm="syz.0.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  148.548757][   T30] audit: type=1326 audit(1754522109.433:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6442 comm="syz.0.123" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  148.671009][   T43] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  148.697499][ T6448] tipc: Started in network mode
[  148.725435][ T6448] tipc: Node identity 263ff0f20d14, cluster identity 4711
[  148.781237][ T6448] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  148.952119][ T6451] syzkaller0: entered promiscuous mode
[  148.954107][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  148.968926][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  148.980854][   T43] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00
[  148.990769][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.172158][ T6451] syzkaller0: entered allmulticast mode
[  149.728504][   T43] usb 4-1: config 0 descriptor??
[  149.818511][ T5834] tipc: Node number set to 724300018
[  149.980261][ T6448] syzkaller0: mtu greater than device maximum
[  150.014628][ T6447] tipc: Resetting bearer <eth:syzkaller0>
[  150.137343][ T6456] netlink: 'syz.2.126': attribute type 1 has an invalid length.
[  150.208001][ T6457] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  150.222660][ T6447] tipc: Disabling bearer <eth:syzkaller0>
[  150.240151][   T43] elo 0003:04E7:0030.0004: item fetching failed at offset 5/7
[  150.911682][   T43] elo 0003:04E7:0030.0004: parse failed
[  150.917686][   T43] elo 0003:04E7:0030.0004: probe with driver elo failed with error -22
[  151.025769][ T6461] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  151.439977][ T6467] xt_CONNSECMARK: invalid mode: 0
[  152.049164][ T6464] random: crng reseeded on system resumption
[  152.358781][ T5821] usb 4-1: USB disconnect, device number 5
[  152.796091][   T30] audit: type=1326 audit(1754522113.763:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6484 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb9478ebe9 code=0x7ffc0000
[  153.576721][   T30] audit: type=1326 audit(1754522113.763:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6484 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7feb9478ebe9 code=0x7ffc0000
[  154.722483][ T6505] netlink: 'syz.4.139': attribute type 1 has an invalid length.
[  154.806911][ T6507] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  156.808263][ T6523] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  157.090540][ T6526] netlink: 48 bytes leftover after parsing attributes in process `syz.1.143'.
[  157.593411][ T6529] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  157.933328][   T30] audit: type=1326 audit(1754522118.933:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6534 comm="syz.3.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  158.124211][   T30] audit: type=1326 audit(1754522118.933:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6534 comm="syz.3.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  158.218084][ T6545] warning: `syz.1.149' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  159.432892][ T6559] binder: BC_ATTEMPT_ACQUIRE not supported
[  159.445474][ T6559] binder: 6555:6559 ioctl c0306201 2000000001c0 returned -22
[  160.134075][ T5821] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  160.365240][ T5821] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.403459][ T5821] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  160.466775][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  160.540011][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  160.571389][ T5821] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  160.592379][ T5821] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  160.601976][ T5821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  160.611560][ T5821] usb 2-1: Product: syz
[  160.620899][ T5821] usb 2-1: Manufacturer: syz
[  160.628984][ T5821] usb 2-1: SerialNumber: syz
[  160.641601][ T5821] usb 2-1: config 0 descriptor??
[  161.535325][ T5821] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -32
[  161.553789][ T5821] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[  161.671977][ T6574] netlink: 44 bytes leftover after parsing attributes in process `syz.2.158'.
[  161.814937][ T5821] usb 2-1: USB disconnect, device number 3
[  162.209093][   T30] audit: type=1326 audit(1754522123.213:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6586 comm="syz.0.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  162.282470][   T30] audit: type=1326 audit(1754522123.243:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6586 comm="syz.0.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  162.431282][ T5821] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  162.601210][ T5821] usb 3-1: Using ep0 maxpacket: 8
[  162.611868][ T5821] usb 3-1: config 0 has no interfaces?
[  162.621784][ T5821] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=a9.dc
[  162.643679][ T5821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.671089][ T5821] usb 3-1: Product: syz
[  162.677544][ T5821] usb 3-1: Manufacturer: syz
[  162.686680][ T5821] usb 3-1: SerialNumber: syz
[  162.707549][ T5821] r8152-cfgselector 3-1: Unknown version 0x0000
[  162.718105][ T6598] fuse: Unknown parameter 'groEÄCup_00000000000000000000'
[  162.818037][ T5821] r8152-cfgselector 3-1: config 0 descriptor??
[  162.844742][ T6601] netlink: 4 bytes leftover after parsing attributes in process `syz.4.165'.
[  163.034671][ T6591] netlink: 'syz.2.162': attribute type 4 has an invalid length.
[  163.060471][ T6591] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.162'.
[  163.624796][ T6612] netlink: 4 bytes leftover after parsing attributes in process `syz.1.168'.
[  164.108752][ T6623] netlink: 40 bytes leftover after parsing attributes in process `syz.4.171'.
[  164.385453][ T6628] netlink: 16 bytes leftover after parsing attributes in process `syz.1.172'.
[  165.230286][ T6633] netlink: 24 bytes leftover after parsing attributes in process `syz.0.170'.
[  165.503337][ T5834] r8152-cfgselector 3-1: USB disconnect, device number 8
[  165.530925][ T5821] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  165.603361][ T6639] netlink: 100 bytes leftover after parsing attributes in process `syz.3.175'.
[  166.296600][ T6640] xt_CONNSECMARK: invalid mode: 0
[  166.350841][ T5821] usb 2-1: Using ep0 maxpacket: 16
[  166.363393][ T6642] binder: 6641:6642 ioctl c0306201 0 returned -14
[  166.366634][ T5821] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=d3.06
[  166.386248][ T5821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67
[  166.395109][ T5821] usb 2-1: Product: syz
[  166.400170][ T5821] usb 2-1: Manufacturer: syz
[  166.407530][ T5821] usb 2-1: SerialNumber: syz
[  166.563069][ T5821] r8152-cfgselector 2-1: Unknown version 0x0000
[  166.570658][ T5821] r8152-cfgselector 2-1: config 0 descriptor??
[  166.806491][ T6631] netlink: 24 bytes leftover after parsing attributes in process `syz.1.174'.
[  166.831468][ T6631] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  166.905855][ T6645] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  166.945799][ T6645] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  167.030471][ T6631] binder: 6630:6631 ioctl c0306201 200000000340 returned -14
[  167.095462][ T5821] r8152-cfgselector 2-1: Unknown version 0x0000
[  167.114663][ T5821] r8152-cfgselector 2-1: bad CDC descriptors
[  167.177098][ T5821] r8152-cfgselector 2-1: USB disconnect, device number 4
[  168.142625][   T30] audit: type=1326 audit(1754522129.143:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6652 comm="syz.0.179" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x0
[  169.000305][ T6667] netlink: 'syz.1.183': attribute type 1 has an invalid length.
[  169.008883][ T6667] netlink: 'syz.1.183': attribute type 4 has an invalid length.
[  169.017048][ T6667] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.183'.
[  169.601635][ T6667] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  169.718454][ T5835] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  169.738179][ T5835] Bluetooth: hci4: Injecting HCI hardware error event
[  169.746289][ T5835] Bluetooth: hci4: hardware error 0x00
[  171.347663][ T6685] binder: 6684:6685 ioctl c0306201 0 returned -14
[  172.072428][ T5835] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  174.036930][ T6724] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  174.251090][ T5970] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  174.660908][ T5970] usb 5-1: Using ep0 maxpacket: 32
[  174.827294][ T5970] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  174.997818][ T5970] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  175.010097][ T5970] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.054264][ T5970] usb 5-1: Product: syz
[  175.069539][ T5970] usb 5-1: Manufacturer: syz
[  175.085084][ T5970] usb 5-1: SerialNumber: syz
[  175.099185][ T5970] usb 5-1: config 0 descriptor??
[  175.124387][ T6718] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  175.175224][ T5970] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input9
[  175.404405][ T5970] usb 5-1: USB disconnect, device number 4
[  175.405979][ T6741] netlink: 'syz.2.201': attribute type 1 has an invalid length.
[  175.410425][    C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  175.485610][ T6741] netlink: 144 bytes leftover after parsing attributes in process `syz.2.201'.
[  175.527441][ T6741] netlink: 28 bytes leftover after parsing attributes in process `syz.2.201'.
[  179.011663][ T6776] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  179.198587][   T30] audit: type=1326 audit(1754522140.203:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  179.242699][   T30] audit: type=1326 audit(1754522140.203:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  179.266841][   T30] audit: type=1326 audit(1754522140.203:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  179.295356][   T30] audit: type=1326 audit(1754522140.203:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  179.578839][ T6783] netlink: 'syz.4.213': attribute type 1 has an invalid length.
[  179.586761][ T6783] netlink: 'syz.4.213': attribute type 4 has an invalid length.
[  179.595619][ T6783] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.213'.
[  179.775443][ T6783] ceph: No mds server is up or the cluster is laggy
[  179.788173][ T5834] libceph: connect (1)[c::]:6789 error -101
[  180.144962][   T30] audit: type=1326 audit(1754522140.203:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  180.170884][   T30] audit: type=1326 audit(1754522140.203:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  180.210220][ T5834] libceph: mon0 (1)[c::]:6789 connect error
[  180.220236][   T30] audit: type=1326 audit(1754522140.203:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  180.220286][   T30] audit: type=1326 audit(1754522140.203:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  180.220329][   T30] audit: type=1326 audit(1754522140.203:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  180.220371][   T30] audit: type=1326 audit(1754522140.203:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6777 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  181.201940][ T6796] sctp: [Deprecated]: syz.1.216 (pid 6796) Use of struct sctp_assoc_value in delayed_ack socket option.
[  181.201940][ T6796] Use struct sctp_sack_info instead
[  184.511684][ T5821] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  185.079660][ T6855] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  185.175636][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.206946][ T5821] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.237022][ T5821] usb 2-1: New USB device found, idVendor=046d, idProduct=c51b, bcdDevice= 0.00
[  185.271443][ T5821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.332070][ T5821] usb 2-1: config 0 descriptor??
[  186.091595][ T6868] bridge0: entered promiscuous mode
[  186.099663][ T6868] macvlan2: entered promiscuous mode
[  186.572761][ T5821] usbhid 2-1:0.0: can't add hid device: -71
[  186.578836][ T5821] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  186.651230][ T5821] usb 2-1: USB disconnect, device number 5
[  187.691480][ T5821] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  187.936314][ T6890] random: crng reseeded on system resumption
[  188.092501][ T5821] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 41407, setting to 1024
[  188.124419][ T5821] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  188.149915][ T5821] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  188.205938][ T5821] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  188.224274][ T5821] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.240069][ T5821] usb 1-1: Product: syz
[  188.249560][ T5821] usb 1-1: Manufacturer: syz
[  188.255133][ T5821] usb 1-1: SerialNumber: syz
[  188.279024][ T6886] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  188.296536][ T5821] hub 1-1:1.0: bad descriptor, ignoring hub
[  188.312626][ T5916] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  188.313441][ T5821] hub 1-1:1.0: probe with driver hub failed with error -5
[  188.502808][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  188.534433][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  188.559083][ T5916] usb 3-1: New USB device found, idVendor=1a34, idProduct=6f05, bcdDevice=8e.7b
[  188.579245][ T5916] usb 3-1: New USB device strings: Mfr=176, Product=0, SerialNumber=0
[  188.590783][ T5916] usb 3-1: Manufacturer: syz
[  188.610584][ T5916] usb 3-1: config 0 descriptor??
