last executing test programs:

9m0.289192992s ago: executing program 4 (id=293):
syz_usb_connect(0x0, 0x32, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000009e61510d1127e9367af0102030109020009050d080002050006050963bcf600"/50], 0x0)

8m58.444219247s ago: executing program 4 (id=300):
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/dev_mcast\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004282, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x17)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = syz_usb_connect$cdc_ncm(0x6, 0x0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000580)={0x2020}, 0x2020)
pread64(r0, &(0x7f0000000480)=""/209, 0xd1, 0x2)
read$FUSE(r0, &(0x7f0000002c40)={0x2020}, 0x2020)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r0, 0x0, &(0x7f0000000340)=""/190}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x4008032, 0xffffffffffffffff, 0x2000)

8m55.981010854s ago: executing program 4 (id=311):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x10b000, 0x0)
readv(r0, &(0x7f0000000600)=[{0x0}], 0x1)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x94}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x3, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = fsopen(&(0x7f0000000040)='udf\x00', 0x1)
r3 = fcntl$dupfd(r2, 0x406, r2)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000080), 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r5, 0x3)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0xe, 0x7ffffffe}]})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
socket(0xa, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r7, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r8 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r8, 0xc018643a, &(0x7f0000000140)={0x4000000})
ioctl$DRM_IOCTL_WAIT_VBLANK(r8, 0xc018643a, &(0x7f0000000000)={0x4000000, 0xd, 0x1})
pread64(r8, 0x0, 0x0, 0x100000000)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8904, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
socket$alg(0x26, 0x5, 0x0)

8m55.694711614s ago: executing program 4 (id=312):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x220c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x55)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
bind$inet6(r7, &(0x7f0000000540)={0xa, 0x4e22, 0x7651, @empty, 0x200}, 0x1c)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x7)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r10, 0x0)
r11 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x265)

8m54.652109148s ago: executing program 4 (id=321):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100), 0x286400, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(0x3)
socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000000)={0x1, 0x4}, 0x8)
close_range(r0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000100)=@assoc_value, &(0x7f0000000000)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x89b0, &(0x7f0000000040)={'veth0_to_team\x00'})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0))
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0xc048aeca, &(0x7f00000001c0))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42940, 0x0)
syz_open_dev$audion(&(0x7f0000000040), 0x1ff, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x80000000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf019, 0x121000)
getsockopt$EBT_SO_GET_INFO(r5, 0x0, 0x80, &(0x7f0000000300)={'broute\x00', 0x0, 0x0, 0x0, [0xffff, 0x3, 0x2, 0x7fff, 0x6, 0x9]}, &(0x7f0000000380)=0x78)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x8000, 0x44, 0x18}, 0x18)

8m54.529357794s ago: executing program 4 (id=322):
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf896a13f650a3b4f737945a9a179a6ceb93adadb8dd841258d0f04b02868cd415ab9bc48b055a8b3f92b143cb16138c216513a045af2101e7e3c507bedee404330f1171812cdaeed17a0e89dd4863a4e6808ca6b7046c38f33b9a0417e1c8fae7a9e1b4c8161b02", 0x0, 0x0, 0x0}, 0x38)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="680000002000010000000000000000000a80240000000001180001001400010000000000000000000000ffffac1414aa080006000000000008000f00ffffffff1400020000000000000000050000ffff0a0101021400110062"], 0x68}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000060000000000000100000a0900010073797a31000000000900030073797a3000000000a4000300"], 0x118}, 0x1, 0x0, 0x0, 0x240401d4}, 0x240408d0)

8m54.254651756s ago: executing program 32 (id=322):
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000380)={&(0x7f0000000040)="b64b6779e728a585fc6d831c9c111ee3bf867c7fa20663508d961b5b0bc1d4eded804b84c8ee0b5e7b55af44aa8bf4a16c4d4aaf896a13f650a3b4f737945a9a179a6ceb93adadb8dd841258d0f04b02868cd415ab9bc48b055a8b3f92b143cb16138c216513a045af2101e7e3c507bedee404330f1171812cdaeed17a0e89dd4863a4e6808ca6b7046c38f33b9a0417e1c8fae7a9e1b4c8161b02", 0x0, 0x0, 0x0}, 0x38)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="680000002000010000000000000000000a80240000000001180001001400010000000000000000000000ffffac1414aa080006000000000008000f00ffffffff1400020000000000000000050000ffff0a0101021400110062"], 0x68}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000060000000000000100000a0900010073797a31000000000900030073797a3000000000a4000300"], 0x118}, 0x1, 0x0, 0x0, 0x240401d4}, 0x240408d0)

15.716111841s ago: executing program 2 (id=2560):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x32cc0000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r6 = syz_open_dev$dri(0x0, 0xd21, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r6, 0xc0086426, &(0x7f0000000000)={0x9, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
getrandom(0x0, 0x0, 0x3)
syz_open_dev$usbmon(&(0x7f0000000200), 0x6, 0x4c0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x18, 0x6, 0x2d, 0x40, 0x5ac, 0xb231, 0x8500, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xb0, 0x1, 0x60, 0x49, [{{0x9, 0x4, 0xda, 0x7, 0x0, 0xff, 0xfd, 0x1, 0x6}}]}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x16, &(0x7f00000001c0)=@string={0x16, 0x3, "3e640c7bbdd03141e94d8e60ed7809d897d9d9df"}}]})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x400000f, 0x50032, 0xffffffffffffffff, 0x0)

11.011532684s ago: executing program 2 (id=2582):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
accept$alg(0xffffffffffffffff, 0x6000000, 0x0)

10.233793435s ago: executing program 5 (id=2586):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0xad, 0x6c, 0x86, 0x20, 0x72f, 0x2200, 0x3fbf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xb4, 0xaf, 0xd7, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "e37e1b82e6"}]}}, {{0x9, 0x5, 0xb, 0x2}}]}}]}}]}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="2800000009000000000000000000000001"], 0x28)

10.148936467s ago: executing program 2 (id=2587):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=@newtfilter={0x12c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0xfc, 0x2, [@TCA_CGROUP_EMATCHES={0xf8, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xec, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x27, 0x7, 0x2000}, {{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1, 0x0, 0x1}}}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{0x6f5d, 0x2, 0x2}, {0x6}}}, @TCF_EM_CONTAINER={0x7c, 0x3, 0x0, 0x0, {{0x2, 0x0, 0xfffd}, "3140ab4cbb28fdd32a47248f19c161954970735409f44d61340b7b050d292552db5e58c92f35db8da008d8119d79d77002143b42da0cffe2e08b0f58d4bf646fbe558d9c652a1d95d827236183d9f67672a1550bb084aa8ecb6db98fa53417e20d73ef9f415177dd5aa1b43131244a"}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0xffff, 0x3, 0x6}, {0x3, 0x1ff, 0x3, 0xb617}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x1, 0x7, 0x80}, {{}, {0x2, 0x1, 0x1}}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x800, 0x1, 0x5}, {0x1, 0x5, 0x49a, 0x2, 0x7, 0x2, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x12c}}, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r4, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4)
setsockopt$inet_udp_encap(r4, 0x11, 0x68, &(0x7f0000000000)=0x3, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x0, 0x7, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0)
r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000200)=[@uexit={0x0, 0x18, 0x5b}, @out_dx={0xaa, 0x28, {0x2da2, 0x1, 0x4}}, @set_irq_handler={0xbe, 0x20, {0x5e}}, @wr_crn={0x46, 0x20, {0x0, 0x5}}, @out_dx={0xaa, 0x28, {0x1d2e, 0x4, 0x1ff}}, @wrmsr={0x1e, 0x20, {0x213, 0x6}}, @wr_crn={0x46, 0x20, {0x3, 0x6}}, @wr_drn={0x6e, 0x20, {0x1, 0x40}}, @rdmsr={0x32, 0x18, {0x996}}, @uexit={0x0, 0x18, 0x12c}, @code={0xa, 0x60, {"c40279ba6cb2f1260fc7b97800000066baf80cb870755c85ef66bafc0ced400f01c8c401485f20400f01c43666400f009ed658205266baf80cb8cd5f4380ef66bafc0cecc441211631c4217c536e00"}}, @wr_drn={0x6e, 0x20, {0x5, 0x4}}, @wr_drn={0x6e, 0x20, {0x7, 0x4}}, @wrmsr={0x1e, 0x20, {0xa51, 0xdfb}}, @wrmsr={0x1e, 0x20, {0x412, 0xb1}}, @wr_crn={0x46, 0x20, {0x2, 0x10001}}, @rdmsr={0x32, 0x18}, @in_dx={0x82, 0x20, {0x25ce, 0xd}}, @set_irq_handler={0xbe, 0x20, {0xb4}}, @wr_crn={0x46, 0x20, {0x8, 0x3}}, @out_dx={0xaa, 0x28, {0x3a64, 0x0, 0x80000001}}, @wrmsr={0x1e, 0x20, {0x40000104, 0x9}}, @wrmsr={0x1e, 0x20, {0xb59, 0x7f}}, @wrmsr={0x1e, 0x20, {0x9ee, 0xf}}, @set_irq_handler={0xbe, 0x20, {0xce, 0x1}}, @wr_crn={0x46, 0x20, {0x8, 0x8}}, @in_dx={0x82, 0x20, {0xc22, 0x4}}, @wr_crn={0x46, 0x20, {0x2, 0x7}}, @wr_crn={0x46, 0x20, {0x4, 0x8}}, @uexit={0x0, 0x18, 0x8}], 0x3f0})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)={0x5, 0x0, [{0x32e, 0x0, 0x6}, {0x61c, 0x0, 0x7}, {0x87a, 0x0, 0x8}, {0x4c1, 0x0, 0xedc5}, {0x90d, 0x0, 0x16b}]})

9.368777395s ago: executing program 1 (id=2589):
socket(0x840000000002, 0x3, 0xfa)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189)
write$evdev(r0, &(0x7f0000000100)=[{{}, 0x12, 0x4, 0x4}], 0x18)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket(0x18, 0x3, 0x3) (fail_nth: 5)

8.815612593s ago: executing program 2 (id=2591):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
write$uinput_user_dev(r0, &(0x7f0000001740)={'syz1\x00', {0x8000}, 0x0, [0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffa, 0xc0, 0x2, 0x1, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0xd6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x1000, 0x10], [0x0, 0xffffffff, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8001, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xc7ec, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x7, 0xfffffffe, 0x81, 0x0, 0x0, 0x0, 0x1, 0x7], [0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0xedd, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x400, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x3, 0xffffffff, 0x0, 0x0, 0xffffffff, 0x806, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28000000, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x2, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x681, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0xffbffffe, 0x0, 0x2]}, 0x45c)
ioctl$UI_DEV_CREATE(r0, 0x5501) (fail_nth: 11)

8.807276363s ago: executing program 1 (id=2592):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x32cc0000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r6 = syz_open_dev$dri(0x0, 0xd21, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r6, 0xc0086426, &(0x7f0000000000)={0x9, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
getrandom(0x0, 0x0, 0x3)
syz_open_dev$usbmon(&(0x7f0000000200), 0x6, 0x4c0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x18, 0x6, 0x2d, 0x40, 0x5ac, 0xb231, 0x8500, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xb0, 0x1, 0x60, 0x49, [{{0x9, 0x4, 0xda, 0x7, 0x0, 0xff, 0xfd, 0x1, 0x6}}]}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x16, &(0x7f00000001c0)=@string={0x16, 0x3, "3e640c7bbdd03141e94d8e60ed7809d897d9d9df"}}]})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x400000f, 0x50032, 0xffffffffffffffff, 0x0)

8.370667414s ago: executing program 5 (id=2593):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x97, 0x4, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x54, 0x2, [@TCA_FW_ACT={0x50, 0x4, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x3513, 0x6, 0xffffffffffffffff, 0xb6b9, 0x3}, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x6, 0x8}}]}, 0x88}, 0x1, 0x0, 0x0, 0x80}, 0x24000880)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x4d8, 0x0, 0x2c8, 0xffffffff, 0x0, 0x228, 0x440, 0x440, 0xffffffff, 0x440, 0x440, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010104, @local, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'wg1\x00', {}, {0xff}, 0x16}, 0x0, 0x1f0, 0x228, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'fsm\x00', "4801d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}, @common=@unspec=@conntrack2={{0xc0}, {{@ipv6=@dev={0xfe, 0x80, '\x00', 0x10}, [0xffffff00, 0xffffffff, 0x0, 0xff000000], @ipv4=@dev={0xac, 0x14, 0x14, 0x29}, [0x0, 0xffffff00, 0xff000000, 0xffffffff], @ipv6=@local, [0xff000000, 0xff, 0x0, 0xff], @ipv4=@broadcast, [0xffffffff, 0x0, 0xff], 0x7, 0x1, 0x5c, 0x4e1c, 0x4e22, 0x4e24, 0x4e24, 0x814, 0x20c0}, 0x80, 0x2}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0xae, {0xf, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id=0x65, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0xfffc, 0xd, 0x1}, {0x2, 0x4, 0x3}, 0x1000, 0x100}}}, {{@ip={@multicast2, @broadcast, 0xff, 0x0, 'virt_wifi0\x00', 'batadv_slave_1\x00', {}, {}, 0x0, 0x0, 0x4}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @rand_addr=0x64010101, @empty, @icmp_id=0x68, @port=0x4e22}}}}, {{@uncond, 0x0, 0x98, 0xd0, 0x0, {}, [@common=@icmp={{0x28}, {0x4, "1542", 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @rand_addr, @dev={0xac, 0x14, 0x14, 0x29}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)
madvise(&(0x7f0000267000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r8 = io_uring_setup(0x3450, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r8, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r9 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'veth0_to_team\x00', <r10=>0x0})
sendmsg$nl_route_sched(r9, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=@newqdisc={0x38, 0x24, 0xd0f, 0x3, 0x3, {0x60, 0x0, 0x0, r10, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0xfa, 0xa296}}]}, 0x38}, 0x1, 0x0, 0x0, 0x401c4}, 0x8840)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r8, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x2200}], 0x0, 0xa}, 0x20)
ioctl$TUNSETLINK(r0, 0x400454cd, 0x337)
r11 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r11, 0x4068aea3, &(0x7f0000000180)={0x8f, 0x0, 0x2})

8.316449617s ago: executing program 2 (id=2594):
r0 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85)
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000200)={&(0x7f00000000c0)=@hci={0x1f, 0x0, 0x41}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000040)="623bed114d421d8b1c60ea4388a8", 0x12}], 0x1}, 0x20044001)

8.153151838s ago: executing program 2 (id=2595):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x9, 0x7ffc0002}]})
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
creat(&(0x7f0000000240)='./file0\x00', 0x122)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000400)=@v3={0x3000000, [{0x9}, {0x9, 0x3d9b}]}, 0x18, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r6 = accept$alg(r5, 0x0, 0x0)
sendmsg$alg(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
write$binfmt_script(r6, &(0x7f0000000600), 0xfec8)
recvmmsg(r6, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001cc0)=""/4096, 0x1000}, {&(0x7f0000000240)=""/83, 0x53}], 0x2, 0x0, 0x0, 0x2000000}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)=""/129, 0xee95}], 0x1}}], 0x2, 0xe9, 0x0)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x3c, r4, 0x1, 0x0, 0x0, {}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0xa8}]}, 0x3c}}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x5)

8.1360829s ago: executing program 0 (id=2596):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000180)={@remote, 0x8000000, 0x0, 0xff, 0x1, 0x66}, 0x20)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xd6e})
sendmsg$DCCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0xbc, 0x13, 0x100, 0x70bd2b, 0x25dfdbfd, {0x23, 0x7, 0x24, 0x7, {0x4e24, 0x4e22, [0x8000, 0xffffb289, 0x69f7, 0x3], [0xd, 0x7fff, 0x8, 0x1ff], r3, [0xdb9, 0x5]}, 0xfffffffd, 0xffff}, [@INET_DIAG_REQ_BYTECODE={0x6d, 0x1, "a7ca93a95c573048ea0263d18fed5312dc71091352c571791c75076bd0f7247a6529d482bfcadb09eb118e923dacd773f71071f74b8b7a0ccb867fd116ad0713c82adb4a578eb64ec6fd2ddb4121d12bedc3e01e1efffd8f8f8d60949e03dd18185a0eb193d80d6045"}]}, 0xbc}, 0x1, 0x0, 0x0, 0x40000}, 0x40801)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="2b008728", @ANYRES16=r5, @ANYBLOB="01000000000000000000010000001c000180060001000200000008000300ac1414aa080006000a000000"], 0x30}}, 0x10)

8.050431757s ago: executing program 0 (id=2598):
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32], 0x50)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0088a8000002"], 0x110a)

6.709902602s ago: executing program 0 (id=2599):
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3", 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x34)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, 0x0, 0x4040040)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x110, 0x25, 0xbc, 0x86, 0x20, 0x4e8, 0xff30, 0x34ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x40, 0x0, 0x14, [{{0x9, 0x4, 0xe9, 0xfa, 0x2, 0xf7, 0xef, 0xb4, 0x5, [], [{{0x9, 0x5, 0x1, 0x6e8b2aa4490576db, 0x3ff, 0x3, 0x9, 0x2}}, {{0x9, 0x5, 0x9, 0x2, 0x8, 0xf, 0x40, 0x8}}]}}]}}]}}, 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0x800, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'gretap0\x00', &(0x7f00000003c0)={'ip_vti0\x00', <r3=>0x0, 0x20, 0x10, 0x0, 0x401, {{0x4f, 0x4, 0x1, 0x8, 0x13c, 0x64, 0x0, 0xc0, 0x29, 0x0, @multicast1, @rand_addr=0x64010102, {[@cipso={0x86, 0x1c, 0xffffffffffffffff, [{0x2, 0xc, "ba1b78d6cb476a18a1f9"}, {0x1, 0xa, "433e8480e63f0873"}]}, @lsrr={0x83, 0x17, 0x78, [@loopback, @empty, @rand_addr=0x64010102, @loopback, @dev={0xac, 0x14, 0x14, 0x28}]}, @cipso={0x86, 0x23, 0xffffffffffffffff, [{0x5, 0xb, "fa38245a7de1f61dbd"}, {0x1, 0x7, "4da5fa139f"}, {0x7, 0xb, "64457840ad310d1379"}]}, @cipso={0x86, 0x34, 0x3, [{0x6, 0x10, "22a4d1f5794e290af09af5117a04"}, {0x7, 0xd, "2daf49f43e549502bcf991"}, {0x2, 0x9, "cdd6a0a7085a68"}, {0x5, 0x2}, {0x1, 0x6, "dd04fb00"}]}, @ssrr={0x89, 0xb, 0x92, [@local, @private=0xa010102]}, @timestamp={0x44, 0xc, 0xb8, 0x0, 0x1, [0xfffffffc, 0x6]}, @cipso={0x86, 0x53, 0x0, [{0x6, 0xc, "44f4fc3551a2a74d7486"}, {0x2, 0xb, "cf98499217ac433204"}, {0x1, 0x11, "5219caf8c8c897845036f738edf12d"}, {0x0, 0x9, "96c3bc7ca7d014"}, {0x5, 0x2}, {0x5, 0x3, "f4"}, {0x7, 0x8, "d314da196971"}, {0x7, 0xf, "4953de9685d0797e2d6f8ea0e1"}]}, @cipso={0x86, 0x22, 0x2, [{0x2, 0x5, "857367"}, {0x2, 0xd, "be9ae2d6b74211e572056f"}, {0x0, 0x8, "4b52ea42435c"}, {0x0, 0x2}]}, @lsrr={0x83, 0xf, 0x41, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @dev={0xac, 0x14, 0x14, 0x39}]}]}}}}})
r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r4, &(0x7f0000000240)=[{&(0x7f00000003c0)=""/200, 0xc8}], 0x1, 0x91, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e00000001000000050000000300000000000200", @ANYRES32=r4, @ANYBLOB="010400"/20, @ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="01000000000000040000b952744c39f8433c8d0009000000000000000000000000000000e33d68b132e1dba042b5997b55313b7b0ece4048488b79ccfd390c2b6c596050e3a6ccd95d96893d8f579aee075e1efdf3a4835d2d89288f364b59f53fe5152ae04ca7cff1c4beac12002b8c567dc4a27d06ce8c37574937c2fcaa163bbbbd40b1bf5728fe788804e8bbad2a89078df2a3923b9833f34e6d517bfdb82839e9e1"], 0x50)
r5 = epoll_create1(0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
r7 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000100)={0x20000014})
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r5, &(0x7f0000000600)={0xa0000013})
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000040)={@private=0xa010100, @private=0xa010100, @private=0xa010102}, 0xc)
ppoll(&(0x7f0000000040)=[{r7, 0x1}], 0x1, 0x0, 0x0, 0x0)
close_range(r5, r6, 0x0)

6.216419488s ago: executing program 5 (id=2600):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000001800010000000000fcdbdf25020100000000000900000000060015000400000014001680100008000c0003800825567682f27a8b896990715292df3cdb059ce86edc9e5541ff9967244f476ffc171b1239f5c17e7ca9035e5970373949469f86197c23accb85282974dce2eea794496bc3f2c19fc07f4da76eff16ce84ebdbb30d701dee"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x40040)

5.929113116s ago: executing program 5 (id=2601):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=@newtfilter={0x12c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0xfc, 0x2, [@TCA_CGROUP_EMATCHES={0xf8, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0xec, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x27, 0x7, 0x2000}, {{0x3, 0x0, 0x1, 0x1}, {0x4, 0x1, 0x0, 0x1}}}}, @TCF_EM_NBYTE={0x10, 0x2, 0x0, 0x0, {{0x6f5d, 0x2, 0x2}, {0x6}}}, @TCF_EM_CONTAINER={0x7c, 0x3, 0x0, 0x0, {{0x2, 0x0, 0xfffd}, "3140ab4cbb28fdd32a47248f19c161954970735409f44d61340b7b050d292552db5e58c92f35db8da008d8119d79d77002143b42da0cffe2e08b0f58d4bf646fbe558d9c652a1d95d827236183d9f67672a1550bb084aa8ecb6db98fa53417e20d73ef9f415177dd5aa1b43131244a"}}, @TCF_EM_U32={0x1c, 0x3, 0x0, 0x0, {{0xffff, 0x3, 0x6}, {0x3, 0x1ff, 0x3, 0xb617}}}, @TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x1, 0x7, 0x80}, {{}, {0x2, 0x1, 0x1}}}}, @TCF_EM_CMP={0x18, 0x2, 0x0, 0x0, {{0x800, 0x1, 0x5}, {0x1, 0x5, 0x49a, 0x2, 0x7, 0x2, 0x2}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x12c}}, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000340)={'netdevsim0\x00', &(0x7f0000000400)=@ethtool_flash={0x33, 0xea5, '.\x00'}})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_encap(r4, 0x11, 0x64, &(0x7f0000000080)=0x2, 0x4)
setsockopt$inet_udp_encap(r4, 0x11, 0x68, &(0x7f0000000000)=0x3, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, 0x0, 0x7, 0x5, 0x0, 0x0, {0x3, 0x0, 0x7}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0)
r6 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000200)=[@uexit={0x0, 0x18, 0x5b}, @out_dx={0xaa, 0x28, {0x2da2, 0x1, 0x4}}, @set_irq_handler={0xbe, 0x20, {0x5e}}, @wr_crn={0x46, 0x20, {0x0, 0x5}}, @out_dx={0xaa, 0x28, {0x1d2e, 0x4, 0x1ff}}, @wrmsr={0x1e, 0x20, {0x213, 0x6}}, @wr_crn={0x46, 0x20, {0x3, 0x6}}, @wr_drn={0x6e, 0x20, {0x1, 0x40}}, @rdmsr={0x32, 0x18, {0x996}}, @uexit={0x0, 0x18, 0x12c}, @code={0xa, 0x60, {"c40279ba6cb2f1260fc7b97800000066baf80cb870755c85ef66bafc0ced400f01c8c401485f20400f01c43666400f009ed658205266baf80cb8cd5f4380ef66bafc0cecc441211631c4217c536e00"}}, @wr_drn={0x6e, 0x20, {0x5, 0x4}}, @wr_drn={0x6e, 0x20, {0x7, 0x4}}, @wrmsr={0x1e, 0x20, {0xa51, 0xdfb}}, @wrmsr={0x1e, 0x20, {0x412, 0xb1}}, @wr_crn={0x46, 0x20, {0x2, 0x10001}}, @rdmsr={0x32, 0x18}, @in_dx={0x82, 0x20, {0x25ce, 0xd}}, @set_irq_handler={0xbe, 0x20, {0xb4}}, @wr_crn={0x46, 0x20, {0x8, 0x3}}, @out_dx={0xaa, 0x28, {0x3a64, 0x0, 0x80000001}}, @wrmsr={0x1e, 0x20, {0x40000104, 0x9}}, @wrmsr={0x1e, 0x20, {0xb59, 0x7f}}, @wrmsr={0x1e, 0x20, {0x9ee, 0xf}}, @set_irq_handler={0xbe, 0x20, {0xce, 0x1}}, @wr_crn={0x46, 0x20, {0x8, 0x8}}, @in_dx={0x82, 0x20, {0xc22, 0x4}}, @wr_crn={0x46, 0x20, {0x2, 0x7}}, @wr_crn={0x46, 0x20, {0x4, 0x8}}, @uexit={0x0, 0x18, 0x8}], 0x3f0})
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)={0x5, 0x0, [{0x32e, 0x0, 0x6}, {0x61c, 0x0, 0x7}, {0x87a, 0x0, 0x8}, {0x4c1, 0x0, 0xedc5}, {0x90d, 0x0, 0x16b}]})

4.941390621s ago: executing program 5 (id=2604):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x22, 0x2, 0x24)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$rtl8150(r2, 0x0, 0x0)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
read(r3, 0x0, 0x300)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009"], 0x0)
syz_open_dev$midi(0x0, 0x500, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r4 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000001c0)=0x2)
ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x200, 0x2, {0x4, @pix={0x7, 0x8, 0x34565559, 0x2, 0x800000, 0xfffffff3, 0x5, 0x983e, 0x1, 0x3, 0x2}}, 0x9})
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @empty, 0x4e20, 0x3, 'lblc\x00', 0x4, 0xa7e, 0x1a}, 0x2c)
r6 = socket$kcm(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8982, 0x0)
r7 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x5, 0x8, 0x5c}, {@remote, 0x4e23, 0x3, 0xcd}}, 0x44)
sendmsg$sock(r6, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