[  188.657620][ T5821] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  188.834901][ T6899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  188.852057][ T6899] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  188.885710][ T5970] usb 1-1: USB disconnect, device number 8
[  188.909279][ T5970] usblp0: removed
[  188.916634][ T6917] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  189.522911][ T6924] comedi comedi2: fl512: I/O port conflict (0x10,16)
[  191.241436][ T5821] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  191.259304][ T6932] loop4: detected capacity change from 0 to 524255232
[  191.454294][ T5916] usbhid 3-1:0.0: can't add hid device: -71
[  191.456945][ T5821] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  191.497906][ T5916] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  191.505992][ T5821] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  191.564021][ T5821] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  191.566405][ T5916] usb 3-1: USB disconnect, device number 9
[  191.618104][ T5821] usb 2-1: config 1 has no interface number 1
[  191.641225][ T5821] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  191.708020][ T5821] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  191.782121][ T5821] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  192.630791][ T5821] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.638963][ T5821] usb 2-1: Product: syz
[  192.760908][ T5821] usb 2-1: Manufacturer: syz
[  192.780319][ T5821] usb 2-1: SerialNumber: syz
[  193.177773][ T6953] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  193.878709][ T6953] syzkaller0: entered promiscuous mode
[  193.891703][ T6953] syzkaller0: entered allmulticast mode
[  193.977270][ T5821] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  193.985059][ T5821] usb 2-1: MIDIStreaming interface descriptor not found
[  194.371681][ T5821] usb 2-1: USB disconnect, device number 6
[  194.396649][ T6953] tipc: Resetting bearer <eth:syzkaller0>
[  194.462585][ T6952] tipc: Resetting bearer <eth:syzkaller0>
[  194.481168][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  195.103115][ T6952] tipc: Disabling bearer <eth:syzkaller0>
[  195.733246][ T6979] syz.4.254: attempt to access beyond end of device
[  195.733246][ T6979] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  195.749438][ T6979] syz.4.254: attempt to access beyond end of device
[  195.749438][ T6979] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  195.762859][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  195.774429][ T6979] syz.4.254: attempt to access beyond end of device
[  195.774429][ T6979] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  195.787877][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  195.804160][ T6979] syz.4.254: attempt to access beyond end of device
[  195.804160][ T6979] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  195.818464][ T6979] syz.4.254: attempt to access beyond end of device
[  195.818464][ T6979] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  195.861246][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  195.872081][ T6979] syz.4.254: attempt to access beyond end of device
[  195.872081][ T6979] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  195.885764][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  195.899851][ T6979] syz.4.254: attempt to access beyond end of device
[  195.899851][ T6979] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  195.915058][ T6979] syz.4.254: attempt to access beyond end of device
[  195.915058][ T6979] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  195.928566][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  195.939768][ T6979] syz.4.254: attempt to access beyond end of device
[  195.939768][ T6979] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  195.953340][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  195.966254][ T6979] syz.4.254: attempt to access beyond end of device
[  195.966254][ T6979] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  195.980754][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  196.004574][ T6979] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  196.014350][ T6979] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  197.581717][ T7004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.262'.
[  197.811195][   T43] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  198.169053][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  198.284484][   T43] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  198.476219][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.536163][   T43] usb 3-1: config 0 descriptor??
[  198.569114][ T7007] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  198.678688][ T7014] xt_CONNSECMARK: invalid mode: 0
[  199.095972][   T43] elan 0003:04F3:0755.0005: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  199.306047][ T7007] netlink: 28 bytes leftover after parsing attributes in process `syz.2.264'.
[  199.410934][ T7007] netlink: 28 bytes leftover after parsing attributes in process `syz.2.264'.
[  199.594783][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  200.071270][ T7007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.140699][ T7007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.270930][   T43] usb 3-1: reset full-speed USB device number 10 using dummy_hcd
[  201.192315][ T7042] bridge0: entered promiscuous mode
[  201.199271][ T7042] macvlan2: entered promiscuous mode
[  203.239482][ T7069] macvlan3: entered promiscuous mode
[  203.418112][ T7068] bridge0: entered promiscuous mode
[  203.425542][ T7068] macvlan2: entered promiscuous mode
[  203.724364][ T5916] usb 3-1: USB disconnect, device number 10
[  203.910967][ T5835] Bluetooth: hci1: command tx timeout
[  206.574665][ T7094] netlink: 'syz.1.288': attribute type 1 has an invalid length.
[  206.613882][ T7094] netlink: 184 bytes leftover after parsing attributes in process `syz.1.288'.
[  206.631330][ T5970] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  206.657663][ T7094] netlink: 'syz.1.288': attribute type 1 has an invalid length.
[  206.691133][ T7096] netlink: 'syz.4.289': attribute type 26 has an invalid length.
[  206.899692][ T7088] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.901985][ T7088] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  207.030829][ T5821] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  207.263964][ T5821] usb 5-1: Using ep0 maxpacket: 8
[  207.384186][ T5821] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.403998][ T5970] usb 4-1: unable to get BOS descriptor or descriptor too short
[  207.413942][ T5821] usb 5-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6
[  207.425581][ T5970] usb 4-1: no configurations
[  207.430244][ T5970] usb 4-1: can't read configurations, error -22
[  207.445534][ T5821] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.471702][ T5821] usb 5-1: config 0 descriptor??
[  207.819758][ T7109] mkiss: ax0: crc mode is auto.
[  207.917304][ T7112] netlink: 44 bytes leftover after parsing attributes in process `syz.0.292'.
[  208.060617][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.390175][ T5834] usb 5-1: USB disconnect, device number 5
[  208.595692][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.632248][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.641947][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.655020][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.679259][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.699666][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.733733][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.748617][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.758121][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.767975][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.780247][ T7111] program syz.1.293 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  208.820864][ T5916] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  208.973743][ T5916] usb 3-1: Using ep0 maxpacket: 8
[  209.044417][ T5916] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[  209.185892][ T5916] usb 3-1: config 0 has no interface number 0
[  209.526062][ T5916] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  209.537709][ T5916] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  209.672881][ T5916] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  209.729062][ T5916] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  209.921065][ T5916] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  209.931429][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.954818][ T5916] usb 3-1: config 0 descriptor??
[  209.968787][ T5916] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  210.159815][ T7133] macvlan3: entered promiscuous mode
[  210.855460][ T7136] netlink: 'syz.4.301': attribute type 1 has an invalid length.
[  210.855507][ T7136] netlink: 184 bytes leftover after parsing attributes in process `syz.4.301'.
[  210.855526][ T7136] netlink: 'syz.4.301': attribute type 1 has an invalid length.
[  210.951167][ T7137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  210.951473][ T7137] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  211.150793][ T5834] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  211.305328][ T5834] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 41407, setting to 1024
[  211.305368][ T5834] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  211.305395][ T5834] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  211.331005][ T5834] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  211.331088][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.331112][ T5834] usb 4-1: Product: syz
[  211.331130][ T5834] usb 4-1: Manufacturer: syz
[  211.331147][ T5834] usb 4-1: SerialNumber: syz
[  211.339787][ T7134] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  211.350170][ T5834] hub 4-1:1.0: bad descriptor, ignoring hub
[  211.350202][ T5834] hub 4-1:1.0: probe with driver hub failed with error -5
[  211.561588][ T5834] usblp 4-1:1.0: usblp1: USB Unidirectional printer dev 8 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  211.871636][ T5916] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  212.020812][ T5916] usb 2-1: Using ep0 maxpacket: 32
[  212.023796][ T5916] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  212.044247][ T5821] usb 4-1: USB disconnect, device number 8
[  212.048308][ T5916] usb 2-1: too many endpoints for config 0 interface 0 altsetting 5: 69, using maximum allowed: 30
[  212.121587][ T5821] usblp1: removed
[  212.129288][ T5916] usb 2-1: config 0 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 69
[  212.174788][ T5916] usb 2-1: config 0 interface 0 has no altsetting 1
[  212.187418][ T5821] usb 3-1: USB disconnect, device number 11
[  212.207380][ T5821] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[  212.239403][ T5916] usb 2-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  212.265271][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  212.278460][ T5916] usb 2-1: SerialNumber: syz
[  212.310836][ T5916] usb 2-1: config 0 descriptor??
[  212.341695][ T5916] usb-storage 2-1:0.0: USB Mass Storage device detected
[  212.379024][ T5916] usb-storage 2-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  213.019348][ T7143] netlink: 12 bytes leftover after parsing attributes in process `syz.1.303'.
[  214.152692][ T7158] pim6reg: entered allmulticast mode
[  214.159518][ T7159] pim6reg: left allmulticast mode
[  215.534746][ T7172] netlink: 'syz.0.307': attribute type 1 has an invalid length.
[  215.619575][ T7174] netlink: 16 bytes leftover after parsing attributes in process `syz.3.308'.
[  215.663333][ T7172] netlink: 'syz.0.307': attribute type 4 has an invalid length.
[  215.844081][ T7172] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.307'.
[  216.165202][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  216.165217][   T30] audit: type=1326 audit(1754522177.173:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7175 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  216.298739][   T30] audit: type=1326 audit(1754522177.173:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7175 comm="syz.3.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741738ebe9 code=0x7ffc0000
[  216.344982][ T5916] usb 2-1: USB disconnect, device number 7
[  217.079359][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[  217.079379][ T5843] Bluetooth: hci3: command 0x0406 tx timeout
[  217.079426][ T5843] Bluetooth: hci0: command 0x0406 tx timeout
[  217.086221][ T5835] Bluetooth: hci1: command 0x0406 tx timeout
[  219.275218][ T7196] macvlan3: entered promiscuous mode
[  219.709281][ T7198] bond0: Unable to set down delay as MII monitoring is disabled
[  220.285708][ T7209] netlink: 'syz.2.319': attribute type 21 has an invalid length.
[  220.297015][ T7209] netlink: 156 bytes leftover after parsing attributes in process `syz.2.319'.
[  220.468133][ T7210] netlink: 'syz.2.319': attribute type 21 has an invalid length.
[  220.476232][ T7210] netlink: 6 bytes leftover after parsing attributes in process `syz.2.319'.
[  220.621010][ T7210] overlayfs: missing 'lowerdir'
[  221.931811][ T7227] netlink: 16 bytes leftover after parsing attributes in process `syz.1.324'.
[  222.996838][ T7242] netlink: 'syz.3.329': attribute type 1 has an invalid length.
[  223.196305][ T7242] netlink: 184 bytes leftover after parsing attributes in process `syz.3.329'.
[  223.206077][ T7242] netlink: 'syz.3.329': attribute type 1 has an invalid length.
[  223.411975][ T7247] macvlan4: entered promiscuous mode
[  224.516909][ T7255] macvlan5: entered promiscuous mode
[  226.720938][ T7254] netlink: 'syz.3.333': attribute type 1 has an invalid length.
[  226.728889][ T7254] netlink: 224 bytes leftover after parsing attributes in process `syz.3.333'.
[  226.853172][ T7264] netlink: 'syz.0.335': attribute type 1 has an invalid length.
[  227.105148][ T7267] netlink: 16 bytes leftover after parsing attributes in process `syz.2.337'.
[  227.540216][ T7270] netlink: 'syz.1.336': attribute type 1 has an invalid length.
[  227.548096][ T7270] netlink: 'syz.1.336': attribute type 4 has an invalid length.
[  227.555917][ T7270] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.336'.
[  227.971756][ T7264] netlink: 144 bytes leftover after parsing attributes in process `syz.0.335'.
[  228.041874][ T7264] netlink: 28 bytes leftover after parsing attributes in process `syz.0.335'.
[  228.108261][ T7264] team0: No ports can be present during mode change
[  228.203763][ T7279] netlink: 'syz.1.339': attribute type 1 has an invalid length.
[  228.302171][ T7280] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  229.257939][ T7290] netlink: 'syz.0.343': attribute type 1 has an invalid length.
[  229.270886][ T7290] netlink: 184 bytes leftover after parsing attributes in process `syz.0.343'.
[  229.282860][ T7290] netlink: 'syz.0.343': attribute type 1 has an invalid length.