4.645454413s ago: executing program 1 (id=2605):
r0 = syz_usb_connect$lan78xx(0x0, 0x3f, &(0x7f0000000dc0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000002c0)={0x34, &(0x7f00000007c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000940)={0x34, &(0x7f0000000680)=ANY=[@ANYBLOB="4a0047a0"], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000000c0)={0x84, &(0x7f0000000e00)=ANY=[@ANYBLOB="54859912d2f09ca1b99a00d2bb4e139d8f9320789d350466b294adecbc2cd556b0158f17448f555409b47f90e0bf30db48d622bd8a8d84c36d68cd6890134686bcac93faab1df6799d8c999919f641f5043514af85fffcacca8cbf959754282141198b384a04cfcac660737a77742055dfdfeb77f2481be2b3dd0b65d92b0fb6f30f07a6070cd217d3817d2a14c640c4486445a7d8438cdc02414d25b86539427ccede5a3430ce12e8409f6eb2bcdfbace956b2dd24b50430c4b6a85b81b1502e21a3d259796a19b788afd03e11907b2a23b44fcfd999b0fc06c994290c8bc8921fb85e77150a1ed2e2a79a864c53f6ecf58d2c9577e0c3303161ed53869237edb1ba0900651381b09a3c20793f109fc04c48712850fdf8abee6b6ec5dd7b32329583fb79fe144491dd1c947f6e03452ba11b2b27a4c16d4bd79295f9bba96f1cbc2fcf495d6b3407396bc8907fabeae72c0b8612fba917629a3c914998e110010ecf21aea8c73975b364106aaf8bc87c6dec95bd785efeb0c0539e1bb8ff5a7c0c59b352f08c1a25047094e2ac8c4f560aaf6bb9535ad52360b43d16bc6240e458e3a1fce264048aec330420c4f8b2c9e1b276c4e684e20e17b0a7f91c45f4be5470cb2adc9952a3b28cb774d407892b575ee30e9f55c85edd1dfc30d0f66034079e27b75b49ce7a3fe804dc85daa21e45cb2ab0f22afe0b87d43d6fc3022d68771250fd0f05a9ebefa23020550b0de0f751149ed2f6099f7d6b3c45698fa18c45cc8b0d067a32da412c431d1e738090b9390585ce92004cf059925d64b59f6b00e22b68a5f0828823beada76b678b9e90779c88e0624cd170c8a1069f92b13340bd38b51cc5b4a102a768462ad2ba0933064904feef2262c0823fd32804e6c9c56f60eeb2cdaf9a08b951aa0ec6a3e7ee28326c2b3cb2f0a1eaf9961714e81a1f4a4a2d98bae4bdecfa45cc7adbb28445a3ebf1fcad30bd56d59c8963470cd45295471701d32158154f682f4b1193f2ad1befefbc9ab4907478da4a35cf66ca1bd1cf53cbc0d2f076afcf48a4ed3af678520bbbe01909f29f12339b301a026f0c3b6e6dcde34982158ebf592dbeaf16bf29ef75a203367ea2880dc1d1b5293f94c9aa8df8ecad824f5d995dd5e4b9c540859c64a6b77639a3e5455fa8d715a05907a01a8fed74e2f49aefeeb16b9284f83d8793497920b3fa0112343993554d48a977f1ac6212e71da131e0172f630d7bc1e589b30561930c716d45c15d055f9d3e8047193380ff7f65019dd66d3087d4e08715a02009772caea30d437de36007ad718fc76f43fc6c7a7b6941f20c0425a55d35c6a02d8efa7e33eead9aecb153774284b92622e41167404c052bb37ac0f852bf760083e1aba36b112e959da05c607ee06bc6bfc901095b76d675257169878b12aea0e433b4a3c68baae5d193ea1a5efe1fe4a3e62593330883e2d3e42172f044f2afe15142cd87db9f226d03877a54cc1f04a6f8fb5a0ce1c96ad0809e77d849e3c14b7aa04b9e7a444618b163683ce7ae7531a621b8c1db2a4ae56b6b73b8a2358de8fcc721faa2e0eec409a7492a86a8f35500662a31673f47844c9e5d385af7a601905249e69b7fc8bba8d9f6cefc03e5efa2cf5f9e7bc951fdce88a2b44ee91980815911c2765365d8317a00592d0622b83d35da460e74df0c73d7943651e21440b4b50d811b0bf3254cc15e5a69fb8b51302662c46eb167942fc7ac7c4173eb98e376514a6840fbf588da21d7157d15aa9caafd5d79e7c27d7bd88edcaa1d2eb761a40aaf629bbe9f44cba3a513dd935ec12e0a7031676d7a2737c60c4b9b40920acbc21ca65f90c73679689a021823f7f6a0aafcc2ed33151a1f776a0166c3951b61c5a432b13024fc526dcb940ab6b1b22a6f8443678f4c81137f241cf0b867c0c86553f1f53ca9f196d9e186858f100e8b768b28519ff5833386bedc99ef72079863ec132c6887190648eb3147953850edfba7cc70298dfc3e666b75b38a2f839814bf3752eef246c628bd442c5e0c851c48f073d1f5fac07ef1a3a2a626e6a24e480e8fa1ca1c552d5f95d2c4050b5e65e6fd983a7f00a10ea6e80d7f6d2e5da193a885cbc6b7315e47f3958504eb085877ff10d57183da6961377745869cc74b4e0a90e7cb2285294a0ea409512b13ec1f63e15497c2b4ea18e97bc3fb22494f61e92dcc442ecd9e8a4ac571ce34b3620c0e21c2031b882edc280002ac1593aa0bcc1b688ad3717a9e57d5c8269ca624bd4c8ab7d6b18e73dd707a34eeea7665e0eb2f394913269b726d3401a4ae9d63fb6de7e4c910db64872ed42676e052cc03522a4ace937d0d9852dde130d86d619555b57e0ce91590ee82def2831fd89c8c65ec1288eaf1546b4e09eae520414c69efe982484a6dca8ecaf2d2155ac3b716ebe162a60f920999785c95fb374ccc7faf4dd73606aab255aa8d78d5955da85c826d60f627da97dda2fbe35f1fedbd401f71d7b9853fd41296dcbf1586442a1aee4286bdb2fddac28e3da9fdb3c2a1915c7f6fe44f0a195f9bf0b84a15d0116d2a7fe489e484034482e4f7152b48bc03d09a856073e66a1adbcea10ab1bb04ac745f2dc78bf5a9f5e19525bd48b090f775a3dde5f6bbf0573864f48f8830b0c42fd839471b7d3218f15e1d93b01870e622428ca3605aeca7cdf88493af6a5f7091bd78abff8a33fe8947082e7d80fdb8c64f6d6fd8b2f467a9c9a1765c4a3315d806e5a2f93b735c728d85b4454a3810cfdd6b5f19fe6088884eb252b5e8a6906bd5163c39d147ac055081e223d64a323f4d7158293328c876023c0802cfb0b892dba65e4f1ce39d96e222b12683494028f296eee256410353567602e2a7f26c876250da004b689166c33abb9aa28d1a9ec038817e31ef8e6534648090020aa0110e398c496c59bf226005b3a88bc71f0564eee52af33afb51f2421572dcec54899c613ca1c22e5da050c39c130a32f3cd59d0a191f556e17d272bb28483fe9b985d6f006b1ff5fefb31c62f93645024a574700bfc05962b84b5593fed0f7a5a03ee96bb710ed5376d3fc6c94711766da263c084342e566c0e9bf31dc2179cc9c43eca30d153414c4d71e03e2c81078f908fdda7216d18f3d6b77c702abb3b234ff9168e85a560cdcc89e350e019e4047840ae2707ae6866803bc76234efe99c6c8a0c14d536db8b96574314756465066e00d89f73dffb767c89754289c30fbf3c3b8b71e046b19f0d4e3ba6542f11e24619ba9b37cada339438d8957f41c9790bf166382387db67db0b2f9bcd6c81b9fde8343026fbc1f43cab359b1140d8498c666b16cfc2d0dde745515203202cfbc66155e67c85e4b53a5f7659d03d152146440793af7cb7e51f1714ef8526155b0b0841be0a846f81ffa38bebffb4d18a949a0e54800f4a19008bda848899035af4895f0a91eb29a0f61e4a78745bcdfabcc02b5c89de2447f124493bce531f127da214b0ecc1aa89b141f1686edd552757d9d6f91463861a41f45b3c989b915d75dcac86e9624d2ec6411d92cb4f9a75c1e0fcadb14b9ce1bd885a34e332a8bfdbc9f9e4d7c9ae754547ddaf5eb88a3d0d53a3d1dae73c7e04023dba8cc1e3df8ca79a957040cf39edcfa0e18efabf7dc75c45e47c7f76ef84162b0c7bb98408b68d499f7b4c50417a1713326b8e2514959446734d0a9958e65f5c6c2e5a90f14c13554d6d10c624345d58340a058cb46e173b5631d5274b78751b010c5d57a3e17ec585c58efb1d198397b4e19fd6365944848b1a643391f1f5672467c6c3d6ff837f2957cb0aac1b52a14d6164fd9ce755c5f0dcb048ca01c9aa5d72b75f8b548d71cd41d0bf916f2ce6cdbfccfeb77feca28fc0e2c095bb876184dccef20aabd7d5c30eaa8f1acfab34383c02f5954c0c881d95bea9ba6e8d1a64a441ad3ce9927530cc07a79b8da0a62c5c800c6cee960acb482915ebe725760a3056381acceb0ad54ee3eb133570726865b7f523d8a326104ae10e8bc3d12080fb730f27ce75735d82d4e5f71b5b886fec5555e082c2922ed646d7f6a8cd2b88a6c08493157e33ba53488105d25ba1e62f3e09cd3cd79535842eafd3726ff3ac531bf7d2ce18b263210c18bb84510a8a52c5d6539557b6e90d90f6d618491f65116349c42e8d74bb76dc58703d279088754010403d5a9a4eec28a8e1e16cb4a46d8e60b3fe4d3c3276b175832978238a9a87d895df5c21113a09b5dea8840c6bf3d52809cfb19abd043074c04947636149ae499694aa3c65d258c39f969a2fbcd13f5dea2e9b071a08bf6fafc8a8f59eb0624c6a0d04eeff0ee04fa8cfc6dc648f7b927a1f0356e79ce2a2c72dd89de4d7858d9fe493d41f48c4fe3d0780bd1b03f7156af0753a0f82881fd4dcd163fbd095f8c118bb1324992fb6938f75807ba2850521aa8cb779f874cc2d3e766c7a31210d81f6c9400e919fb6850810062eb8030d9664c77d057653689d93135182971289bf2f040d2ee297fb9cd1bf5d8643d6ce8cd0eef722356dd260ed3b7b8ae33677ef686500c1b610253edf9993bed306316c638297f75fb24cdd4f39a0bea9fa32dedb29a36e179e0cfdf834892fe7e23bba04a4e1e6a03526cf524038edfbca0b714e444ca51147c266c5b06bdb280d75391a03c38420dcf4eee237e78121cedc454fe49be3da41897169730678460ffd90f77ec230dfce81bec5a6949c317e230256c18327da6d886e4e8f6d7aa3d9802967ba66e2c9c7efcdd84bc8e91df98c51678892cfce2c327e51e736183d7dc2d2639debef3c40cb443425a1dcfbaef1e3c7a557ff930e60a342a4809cd0793bca7cf1ae8ee28ca2fc058a887be6ad36d6399ad7b7e684df2c6ec3945d05a64a5824a2619ff3d89f16e85a2f49dba9c7515f731dcd791d548b2e08b4125b67d99d5d9c1f541a4716079a717fc2ececd36e33f8c82c160f85bf4d42d603da91cd00f79d9cc47a2059914f02cedbf5be45c111cb8dff77970b4f0871a55a51459e2a0ec2ffc37179c7ff9e5638e11b385db293a452bfacd", @ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
capset(0x0, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
connect$l2tp6(r4, 0x0, 0x0)
sendmmsg$inet6(r4, &(0x7f0000000180), 0x0, 0x20004080)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r7, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
r8 = syz_open_pts(r7, 0x141601)
fcntl$setstatus(r5, 0x4, 0x142000)
write(r8, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000100)=0xe)
close_range(r6, 0xffffffffffffffff, 0x0)
ioctl$TIOCSSOFTCAR(r1, 0x541a, &(0x7f0000000080)=0x3)
syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.538508058s ago: executing program 0 (id=2609):
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32], 0x50)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="1c0088a8000002"], 0x110a)

2.301873973s ago: executing program 0 (id=2610):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f00000000c0)=@gettaction={0x3c, 0x32, 0x301, 0x0, 0x0, {}, [@action_gd=@TCA_ACT_TAB={0x14, 0x1, [{0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}]}, @action_dump_flags=@TCA_ROOT_FLAGS={0xc}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x80000000}]}, 0x3c}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
iopl(0xff)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r6, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x4b564d05}]})
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="00009766d61c0567149422d0c4a0ed0400", @ANYRES16=r2, @ANYBLOB="050004000000fedbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="44000e0080000000080211000001ffffffffffff0802110000000000000000000000000004000000000601010101010125030103083c0401073c0271070101000101f00818000e8005000300d9000000060002006378000004000100080026006c09000008000c006400000008000d0000000000"], 0x90}}, 0x0)

2.057667593s ago: executing program 3 (id=2612):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=@newlink={0x84, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x50, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0x38, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MULTICAST_ROUTER={0x5, 0x19, 0x3}, @IFLA_BRPORT_UNICAST_FLOOD={0x5, 0x9, 0x1}, @IFLA_BRPORT_VLAN_TUNNEL={0x5, 0x1d, 0x1}, @IFLA_BRPORT_NEIGH_SUPPRESS={0x5}, @IFLA_BRPORT_BCAST_FLOOD={0x5}, @IFLA_BRPORT_FLUSH={0x4}, @IFLA_BRPORT_STATE={0x5, 0x1, 0x3}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x84}, 0x1, 0x0, 0x1000000, 0x20044010}, 0x0)

2.012540715s ago: executing program 3 (id=2613):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
keyctl$describe(0x6, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000014c0)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r5, 0x1, 0x46, &(0x7f0000000180)=0x7b, 0x4)
r6 = dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000000040)={0xeeef0000, 0x114000, 0x1})
setuid(0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
r10 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_GET_NESTED_STATE(r11, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0xfffffffffffffcfd}})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r12, 0x0)
getsockopt$bt_hci(r9, 0x84, 0x0, &(0x7f0000002a80)=""/4084, &(0x7f0000000000)=0xff4)
setsockopt$inet_sctp6_SCTP_CONTEXT(r8, 0x84, 0x83, &(0x7f0000000080), 0x8)
ioctl$KVM_RUN(r7, 0xae80, 0x0)

1.744076531s ago: executing program 3 (id=2614):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x1})
accept4(r0, &(0x7f0000000080)=@vsock={0x28, 0x0, 0x0, @my}, &(0x7f0000000140)=0x80, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001040)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890)
socket$kcm(0x29, 0x2, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = fsopen(&(0x7f0000000000)='erofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000240)='source', &(0x7f0000000380)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\'Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce\x14\\/\\\x00\x00\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9H\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000001580)={0x0, 0x0, &(0x7f0000001540)={&(0x7f0000000240)=ANY=[@ANYBLOB="240100001600010428bd700000000000fe8000000000000000000000000000bbfc01000000000000000000000000000100040000000000000000a00000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="ff02000000000000000000000000000100000000330000000a0101010000000000000000000000000000000000004e340100000000000000000000000000000004000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000a0000002bbd70000000000000000200000000000000000008000020ffffffdf2c0027cc"], 0x124}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000600)=@gettclass={0x24, 0x2a, 0x20, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xffff, 0xc}, {0xffff, 0x4}, {0x4, 0x8}}, ["", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x20000880)
getsockopt$sock_buf(r2, 0x1, 0x37, &(0x7f0000000440)=""/185, &(0x7f00000002c0)=0xb9)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000002a40)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xd}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048090)
r10 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r10, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a85d88a8", 0x16, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r8, 0x1, 0xd8, 0x6, @multicast}, 0x14)

1.730010008s ago: executing program 0 (id=2615):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x32cc0000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[], 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r6 = syz_open_dev$dri(0x0, 0xd21, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r6, 0xc0086426, &(0x7f0000000000)={0x9, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
getrandom(0x0, 0x0, 0x3)
syz_open_dev$usbmon(&(0x7f0000000200), 0x6, 0x4c0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x310, 0x18, 0x6, 0x2d, 0x40, 0x5ac, 0xb231, 0x8500, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xb0, 0x1, 0x60, 0x49, [{{0x9, 0x4, 0xda, 0x7, 0x0, 0xff, 0xfd, 0x1, 0x6}}]}}]}}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x16, &(0x7f00000001c0)=@string={0x16, 0x3, "3e640c7bbdd03141e94d8e60ed7809d897d9d9df"}}]})
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x400000f, 0x50032, 0xffffffffffffffff, 0x0)

1.612709039s ago: executing program 1 (id=2616):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
timer_create(0x7, &(0x7f0000000100)={0x0, 0x2b, 0x4, @thr={0x0, &(0x7f0000000440)="8764b29167d07144350bdb18b3082b39c81af1c231ab9e6898294d0397e485e35d09a9d9dae45cfc967d3ed64d7e95efcb3838a9cdca37b22b2992271396beeea67bfb8e4564271cd2b1cc5d3bd0d0"}}, &(0x7f00000003c0))
writev(r0, &(0x7f0000000100), 0x1)