[  229.625079][ T7294] netlink: 300 bytes leftover after parsing attributes in process `syz.1.344'.
[  229.869398][ T7303] bridge1: the hash_elasticity option has been deprecated and is always 16
[  230.000990][ T5952] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  230.160797][ T5952] usb 5-1: Using ep0 maxpacket: 32
[  230.674612][ T7307] netlink: 'syz.2.349': attribute type 1 has an invalid length.
[  230.674683][ T7307] netlink: 'syz.2.349': attribute type 4 has an invalid length.
[  230.674728][ T7307] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.349'.
[  231.093198][ T5952] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  231.093236][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.093259][ T5952] usb 5-1: Product: syz
[  231.093277][ T5952] usb 5-1: Manufacturer: syz
[  231.093294][ T5952] usb 5-1: SerialNumber: syz
[  231.148809][ T5952] usb 5-1: config 0 descriptor??
[  231.165428][ T5952] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  231.306801][ T7314] netlink: 8 bytes leftover after parsing attributes in process `syz.3.352'.
[  231.958240][ T7297] binder: 7296:7297 ioctl c0306201 200000000640 returned -22
[  232.004820][ T7297] loop2: detected capacity change from 0 to 7
[  232.017558][ T7324] netlink: 'syz.2.353': attribute type 39 has an invalid length.
[  232.019354][ T7297] Dev loop2: unable to read RDB block 7
[  232.035597][ T7297]  loop2: AHDI p2 p3
[  232.040618][ T7297] loop2: partition table partially beyond EOD, truncated
[  232.049744][ T7297] loop2: p3 start 335544320 is beyond EOD, truncated
[  232.190243][ T5946] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  232.624940][ T5946] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  232.625255][ T5946] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  232.664513][ T5952] gspca_ov534_9: reg_w failed -110
[  232.755602][ T5946] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  232.775281][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.993104][ T5946] usb 2-1: config 0 descriptor??
[  233.010827][ T5952] gspca_ov534_9: Unknown sensor 0000
[  233.010918][ T5952] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22
[  233.061877][ T5952] usb 5-1: USB disconnect, device number 6
[  233.116751][ T7332] netlink: 'syz.0.356': attribute type 1 has an invalid length.
[  233.128125][ T7332] netlink: 184 bytes leftover after parsing attributes in process `syz.0.356'.
[  233.146826][ T7332] netlink: 'syz.0.356': attribute type 1 has an invalid length.
[  233.425195][ T5946] koneplus 0003:1E7D:2D51.0006: unknown main item tag 0x0
[  233.473916][ T5946] koneplus 0003:1E7D:2D51.0006: unknown main item tag 0x0
[  233.553106][ T5946] koneplus 0003:1E7D:2D51.0006: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.1-1/input0
[  233.748564][ T7344] binder: 7341:7344 ioctl c0306201 200000000540 returned -22
[  233.775766][ T7344] binder: 7341:7344 ioctl 89f8 200000000480 returned -22
[  234.578265][ T5946] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  234.840305][ T5915] usb 2-1: USB disconnect, device number 8
[  234.924919][ T5946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  234.966758][ T5946] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  235.040749][ T5946] usb 5-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[  235.121478][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.343924][ T7355] netlink: 'syz.0.362': attribute type 1 has an invalid length.
[  235.351725][ T7355] netlink: 'syz.0.362': attribute type 4 has an invalid length.
[  235.359418][ T7355] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.362'.
[  236.551002][ T7358] xt_CONNSECMARK: invalid mode: 0
[  236.575058][ T5946] usb 5-1: config 0 descriptor??
[  236.584997][ T7338] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  236.691268][ T5946] usb 5-1: can't set config #0, error -71
[  236.715349][ T5946] usb 5-1: USB disconnect, device number 7
[  237.180177][ T7365] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�z
[  237.296887][ T7366] random: crng reseeded on system resumption
[  237.954136][ T7375] netlink: 'syz.0.368': attribute type 1 has an invalid length.
[  237.977108][ T7375] netlink: 184 bytes leftover after parsing attributes in process `syz.0.368'.
[  238.014794][ T7375] netlink: 'syz.0.368': attribute type 1 has an invalid length.
[  238.262608][ T7379] bio_check_eod: 2 callbacks suppressed
[  238.262650][ T7379] syz.4.369: attempt to access beyond end of device
[  238.262650][ T7379] nbd4: rw=0, sector=64, nr_sectors = 1 limit=0
[  238.283032][ T7379] syz.4.369: attempt to access beyond end of device
[  238.283032][ T7379] nbd4: rw=0, sector=256, nr_sectors = 1 limit=0
[  238.296455][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  238.308127][ T7379] syz.4.369: attempt to access beyond end of device
[  238.308127][ T7379] nbd4: rw=0, sector=512, nr_sectors = 1 limit=0
[  238.321704][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  238.338235][ T7379] syz.4.369: attempt to access beyond end of device
[  238.338235][ T7379] nbd4: rw=0, sector=64, nr_sectors = 2 limit=0
[  238.352722][ T7379] syz.4.369: attempt to access beyond end of device
[  238.352722][ T7379] nbd4: rw=0, sector=512, nr_sectors = 2 limit=0
[  238.366407][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  238.377666][ T7379] syz.4.369: attempt to access beyond end of device
[  238.377666][ T7379] nbd4: rw=0, sector=1024, nr_sectors = 2 limit=0
[  238.391642][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  238.405767][ T7379] syz.4.369: attempt to access beyond end of device
[  238.405767][ T7379] nbd4: rw=0, sector=64, nr_sectors = 4 limit=0
[  238.419977][ T7379] syz.4.369: attempt to access beyond end of device
[  238.419977][ T7379] nbd4: rw=0, sector=1024, nr_sectors = 4 limit=0
[  238.433570][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  238.444150][ T7379] syz.4.369: attempt to access beyond end of device
[  238.444150][ T7379] nbd4: rw=0, sector=2048, nr_sectors = 4 limit=0
[  238.457599][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  238.470060][ T7379] syz.4.369: attempt to access beyond end of device
[  238.470060][ T7379] nbd4: rw=0, sector=64, nr_sectors = 8 limit=0
[  238.485611][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=256, location=256
[  238.496436][ T7379] UDF-fs: error (device nbd4): udf_read_tagged: read failed, block=512, location=512
[  238.506246][ T7379] UDF-fs: warning (device nbd4): udf_fill_super: No partition found (1)
[  239.477353][ T7394] 9pnet_fd: Insufficient options for proto=fd
[  240.330497][ T7401] xt_TPROXY: Can be used only with -p tcp or -p udp
[  241.533938][ T7421] netlink: 'syz.3.377': attribute type 1 has an invalid length.
[  241.541939][ T7421] netlink: 1202 bytes leftover after parsing attributes in process `syz.3.377'.
[  241.723486][ T7421] ceph: No mds server is up or the cluster is laggy
[  241.737266][ T5834] libceph: connect (1)[c::]:6789 error -101
[  242.201029][ T5834] libceph: mon0 (1)[c::]:6789 connect error
[  242.314936][ T7427] FAULT_INJECTION: forcing a failure.
[  242.314936][ T7427] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  242.383197][ T7427] CPU: 1 UID: 0 PID: 7427 Comm: syz.1.379 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  242.383226][ T7427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  242.383240][ T7427] Call Trace:
[  242.383248][ T7427]  <TASK>
[  242.383259][ T7427]  dump_stack_lvl+0x189/0x250
[  242.383302][ T7427]  ? __pfx____ratelimit+0x10/0x10
[  242.383326][ T7427]  ? __pfx_dump_stack_lvl+0x10/0x10
[  242.383356][ T7427]  ? __pfx__printk+0x10/0x10
[  242.383383][ T7427]  ? __might_fault+0xb0/0x130
[  242.383416][ T7427]  should_fail_ex+0x414/0x560
[  242.383446][ T7427]  strncpy_from_user+0x36/0x290
[  242.383484][ T7427]  getname_flags+0xf3/0x540
[  242.383513][ T7427]  __x64_sys_rename+0x5d/0x90
[  242.383536][ T7427]  do_syscall_64+0xfa/0x3b0
[  242.383559][ T7427]  ? lockdep_hardirqs_on+0x9c/0x150
[  242.383580][ T7427]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.383601][ T7427]  ? clear_bhb_loop+0x60/0xb0
[  242.383626][ T7427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.383644][ T7427] RIP: 0033:0x7f03c678ebe9
[  242.383663][ T7427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.383680][ T7427] RSP: 002b:00007f03c7603038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052
[  242.383701][ T7427] RAX: ffffffffffffffda RBX: 00007f03c69b5fa0 RCX: 00007f03c678ebe9
[  242.383717][ T7427] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000200000001300
[  242.383730][ T7427] RBP: 00007f03c7603090 R08: 0000000000000000 R09: 0000000000000000
[  242.383743][ T7427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  242.383754][ T7427] R13: 00007f03c69b6038 R14: 00007f03c69b5fa0 R15: 00007fff08def278
[  242.383786][ T7427]  </TASK>
[  243.002248][ T7432] xt_CONNSECMARK: invalid mode: 0
[  244.662954][ T7443] FAULT_INJECTION: forcing a failure.
[  244.662954][ T7443] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  244.676363][ T7443] CPU: 0 UID: 0 PID: 7443 Comm: syz.1.382 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  244.676397][ T7443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  244.676411][ T7443] Call Trace:
[  244.676420][ T7443]  <TASK>
[  244.676429][ T7443]  dump_stack_lvl+0x189/0x250
[  244.676459][ T7443]  ? __pfx____ratelimit+0x10/0x10
[  244.676484][ T7443]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.676509][ T7443]  ? __pfx__printk+0x10/0x10
[  244.676538][ T7443]  ? __might_fault+0xb0/0x130
[  244.676573][ T7443]  should_fail_ex+0x414/0x560
[  244.676601][ T7443]  _copy_from_user+0x2d/0xb0
[  244.676633][ T7443]  ___sys_sendmsg+0x158/0x2a0
[  244.676672][ T7443]  ? __pfx____sys_sendmsg+0x10/0x10
[  244.676746][ T7443]  ? __fget_files+0x2a/0x420
[  244.676770][ T7443]  ? __fget_files+0x3a0/0x420
[  244.676807][ T7443]  __x64_sys_sendmsg+0x19b/0x260
[  244.676844][ T7443]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  244.676890][ T7443]  ? __pfx_ksys_write+0x10/0x10
[  244.676909][ T7443]  ? rcu_is_watching+0x15/0xb0
[  244.676939][ T7443]  ? do_syscall_64+0xbe/0x3b0
[  244.676968][ T7443]  do_syscall_64+0xfa/0x3b0
[  244.676991][ T7443]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.677014][ T7443]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.677035][ T7443]  ? clear_bhb_loop+0x60/0xb0
[  244.677062][ T7443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.677084][ T7443] RIP: 0033:0x7f03c678ebe9
[  244.677103][ T7443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  244.677121][ T7443] RSP: 002b:00007f03c75c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.677144][ T7443] RAX: ffffffffffffffda RBX: 00007f03c69b6180 RCX: 00007f03c678ebe9
[  244.677160][ T7443] RDX: 0000000014040044 RSI: 0000200000000140 RDI: 0000000000000005
[  244.677174][ T7443] RBP: 00007f03c75c1090 R08: 0000000000000000 R09: 0000000000000000
[  244.677187][ T7443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.677199][ T7443] R13: 00007f03c69b6218 R14: 00007f03c69b6180 R15: 00007fff08def278
[  244.677233][ T7443]  </TASK>
[  244.889808][    C0] vkms_vblank_simulate: vblank timer overrun
[  245.438167][ T7452] netlink: 8 bytes leftover after parsing attributes in process `syz.1.386'.