1.554539378s ago: executing program 3 (id=2617):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={0x0, {0x2, 0x0, @local}, {0x2, 0x4, @dev={0xac, 0x14, 0x14, 0x43}}, {0x2, 0x4e24, @multicast1}, 0xc, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x7, 0xfffffffffffffffc, 0x2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0x80, 0x25, 0x20000004, 0x7f, 0x44233, 0x0, 0x81, 0x9c1, 0x8001, 0x1005, 0xc, 0x4db6, 0x0, 0xfffffdfffffffffd], 0x2000, 0x80300})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x80, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1.471063604s ago: executing program 1 (id=2618):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x0, 0x0}, 0x10)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x5000000, 0x0, 0x0)

1.280191464s ago: executing program 1 (id=2619):
syz_usb_connect(0x0, 0x36, &(0x7f0000000800)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109022400010000000009040000025c291d0009050900000000060009050a"], 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x400, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r1, &(0x7f00000001c0)='N', 0x1, 0x80, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000100), &(0x7f00000001c0)=0x8)
prctl$PR_MCE_KILL(0x21, 0x0, 0x1)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x35}}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c)
r2 = fcntl$dupfd(r0, 0x0, r0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f00000001c0)=0x40)

941.487633ms ago: executing program 3 (id=2620):
socket$inet_udp(0x2, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlockall(0x2)
r2 = shmget$private(0x0, 0x400000, 0x8, &(0x7f000000e000/0x400000)=nil)
shmctl$SHM_LOCK(r2, 0xb)
shmat(r2, &(0x7f0000ffd000/0x1000)=nil, 0x7000)

405.037046ms ago: executing program 5 (id=2621):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000001c0)={0x6, 0x2, 0x3, 0xe242, 0x5, "73c4621e981c7b82f57db5682167230c2e0b4b", 0x2, 0x4})
r1 = socket(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x3a, 0x1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x2, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
r6 = syz_open_procfs(0x0, &(0x7f00000007c0)='net/mcfilter\x00')
preadv(r6, &(0x7f0000001b80)=[{&(0x7f00000000c0)=""/92, 0x5c}], 0x1, 0x62, 0xfd4c)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305-generic\x00'}, 0x58)
r8 = accept4(r7, 0x0, 0x0, 0x0)
r9 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
r10 = fsmount(r9, 0x0, 0x0)
fchdir(r10)
getcwd(&(0x7f0000000000)=""/4096, 0x1000)
accept4$alg(r8, 0x0, 0x0, 0x80800)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TIOCL_GETMOUSEREPORTING(r6, 0x541c, &(0x7f0000000200))
r12 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_GET(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r12, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24004864}, 0x4c000)
r13 = socket$nl_route(0x10, 0x3, 0x0)
r14 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x17ef, 0x6009, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x60, 0x1f, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x406, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x9, 0x8, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io(r14, 0x0, 0x0)
syz_usb_control_io(r14, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000001040)={'vlan0\x00'})

0s ago: executing program 3 (id=2622):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x169a41, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
io_setup(0x10000, &(0x7f0000000180))
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000440)={r1, 0x0, {0x0, 0x0, 0x0, 0x8, 0xc6d1, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78d09843d601010000000000080d0ec0c1b4e9b1c4369d03740250ceaac594b1b3c741dd17c18e8438ef2a565e04603323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
r3 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.E\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040))
renameat2(r4, &(0x7f00000000c0)='./cgroup\x00', r4, &(0x7f0000000440)='./cgroup\x00', 0x2)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r1)
ioctl$PPPIOCGNPMODE(r0, 0x4004743c, 0x0)

kernel console output (not intermixed with test programs):