[  245.705250][ T5916] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  245.791988][ T5915] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  245.966322][ T5916] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 41407, setting to 1024
[  246.078554][ T5915] usb 3-1: Using ep0 maxpacket: 16
[  246.081231][ T5916] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  246.277428][ T5916] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  246.281808][ T5915] usb 3-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice= 0.03
[  246.469891][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  246.531461][ T5916] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  246.533090][ T5915] usb 3-1: SerialNumber: syz
[  246.556641][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.576701][ T5915] usb 3-1: config 0 descriptor??
[  246.602971][ T5916] usb 1-1: Product: syz
[  246.607475][ T5916] usb 1-1: Manufacturer: syz
[  246.615825][ T5916] usb 1-1: SerialNumber: syz
[  246.669586][ T7449] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  246.688916][ T5916] hub 1-1:1.0: bad descriptor, ignoring hub
[  246.709770][ T5916] hub 1-1:1.0: probe with driver hub failed with error -5
[  247.045855][ T5916] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  247.910650][ T5916] usb 1-1: USB disconnect, device number 9
[  247.983353][ T5916] usblp0: removed
[  248.422033][ T5915] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  248.441428][ T5915] usb 3-1: Detected SIO
[  248.485550][ T5915] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  248.579730][ T5915] usb 3-1: USB disconnect, device number 12
[  249.231890][ T7484] binder: 7480:7484 ioctl c0306201 0 returned -14
[  249.416210][ T7487] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.392'.
[  249.817912][ T5915] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  250.207902][ T5915] ftdi_sio 3-1:0.0: device disconnected
[  250.352641][ T5952] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  250.676424][ T5952] usb 1-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00
[  250.690043][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.903271][ T5952] usb 1-1: Product: syz
[  250.915221][ T5952] usb 1-1: Manufacturer: syz
[  250.929812][ T5952] usb 1-1: SerialNumber: syz
[  250.955482][ T5952] usb 1-1: config 0 descriptor??
[  251.277029][ T5952] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  251.636053][ T5952] usb 1-1: Detected FT4232HP
[  251.655572][ T7510] sctp: [Deprecated]: syz.0.392 (pid 7510) Use of int in maxseg socket option.
[  251.655572][ T7510] Use struct sctp_assoc_value instead
[  251.742589][ T7513] loop7: detected capacity change from 0 to 16384
[  252.126560][ T5952] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  252.180492][ T5952] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  252.237263][ T5952] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  252.356432][ T5952] usb 1-1: USB disconnect, device number 10
[  252.545860][ T5952] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  252.573500][ T5952] ftdi_sio 1-1:0.0: device disconnected
[  253.274134][    C1] I/O error, dev loop7, sector 4608 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0
[  253.285157][ T7513] loop7: detected capacity change from 16384 to 0
[  253.304551][ T7515] bio_check_eod: 2 callbacks suppressed
[  253.304788][ T7515] syz.3.396: attempt to access beyond end of device
[  253.304788][ T7515] loop7: rw=0, sector=4608, nr_sectors = 8 limit=0
[  253.344966][ T7515] Buffer I/O error on dev loop7, logical block 576, async page read
[  253.367886][ T7515] syz.3.396: attempt to access beyond end of device
[  253.367886][ T7515] loop7: rw=0, sector=4616, nr_sectors = 8 limit=0
[  253.381957][ T7515] Buffer I/O error on dev loop7, logical block 577, async page read
[  253.392416][ T7515] syz.3.396: attempt to access beyond end of device
[  253.392416][ T7515] loop7: rw=0, sector=4624, nr_sectors = 8 limit=0
[  253.406111][ T7515] Buffer I/O error on dev loop7, logical block 578, async page read
[  253.419709][ T7515] syz.3.396: attempt to access beyond end of device
[  253.419709][ T7515] loop7: rw=0, sector=4632, nr_sectors = 8 limit=0
[  253.433271][ T7515] Buffer I/O error on dev loop7, logical block 579, async page read
[  256.001731][ T5153] Bluetooth: hci1: unexpected event for opcode 0x1005
[  257.649861][ T7554] binder: 7553:7554 ioctl c0306201 0 returned -14
[  257.849940][ T5915] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  257.861659][ T7537] syz.4.401 (7537) used greatest stack depth: 19280 bytes left
[  259.169968][ T7559] netlink: 'syz.0.405': attribute type 1 has an invalid length.
[  259.240854][ T5915] usb 4-1: Using ep0 maxpacket: 16
[  259.565011][ T5915] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.565129][ T5915] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  259.565155][ T5915] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  259.565185][ T5915] usb 4-1: config 0 interface 0 has no altsetting 0
[  259.565224][ T5915] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  259.565249][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.618087][ T5915] usb 4-1: config 0 descriptor??
[  260.374171][ T5915] usbhid 4-1:0.0: can't add hid device: -71
[  260.374451][ T5915] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  260.680795][ T5915] usb 4-1: USB disconnect, device number 9
[  261.069281][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  261.131534][ T5946] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  262.223728][ T5946] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 41407, setting to 1024
[  262.885052][ T5946] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024
[  262.897099][ T5946] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  262.921796][ T5946] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  262.937273][ T5946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.946220][ T5946] usb 1-1: Product: syz
[  262.950419][ T5946] usb 1-1: Manufacturer: syz
[  262.955734][ T5946] usb 1-1: SerialNumber: syz
[  262.966579][ T7578] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  262.975728][ T5946] hub 1-1:1.0: bad descriptor, ignoring hub
[  262.990295][ T5946] hub 1-1:1.0: probe with driver hub failed with error -5
[  263.712455][ T5946] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 11 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  264.130465][ T5946] usb 1-1: USB disconnect, device number 11
[  264.214865][ T5946] usblp0: removed
[  264.531292][ T7611] comedi comedi2: fl512: I/O port conflict (0x10,16)
[  265.170108][ T7606] binder: 7605:7606 ioctl c0306201 0 returned -14
[  266.982616][ T7633] comedi comedi2: dt2814: I/O port conflict (0xb000,2)
[  267.869396][   T30] audit: type=1326 audit(1754522228.833:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  268.065465][   T30] audit: type=1326 audit(1754522228.833:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  268.185016][   T30] audit: type=1326 audit(1754522228.833:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  268.780555][   T30] audit: type=1326 audit(1754522228.833:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  269.077551][   T30] audit: type=1326 audit(1754522228.843:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  269.114460][ T7665] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  269.120840][ T5952] IPVS: starting estimator thread 0...
[  269.260910][ T7661] IPVS: using max 28 ests per chain, 67200 per kthread
[  269.386178][ T7666] comedi comedi2: dt2814: I/O port conflict (0xb000,2)
[  269.713510][   T30] audit: type=1326 audit(1754522228.843:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  270.391663][   T30] audit: type=1326 audit(1754522228.843:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  270.453001][   T30] audit: type=1326 audit(1754522228.843:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  270.536126][   T30] audit: type=1326 audit(1754522228.843:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  270.569882][   T30] audit: type=1326 audit(1754522228.843:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7638 comm="syz.0.423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fceaab8ebe9 code=0x7ffc0000
[  270.735239][ T7675] binder: 7673:7675 ioctl c0306201 0 returned -14
[  272.635158][ T7690] netlink: 16 bytes leftover after parsing attributes in process `syz.0.432'.
[  273.042070][ T7696] block device autoloading is deprecated and will be removed.
[  273.391767][ T7697] xt_CONNSECMARK: invalid mode: 0
[  273.949819][ T7710] comedi comedi2: dt2814: I/O port conflict (0xb000,2)
[  274.328241][ T5946] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  274.611100][ T5946] usb 2-1: device descriptor read/64, error -71
[  274.647198][ T7713] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  274.838456][ T7714] dlm: plock device version mismatch: kernel (1.2.0), user (1.3.2)
[  275.130784][ T5946] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  275.261008][ T5946] usb 2-1: device descriptor read/64, error -71
[  275.371164][ T5946] usb usb2-port1: attempt power cycle
[  275.460955][ T5915] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  275.551670][ T7718] netlink: 'syz.2.439': attribute type 1 has an invalid length.
[  275.559387][ T7718] netlink: 'syz.2.439': attribute type 4 has an invalid length.
[  275.567217][ T7718] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.439'.
[  275.610865][ T5915] usb 5-1: Using ep0 maxpacket: 8
[  275.619056][ T5915] usb 5-1: config 2 has an invalid interface number: 175 but max is 0
[  275.720797][ T5946] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  275.789773][ T5915] usb 5-1: config 2 has no interface number 0
[  275.810137][ T5915] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=92.5b
[  275.834067][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.842777][ T5946] usb 2-1: device descriptor read/8, error -71
[  276.098264][ T5946] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  276.109826][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  276.109848][   T30] audit: type=1800 audit(1754522237.093:102): pid=7722 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.443" name="bus" dev="overlay" ino=502 res=0 errno=0
[  276.136570][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.442'.
[  276.146658][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.442'.
[  276.161824][ T5946] usb 2-1: device descriptor read/8, error -71
[  276.231978][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.442'.
[  276.280470][ T7725] netlink: 24 bytes leftover after parsing attributes in process `syz.2.444'.
[  276.295537][ T7725] openvswitch: netlink: Flow key attr not present in new flow.
[  276.301908][ T5946] usb usb2-port1: unable to enumerate USB device
[  276.310890][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.442'.
[  277.159899][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.442'.
[  277.238464][ T7716] netlink: 12 bytes leftover after parsing attributes in process `syz.4.442'.
[  277.314232][ T5915] usb 5-1: USB disconnect, device number 8
[  279.060767][ T5952] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  279.131466][ T5915] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  279.248516][ T5952] usb 4-1: unable to get BOS descriptor or descriptor too short
[  279.277844][ T5952] usb 4-1: not running at top speed; connect to a high speed hub
[  279.433946][ T5915] usb 5-1: device descriptor read/64, error -71
[  279.464532][ T5952] usb 4-1: config 219 has 1 interface, different from the descriptor's value: 2
[  279.494224][ T5952] usb 4-1: config 219 interface 0 has no altsetting 0
[  279.510147][ T5952] usb 4-1: config 219 interface 0 has no altsetting 1
[  279.526452][ T5952] usb 4-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e
[  279.540288][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.554114][ T5952] usb 4-1: Product: syz
[  279.558442][ T5952] usb 4-1: Manufacturer: syz
[  279.565741][ T5952] usb 4-1: SerialNumber: syz
[  279.582005][   T30] audit: type=1326 audit(1754522240.583:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  279.648529][   T30] audit: type=1326 audit(1754522240.593:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7755 comm="syz.1.452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c678ebe9 code=0x7ffc0000
[  279.701139][ T5915] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  279.842846][ T5915] usb 5-1: device descriptor read/64, error -71
[  279.894652][ T7759] binder: BC_ATTEMPT_ACQUIRE not supported
[  279.900647][ T7759] binder: 7758:7759 ioctl c0306201 2000000001c0 returned -22
[  279.945431][ T5952] usb 4-1: selecting invalid altsetting 0
[  279.962916][ T5915] usb usb5-port1: attempt power cycle
[  279.969600][ T5952] usb 4-1: selecting invalid altsetting 0
[  280.038750][ T5952] usb 4-1: USB disconnect, device number 10
[  280.189324][   T24] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  280.393978][ T7764] ptrace attach of "./syz-executor exec"[5833] was attempted by "./syz-executor exec"[7764]
[  280.421519][ T5915] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  280.463106][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  280.480777][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  280.482281][ T7766] /dev/nullb0: Can't open blockdev
[  280.501751][ T5915] usb 5-1: device descriptor read/8, error -71
[  280.517119][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  280.549376][ T7767] netlink: 8 bytes leftover after parsing attributes in process `syz.0.455'.