  598.555871][T13088] usb 2-1: device descriptor read/8, error -71
[  598.664461][T13088] usb usb2-port1: unable to enumerate USB device
[  598.695234][T13088] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  599.151607][T14265] netlink: 'syz.3.2248': attribute type 1 has an invalid length.
[  599.325401][T14265] bond3: entered promiscuous mode
[  599.332555][T14265] bond3: entered allmulticast mode
[  599.340235][T14265] 8021q: adding VLAN 0 to HW filter on device bond3
[  599.349751][T14270] FAULT_INJECTION: forcing a failure.
[  599.349751][T14270] name failslab, interval 1, probability 0, space 0, times 0
[  599.363635][T14270] CPU: 0 UID: 0 PID: 14270 Comm: syz.5.2249 Not tainted syzkaller #0 PREEMPT(full) 
[  599.363649][T14270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  599.363656][T14270] Call Trace:
[  599.363663][T14270]  <TASK>
[  599.363671][T14270]  dump_stack_lvl+0x189/0x250
[  599.363698][T14270]  ? __pfx____ratelimit+0x10/0x10
[  599.363721][T14270]  ? __pfx_dump_stack_lvl+0x10/0x10
[  599.363743][T14270]  ? __pfx__printk+0x10/0x10
[  599.363763][T14270]  ? __pfx___might_resched+0x10/0x10
[  599.363777][T14270]  should_fail_ex+0x414/0x560
[  599.363795][T14270]  should_failslab+0xa8/0x100
[  599.363807][T14270]  __kmalloc_cache_noprof+0x6f/0x6f0
[  599.363820][T14270]  ? __asan_memset+0x22/0x50
[  599.363831][T14270]  ? alloc_netdev_mqs+0xbf8/0x11b0
[  599.363847][T14270]  alloc_netdev_mqs+0xbf8/0x11b0
[  599.363863][T14270]  rtnl_create_link+0x31f/0xd10
[  599.363879][T14270]  rtnl_newlink_create+0x25c/0xb00
[  599.363892][T14270]  ? __mutex_lock+0x5bb/0x1350
[  599.363909][T14270]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  599.363921][T14270]  ? __pfx___mutex_lock+0x10/0x10
[  599.363939][T14270]  ? ns_capable+0x8a/0xf0
[  599.363953][T14270]  rtnl_newlink+0x16e4/0x1c80
[  599.363968][T14270]  ? netlink_deliver_tap+0x19c/0x1b0
[  599.364000][T14270]  ? __pfx_rtnl_newlink+0x10/0x10
[  599.364032][T14270]  ? kasan_quarantine_put+0xdd/0x220
[  599.364052][T14270]  ? lockdep_hardirqs_on+0x9c/0x150
[  599.364078][T14270]  ? nlmon_xmit+0xb0/0x100
[  599.364095][T14270]  ? kmem_cache_free+0x19b/0x690
[  599.364132][T14270]  ? __local_bh_enable_ip+0x12d/0x1c0
[  599.364151][T14270]  ? lockdep_hardirqs_on+0x9c/0x150
[  599.364172][T14270]  ? __local_bh_enable_ip+0x12d/0x1c0
[  599.364189][T14270]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  599.364210][T14270]  ? __dev_queue_xmit+0x27b/0x3b50
[  599.364228][T14270]  ? __dev_queue_xmit+0x27b/0x3b50
[  599.364243][T14270]  ? __dev_queue_xmit+0x27b/0x3b50
[  599.364265][T14270]  ? __dev_queue_xmit+0x1d79/0x3b50
[  599.364277][T14270]  ? kasan_save_track+0x3e/0x80
[  599.364290][T14270]  ? __kasan_slab_alloc+0x6c/0x80
[  599.364305][T14270]  ? __lock_acquire+0xab9/0xd20
[  599.364329][T14270]  ? __pfx_rtnl_newlink+0x10/0x10
[  599.364343][T14270]  rtnetlink_rcv_msg+0x7cf/0xb70
[  599.364359][T14270]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  599.364374][T14270]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  599.364386][T14270]  ? ref_tracker_free+0x63a/0x7d0
[  599.364396][T14270]  ? __asan_memcpy+0x40/0x70
[  599.364408][T14270]  ? __pfx_ref_tracker_free+0x10/0x10
[  599.364423][T14270]  netlink_rcv_skb+0x208/0x470
[  599.364439][T14270]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  599.364453][T14270]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  599.364474][T14270]  ? netlink_deliver_tap+0x2e/0x1b0
[  599.364487][T14270]  netlink_unicast+0x82f/0x9e0
[  599.364505][T14270]  ? __pfx_netlink_unicast+0x10/0x10
[  599.364519][T14270]  ? netlink_sendmsg+0x642/0xb30
[  599.364527][T14270]  ? skb_put+0x11b/0x210
[  599.364539][T14270]  netlink_sendmsg+0x805/0xb30
[  599.364554][T14270]  ? __pfx_netlink_sendmsg+0x10/0x10
[  599.364565][T14270]  ? aa_sock_msg_perm+0xf1/0x1d0
[  599.364580][T14270]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  599.364590][T14270]  ? __pfx_netlink_sendmsg+0x10/0x10
[  599.364600][T14270]  __sock_sendmsg+0x21c/0x270
[  599.364615][T14270]  ____sys_sendmsg+0x505/0x830
[  599.364629][T14270]  ? __pfx_____sys_sendmsg+0x10/0x10
[  599.364645][T14270]  ? import_iovec+0x74/0xa0
[  599.364659][T14270]  ___sys_sendmsg+0x21f/0x2a0
[  599.364671][T14270]  ? __pfx____sys_sendmsg+0x10/0x10
[  599.364701][T14270]  ? __fget_files+0x2a/0x420
[  599.364710][T14270]  ? __fget_files+0x3a0/0x420
[  599.364725][T14270]  __x64_sys_sendmsg+0x19b/0x260
[  599.364737][T14270]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  599.364753][T14270]  ? __pfx_ksys_write+0x10/0x10
[  599.364774][T14270]  ? do_syscall_64+0xbe/0xfa0
[  599.364799][T14270]  do_syscall_64+0xfa/0xfa0
[  599.364818][T14270]  ? lockdep_hardirqs_on+0x9c/0x150
[  599.364840][T14270]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  599.364851][T14270]  ? clear_bhb_loop+0x60/0xb0
[  599.364863][T14270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  599.364873][T14270] RIP: 0033:0x7f056438f6c9
[  599.364883][T14270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  599.364892][T14270] RSP: 002b:00007f056527b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  599.364904][T14270] RAX: ffffffffffffffda RBX: 00007f05645e5fa0 RCX: 00007f056438f6c9
[  599.364912][T14270] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  599.364918][T14270] RBP: 00007f056527b090 R08: 0000000000000000 R09: 0000000000000000
[  599.364924][T14270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  599.364930][T14270] R13: 00007f05645e6038 R14: 00007f05645e5fa0 R15: 00007f056470fa28
[  599.364947][T14270]  </TASK>
[  600.082094][T14276] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2254'.
[  600.095998][T14276] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  600.384813][T13780] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  600.536711][T13780] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  600.546742][T13780] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  600.565258][T13780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.577818][T13780] usb 2-1: config 0 descriptor??
[  600.877159][T13779] usb 6-1: new high-speed USB device number 75 using dummy_hcd
[  600.937728][T14296] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  600.992210][T13780] hid_parser_main: 28 callbacks suppressed
[  600.992231][T13780] hkems 0003:2006:0118.0013: unknown main item tag 0x0
[  600.994525][T14298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2260'.
[  601.007566][T13780] hkems 0003:2006:0118.0013: unknown main item tag 0x0
[  601.023474][T13780] hkems 0003:2006:0118.0013: unknown main item tag 0x0
[  601.031121][T13780] hkems 0003:2006:0118.0013: unknown main item tag 0x0
[  601.038531][T13780] hkems 0003:2006:0118.0013: unknown main item tag 0x0
[  601.056219][T13779] usb 6-1: config 0 has too many interfaces: 202, using maximum allowed: 32
[  601.065307][T13779] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  601.078143][T13780] hkems 0003:2006:0118.0013: hidraw0: USB HID v0.00 Device [HID 2006:0118] on usb-dummy_hcd.1-1/input0
[  601.092734][T13779] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 202
[  601.107348][T13780] hkems 0003:2006:0118.0013: no inputs found
[  601.107368][T13780] hkems 0003:2006:0118.0013: force feedback init failed
[  601.111184][T13779] usb 6-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  601.111209][T13779] usb 6-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3
[  601.111229][T13779] usb 6-1: Product: syz
[  601.111245][T13779] usb 6-1: Manufacturer: syz
[  601.111259][T13779] usb 6-1: SerialNumber: syz
[  601.114537][T13779] usb 6-1: config 0 descriptor??
[  601.126818][T13779] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  601.287782][T14304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  601.301413][T14304] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  601.367499][T13779] snd-usb-audio 6-1:0.0: probe with driver snd-usb-audio failed with error -2
[  601.368121][T14307] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2262'.
[  601.386672][T13088] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  601.400088][T13790] usb 2-1: USB disconnect, device number 77
[  601.416972][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  601.566156][T13088] usb 1-1: config 0 has an invalid descriptor of length 172, skipping remainder of the config
[  601.576644][T13088] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  601.585833][T13088] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  601.595098][T13088] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.606566][T13088] usb 1-1: config 0 descriptor??
[  602.443453][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  602.443472][   T30] audit: type=1800 audit(1762411545.380:1795): pid=14324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2266" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  602.481497][T14324] program syz.3.2266 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  602.492782][T14324] x_tables: duplicate underflow at hook 2
[  603.777459][T13790] usb 6-1: USB disconnect, device number 75
[  603.862911][T14349] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2271'.
[  603.872227][T14349] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2271'.
[  605.660266][T13779] usb 1-1: USB disconnect, device number 72
[  605.833351][T13791] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  606.187157][T13791] usb 4-1: unable to get BOS descriptor or descriptor too short
[  606.200986][T13791] usb 4-1: unable to read config index 0 descriptor/start: -71
[  606.208740][T13791] usb 4-1: can't read configurations, error -71
[  606.413235][T14390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  606.426574][T14390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  606.517700][T14392] FAULT_INJECTION: forcing a failure.
[  606.517700][T14392] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  606.532996][T14392] CPU: 0 UID: 0 PID: 14392 Comm: syz.0.2282 Not tainted syzkaller #0 PREEMPT(full) 
[  606.533021][T14392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  606.533036][T14392] Call Trace:
[  606.533044][T14392]  <TASK>
[  606.533052][T14392]  dump_stack_lvl+0x189/0x250
[  606.533080][T14392]  ? __pfx____ratelimit+0x10/0x10
[  606.533103][T14392]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.533125][T14392]  ? __pfx__printk+0x10/0x10
[  606.533144][T14392]  ? __might_fault+0xb0/0x130
[  606.533178][T14392]  should_fail_ex+0x414/0x560
[  606.533207][T14392]  _copy_from_user+0x2d/0xb0
[  606.533230][T14392]  do_sock_getsockopt+0x17d/0x450
[  606.533252][T14392]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  606.533271][T14392]  ? __fget_files+0x2a/0x420
[  606.533287][T14392]  ? __fget_files+0x3a0/0x420
[  606.533302][T14392]  ? __fget_files+0x2a/0x420
[  606.533326][T14392]  __x64_sys_getsockopt+0x1a5/0x250
[  606.533354][T14392]  do_syscall_64+0xfa/0xfa0
[  606.533375][T14392]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.533397][T14392]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.533457][T14392]  ? clear_bhb_loop+0x60/0xb0
[  606.533478][T14392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.533495][T14392] RIP: 0033:0x7f8ef4d8f6c9
[  606.533511][T14392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  606.533527][T14392] RSP: 002b:00007f8ef5cd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  606.533547][T14392] RAX: ffffffffffffffda RBX: 00007f8ef4fe5fa0 RCX: 00007f8ef4d8f6c9
[  606.533560][T14392] RDX: 0000000000000487 RSI: 0000000000000000 RDI: 0000000000000003
[  606.533571][T14392] RBP: 00007f8ef5cd8090 R08: 0000200000001680 R09: 0000000000000000
[  606.533584][T14392] R10: 0000200000001640 R11: 0000000000000246 R12: 0000000000000001
[  606.533595][T14392] R13: 00007f8ef4fe6038 R14: 00007f8ef4fe5fa0 R15: 00007f8ef510fa28
[  606.533626][T14392]  </TASK>
[  607.134138][T13088] usb 1-1: new full-speed USB device number 73 using dummy_hcd
[  607.206593][T14412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2288'.
[  607.390697][T14414] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  607.537955][T13088] usb 1-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  607.607119][T13088] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  607.717835][T13088] usb 1-1: config 0 descriptor??
[  607.765942][T13088] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  607.937014][T14397] input: syz0 as /devices/virtual/input/input66
[  608.034414][T13779] usb 6-1: new high-speed USB device number 76 using dummy_hcd
[  608.248656][T13088] gp8psk: usb in 128 operation failed.
[  608.304665][T13779] usb 6-1: Using ep0 maxpacket: 16
[  608.317874][T13779] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  608.329732][T13779] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  608.343921][T13779] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  608.370491][T13779] usb 6-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=f6.59
[  608.381592][T13088] gp8psk: FW Version = 68.248.173 (0x44f8ad)  Build 2048/49/50
[  608.381886][T13779] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.408655][   T30] audit: type=1326 audit(1762411551.350:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.431366][T13779] usb 6-1: Product: syz
[  608.439433][T13779] usb 6-1: Manufacturer: syz
[  608.452612][T13779] usb 6-1: SerialNumber: syz
[  608.464694][T13779] usb 6-1: config 0 descriptor??
[  608.470089][   T30] audit: type=1326 audit(1762411551.350:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.504804][T13779] peak_usb 6-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -8
[  608.512207][T13779] peak_usb 6-1:0.0: unable to read PCAN-USB serial number (err -8)
[  608.520855][   T30] audit: type=1326 audit(1762411551.380:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.550424][   T30] audit: type=1326 audit(1762411551.380:1799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.597263][   T30] audit: type=1326 audit(1762411551.380:1800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.622456][   T30] audit: type=1326 audit(1762411551.380:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.650053][   T30] audit: type=1326 audit(1762411551.380:1802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.675684][   T30] audit: type=1326 audit(1762411551.380:1803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.703054][   T30] audit: type=1326 audit(1762411551.380:1804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.725891][T13088] gp8psk: usb in 149 operation failed.
[  608.726380][T13779] peak_usb 6-1:0.0: probe with driver peak_usb failed with error -8
[  608.731358][T13088] gp8psk: failed to get FPGA version
[  608.780526][   T30] audit: type=1326 audit(1762411551.380:1805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14419 comm="syz.1.2291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  608.781939][T14417] netlink: 'syz.5.2290': attribute type 11 has an invalid length.
[  608.814185][T13088] gp8psk: usb in 138 operation failed.
[  608.819685][T13088] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  608.830154][T13088] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  608.853840][T13088] usb 1-1: USB disconnect, device number 73
[  608.938684][T13789] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  609.071285][T14426] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.2292'.
[  609.552471][T14438] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2296'.
[  610.433705][T14445] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2298'.
[  610.456691][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout
[  610.472954][T13791] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  610.480598][T13791] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  610.548247][T14449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2299'.
[  611.418315][T14455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2300'.
[  611.428290][T14455] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2300'.
[  612.526472][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout
[  612.563830][T13791] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  612.614304][T13791] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  612.701891][T14468] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  613.811684][T14459] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  613.827008][T14459] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  613.884267][T13779] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  614.694873][T13791] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  614.700996][T13791] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  614.870036][T14483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  614.879420][T14483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  616.764216][ T5835] Bluetooth: hci4: command 0x0405 tx timeout
[  616.774901][T13791] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  616.780990][T13791] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  618.845256][ T5835] Bluetooth: hci2: command 0x0405 tx timeout
[  618.851332][T13791] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  618.862111][T13791] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  618.969262][ T5944] usb 6-1: USB disconnect, device number 76
[  619.007685][T13779] usb 2-1: unable to get BOS descriptor or descriptor too short
[  619.039715][T13779] usb 2-1: unable to read config index 0 descriptor/start: -71
[  619.091306][T13779] usb 2-1: can't read configurations, error -71
[  619.177264][T13790] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  619.373402][T14502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.383781][T14502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.438593][T14505] loop2: detected capacity change from 0 to 7
[  619.457678][T14505] Dev loop2: unable to read RDB block 7
[  619.463729][T14505]  loop2: unable to read partition table
[  619.474622][T14505] loop2: partition table beyond EOD, truncated
[  619.480916][T14505] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  619.494884][T14507] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2312'.
[  619.505961][T14507] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2312'.
[  619.602171][ T5944] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  619.756681][ T5944] usb 4-1: Using ep0 maxpacket: 32
[  619.765656][ T5944] usb 4-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  619.775161][ T5944] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.815192][ T5944] usb 4-1: config 0 descriptor??
[  619.834795][ T5944] rndis_host 4-1:0.0: probe with driver rndis_host failed with error -22
[  620.014482][T14518] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  620.573766][ T5944] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[  620.592489][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  620.592503][   T30] audit: type=1326 audit(1762411563.490:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  620.836191][   T30] audit: type=1326 audit(1762411563.490:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  620.895693][ T5944] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  620.904727][ T5944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  620.949702][ T5944] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  620.982520][ T5944] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  620.991076][ T5944] usb 6-1: Manufacturer: syz
[  620.996621][   T30] audit: type=1326 audit(1762411563.490:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.025153][ T5944] usb 6-1: config 0 descriptor??
[  621.063137][   T30] audit: type=1326 audit(1762411563.490:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.094575][ T5944] rc_core: IR keymap rc-hauppauge not found
[  621.100602][ T5944] Registered IR keymap rc-empty
[  621.106808][ T5944] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  621.122064][ T5944] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input67
[  621.187373][   T30] audit: type=1326 audit(1762411563.490:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.284165][T13791] usb 6-1: USB disconnect, device number 77
[  621.294276][   T30] audit: type=1326 audit(1762411563.490:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.341015][   T30] audit: type=1326 audit(1762411563.490:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.380317][   T30] audit: type=1326 audit(1762411563.490:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.423630][   T30] audit: type=1326 audit(1762411563.490:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.456298][   T30] audit: type=1326 audit(1762411563.490:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14525 comm="syz.0.2320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  621.479112][ T5944] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  621.646673][ T5944] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  621.664153][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  621.685516][ T5944] usb 2-1: config 0 descriptor??
[  621.692826][ T5944] cp210x 2-1:0.0: cp210x converter detected
[  621.864990][T14544] FAULT_INJECTION: forcing a failure.
[  621.864990][T14544] name failslab, interval 1, probability 0, space 0, times 0
[  621.917605][T14544] CPU: 1 UID: 0 PID: 14544 Comm: syz.0.2322 Not tainted syzkaller #0 PREEMPT(full) 
[  621.917632][T14544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  621.917646][T14544] Call Trace:
[  621.917654][T14544]  <TASK>
[  621.917662][T14544]  dump_stack_lvl+0x189/0x250
[  621.917689][T14544]  ? __pfx____ratelimit+0x10/0x10
[  621.917712][T14544]  ? __pfx_dump_stack_lvl+0x10/0x10
[  621.917735][T14544]  ? __pfx__printk+0x10/0x10
[  621.917759][T14544]  ? __pfx___might_resched+0x10/0x10
[  621.917777][T14544]  ? fs_reclaim_acquire+0x7d/0x100
[  621.917807][T14544]  should_fail_ex+0x414/0x560
[  621.917837][T14544]  should_failslab+0xa8/0x100
[  621.917857][T14544]  kmem_cache_alloc_node_noprof+0x77/0x710
[  621.917880][T14544]  ? __alloc_skb+0x112/0x2d0
[  621.917896][T14544]  ? netlink_autobind+0xdb/0x300
[  621.917918][T14544]  __alloc_skb+0x112/0x2d0
[  621.917946][T14544]  netlink_sendmsg+0x5c6/0xb30
[  621.917973][T14544]  ? __pfx_netlink_sendmsg+0x10/0x10
[  621.917994][T14544]  ? aa_sock_msg_perm+0xf1/0x1d0
[  621.918021][T14544]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  621.918038][T14544]  ? __pfx_netlink_sendmsg+0x10/0x10
[  621.918057][T14544]  __sock_sendmsg+0x21c/0x270
[  621.918082][T14544]  ____sys_sendmsg+0x505/0x830
[  621.918107][T14544]  ? __pfx_____sys_sendmsg+0x10/0x10
[  621.918135][T14544]  ? import_iovec+0x74/0xa0
[  621.918160][T14544]  ___sys_sendmsg+0x21f/0x2a0
[  621.918181][T14544]  ? __pfx____sys_sendmsg+0x10/0x10
[  621.918235][T14544]  ? __fget_files+0x2a/0x420
[  621.918251][T14544]  ? __fget_files+0x3a0/0x420
[  621.918278][T14544]  __x64_sys_sendmsg+0x19b/0x260
[  621.918300][T14544]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  621.918328][T14544]  ? __pfx_ksys_write+0x10/0x10
[  621.918353][T14544]  ? do_syscall_64+0xbe/0xfa0
[  621.918379][T14544]  do_syscall_64+0xfa/0xfa0
[  621.918401][T14544]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.918419][T14544]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  621.918436][T14544]  ? clear_bhb_loop+0x60/0xb0
[  621.918457][T14544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.918475][T14544] RIP: 0033:0x7f8ef4d8f6c9
[  621.918492][T14544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  621.918506][T14544] RSP: 002b:00007f8ef5c96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  621.918526][T14544] RAX: ffffffffffffffda RBX: 00007f8ef4fe6180 RCX: 00007f8ef4d8f6c9
[  621.918540][T14544] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[  621.918552][T14544] RBP: 00007f8ef5c96090 R08: 0000000000000000 R09: 0000000000000000
[  621.918563][T14544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  621.918574][T14544] R13: 00007f8ef4fe6218 R14: 00007f8ef4fe6180 R15: 00007f8ef510fa28
[  621.918604][T14544]  </TASK>
[  622.344878][T13791] usb 4-1: USB disconnect, device number 89
[  622.375226][T14548] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2325'.
[  622.405167][ T5944] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  622.419000][ T5944] usb 2-1: cp210x converter now attached to ttyUSB0
[  622.430601][T14548] netlink: 'syz.5.2325': attribute type 137 has an invalid length.
[  622.658691][T14556] kvm: vcpu 0: requested 3328 ns lapic timer period limited to 200000 ns
[  622.679448][T13791] usb 2-1: USB disconnect, device number 80
[  622.688770][T13791] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  622.720950][T13791] cp210x 2-1:0.0: device disconnected
[  622.780811][T14557] fuse: Unknown parameter 'ÿÿ0xffffffffffffffff'
[  623.055302][T14566] kvm: pic: non byte write
[  624.302594][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  624.312530][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  625.124145][ T5908] usb 4-1: new low-speed USB device number 90 using dummy_hcd
[  625.207468][T14612] FAULT_INJECTION: forcing a failure.
[  625.207468][T14612] name failslab, interval 1, probability 0, space 0, times 0
[  625.220255][T14612] CPU: 0 UID: 0 PID: 14612 Comm: syz.1.2342 Not tainted syzkaller #0 PREEMPT(full) 
[  625.220279][T14612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  625.220290][T14612] Call Trace:
[  625.220299][T14612]  <TASK>
[  625.220307][T14612]  dump_stack_lvl+0x189/0x250
[  625.220335][T14612]  ? __pfx____ratelimit+0x10/0x10
[  625.220357][T14612]  ? __pfx_dump_stack_lvl+0x10/0x10
[  625.220380][T14612]  ? __pfx__printk+0x10/0x10
[  625.220395][T14612]  ? netlink_sendmsg+0x805/0xb30
[  625.220414][T14612]  ? __x64_sys_sendmsg+0x19b/0x260
[  625.220431][T14612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.220457][T14612]  should_fail_ex+0x414/0x560
[  625.220486][T14612]  should_failslab+0xa8/0x100
[  625.220505][T14612]  kmem_cache_alloc_noprof+0x74/0x6e0
[  625.220527][T14612]  ? skb_clone+0x212/0x3a0
[  625.220549][T14612]  skb_clone+0x212/0x3a0
[  625.220570][T14612]  __netlink_deliver_tap+0x404/0x850
[  625.220598][T14612]  ? netlink_deliver_tap+0x2e/0x1b0
[  625.220625][T14612]  netlink_deliver_tap+0x19c/0x1b0
[  625.220642][T14612]  netlink_sendskb+0x68/0x140
[  625.220668][T14612]  netlink_unicast+0x397/0x9e0
[  625.220689][T14612]  ? __asan_memcpy+0x40/0x70
[  625.220718][T14612]  ? __pfx_netlink_unicast+0x10/0x10
[  625.220750][T14612]  netlink_rcv_skb+0x28c/0x470
[  625.220772][T14612]  ? lockdep_hardirqs_on+0x9c/0x150
[  625.220794][T14612]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  625.220819][T14612]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  625.220854][T14612]  ? bpf_lsm_capable+0x9/0x20
[  625.220874][T14612]  ? security_capable+0x7e/0x2e0
[  625.220904][T14612]  nfnetlink_rcv+0x282/0x2590
[  625.220929][T14612]  ? __dev_queue_xmit+0x27b/0x3b50
[  625.220950][T14612]  ? __dev_queue_xmit+0x1d79/0x3b50
[  625.220968][T14612]  ? kasan_save_track+0x3e/0x80
[  625.220989][T14612]  ? __kasan_slab_alloc+0x6c/0x80
[  625.221020][T14612]  ? __dev_queue_xmit+0x27b/0x3b50
[  625.221051][T14612]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  625.221073][T14612]  ? __pfx___dev_queue_xmit+0x10/0x10
[  625.221105][T14612]  ? ref_tracker_free+0x63a/0x7d0
[  625.221123][T14612]  ? __asan_memcpy+0x40/0x70
[  625.221143][T14612]  ? __pfx_ref_tracker_free+0x10/0x10
[  625.221176][T14612]  ? skb_clone+0x246/0x3a0
[  625.221198][T14612]  ? __netlink_deliver_tap+0x807/0x850
[  625.221214][T14612]  ? netlink_deliver_tap+0x2e/0x1b0
[  625.221237][T14612]  ? netlink_deliver_tap+0x2e/0x1b0
[  625.221262][T14612]  netlink_unicast+0x82f/0x9e0
[  625.221294][T14612]  ? __pfx_netlink_unicast+0x10/0x10
[  625.221318][T14612]  ? netlink_sendmsg+0x642/0xb30
[  625.221333][T14612]  ? skb_put+0x11b/0x210
[  625.221353][T14612]  netlink_sendmsg+0x805/0xb30
[  625.221379][T14612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  625.221400][T14612]  ? aa_sock_msg_perm+0xf1/0x1d0
[  625.221426][T14612]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  625.221442][T14612]  ? __pfx_netlink_sendmsg+0x10/0x10
[  625.221476][T14612]  __sock_sendmsg+0x21c/0x270
[  625.221502][T14612]  ____sys_sendmsg+0x505/0x830
[  625.221526][T14612]  ? __pfx_____sys_sendmsg+0x10/0x10
[  625.221554][T14612]  ? import_iovec+0x74/0xa0
[  625.221578][T14612]  ___sys_sendmsg+0x21f/0x2a0
[  625.221599][T14612]  ? __pfx____sys_sendmsg+0x10/0x10
[  625.221660][T14612]  ? __fget_files+0x2a/0x420
[  625.221675][T14612]  ? __fget_files+0x3a0/0x420
[  625.221702][T14612]  __x64_sys_sendmsg+0x19b/0x260
[  625.221723][T14612]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  625.221752][T14612]  ? __pfx_ksys_write+0x10/0x10
[  625.221779][T14612]  ? do_syscall_64+0xbe/0xfa0
[  625.221804][T14612]  do_syscall_64+0xfa/0xfa0
[  625.221824][T14612]  ? lockdep_hardirqs_on+0x9c/0x150
[  625.221845][T14612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.221862][T14612]  ? clear_bhb_loop+0x60/0xb0
[  625.221882][T14612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  625.221899][T14612] RIP: 0033:0x7fbc7b78f6c9
[  625.221916][T14612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  625.221931][T14612] RSP: 002b:00007fbc7c593038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  625.221951][T14612] RAX: ffffffffffffffda RBX: 00007fbc7b9e5fa0 RCX: 00007fbc7b78f6c9
[  625.221965][T14612] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000003
[  625.221977][T14612] RBP: 00007fbc7c593090 R08: 0000000000000000 R09: 0000000000000000
[  625.221988][T14612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  625.221999][T14612] R13: 00007fbc7b9e6038 R14: 00007fbc7b9e5fa0 R15: 00007fbc7bb0fa28
[  625.222030][T14612]  </TASK>
[  625.675805][ T5908] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  625.752471][ T5908] usb 4-1: config 0 has no interface number 0
[  625.769910][ T5908] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  626.074098][ T5908] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  626.124178][ T5908] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  626.156154][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.170441][ T5908] usb 4-1: config 0 descriptor??
[  626.184664][T14601] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  626.196699][ T5908] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  626.397651][    C0] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  626.411763][ T5908] usb 4-1: USB disconnect, device number 90
[  626.514198][T13791] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  626.665827][T13791] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.676157][T13791] usb 1-1: config 0 has no interfaces?
[  626.681634][T13791] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  626.724232][T13780] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  626.741957][T13791] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.783549][T13791] usb 1-1: config 0 descriptor??
[  626.914575][T13780] usb 2-1: Using ep0 maxpacket: 32
[  626.931514][T13780] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  626.942350][T13780] usb 2-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  626.952877][T13780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.968407][T13780] usb 2-1: config 0 descriptor??
[  626.989780][T13780] dvb-usb: found a 'TeVii S662' in warm state.
[  626.997363][T13780] dw2102: su3000_power_ctrl: 1, initialized 0
[  627.003807][T13780] dvb-usb: bulk message failed: -22 (2/0)
[  627.016797][T13780] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  627.028427][T13780] dvbdev: DVB: registering new adapter (TeVii S662)
[  627.036188][T13780] usb 2-1: media controller created
[  627.042176][T13780] dvb-usb: bulk message failed: -22 (6/0)
[  627.058107][T13780] dw2102: i2c transfer failed.
[  627.065342][T13780] dvb-usb: bulk message failed: -22 (6/0)
[  627.071202][T13780] dw2102: i2c transfer failed.
[  627.097278][T13780] dvb-usb: bulk message failed: -22 (6/0)
[  627.153850][T14630] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2343'.
[  627.171526][T13780] dw2102: i2c transfer failed.
[  627.183179][T14631] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2344'.
[  627.196091][T14620] dw2102: i2c rd: len=65 is too big!
[  627.196091][T14620] 
[  627.237571][T13780] dvb-usb: bulk message failed: -22 (6/0)
[  627.320884][T13780] dw2102: i2c transfer failed.
[  627.331131][T13780] dvb-usb: bulk message failed: -22 (6/0)
[  627.337870][T13780] dw2102: i2c transfer failed.
[  627.344143][T13780] dvb-usb: bulk message failed: -22 (6/0)
[  627.350140][T13780] dw2102: i2c transfer failed.
[  627.367115][T13780] dvb-usb: MAC address: 02:02:02:02:02:02
[  627.589849][T13780] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  627.626427][T13780] dvb-usb: bulk message failed: -22 (3/0)
[  627.640707][T13780] dw2102: command 0x0e transfer failed.
[  627.656882][T13780] dvb-usb: bulk message failed: -22 (3/0)
[  627.687081][T13780] dw2102: command 0x0e transfer failed.
[  627.984234][T13791] usb 4-1: new full-speed USB device number 91 using dummy_hcd
[  628.075459][T14647] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2351'.
[  628.184008][T13791] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  628.195722][T13780] dvb-usb: bulk message failed: -22 (3/0)
[  628.203426][T13780] dw2102: command 0x0e transfer failed.
[  628.223898][T13791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.250707][T13791] usb 4-1: Product: syz
[  628.265381][T13791] usb 4-1: Manufacturer: syz
[  628.282445][T13791] usb 4-1: SerialNumber: syz
[  628.318577][T13791] usb 4-1: config 0 descriptor??
[  628.414506][T13780] dvb-usb: bulk message failed: -22 (3/0)
[  628.471249][   T30] kauditd_printk_skb: 135 callbacks suppressed
[  628.471267][   T30] audit: type=1326 audit(1762411571.410:1972): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  628.554421][T13780] dw2102: command 0x0e transfer failed.
[  628.564300][T13780] dvb-usb: bulk message failed: -22 (1/0)
[  628.578486][T13780] dw2102: command 0x51 transfer failed.
[  628.584108][T13780] dvb-usb: bulk message failed: -22 (5/0)
[  628.591839][T13780] dw2102: i2c probe for address 0x68 failed.
[  628.603273][   T30] audit: type=1326 audit(1762411571.410:1973): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  628.625770][    C1] vkms_vblank_simulate: vblank timer overrun
[  628.632009][T13780] dvb-usb: bulk message failed: -22 (5/0)
[  628.637809][T13780] dw2102: i2c probe for address 0x69 failed.
[  628.644219][T13780] dvb-usb: bulk message failed: -22 (5/0)
[  628.705113][T13780] dw2102: i2c probe for address 0x6a failed.
[  628.767174][T13791] airspy 4-1:0.0: Board ID: 00
[  628.772042][T13791] airspy 4-1:0.0: Firmware version: 
[  628.794402][T13780] dw2102: probing for demodulator failed. Is the external power switched on?
[  628.809055][T14657] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2354'.
[  628.828605][   T30] audit: type=1326 audit(1762411571.410:1974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  628.856475][    C1] vkms_vblank_simulate: vblank timer overrun
[  628.863282][T13780] dvb-usb: no frontend was attached by 'TeVii S662'
[  628.928566][   T30] audit: type=1326 audit(1762411571.410:1975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  628.986682][   T30] audit: type=1326 audit(1762411571.410:1976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  629.057945][   T30] audit: type=1326 audit(1762411571.420:1977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  629.151506][   T30] audit: type=1326 audit(1762411571.420:1978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  629.264378][   T30] audit: type=1326 audit(1762411571.420:1979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  629.288038][   T30] audit: type=1326 audit(1762411571.420:1980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  629.294134][T13780] rc_core: IR keymap rc-tt-1500 not found
[  629.311210][   T30] audit: type=1326 audit(1762411571.420:1981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14649 comm="syz.5.2352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  629.390436][T14645] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2350'.
[  629.414242][T13780] Registered IR keymap rc-empty
[  629.420727][T13088] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  629.445257][T13780] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  629.520757][T13780] input: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input68
[  629.548449][T13780] dvb-usb: schedule remote query interval to 250 msecs.
[  629.565794][T13779] usb 1-1: USB disconnect, device number 74
[  629.656159][T13780] dw2102: su3000_power_ctrl: 0, initialized 1
[  629.666022][T13780] dvb-usb: TeVii S662 successfully initialized and connected.
[  629.676309][T14663] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  629.949383][ T5908] dvb-usb: bulk message failed: -22 (1/0)