[  280.828147][ T6053] udevd[6053]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:219.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  280.860187][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  280.896642][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  280.972728][   T24] usb 2-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  281.007466][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  281.033409][   T24] usb 2-1: Product: syz
[  281.037688][   T24] usb 2-1: Manufacturer: syz
[  281.042786][   T24] usb 2-1: SerialNumber: syz
[  281.056049][   T24] usb 2-1: config 0 descriptor??
[  281.071011][ T5915] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  281.308172][ T5915] usb 5-1: device descriptor read/8, error -71
[  281.308606][   T24] radio-si470x 2-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  281.325042][   T24] radio-si470x 2-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  281.464324][ T7775] syz.2.458: attempt to access beyond end of device
[  281.464324][ T7775] nbd2: rw=0, sector=64, nr_sectors = 1 limit=0
[  281.479792][ T7775] syz.2.458: attempt to access beyond end of device
[  281.479792][ T7775] nbd2: rw=0, sector=256, nr_sectors = 1 limit=0
[  281.493410][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  281.505531][ T7775] syz.2.458: attempt to access beyond end of device
[  281.505531][ T7775] nbd2: rw=0, sector=512, nr_sectors = 1 limit=0
[  281.519470][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  281.536903][ T7775] syz.2.458: attempt to access beyond end of device
[  281.536903][ T7775] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[  281.600864][ T7775] syz.2.458: attempt to access beyond end of device
[  281.600864][ T7775] nbd2: rw=0, sector=512, nr_sectors = 2 limit=0
[  281.614433][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  281.625866][ T7775] syz.2.458: attempt to access beyond end of device
[  281.625866][ T7775] nbd2: rw=0, sector=1024, nr_sectors = 2 limit=0
[  281.639570][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  281.654717][ T7775] syz.2.458: attempt to access beyond end of device
[  281.654717][ T7775] nbd2: rw=0, sector=64, nr_sectors = 4 limit=0
[  281.669442][ T7775] syz.2.458: attempt to access beyond end of device
[  281.669442][ T7775] nbd2: rw=0, sector=1024, nr_sectors = 4 limit=0
[  281.683239][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  281.694439][ T7775] syz.2.458: attempt to access beyond end of device
[  281.694439][ T7775] nbd2: rw=0, sector=2048, nr_sectors = 4 limit=0
[  281.708178][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  281.727426][ T7775] syz.2.458: attempt to access beyond end of device
[  281.727426][ T7775] nbd2: rw=0, sector=64, nr_sectors = 8 limit=0
[  281.743090][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  281.754527][ T7775] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  281.764289][ T7775] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  281.831166][ T5821] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  281.840496][ T5915] usb usb5-port1: unable to enumerate USB device
[  281.851300][   T24] radio-si470x 2-1:0.0: si470x_get_report: usb_control_msg returned -110
[  281.870427][   T24] radio-si470x 2-1:0.0: si470x_get_scratch: si470x_get_report returned -110
[  281.892981][   T24] radio-si470x 2-1:0.0: probe with driver radio-si470x failed with error -5
[  282.116939][   T24] usb 2-1: USB disconnect, device number 13
[  282.165901][ T5821] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  282.165938][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.169322][ T5821] usb 1-1: config 0 descriptor??
[  282.442117][ T5970] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  282.642679][ T5821] usb 1-1: Cannot read MAC address
[  282.642839][ T5821] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  282.645404][ T5821] usb 1-1: USB disconnect, device number 12
[  282.831038][ T7790] macvlan4: entered promiscuous mode
[  283.457051][ T5970] usb 4-1: config 0 has an invalid interface number: 3 but max is 0
[  283.457086][ T5970] usb 4-1: config 0 has no interface number 0
[  283.457134][ T5970] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  283.457160][ T5970] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  283.457190][ T5970] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  283.457219][ T5970] usb 4-1: config 0 interface 3 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  283.457265][ T5970] usb 4-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59
[  283.457291][ T5970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  283.464299][ T5970] usb 4-1: config 0 descriptor??
[  283.496188][ T5970] hub 4-1:0.3: bad descriptor, ignoring hub
[  283.496221][ T5970] hub 4-1:0.3: probe with driver hub failed with error -5
[  283.522502][ T5970] sierra 4-1:0.3: Sierra USB modem converter detected
[  283.704255][ T5821] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  283.777560][ T5970] usb 4-1: Sierra USB modem converter now attached to ttyUSB0
[  283.839023][ T5970] usb 4-1: Sierra USB modem converter now attached to ttyUSB1
[  283.891790][ T5970] usb 4-1: USB disconnect, device number 11
[  283.893428][ T5821] usb 5-1: Using ep0 maxpacket: 32
[  283.924654][ T5970] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  283.930189][ T5821] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  283.956057][ T5970] sierra ttyUSB1: Sierra USB modem converter now disconnected from ttyUSB1
[  283.958313][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.973907][ T5970] sierra 4-1:0.3: device disconnected
[  283.988666][ T5821] usb 5-1: Product: syz
[  284.008048][ T5821] usb 5-1: Manufacturer: syz
[  284.033572][ T5821] usb 5-1: SerialNumber: syz
[  284.067132][ T5821] usb 5-1: config 0 descriptor??
[  284.105073][ T5821] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  284.420761][ T5946] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  284.511014][ T7817] netlink: 12 bytes leftover after parsing attributes in process `syz.1.471'.
[  284.610809][ T5946] usb 1-1: Using ep0 maxpacket: 16
[  284.634744][ T5946] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  284.680933][ T5946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.696216][ T5946] usb 1-1: Product: syz
[  284.700599][ T5946] usb 1-1: Manufacturer: syz
[  284.734686][ T5821] gspca_ov534_9: reg_w failed -71
[  284.741946][ T5946] usb 1-1: SerialNumber: syz
[  284.782329][ T5946] r8152-cfgselector 1-1: Unknown version 0x0000
[  284.788734][ T5946] r8152-cfgselector 1-1: config 0 descriptor??
[  284.881895][ T7826] netlink: 'syz.1.474': attribute type 10 has an invalid length.
[  284.913567][ T7826] veth0_vlan: left promiscuous mode
[  284.930063][ T7826] veth0_vlan: entered promiscuous mode
[  284.946387][ T7826] team0: Device veth0_vlan failed to register rx_handler
[  285.020917][ T5821] gspca_ov534_9: Unknown sensor 0000
[  285.021105][ T5821] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22
[  285.058072][ T5821] usb 5-1: USB disconnect, device number 13
[  285.224135][ T5970] r8152-cfgselector 1-1: USB disconnect, device number 13
[  286.169430][ T7845] binder: BC_ATTEMPT_ACQUIRE not supported
[  286.184130][ T7845] binder: 7844:7845 ioctl c0306201 2000000001c0 returned -22
[  286.336471][ T7849] netlink: 'syz.1.480': attribute type 1 has an invalid length.
[  286.353544][ T7849] netlink: 144 bytes leftover after parsing attributes in process `syz.1.480'.
[  286.373557][ T7849] netlink: 28 bytes leftover after parsing attributes in process `syz.1.480'.
[  286.392356][ T7849] team0: No ports can be present during mode change
[  286.450769][ T5970] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  286.600911][ T5821] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  286.603393][ T5970] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  286.619456][ T5970] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  286.632560][ T5970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  286.645198][ T5970] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  286.656073][ T5970] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  286.680825][ T5970] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  286.690384][ T5970] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  286.699039][ T5970] usb 4-1: Product: syz
[  286.704246][ T5970] usb 4-1: Manufacturer: syz
[  286.709603][ T5970] usb 4-1: SerialNumber: syz
[  286.726510][ T5970] usb 4-1: config 0 descriptor??
[  286.781014][ T5821] usb 1-1: device descriptor read/64, error -71
[  286.942684][ T5970] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  286.958217][ T5970] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  286.960523][ T7854] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  287.040824][ T5821] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  287.186692][ T5821] usb 1-1: device descriptor read/64, error -71
[  287.363766][ T5821] usb usb1-port1: attempt power cycle
[  287.422519][ T5970] radio-si470x 4-1:0.0: software version 0, hardware version 0
[  287.430344][ T5970] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  287.977893][ T5970] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  287.992489][ T5970] radio-si470x 4-1:0.0: submitting int urb failed (-90)
[  288.060220][ T5821] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  288.139453][ T5821] usb 1-1: device descriptor read/8, error -71
[  288.571705][ T5821] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  288.577583][ T5970] radio-si470x 4-1:0.0: si470x_get_report: usb_control_msg returned -32
[  288.721507][ T5970] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22
[  288.753683][ T5821] usb 1-1: device descriptor read/8, error -71
[  288.811551][ T5970] usb 4-1: USB disconnect, device number 12
[  288.881419][ T5821] usb usb1-port1: unable to enumerate USB device
[  289.210882][   T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  289.511794][ T7874] netlink: 12 bytes leftover after parsing attributes in process `syz.4.489'.
[  289.541056][   T24] usb 2-1: Using ep0 maxpacket: 32
[  290.085569][   T24] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  290.096067][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.106064][   T24] usb 2-1: Product: syz
[  290.110431][   T24] usb 2-1: Manufacturer: syz
[  290.116820][   T24] usb 2-1: SerialNumber: syz
[  290.147447][   T24] usb 2-1: config 0 descriptor??
[  290.187422][   T24] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  290.368874][ T7878] FAULT_INJECTION: forcing a failure.
[  290.368874][ T7878] name failslab, interval 1, probability 0, space 0, times 0
[  290.449078][ T7878] CPU: 0 UID: 0 PID: 7878 Comm: syz.3.491 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  290.449117][ T7878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  290.449131][ T7878] Call Trace:
[  290.449140][ T7878]  <TASK>
[  290.449150][ T7878]  dump_stack_lvl+0x189/0x250
[  290.449182][ T7878]  ? __pfx____ratelimit+0x10/0x10
[  290.449208][ T7878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.449233][ T7878]  ? __pfx__printk+0x10/0x10
[  290.449264][ T7878]  ? __pfx___might_resched+0x10/0x10
[  290.449289][ T7878]  ? fs_reclaim_acquire+0x7d/0x100
[  290.449321][ T7878]  should_fail_ex+0x414/0x560
[  290.449351][ T7878]  should_failslab+0xa8/0x100
[  290.449377][ T7878]  __kmalloc_noprof+0xcb/0x4f0
[  290.449398][ T7878]  ? tomoyo_encode+0x28b/0x550
[  290.449432][ T7878]  tomoyo_encode+0x28b/0x550
[  290.449467][ T7878]  tomoyo_realpath_from_path+0x58d/0x5d0
[  290.449508][ T7878]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  290.449532][ T7878]  tomoyo_path_number_perm+0x1e8/0x5a0
[  290.449560][ T7878]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  290.449603][ T7878]  ? __lock_acquire+0xab9/0xd20
[  290.449671][ T7878]  ? __fget_files+0x2a/0x420
[  290.449699][ T7878]  ? __fget_files+0x2a/0x420
[  290.449723][ T7878]  ? __fget_files+0x3a0/0x420
[  290.449746][ T7878]  ? __fget_files+0x2a/0x420
[  290.449776][ T7878]  security_file_ioctl+0xcb/0x2d0
[  290.449805][ T7878]  __se_sys_ioctl+0x47/0x170
[  290.449840][ T7878]  do_syscall_64+0xfa/0x3b0
[  290.449865][ T7878]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.449889][ T7878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.449911][ T7878]  ? clear_bhb_loop+0x60/0xb0
[  290.449938][ T7878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.449959][ T7878] RIP: 0033:0x7f741738ebe9
[  290.449979][ T7878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  290.449998][ T7878] RSP: 002b:00007f7418165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.450022][ T7878] RAX: ffffffffffffffda RBX: 00007f74175b5fa0 RCX: 00007f741738ebe9
[  290.450039][ T7878] RDX: 0000200000000240 RSI: 0000000080044d0a RDI: 0000000000000003
[  290.450054][ T7878] RBP: 00007f7418165090 R08: 0000000000000000 R09: 0000000000000000
[  290.450068][ T7878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  290.450089][ T7878] R13: 00007f74175b6038 R14: 00007f74175b5fa0 R15: 00007ffc808597d8
[  290.450129][ T7878]  </TASK>
[  290.691085][ T7878] ERROR: Out of memory at tomoyo_realpath_from_path.