[  629.962685][T13780] usb 2-1: USB disconnect, device number 81
[  629.970393][ T5908] dw2102: i2c transfer failed.
[  630.125903][T13780] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  630.204455][T13791] airspy 4-1:0.0: usb_control_msg() failed -110 request 12
[  630.217451][T13791] airspy 4-1:0.0: Registered as swradio24
[  630.223206][T13791] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  630.364528][T13779] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  630.414184][T13088] usb 6-1: new high-speed USB device number 78 using dummy_hcd
[  630.456951][T14660] delete_channel: no stack
[  630.646683][T13779] usb 1-1: Using ep0 maxpacket: 32
[  630.648701][T13791] usb 4-1: USB disconnect, device number 91
[  630.676008][T13779] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.688852][T13779] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  630.715087][T13088] usb 6-1: Using ep0 maxpacket: 8
[  630.726041][T13779] usb 1-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  630.768036][T13088] usb 6-1: unable to get BOS descriptor or descriptor too short
[  630.784390][T13779] usb 1-1: config 0 interface 0 has no altsetting 1
[  630.784553][T13088] usb 6-1: config 5 has an invalid interface number: 212 but max is 0
[  630.804091][T13088] usb 6-1: config 5 has no interface number 0
[  630.806187][T13779] usb 1-1: New USB device found, idVendor=0582, idProduct=0016, bcdDevice=8e.57
[  630.810211][T13088] usb 6-1: config 5 interface 212 altsetting 41 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  630.823528][T13779] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.860992][T13779] usb 1-1: Product: syz
[  630.871128][T13779] usb 1-1: Manufacturer: syz
[  630.876239][T13779] usb 1-1: SerialNumber: syz
[  630.885853][T13779] usb 1-1: config 0 descriptor??
[  630.908357][T14674] netlink: 'syz.3.2358': attribute type 10 has an invalid length.
[  630.914090][T13088] usb 6-1: config 5 interface 212 has no altsetting 0
[  630.917452][T14674] bond0: (slave wlan1): Opening slave failed
[  630.941990][T13088] usb 6-1: New USB device found, idVendor=0763, idProduct=2019, bcdDevice=3a.5e
[  631.005259][T13088] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.013290][T13088] usb 6-1: Product: syz
[  631.032631][T13088] usb 6-1: Manufacturer: syz
[  631.042347][T13088] usb 6-1: SerialNumber: syz
[  631.185853][T13779] usb 1-1: USB disconnect, device number 75
[  631.346579][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  631.460358][T13088] usb 6-1: USB disconnect, device number 78
[  631.507744][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:5.212/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  631.824792][T13791] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  632.144548][T13791] usb 2-1: Using ep0 maxpacket: 32
[  632.151769][T13791] usb 2-1: config 0 has an invalid descriptor of length 225, skipping remainder of the config
[  632.174154][T13791] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  632.186383][T13791] usb 2-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=7b.db
[  632.205896][T13791] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.225608][T13791] usb 2-1: Product: syz
[  632.235622][T13791] usb 2-1: Manufacturer: syz
[  632.246140][T13791] usb 2-1: SerialNumber: syz
[  632.265107][T13791] usb 2-1: config 0 descriptor??
[  633.077406][T14708] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2361'.
[  633.399493][T14719] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2368'.
[  633.445074][T14706] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  633.459021][T14706] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.012025][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  635.012042][   T30] audit: type=1326 audit(1762411577.930:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.101916][   T30] audit: type=1326 audit(1762411577.930:2007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.137481][T13088] usb 2-1: USB disconnect, device number 82
[  635.160630][T14728] ucma_write: process 1335 (syz.5.2371) changed security contexts after opening file descriptor, this is not allowed.
[  635.405094][   T30] audit: type=1326 audit(1762411577.930:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.429791][   T30] audit: type=1326 audit(1762411577.930:2009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.514218][ T5944] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  635.543470][   T30] audit: type=1326 audit(1762411577.930:2010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.646687][T14739] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2374'.
[  635.670253][   T30] audit: type=1326 audit(1762411577.930:2011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.676251][ T5944] usb 1-1: config 0 has an invalid interface number: 249 but max is 0
[  635.754212][   T30] audit: type=1326 audit(1762411577.930:2012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.785306][ T5944] usb 1-1: config 0 has no interface number 0
[  635.799842][   T30] audit: type=1326 audit(1762411577.930:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  635.874280][ T5944] usb 1-1: config 0 interface 249 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  635.932754][ T5944] usb 1-1: config 0 interface 249 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0
[  635.942815][ T5944] usb 1-1: config 0 interface 249 altsetting 0 endpoint 0x6 has invalid maxpacket 512, setting to 64
[  635.961784][ T5944] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87
[  635.971340][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  635.985276][ T5944] usb 1-1: config 0 descriptor??
[  636.002816][   T30] audit: type=1326 audit(1762411577.930:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  636.003654][ T5944] port100 1-1:0.249: NFC: Could not find bulk-in or bulk-out endpoint
[  636.025271][    C1] vkms_vblank_simulate: vblank timer overrun
[  636.094241][   T30] audit: type=1326 audit(1762411577.930:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14730 comm="syz.3.2373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  636.255213][T14734] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  636.282685][T14734] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  636.464203][ T5944] usb 1-1: USB disconnect, device number 76
[  637.395811][T14768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2383'.
[  637.408309][T14768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2383'.
[  637.850419][T13791] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  638.030355][T14775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2384'.
[  638.039287][T13791] usb 4-1: Using ep0 maxpacket: 32
[  638.049261][T14775] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2384'.
[  638.074989][T13791] usb 4-1: config 0 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  638.098062][T13791] usb 4-1: config 0 interface 0 has no altsetting 0
[  638.111395][T13791] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00
[  638.128328][T13791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  638.159279][T13791] usb 4-1: config 0 descriptor??
[  638.581221][T13791] aquacomputer_d5next 0003:0C70:F00E.0014: hidraw0: USB HID v4.06 Device [HID 0c70:f00e] on usb-dummy_hcd.3-1/input0
[  638.684178][T14787] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  638.696118][T13790] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[  638.867058][T13790] usb 6-1: Using ep0 maxpacket: 16
[  638.949864][T13790] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  638.964100][T13790] usb 6-1: config 1 has an invalid descriptor of length 105, skipping remainder of the config
[  639.044084][T13790] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  639.073898][T13790] usb 6-1: config 1 has no interface number 1
[  639.103909][T13790] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  639.137348][T14761] dvmrp8: entered allmulticast mode
[  639.163267][T13790] usb 6-1: config 1 interface 2 altsetting 1 has an endpoint descriptor with address 0x2E, changing to 0xE
[  639.204413][T13790] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0xE has an invalid bInterval 101, changing to 7
[  639.224227][T13790] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0xE has invalid maxpacket 26214, setting to 1024
[  639.244340][T14761] dvmrp8: left allmulticast mode
[  639.273777][T13790] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  639.283174][T13790] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.299548][T14789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  639.326568][T13790] usb 6-1: Product: syz
[  639.330756][T13790] usb 6-1: Manufacturer: syz
[  639.344471][T13790] usb 6-1: SerialNumber: syz
[  639.365353][T14789] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  639.626701][T14792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  639.626916][T14782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  639.651846][T13088] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  639.682095][T14782] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  639.846918][T13790] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  639.855263][T13790] usb 6-1: found format II with max.bitrate = 0, frame size=0
[  639.863645][T13790] usb 6-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  639.897412][T13790] usb 6-1: USB disconnect, device number 79
[  640.696617][ T5944] usb 4-1: USB disconnect, device number 92
[  641.424152][T13790] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  641.591864][T13790] usb 2-1: Using ep0 maxpacket: 32
[  641.606225][T13790] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  641.618059][T13790] usb 2-1: config 0 has no interface number 0
[  641.628886][T13790] usb 2-1: config 0 interface 67 altsetting 0 endpoint 0x2 has invalid maxpacket 9472, setting to 1024
[  641.650367][T13790] usb 2-1: config 0 interface 67 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  641.824482][T13790] usb 2-1: New USB device found, idVendor=0024, idProduct=9901, bcdDevice=c2.57
[  641.843674][T13790] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.861981][T13790] usb 2-1: Product: syz
[  641.874192][T13790] usb 2-1: Manufacturer: syz
[  641.878826][T13790] usb 2-1: SerialNumber: syz
[  641.905214][T13790] usb 2-1: config 0 descriptor??
[  641.912481][T14812] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  642.334317][T13780] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  642.382509][T14823] FAULT_INJECTION: forcing a failure.
[  642.382509][T14823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  642.428715][T14823] CPU: 0 UID: 0 PID: 14823 Comm: syz.2.2399 Not tainted syzkaller #0 PREEMPT(full) 
[  642.428731][T14823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  642.428738][T14823] Call Trace:
[  642.428743][T14823]  <TASK>
[  642.428749][T14823]  dump_stack_lvl+0x189/0x250
[  642.428767][T14823]  ? __pfx____ratelimit+0x10/0x10
[  642.428780][T14823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  642.428792][T14823]  ? __pfx__printk+0x10/0x10
[  642.428803][T14823]  ? __might_fault+0xb0/0x130
[  642.428822][T14823]  should_fail_ex+0x414/0x560
[  642.428840][T14823]  copy_fpstate_to_sigframe+0xa8d/0xce0
[  642.428857][T14823]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  642.428874][T14823]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  642.428887][T14823]  ? seqcount_lockdep_reader_access+0x15e/0x1c0
[  642.428903][T14823]  ? read_tsc+0x9/0x20
[  642.428916][T14823]  ? ktime_get+0x1d2/0x200
[  642.428929][T14823]  ? __lock_acquire+0xab9/0xd20
[  642.428942][T14823]  ? fpu__alloc_mathframe+0xad/0x130
[  642.428957][T14823]  get_sigframe+0x58d/0x7d0
[  642.428974][T14823]  ? __pfx_get_sigframe+0x10/0x10
[  642.428989][T14823]  ? irqentry_exit+0x74/0x90
[  642.429006][T14823]  x64_setup_rt_frame+0x15b/0xd40
[  642.429023][T14823]  ? _raw_spin_unlock_irq+0x29/0x50
[  642.429035][T14823]  ? _raw_spin_unlock_irq+0x2e/0x50
[  642.429046][T14823]  ? get_signal+0x1150/0x1340
[  642.429060][T14823]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  642.429075][T14823]  ? arch_do_signal_or_restart+0x385/0x790
[  642.429091][T14823]  arch_do_signal_or_restart+0x3f1/0x790
[  642.429106][T14823]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  642.429132][T14823]  ? exit_to_user_mode_loop+0x40/0x130
[  642.429143][T14823]  exit_to_user_mode_loop+0x72/0x130
[  642.429153][T14823]  do_syscall_64+0x2bd/0xfa0
[  642.429167][T14823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.429176][T14823]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  642.429186][T14823]  ? clear_bhb_loop+0x60/0xb0
[  642.429203][T14823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  642.429213][T14823] RIP: 0033:0x7fc1b3f8e17f
[  642.429222][T14823] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  642.429231][T14823] RSP: 002b:00007fc1b4dc8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  642.429244][T14823] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00007fc1b3f8e17f
[  642.429250][T14823] RDX: 0000000000000001 RSI: 00007fc1b4dc8090 RDI: 0000000000000003
[  642.429257][T14823] RBP: 00007fc1b4dc8090 R08: 0000000000000000 R09: 00007fc1b4dc7df7
[  642.429263][T14823] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  642.429270][T14823] R13: 00007fc1b41e6038 R14: 00007fc1b41e5fa0 R15: 00007fc1b430fa28
[  642.429290][T14823]  </TASK>
[  642.720764][T13780] usb 4-1: Using ep0 maxpacket: 16
[  642.750024][T13780] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  642.762740][T13780] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  642.776642][T13780] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  642.791585][T13780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.800180][T13780] usb 4-1: Product: syz
[  642.805025][T13780] usb 4-1: Manufacturer: syz
[  642.809604][T13780] usb 4-1: SerialNumber: syz
[  642.821595][T13780] usb 4-1: config 0 descriptor??
[  642.829952][T13780] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  642.842034][T13780] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  643.433507][T13780] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  643.440276][T13780] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  643.603545][T14841] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2405'.
[  643.886134][T13780] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  643.897372][T13780] em28xx 4-1:0.0: No AC97 audio processor
[  643.941912][T13780] usb 4-1: USB disconnect, device number 93
[  643.959076][T13780] em28xx 4-1:0.0: Disconnecting em28xx
[  643.968317][T13780] em28xx 4-1:0.0: Freeing device
[  644.234151][T13779] usb 6-1: new low-speed USB device number 80 using dummy_hcd
[  644.317642][ T5908] usb 2-1: USB disconnect, device number 83
[  644.384209][T13779] usb 6-1: Invalid ep0 maxpacket: 16
[  644.514191][T13779] usb 6-1: new low-speed USB device number 81 using dummy_hcd
[  644.659456][   T30] kauditd_printk_skb: 50 callbacks suppressed
[  644.659474][   T30] audit: type=1326 audit(1762411587.570:2066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.688092][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.701653][   T30] audit: type=1326 audit(1762411587.570:2067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.724554][   T30] audit: type=1326 audit(1762411587.580:2068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.747435][   T30] audit: type=1326 audit(1762411587.580:2069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.769860][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.779170][   T30] audit: type=1326 audit(1762411587.580:2070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.801642][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.811058][T13779] usb 6-1: Invalid ep0 maxpacket: 16
[  644.818705][T13779] usb usb6-port1: attempt power cycle
[  644.826693][   T30] audit: type=1326 audit(1762411587.580:2071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.855361][   T30] audit: type=1326 audit(1762411587.580:2072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.883683][   T30] audit: type=1326 audit(1762411587.580:2073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  644.906131][    C1] vkms_vblank_simulate: vblank timer overrun
[  645.067641][   T30] audit: type=1326 audit(1762411587.580:2074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  645.090069][    C1] vkms_vblank_simulate: vblank timer overrun
[  645.118568][   T30] audit: type=1326 audit(1762411587.580:2075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14848 comm="syz.1.2409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fbc7b78f6c9 code=0x7ffc0000
[  645.174132][T13779] usb 6-1: new low-speed USB device number 82 using dummy_hcd
[  645.189354][T14863] FAULT_INJECTION: forcing a failure.
[  645.189354][T14863] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.209625][T13779] usb 6-1: Invalid ep0 maxpacket: 16
[  645.241050][T14863] CPU: 0 UID: 0 PID: 14863 Comm: syz.3.2413 Not tainted syzkaller #0 PREEMPT(full) 
[  645.241066][T14863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  645.241072][T14863] Call Trace:
[  645.241077][T14863]  <TASK>
[  645.241083][T14863]  dump_stack_lvl+0x189/0x250
[  645.241101][T14863]  ? __pfx____ratelimit+0x10/0x10
[  645.241114][T14863]  ? __pfx_dump_stack_lvl+0x10/0x10
[  645.241127][T14863]  ? __pfx__printk+0x10/0x10
[  645.241138][T14863]  ? __might_fault+0xb0/0x130
[  645.241157][T14863]  should_fail_ex+0x414/0x560
[  645.241175][T14863]  _copy_from_user+0x2d/0xb0
[  645.241188][T14863]  kstrtouint_from_user+0xc4/0x170
[  645.241201][T14863]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  645.241220][T14863]  proc_fail_nth_write+0x88/0x200
[  645.241233][T14863]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  645.241248][T14863]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  645.241261][T14863]  vfs_write+0x27e/0xb30
[  645.241279][T14863]  ? __pfx_vfs_write+0x10/0x10
[  645.241293][T14863]  ? __fget_files+0x2a/0x420
[  645.241305][T14863]  ? __fget_files+0x3a0/0x420
[  645.241314][T14863]  ? __fget_files+0x2a/0x420
[  645.241328][T14863]  ksys_write+0x145/0x250
[  645.241342][T14863]  ? __pfx_ksys_write+0x10/0x10
[  645.241357][T14863]  ? do_syscall_64+0xbe/0xfa0
[  645.241371][T14863]  do_syscall_64+0xfa/0xfa0
[  645.241383][T14863]  ? lockdep_hardirqs_on+0x9c/0x150
[  645.241396][T14863]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.241406][T14863]  ? clear_bhb_loop+0x60/0xb0