[  290.990863][ T7886] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  290.993410][   T24] gspca_ov534_9: reg_w failed -71
[  291.009997][ T7886] FAULT_INJECTION: forcing a failure.
[  291.009997][ T7886] name failslab, interval 1, probability 0, space 0, times 0
[  291.023105][ T7886] CPU: 0 UID: 0 PID: 7886 Comm: syz.2.493 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  291.023131][ T7886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  291.023145][ T7886] Call Trace:
[  291.023153][ T7886]  <TASK>
[  291.023162][ T7886]  dump_stack_lvl+0x189/0x250
[  291.023191][ T7886]  ? __pfx____ratelimit+0x10/0x10
[  291.023213][ T7886]  ? __pfx_dump_stack_lvl+0x10/0x10
[  291.023238][ T7886]  ? __pfx__printk+0x10/0x10
[  291.023279][ T7886]  should_fail_ex+0x414/0x560
[  291.023308][ T7886]  should_failslab+0xa8/0x100
[  291.023334][ T7886]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  291.023357][ T7886]  ? __alloc_skb+0x112/0x2d0
[  291.023392][ T7886]  __alloc_skb+0x112/0x2d0
[  291.023425][ T7886]  tcp_make_synack+0xc9/0x1c00
[  291.023467][ T7886]  ? __pfx_tcp_make_synack+0x10/0x10
[  291.023497][ T7886]  ? ip6_default_advmss+0x99/0x320
[  291.023520][ T7886]  ? tcp_select_initial_window+0x249/0x3a0
[  291.023564][ T7886]  tcp_v6_send_synack+0xf0/0xc10
[  291.023594][ T7886]  ? __pfx_tcp_v6_send_synack+0x10/0x10
[  291.023620][ T7886]  ? __pfx_inet6_csk_route_req+0x10/0x10
[  291.023643][ T7886]  ? tcp_v6_route_req+0x37e/0x4c0
[  291.023663][ T7886]  ? cookie_v6_init_sequence+0xac/0x160
[  291.023728][ T7886]  tcp_conn_request+0x1b83/0x3460
[  291.023757][ T7886]  ? __pfx_smack_log+0x10/0x10
[  291.023812][ T7886]  ? __pfx_tcp_conn_request+0x10/0x10
[  291.023846][ T7886]  ? __pfx_smack_socket_sock_rcv_skb+0x10/0x10
[  291.023879][ T7886]  ? __lock_acquire+0xab9/0xd20
[  291.023927][ T7886]  ? tcp_v6_conn_request+0x254/0x370
[  291.023953][ T7886]  ? tcp_rcv_state_process+0x20a/0x4140
[  291.023986][ T7886]  tcp_rcv_state_process+0x196d/0x4140
[  291.024024][ T7886]  ? sk_filter_trim_cap+0x18f/0x900
[  291.024047][ T7886]  ? __pfx_tcp_rcv_state_process+0x10/0x10
[  291.024074][ T7886]  ? sk_filter_trim_cap+0x5a6/0x900
[  291.024097][ T7886]  ? tcp_inbound_hash+0x3cd/0x8d0
[  291.024133][ T7886]  ? __pfx_tcp_inbound_hash+0x10/0x10
[  291.024164][ T7886]  ? sk_filter_trim_cap+0x18f/0x900
[  291.024190][ T7886]  tcp_v6_do_rcv+0x89d/0x13f0
[  291.024217][ T7886]  ? tcp_v6_fill_cb+0x260/0x4c0
[  291.024247][ T7886]  tcp_v6_rcv+0x20b4/0x2bf0
[  291.024316][ T7886]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  291.024338][ T7886]  ? nf_nat_ipv6_fn+0xe7/0x2d0
[  291.024378][ T7886]  ? __pfx_tcp_v6_rcv+0x10/0x10
[  291.024401][ T7886]  ip6_protocol_deliver_rcu+0xcb0/0x15c0
[  291.024451][ T7886]  ip6_input_finish+0xde/0x190
[  291.024477][ T7886]  NF_HOOK+0x30c/0x3a0
[  291.024514][ T7886]  ? __pfx_ip6_input_finish+0x10/0x10
[  291.024533][ T7886]  ? NF_HOOK+0x9a/0x3a0
[  291.024566][ T7886]  ? __pfx_NF_HOOK+0x10/0x10
[  291.024601][ T7886]  ? __pfx_ip6_input_finish+0x10/0x10
[  291.024634][ T7886]  ip6_input+0x16a/0x270
[  291.024651][ T7886]  ? ip6_input+0x23/0x270
[  291.024673][ T7886]  NF_HOOK+0x30c/0x3a0
[  291.024704][ T7886]  ? skb_orphan+0x4c/0xd0
[  291.024725][ T7886]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  291.024755][ T7886]  ? NF_HOOK+0x9a/0x3a0
[  291.024785][ T7886]  ? __pfx_NF_HOOK+0x10/0x10
[  291.024818][ T7886]  ? __pfx_ip6_rcv_finish+0x10/0x10
[  291.024862][ T7886]  __netif_receive_skb+0xd3/0x380
[  291.024895][ T7886]  ? netif_receive_skb+0x115/0x790
[  291.024920][ T7886]  netif_receive_skb+0x1cb/0x790
[  291.024945][ T7886]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  291.024977][ T7886]  ? __pfx_netif_receive_skb+0x10/0x10
[  291.025010][ T7886]  ? tun_rx_batched+0x160/0x730
[  291.025041][ T7886]  tun_rx_batched+0x1b9/0x730
[  291.025068][ T7886]  ? __lock_acquire+0xab9/0xd20
[  291.025094][ T7886]  ? __pfx_tun_rx_batched+0x10/0x10
[  291.025126][ T7886]  ? tun_get_user+0x2549/0x3ce0
[  291.025170][ T7886]  tun_get_user+0x298e/0x3ce0
[  291.025201][ T7886]  ? tun_get_user+0x693/0x3ce0
[  291.025227][ T7886]  ? tun_get_user+0x2549/0x3ce0
[  291.025282][ T7886]  ? __pfx_tun_get_user+0x10/0x10
[  291.025319][ T7886]  ? __lock_acquire+0xab9/0xd20
[  291.025347][ T7886]  ? ref_tracker_alloc+0x318/0x460
[  291.025370][ T7886]  ? __lock_acquire+0xab9/0xd20
[  291.025392][ T7886]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  291.025423][ T7886]  ? tun_get+0x1c/0x2f0
[  291.025457][ T7886]  ? tun_get+0x1c/0x2f0
[  291.025483][ T7886]  ? tun_get+0x1c/0x2f0
[  291.025516][ T7886]  tun_chr_write_iter+0x113/0x200
[  291.025547][ T7886]  vfs_write+0x54b/0xa90
[  291.025573][ T7886]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  291.025602][ T7886]  ? __pfx_vfs_write+0x10/0x10
[  291.025634][ T7886]  ? __fget_files+0x2a/0x420
[  291.025670][ T7886]  ksys_write+0x145/0x250
[  291.025693][ T7886]  ? __pfx_ksys_write+0x10/0x10
[  291.025710][ T7886]  ? rcu_is_watching+0x15/0xb0
[  291.025741][ T7886]  ? do_syscall_64+0xbe/0x3b0
[  291.025770][ T7886]  do_syscall_64+0xfa/0x3b0
[  291.025792][ T7886]  ? lockdep_hardirqs_on+0x9c/0x150
[  291.025815][ T7886]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.025836][ T7886]  ? clear_bhb_loop+0x60/0xb0
[  291.025863][ T7886]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  291.025884][ T7886] RIP: 0033:0x7fed1918d69f
[  291.025903][ T7886] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  291.025923][ T7886] RSP: 002b:00007fed19f5b000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  291.025946][ T7886] RAX: ffffffffffffffda RBX: 00007fed193b5fa0 RCX: 00007fed1918d69f
[  291.025968][ T7886] RDX: 000000000000004a RSI: 0000200000000b80 RDI: 00000000000000c8
[  291.025982][ T7886] RBP: 00007fed19f5b090 R08: 0000000000000000 R09: 0000000000000000
[  291.025996][ T7886] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[  291.026009][ T7886] R13: 00007fed193b6038 R14: 00007fed193b5fa0 R15: 00007ffd066ffa78
[  291.026045][ T7886]  </TASK>
[  291.567939][   T24] gspca_ov534_9: Unknown sensor 0000
[  291.568044][   T24] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  291.679582][ T7892] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  291.783135][ T7895] netlink: 'syz.3.494': attribute type 1 has an invalid length.
[  291.816265][ T7895] netlink: 144 bytes leftover after parsing attributes in process `syz.3.494'.
[  291.829099][ T7895] netlink: 28 bytes leftover after parsing attributes in process `syz.3.494'.
[  292.054249][ T7900] netlink: 28 bytes leftover after parsing attributes in process `syz.4.495'.
[  292.287077][   T24] usb 2-1: USB disconnect, device number 14
[  292.290219][ T7895] team0: No ports can be present during mode change
[  292.769767][ T7906] random: crng reseeded on system resumption
[  292.985388][ T7912] netlink: 'syz.4.499': attribute type 1 has an invalid length.
[  294.159381][ T7920] bond0: Unable to set down delay as MII monitoring is disabled
[  296.317874][ T7950] FAULT_INJECTION: forcing a failure.
[  296.317874][ T7950] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.323594][ T7953] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.339840][ T7953] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.360432][ T7950] CPU: 1 UID: 0 PID: 7950 Comm: syz.4.510 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  296.360464][ T7950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  296.360478][ T7950] Call Trace:
[  296.360487][ T7950]  <TASK>
[  296.360496][ T7950]  dump_stack_lvl+0x189/0x250
[  296.360527][ T7950]  ? __pfx____ratelimit+0x10/0x10
[  296.360552][ T7950]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.360577][ T7950]  ? __pfx__printk+0x10/0x10
[  296.360605][ T7950]  ? __might_fault+0xb0/0x130
[  296.360654][ T7950]  should_fail_ex+0x414/0x560
[  296.360681][ T7950]  _copy_from_iter+0x1db/0x16f0
[  296.360712][ T7950]  ? rcu_is_watching+0x15/0xb0
[  296.360736][ T7950]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  296.360759][ T7950]  ? __pfx__copy_from_iter+0x10/0x10
[  296.360786][ T7950]  ? __build_skb_around+0x257/0x3e0
[  296.360821][ T7950]  ? netlink_sendmsg+0x642/0xb30
[  296.360849][ T7950]  ? skb_put+0x11b/0x210
[  296.360884][ T7950]  netlink_sendmsg+0x6b2/0xb30
[  296.360926][ T7950]  ? __pfx_netlink_sendmsg+0x10/0x10
[  296.360966][ T7950]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  296.360988][ T7950]  ? __pfx_netlink_sendmsg+0x10/0x10
[  296.361021][ T7950]  __sock_sendmsg+0x21c/0x270
[  296.361051][ T7950]  ____sys_sendmsg+0x505/0x830
[  296.361091][ T7950]  ? __pfx_____sys_sendmsg+0x10/0x10
[  296.361136][ T7950]  ? import_iovec+0x74/0xa0
[  296.361170][ T7950]  ___sys_sendmsg+0x21f/0x2a0
[  296.361206][ T7950]  ? __pfx____sys_sendmsg+0x10/0x10
[  296.361279][ T7950]  ? __fget_files+0x2a/0x420
[  296.361303][ T7950]  ? __fget_files+0x3a0/0x420
[  296.361340][ T7950]  __x64_sys_sendmsg+0x19b/0x260
[  296.361377][ T7950]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  296.361422][ T7950]  ? __pfx_ksys_write+0x10/0x10
[  296.361440][ T7950]  ? rcu_is_watching+0x15/0xb0
[  296.361470][ T7950]  ? do_syscall_64+0xbe/0x3b0
[  296.361498][ T7950]  do_syscall_64+0xfa/0x3b0
[  296.361521][ T7950]  ? lockdep_hardirqs_on+0x9c/0x150
[  296.361544][ T7950]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.361567][ T7950]  ? clear_bhb_loop+0x60/0xb0
[  296.361593][ T7950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.361615][ T7950] RIP: 0033:0x7feb9478ebe9
[  296.361635][ T7950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.361662][ T7950] RSP: 002b:00007feb956e4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  296.361684][ T7950] RAX: ffffffffffffffda RBX: 00007feb949b5fa0 RCX: 00007feb9478ebe9
[  296.361701][ T7950] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004
[  296.361715][ T7950] RBP: 00007feb956e4090 R08: 0000000000000000 R09: 0000000000000000
[  296.361728][ T7950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.361741][ T7950] R13: 00007feb949b6038 R14: 00007feb949b5fa0 R15: 00007fff8417a5c8
[  296.361776][ T7950]  </TASK>
[  296.695436][ T7953] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.702860][ T7953] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.711390][ T7953] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.718661][ T7953] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.831638][ T7951] netlink: 'syz.1.511': attribute type 1 has an invalid length.
[  296.957406][ T7953] team0: Device bridge0 failed to register rx_handler
[  296.964764][ T7951] netlink: 144 bytes leftover after parsing attributes in process `syz.1.511'.
[  296.974575][ T7951] netlink: 28 bytes leftover after parsing attributes in process `syz.1.511'.
[  296.991052][ T7953] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.998550][ T7953] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.599836][ T7951] team0: No ports can be present during mode change
[  298.760491][ T7974] netlink: 100 bytes leftover after parsing attributes in process `syz.1.518'.
[  298.909075][ T7980] program syz.4.521 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  299.196621][ T7983] random: crng reseeded on system resumption
[  299.574716][ T7995] netlink: 'syz.3.525': attribute type 1 has an invalid length.
[  299.650860][ T7996] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  301.488475][ T8008] netlink: 'syz.3.528': attribute type 1 has an invalid length.
[  301.520872][ T8008] netlink: 144 bytes leftover after parsing attributes in process `syz.3.528'.
[  301.529998][ T8008] netlink: 28 bytes leftover after parsing attributes in process `syz.3.528'.
[  301.598256][ T8008] team0: No ports can be present during mode change
[  301.645820][ T8006] [U] „
[  303.167519][ T8036] overlayfs: failed to resolve './file0': -2
[  303.311065][ T5952] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  303.318791][ T5821] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  303.531282][ T5952] usb 4-1: Using ep0 maxpacket: 32
[  303.541921][ T5821] usb 3-1: Using ep0 maxpacket: 32
[  303.555260][ T5952] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  303.582035][ T5821] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  303.609090][ T5952] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  303.640964][ T5821] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  303.688750][ T5952] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  303.711476][ T5821] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  303.728829][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.748911][ T5821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.772497][ T5952] usb 4-1: Product: syz
[  303.781700][ T5821] usb 3-1: Product: syz
[  303.798493][ T5952] usb 4-1: Manufacturer: syz
[  303.807464][ T5821] usb 3-1: Manufacturer: syz
[  303.823583][ T5952] usb 4-1: SerialNumber: syz
[  303.840909][ T5821] usb 3-1: SerialNumber: syz
[  303.868482][ T5952] usb 4-1: config 0 descriptor??
[  303.891553][ T5821] usb 3-1: config 0 descriptor??
[  304.108479][ T5952] usb 3-1: USB disconnect, device number 13
[  304.393609][   T24] usb 4-1: USB disconnect, device number 13
[  304.839573][ T8040] sp0: Synchronizing with TNC
[  305.032251][ T8054] netlink: 'syz.0.538': attribute type 1 has an invalid length.
[  305.106949][ T8056] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  306.802286][ T6840] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  306.838909][ T6840] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  306.901910][   T30] audit: type=1326 audit(1754522720.907:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8069 comm="syz.2.543" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed1918ebe9 code=0x0
[  308.086361][ T8085] binder: 8084:8085 ioctl 400c620e 200000000000 returned -22
[  308.224799][ T8086] bio_check_eod: 2 callbacks suppressed
[  308.224840][ T8086] syz.0.546: attempt to access beyond end of device
[  308.224840][ T8086] nbd0: rw=0, sector=64, nr_sectors = 1 limit=0
[  308.245274][ T8086] syz.0.546: attempt to access beyond end of device
[  308.245274][ T8086] nbd0: rw=0, sector=256, nr_sectors = 1 limit=0
[  308.258842][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  308.270055][ T8086] syz.0.546: attempt to access beyond end of device
[  308.270055][ T8086] nbd0: rw=0, sector=512, nr_sectors = 1 limit=0
[  308.283704][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  308.298393][ T8086] syz.0.546: attempt to access beyond end of device
[  308.298393][ T8086] nbd0: rw=0, sector=64, nr_sectors = 2 limit=0
[  308.313005][ T8086] syz.0.546: attempt to access beyond end of device
[  308.313005][ T8086] nbd0: rw=0, sector=512, nr_sectors = 2 limit=0
[  308.326782][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  308.376322][ T8086] syz.0.546: attempt to access beyond end of device
[  308.376322][ T8086] nbd0: rw=0, sector=1024, nr_sectors = 2 limit=0
[  308.390114][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  308.402071][ T8086] syz.0.546: attempt to access beyond end of device
[  308.402071][ T8086] nbd0: rw=0, sector=64, nr_sectors = 4 limit=0
[  308.416430][ T8086] syz.0.546: attempt to access beyond end of device
[  308.416430][ T8086] nbd0: rw=0, sector=1024, nr_sectors = 4 limit=0
[  308.430089][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  308.441646][ T8086] syz.0.546: attempt to access beyond end of device
[  308.441646][ T8086] nbd0: rw=0, sector=2048, nr_sectors = 4 limit=0
[  308.455152][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  308.467665][ T8086] syz.0.546: attempt to access beyond end of device
[  308.467665][ T8086] nbd0: rw=0, sector=64, nr_sectors = 8 limit=0
[  308.485099][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256
[  308.496222][ T8086] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512
[  308.505878][ T8086] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1)
[  308.757960][ T8094] netlink: 24 bytes leftover after parsing attributes in process `syz.1.549'.
[  310.241437][ T8108] netlink: 384 bytes leftover after parsing attributes in process `syz.4.552'.
[  310.251381][ T8108] netlink: 'syz.4.552': attribute type 2 has an invalid length.
[  311.324723][ T8112] netlink: 'syz.2.553': attribute type 1 has an invalid length.
[  311.594565][ T8112] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  312.187527][ T8119] syzkaller0: entered promiscuous mode
[  312.197306][ T8123] netlink: 'syz.0.559': attribute type 1 has an invalid length.
[  312.206149][ T8123] netlink: 144 bytes leftover after parsing attributes in process `syz.0.559'.
[  312.208477][ T8119] syzkaller0: entered allmulticast mode
[  312.218636][ T8123] netlink: 28 bytes leftover after parsing attributes in process `syz.0.559'.
[  312.714044][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  312.725582][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  312.743094][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  312.754167][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  312.769065][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  312.780134][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  312.794550][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  312.805384][ T8133] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  312.840758][ T8133] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  313.371010][ T5952] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  313.680829][ T5952] usb 1-1: Using ep0 maxpacket: 16
[  313.920885][ T5952] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=d3.06
[  313.934045][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67
[  313.958528][ T5952] usb 1-1: Product: syz
[  313.992294][ T5952] usb 1-1: Manufacturer: syz
[  313.997011][ T5952] usb 1-1: SerialNumber: syz
[  314.025512][ T5952] r8152-cfgselector 1-1: Unknown version 0x0000
[  314.049177][ T5952] r8152-cfgselector 1-1: config 0 descriptor??
[  314.281527][ T8129] netlink: 24 bytes leftover after parsing attributes in process `syz.0.562'.
[  314.290821][ T8129] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  314.552145][ T5915] r8152-cfgselector 1-1: USB disconnect, device number 18
[  315.394741][ T8159] netlink: 8 bytes leftover after parsing attributes in process `syz.4.570'.
[  316.062032][ T8168] netlink: 'syz.3.565': attribute type 1 has an invalid length.
[  316.069779][ T8168] netlink: 'syz.3.565': attribute type 4 has an invalid length.
[  316.490150][ T8168] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.565'.
[  317.166662][ T8174] netlink: 'syz.2.576': attribute type 8 has an invalid length.
[  319.068202][ T8200] ieee802154 phy1 wpan1: encryption failed: -22
[  320.057544][ T8188] netlink: 4 bytes leftover after parsing attributes in process `syz.0.578'.
[  320.127066][ T8203] syz.3.581 (8203) used greatest stack depth: 16224 bytes left
[  320.202110][   T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  320.261009][ T5915] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  320.362462][   T24] usb 3-1: Using ep0 maxpacket: 16
[  320.376886][   T24] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=d3.06
[  320.396321][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67
[  320.406702][   T24] usb 3-1: Product: syz
[  320.412930][   T24] usb 3-1: Manufacturer: syz
[  320.417088][ T8220] : entered promiscuous mode
[  320.418196][   T24] usb 3-1: SerialNumber: syz
[  320.440828][ T5915] usb 5-1: Using ep0 maxpacket: 16
[  320.448210][ T5915] usb 5-1: config 8 has an invalid interface number: 39 but max is 0
[  320.460715][ T5915] usb 5-1: config 8 has no interface number 0
[  320.466989][ T5915] usb 5-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  320.514079][ T5915] usb 5-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid maxpacket 56106, setting to 1024
[  320.543014][ T5915] usb 5-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 1024
[  320.564907][ T5915] usb 5-1: config 8 interface 39 has no altsetting 0
[  320.584114][ T5915] usb 5-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  320.600005][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.609293][ T5915] usb 5-1: Product: syz
[  320.616319][ T5915] usb 5-1: Manufacturer: syz
[  320.621639][ T5915] usb 5-1: SerialNumber: syz
[  320.650336][   T24] r8152-cfgselector 3-1: Unknown version 0x0000
[  320.657165][   T24] r8152-cfgselector 3-1: config 0 descriptor??
[  320.692004][ T8222] netlink: 4 bytes leftover after parsing attributes in process `syz.0.588'.
[  320.703002][ T5834] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  320.788593][ T8226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.587'.
[  321.361358][ T8211] netlink: 24 bytes leftover after parsing attributes in process `syz.2.583'.
[  321.498524][ T8211] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  321.542896][ T5834] usb 2-1: Using ep0 maxpacket: 8
[  321.580626][ T5834] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  321.636029][ T5834] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.790347][ T8234] netlink: 208 bytes leftover after parsing attributes in process `syz.3.589'.
[  321.883118][ T5834] usb 2-1: Product: syz
[  321.887569][ T5834] usb 2-1: Manufacturer: syz
[  322.206287][ T5834] usb 2-1: SerialNumber: syz
[  322.218061][   T24] r8152-cfgselector 3-1: USB disconnect, device number 14
[  322.245419][ T5834] usb 2-1: config 0 descriptor??
[  322.325959][ T5915] usb 5-1: can't set config #8, error -71
[  322.375557][ T5915] usb 5-1: USB disconnect, device number 14
[  322.484769][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  322.541632][ T5834] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  323.536887][ T5834] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  323.611070][ T5834] usb 2-1: USB disconnect, device number 15
[  323.627686][ T8234] syz.3.589 (8234): drop_caches: 2
[  324.274049][ T8271] ------------[ cut here ]------------
[  324.279965][ T8271] WARNING: CPU: 1 PID: 8271 at ./include/linux/memcontrol.h:371 folio_memcg+0x1a8/0x310
[  324.290958][ T8271] Modules linked in:
[  324.295619][ T8271] CPU: 1 UID: 0 PID: 8271 Comm: syz.3.601 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  324.305585][ T8271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  324.315755][ T8271] RIP: 0010:folio_memcg+0x1a8/0x310
[  324.321209][ T8271] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  324.342121][ T8271] RSP: 0018:ffffc90003367250 EFLAGS: 00010287
[  324.348433][ T8271] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000
[  324.356535][ T8271] RDX: ffffc9000ca24000 RSI: 000000000000194f RDI: 0000000000001950
[  324.364845][ T8271] RBP: 0000000000000000 R08: ffffea000168a807 R09: 1ffffd40002d1500
[  324.373101][ T8271] R10: dffffc0000000000 R11: fffff940002d1501 R12: ffffea000168a830
[  324.381497][ T8271] R13: dffffc0000000000 R14: ffff888034f38080 R15: 0000000000000002
[  324.389604][ T8271] FS:  00007f74181656c0(0000) GS:ffff888125d57000(0000) knlGS:0000000000000000
[  324.398765][ T8271] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  324.405504][ T8271] CR2: 0000000000000000 CR3: 00000000320ba000 CR4: 00000000003526f0
[  324.413642][ T8271] Call Trace:
[  324.416996][ T8271]  <TASK>
[  324.419977][ T8271]  workingset_activation+0x5f/0x4a0
[  324.425420][ T8271]  ? folio_mark_accessed+0x361/0x4a0
[  324.430853][ T8271]  folio_mark_accessed+0x3b5/0x4a0
[  324.436037][ T8271]  kvm_release_page_clean+0x9a/0xe0
[  324.441363][ T8271]  kvm_tdp_page_fault+0x2dd/0x370
[  324.446465][ T8271]  kvm_mmu_do_page_fault+0x2c5/0x640
[  324.452059][ T8271]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  324.458075][ T8271]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  324.463785][ T8271]  kvm_mmu_page_fault+0x22f/0xb70
[  324.469268][ T8271]  ? __pfx_handle_ept_violation+0x10/0x10
[  324.475226][ T8271]  vmx_handle_exit+0x1090/0x18a0
[  324.480627][ T8271]  ? vcpu_run+0x361c/0x6f70
[  324.485286][ T8271]  ? rcu_is_watching+0x15/0xb0
[  324.487040][ T8273] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=53248 (6815744 ns) > initial count (1572864 ns). Using initial count to start timer.
[  324.490106][ T8271]  vcpu_run+0x432e/0x6f70
[  324.511553][ T8271]  ? vcpu_run+0x361c/0x6f70
[  324.516367][ T8271]  ? __pfx_vcpu_run+0x10/0x10
[  324.521162][ T8271]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  324.526968][ T8271]  ? rcu_is_watching+0x15/0xb0
[  324.531881][ T8271]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  324.537525][ T8271]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  324.543406][ T8271]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  324.549463][ T8271]  ? rcu_is_watching+0x15/0xb0
[  324.554711][ T8271]  ? look_up_lock_class+0x74/0x170
[  324.560159][ T8271]  ? register_lock_class+0x51/0x320
[  324.565561][ T8271]  ? __lock_acquire+0xab9/0xd20
[  324.570740][ T8271]  kvm_vcpu_ioctl+0x95c/0xe90
[  324.575588][ T8271]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  324.580933][ T8271]  ? __lock_acquire+0xab9/0xd20
[  324.585855][ T8271]  ? __asan_memset+0x22/0x50
[  324.590527][ T8271]  ? smack_file_ioctl+0x302/0x340
[  324.595696][ T8271]  ? __pfx_smack_file_ioctl+0x10/0x10
[  324.601217][ T8271]  ? __fget_files+0x2a/0x420
[  324.605895][ T8271]  ? __fget_files+0x3a0/0x420
[  324.610634][ T8271]  ? __fget_files+0x2a/0x420
[  324.615350][ T8271]  ? bpf_lsm_file_ioctl+0x9/0x20
[  324.620390][ T8271]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  324.625737][ T8271]  __se_sys_ioctl+0xfc/0x170
[  324.630414][ T8271]  do_syscall_64+0xfa/0x3b0
[  324.635226][ T8271]  ? lockdep_hardirqs_on+0x9c/0x150
[  324.640503][ T8271]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.646682][ T8271]  ? clear_bhb_loop+0x60/0xb0
[  324.651514][ T8271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  324.657736][ T8271] RIP: 0033:0x7f741738ebe9
[  324.662272][ T8271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  324.682249][ T8271] RSP: 002b:00007f7418165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  324.690837][ T8271] RAX: ffffffffffffffda RBX: 00007f74175b5fa0 RCX: 00007f741738ebe9
[  324.698945][ T8271] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  324.707008][ T8271] RBP: 00007f7417411e19 R08: 0000000000000000 R09: 0000000000000000
[  324.715602][ T8271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  324.724371][ T8271] R13: 00007f74175b6038 R14: 00007f74175b5fa0 R15: 00007ffc808597d8
[  324.732470][ T8271]  </TASK>
[  324.735588][ T8271] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  324.742934][ T8271] CPU: 1 UID: 0 PID: 8271 Comm: syz.3.601 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) 
[  324.753112][ T8271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  324.763547][ T8271] Call Trace:
[  324.766859][ T8271]  <TASK>
[  324.769808][ T8271]  dump_stack_lvl+0x99/0x250
[  324.774446][ T8271]  ? __asan_memcpy+0x40/0x70
[  324.779068][ T8271]  ? __pfx_dump_stack_lvl+0x10/0x10
[  324.784516][ T8271]  ? __pfx__printk+0x10/0x10
[  324.789167][ T8271]  panic+0x2db/0x790
[  324.793135][ T8271]  ? __pfx_panic+0x10/0x10
[  324.797608][ T8271]  __warn+0x31b/0x4b0
[  324.801613][ T8271]  ? folio_memcg+0x1a8/0x310
[  324.806249][ T8271]  ? folio_memcg+0x1a8/0x310
[  324.810870][ T8271]  report_bug+0x2be/0x4f0
[  324.815235][ T8271]  ? folio_memcg+0x1a8/0x310
[  324.819866][ T8271]  ? folio_memcg+0x1a8/0x310
[  324.824484][ T8271]  ? folio_memcg+0x1aa/0x310
[  324.829174][ T8271]  handle_bug+0x84/0x160
[  324.833454][ T8271]  exc_invalid_op+0x1a/0x50
[  324.838075][ T8271]  asm_exc_invalid_op+0x1a/0x20
[  324.842964][ T8271] RIP: 0010:folio_memcg+0x1a8/0x310
[  324.848195][ T8271] Code: 80 3c 28 00 74 08 4c 89 f7 e8 74 ca 1b 00 4d 8b 36 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f 5d e9 7f 20 65 09 cc e8 19 e3 bb ff 90 <0f> 0b 90 eb c5 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c fe fe ff ff
[  324.867974][ T8271] RSP: 0018:ffffc90003367250 EFLAGS: 00010287
[  324.874200][ T8271] RAX: ffffffff820442a7 RBX: 0000000000000000 RCX: 0000000000080000
[  324.882217][ T8271] RDX: ffffc9000ca24000 RSI: 000000000000194f RDI: 0000000000001950
[  324.890655][ T8271] RBP: 0000000000000000 R08: ffffea000168a807 R09: 1ffffd40002d1500
[  324.898676][ T8271] R10: dffffc0000000000 R11: fffff940002d1501 R12: ffffea000168a830
[  324.906956][ T8271] R13: dffffc0000000000 R14: ffff888034f38080 R15: 0000000000000002
[  324.915058][ T8271]  ? folio_memcg+0x1a7/0x310
[  324.919700][ T8271]  workingset_activation+0x5f/0x4a0
[  324.925021][ T8271]  ? folio_mark_accessed+0x361/0x4a0
[  324.930696][ T8271]  folio_mark_accessed+0x3b5/0x4a0
[  324.935849][ T8271]  kvm_release_page_clean+0x9a/0xe0
[  324.941165][ T8271]  kvm_tdp_page_fault+0x2dd/0x370
[  324.946235][ T8271]  kvm_mmu_do_page_fault+0x2c5/0x640
[  324.951552][ T8271]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  324.957401][ T8271]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  324.962973][ T8271]  kvm_mmu_page_fault+0x22f/0xb70
[  324.968047][ T8271]  ? __pfx_handle_ept_violation+0x10/0x10
[  324.973812][ T8271]  vmx_handle_exit+0x1090/0x18a0
[  324.978885][ T8271]  ? vcpu_run+0x361c/0x6f70
[  324.983419][ T8271]  ? rcu_is_watching+0x15/0xb0
[  324.988219][ T8271]  vcpu_run+0x432e/0x6f70
[  324.992589][ T8271]  ? vcpu_run+0x361c/0x6f70
[  324.997341][ T8271]  ? __pfx_vcpu_run+0x10/0x10
[  325.002058][ T8271]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  325.007985][ T8271]  ? rcu_is_watching+0x15/0xb0
[  325.012867][ T8271]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  325.018447][ T8271]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  325.024303][ T8271]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  325.030364][ T8271]  ? rcu_is_watching+0x15/0xb0
[  325.035164][ T8271]  ? look_up_lock_class+0x74/0x170
[  325.040350][ T8271]  ? register_lock_class+0x51/0x320
[  325.045700][ T8271]  ? __lock_acquire+0xab9/0xd20
[  325.050645][ T8271]  kvm_vcpu_ioctl+0x95c/0xe90
[  325.055477][ T8271]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  325.060717][ T8271]  ? __lock_acquire+0xab9/0xd20
[  325.065606][ T8271]  ? __asan_memset+0x22/0x50
[  325.070239][ T8271]  ? smack_file_ioctl+0x302/0x340
[  325.075298][ T8271]  ? __pfx_smack_file_ioctl+0x10/0x10
[  325.080717][ T8271]  ? __fget_files+0x2a/0x420
[  325.085502][ T8271]  ? __fget_files+0x3a0/0x420
[  325.090380][ T8271]  ? __fget_files+0x2a/0x420
[  325.095085][ T8271]  ? bpf_lsm_file_ioctl+0x9/0x20
[  325.100059][ T8271]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  325.105286][ T8271]  __se_sys_ioctl+0xfc/0x170
[  325.109909][ T8271]  do_syscall_64+0xfa/0x3b0
[  325.114439][ T8271]  ? lockdep_hardirqs_on+0x9c/0x150
[  325.119673][ T8271]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.125765][ T8271]  ? clear_bhb_loop+0x60/0xb0
[  325.130478][ T8271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.136396][ T8271] RIP: 0033:0x7f741738ebe9
[  325.140927][ T8271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.160571][ T8271] RSP: 002b:00007f7418165038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  325.169016][ T8271] RAX: ffffffffffffffda RBX: 00007f74175b5fa0 RCX: 00007f741738ebe9
[  325.177095][ T8271] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000009
[  325.185184][ T8271] RBP: 00007f7417411e19 R08: 0000000000000000 R09: 0000000000000000
[  325.193188][ T8271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  325.201195][ T8271] R13: 00007f74175b6038 R14: 00007f74175b5fa0 R15: 00007ffc808597d8
[  325.209224][ T8271]  </TASK>
[  325.212615][ T8271] Kernel Offset: disabled
[  325.217287][ T8271] Rebooting in 86400 seconds..