[  645.241418][T14863]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.241427][T14863] RIP: 0033:0x7fcb5e98e17f
[  645.241438][T14863] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  645.241446][T14863] RSP: 002b:00007fcb5f790030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  645.241458][T14863] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcb5e98e17f
[  645.241465][T14863] RDX: 0000000000000001 RSI: 00007fcb5f7900a0 RDI: 0000000000000005
[  645.241471][T14863] RBP: 00007fcb5f790090 R08: 0000000000000000 R09: 000000000000001c
[  645.241478][T14863] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  645.241484][T14863] R13: 00007fcb5ebe6038 R14: 00007fcb5ebe5fa0 R15: 00007fcb5ed0fa28
[  645.241501][T14863]  </TASK>
[  645.344164][T13779] usb 6-1: new low-speed USB device number 83 using dummy_hcd
[  645.409670][T14864] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2411'.
[  645.921666][T13779] usb 6-1: Invalid ep0 maxpacket: 16
[  645.953643][T13779] usb usb6-port1: unable to enumerate USB device
[  646.926685][T13780] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  647.094295][T13780] usb 2-1: Using ep0 maxpacket: 32
[  647.101644][T13780] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  647.113434][T13780] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.157511][T13780] usb 2-1: config 0 descriptor??
[  647.464294][T14877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  647.488221][T14877] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  647.570048][T13780] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  647.981229][T13780] usb 2-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  648.001300][T13780] usb 2-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  648.314894][T14895] vim2m vim2m.0: vidioc_s_fmt queue busy
[  648.334500][T14900] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  649.506287][T14916] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2426'.
[  649.544805][T14918] snd_dummy snd_dummy.0: control 0:0:0:syz0:3 is already present
[  649.896396][T13790] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  649.906026][T14921] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  649.913303][T14921] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  649.936356][T14921] vhci_hcd vhci_hcd.0: Device attached
[  650.199616][T13790] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  650.322785][T14924] vhci_hcd: connection reset by peer
[  650.335786][ T1317] vhci_hcd: stop threads
[  650.353242][ T1317] vhci_hcd: release socket
[  650.409456][ T1317] vhci_hcd: disconnect device
[  650.470147][T14930] netlink: 'syz.5.2429': attribute type 27 has an invalid length.
[  650.964375][T13779] usb 6-1: new high-speed USB device number 84 using dummy_hcd
[  651.115665][T13779] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  651.126821][T13779] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  651.137971][T13779] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.160992][T13779] usb 6-1: config 0 descriptor??
[  651.416794][T13779] usbhid 6-1:0.0: can't add hid device: -71
[  651.427765][T13779] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  651.459716][T13779] usb 6-1: USB disconnect, device number 84
[  652.484159][T13779] usb 6-1: new high-speed USB device number 85 using dummy_hcd
[  652.604387][ T5944] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  652.641794][T13779] usb 6-1: Using ep0 maxpacket: 32
[  652.648759][T13779] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  652.670719][T13779] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  652.683530][T13779] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.694248][T13779] usb 6-1: config 0 descriptor??
[  652.700953][T13779] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  652.711524][T13779] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  652.775969][ T5944] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  652.793214][ T5944] usb 1-1: config 0 interface 0 has no altsetting 0
[  652.824526][ T5944] usb 1-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00
[  652.833703][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.846294][ T5944] usb 1-1: config 0 descriptor??
[  653.106280][T13779] usb 6-1: USB disconnect, device number 85
[  653.121746][T13779] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  653.266940][ T5944] aquacomputer_d5next 0003:0C70:F014.0015: unknown main item tag 0x0
[  653.364808][ T5944] aquacomputer_d5next 0003:0C70:F014.0015: unknown main item tag 0x0
[  653.383370][ T5944] aquacomputer_d5next 0003:0C70:F014.0015: unknown main item tag 0x0
[  653.403341][T14970] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2440'.
[  653.452818][ T5944] aquacomputer_d5next 0003:0C70:F014.0015: hidraw0: USB HID v0.00 Device [HID 0c70:f014] on usb-dummy_hcd.0-1/input0
[  653.592873][ T5944] usb 1-1: USB disconnect, device number 77
[  653.656433][T14972] fido_id[14972]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  654.122559][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  654.122575][   T30] audit: type=1326 audit(1762411597.060:2111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.151544][    C1] vkms_vblank_simulate: vblank timer overrun
[  654.243391][T14988] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2445'.
[  654.293346][   T30] audit: type=1326 audit(1762411597.060:2112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.336380][   T30] audit: type=1326 audit(1762411597.060:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.359389][   T30] audit: type=1326 audit(1762411597.060:2114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.382835][   T30] audit: type=1326 audit(1762411597.070:2115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.405817][   T30] audit: type=1326 audit(1762411597.070:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.428789][   T30] audit: type=1326 audit(1762411597.070:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.451683][   T30] audit: type=1326 audit(1762411597.070:2118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.475282][   T30] audit: type=1326 audit(1762411597.070:2119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.498165][   T30] audit: type=1326 audit(1762411597.070:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.5.2443" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f056438f6c9 code=0x7ffc0000
[  654.564778][T14988] 8021q: adding VLAN 0 to HW filter on device bond2
[  654.573244][T14988] bond1: (slave bond2): Enslaving as an active interface with an up link
[  654.811972][T15004] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  654.881992][T15004] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.348551][T13790] vhci_hcd: vhci_device speed not set
[  655.744241][T13779] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  655.896037][T13779] usb 1-1: config 16 interface 0 altsetting 75 endpoint 0x7 has invalid maxpacket 1032, setting to 1024
[  655.907930][T13779] usb 1-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid wMaxPacketSize 0
[  655.919430][T13779] usb 1-1: config 16 interface 0 has no altsetting 0
[  655.926932][T13779] usb 1-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[  655.936314][T13779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.948286][T15014] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  656.034257][ T5944] usb 6-1: new full-speed USB device number 86 using dummy_hcd
[  656.181194][T13779] usb 1-1: string descriptor 0 read error: -71
[  656.192006][T13779] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  656.205980][ T5944] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  656.215922][ T5944] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  656.229503][T13779] imon 1-1:16.0: unable to initialize intf0, err -19
[  656.237588][T13779] imon:imon_probe: failed to initialize context!
[  656.244437][ T5944] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  656.253643][ T5944] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.261734][T13779] imon 1-1:16.0: unable to register, err -19
[  656.307557][T13779] usb 1-1: USB disconnect, device number 78
[  656.491178][ T5944] usb 6-1: GET_CAPABILITIES returned 0
[  656.497489][ T5944] usbtmc 6-1:16.0: can't read capabilities
[  656.696487][T13088] usb 6-1: USB disconnect, device number 86
[  657.204952][T15046] input: syz1 as /devices/virtual/input/input72
[  657.944789][T13088] usb 6-1: new full-speed USB device number 87 using dummy_hcd
[  658.218370][T13088] usb 6-1: unable to get BOS descriptor or descriptor too short
[  658.238029][T15068] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2468'.
[  658.278953][T13088] usb 6-1: unable to read config index 0 descriptor/start: -71
[  658.287065][T13088] usb 6-1: can't read configurations, error -71
[  658.769886][T15083] kvm: pic: non byte write
[  658.853972][T15087] netlink: 'syz.2.2475': attribute type 11 has an invalid length.
[  659.154682][T13088] usb 6-1: new high-speed USB device number 88 using dummy_hcd
[  659.277371][T15100] netlink: 4588 bytes leftover after parsing attributes in process `syz.2.2479'.
[  659.317306][T13088] usb 6-1: Using ep0 maxpacket: 16
[  659.335954][T13088] usb 6-1: config 1 has too many interfaces: 129, using maximum allowed: 32
[  659.346775][T13088] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  659.359405][T13088] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 129
[  659.369167][T13088] usb 6-1: config 1 has no interface number 0
[  659.376257][T13088] usb 6-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  659.389885][T13088] usb 6-1: config 1 interface 105 has no altsetting 0
[  659.402762][T13088] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  659.412279][T13088] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.421936][T13088] usb 6-1: Product: syz
[  659.426588][T13088] usb 6-1: Manufacturer: syz
[  659.431192][T13088] usb 6-1: SerialNumber: syz
[  659.653575][T13088] aqc111 6-1:1.105: probe with driver aqc111 failed with error -22
[  659.857905][T13088] usb 6-1: USB disconnect, device number 88
[  660.124805][T13790] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  660.617849][T15129] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  660.743607][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  660.743618][   T30] audit: type=1326 audit(1762411603.680:2142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15135 comm="syz.1.2488" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbc7b78f6c9 code=0x0
[  660.968733][T15140] FAULT_INJECTION: forcing a failure.
[  660.968733][T15140] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  661.034170][T15140] CPU: 1 UID: 0 PID: 15140 Comm: syz.0.2490 Not tainted syzkaller #0 PREEMPT(full) 
[  661.034198][T15140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  661.034208][T15140] Call Trace:
[  661.034216][T15140]  <TASK>
[  661.034224][T15140]  dump_stack_lvl+0x189/0x250
[  661.034251][T15140]  ? __pfx____ratelimit+0x10/0x10
[  661.034272][T15140]  ? __pfx_dump_stack_lvl+0x10/0x10
[  661.034293][T15140]  ? __pfx__printk+0x10/0x10
[  661.034311][T15140]  ? __might_fault+0xb0/0x130
[  661.034344][T15140]  should_fail_ex+0x414/0x560
[  661.034374][T15140]  copy_fpstate_to_sigframe+0xa8d/0xce0
[  661.034405][T15140]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  661.034443][T15140]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  661.034466][T15140]  ? seqcount_lockdep_reader_access+0x15e/0x1c0
[  661.034502][T15140]  ? __lock_acquire+0xab9/0xd20
[  661.034526][T15140]  ? fpu__alloc_mathframe+0xad/0x130
[  661.034553][T15140]  get_sigframe+0x58d/0x7d0
[  661.034583][T15140]  ? __pfx_get_sigframe+0x10/0x10
[  661.034612][T15140]  ? posixtimer_deliver_signal+0x305/0x410
[  661.034641][T15140]  x64_setup_rt_frame+0x15b/0xd40
[  661.034671][T15140]  ? lockdep_hardirqs_on+0x9c/0x150
[  661.034695][T15140]  ? _raw_spin_unlock_irq+0x2e/0x50
[  661.034715][T15140]  ? get_signal+0x1150/0x1340
[  661.034737][T15140]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  661.034764][T15140]  ? arch_do_signal_or_restart+0x385/0x790
[  661.034793][T15140]  arch_do_signal_or_restart+0x3f1/0x790
[  661.034820][T15140]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  661.034862][T15140]  ? exit_to_user_mode_loop+0x40/0x130
[  661.034883][T15140]  exit_to_user_mode_loop+0x72/0x130
[  661.034901][T15140]  do_syscall_64+0x2bd/0xfa0
[  661.034925][T15140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.034942][T15140]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  661.034959][T15140]  ? clear_bhb_loop+0x60/0xb0
[  661.034980][T15140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.034998][T15140] RIP: 0033:0x7f8ef4d8e17f
[  661.035014][T15140] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  661.035029][T15140] RSP: 002b:00007f8ef5cd8030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  661.035049][T15140] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 00007f8ef4d8e17f
[  661.035061][T15140] RDX: 0000000000000001 RSI: 00007f8ef5cd8090 RDI: 0000000000000003
[  661.035072][T15140] RBP: 00007f8ef5cd8090 R08: 0000000000000000 R09: 00007f8ef5cd7df7
[  661.035084][T15140] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  661.035095][T15140] R13: 00007f8ef4fe6038 R14: 00007f8ef4fe5fa0 R15: 00007f8ef510fa28
[  661.035125][T15140]  </TASK>
[  662.090850][T15170] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2496'.
[  663.621057][T15214] FAULT_INJECTION: forcing a failure.
[  663.621057][T15214] name failslab, interval 1, probability 0, space 0, times 0
[  663.635648][T15214] CPU: 1 UID: 0 PID: 15214 Comm: syz.0.2510 Not tainted syzkaller #0 PREEMPT(full) 
[  663.635666][T15214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  663.635672][T15214] Call Trace:
[  663.635677][T15214]  <TASK>
[  663.635682][T15214]  dump_stack_lvl+0x189/0x250
[  663.635700][T15214]  ? __pfx____ratelimit+0x10/0x10
[  663.635714][T15214]  ? __pfx_dump_stack_lvl+0x10/0x10
[  663.635727][T15214]  ? __pfx__printk+0x10/0x10
[  663.635740][T15214]  ? __pfx___might_resched+0x10/0x10
[  663.635754][T15214]  should_fail_ex+0x414/0x560
[  663.635772][T15214]  should_failslab+0xa8/0x100
[  663.635783][T15214]  __kmalloc_noprof+0xcb/0x7f0
[  663.635796][T15214]  ? kfree+0x4d/0x6d0
[  663.635806][T15214]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  663.635825][T15214]  tomoyo_realpath_from_path+0xe3/0x5d0
[  663.635840][T15214]  ? tomoyo_domain+0xd9/0x130
[  663.635852][T15214]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  663.635864][T15214]  tomoyo_path_number_perm+0x1e8/0x5a0
[  663.635885][T15214]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  663.635917][T15214]  ? __fget_files+0x2a/0x420
[  663.635929][T15214]  ? __fget_files+0x3a0/0x420
[  663.635938][T15214]  ? __fget_files+0x2a/0x420
[  663.635949][T15214]  security_file_ioctl+0xcb/0x2d0
[  663.635962][T15214]  __se_sys_ioctl+0x47/0x170
[  663.635976][T15214]  do_syscall_64+0xfa/0xfa0
[  663.635989][T15214]  ? lockdep_hardirqs_on+0x9c/0x150
[  663.636002][T15214]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.636012][T15214]  ? clear_bhb_loop+0x60/0xb0
[  663.636024][T15214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  663.636033][T15214] RIP: 0033:0x7f8ef4d8f6c9
[  663.636043][T15214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  663.636051][T15214] RSP: 002b:00007f8ef5cd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  663.636063][T15214] RAX: ffffffffffffffda RBX: 00007f8ef4fe5fa0 RCX: 00007f8ef4d8f6c9
[  663.636070][T15214] RDX: 0000200000000080 RSI: 00000000c0185500 RDI: 0000000000000003
[  663.636077][T15214] RBP: 00007f8ef5cd8090 R08: 0000000000000000 R09: 0000000000000000
[  663.636083][T15214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  663.636089][T15214] R13: 00007f8ef4fe6038 R14: 00007f8ef4fe5fa0 R15: 00007f8ef510fa28
[  663.636106][T15214]  </TASK>
[  663.636121][T15214] ERROR: Out of memory at tomoyo_realpath_from_path.
[  663.922953][T15216] Cannot find del_set index 1 as target
[  664.241338][T15234] syz.2.2518 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  664.413477][T15241] netlink: 'syz.0.2519': attribute type 8 has an invalid length.
[  664.814173][T13790] usb 6-1: new high-speed USB device number 89 using dummy_hcd
[  664.985994][T13790] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  664.997527][T13790] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  665.015377][T13790] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  665.034192][T13790] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  665.047731][T13790] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  665.057420][T13790] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.068254][T13790] usb 6-1: config 0 descriptor??
[  665.160209][T15256] FAULT_INJECTION: forcing a failure.
[  665.160209][T15256] name failslab, interval 1, probability 0, space 0, times 0
[  665.197141][T15256] CPU: 0 UID: 0 PID: 15256 Comm: syz.0.2525 Not tainted syzkaller #0 PREEMPT(full) 
[  665.197171][T15256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  665.197181][T15256] Call Trace:
[  665.197186][T15256]  <TASK>
[  665.197191][T15256]  dump_stack_lvl+0x189/0x250
[  665.197209][T15256]  ? __pfx____ratelimit+0x10/0x10
[  665.197221][T15256]  ? __pfx_dump_stack_lvl+0x10/0x10
[  665.197234][T15256]  ? __pfx__printk+0x10/0x10
[  665.197248][T15256]  ? __pfx___might_resched+0x10/0x10
[  665.197258][T15256]  ? fs_reclaim_acquire+0x7d/0x100
[  665.197276][T15256]  should_fail_ex+0x414/0x560
[  665.197293][T15256]  should_failslab+0xa8/0x100
[  665.197304][T15256]  __kmalloc_cache_noprof+0x6f/0x6f0
[  665.197318][T15256]  ? sctp_association_new+0x89/0x25f0
[  665.197331][T15256]  sctp_association_new+0x89/0x25f0
[  665.197341][T15256]  ? sctp_do_bind+0x65a/0x940
[  665.197357][T15256]  sctp_connect_new_asoc+0x2c5/0x690
[  665.197369][T15256]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  665.197378][T15256]  ? __local_bh_enable_ip+0x12d/0x1c0
[  665.197392][T15256]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  665.197403][T15256]  ? security_sctp_bind_connect+0x7e/0x2e0
[  665.197416][T15256]  sctp_sendmsg+0x155c/0x2810
[  665.197432][T15256]  ? __pfx_sctp_sendmsg+0x10/0x10
[  665.197451][T15256]  ? irqentry_exit+0x74/0x90
[  665.197469][T15256]  ? __pfx_sctp_sendmsg+0x10/0x10
[  665.197482][T15256]  ? inet_sendmsg+0x2f4/0x370
[  665.197500][T15256]  __sock_sendmsg+0x19c/0x270
[  665.197515][T15256]  ____sys_sendmsg+0x505/0x830
[  665.197530][T15256]  ? __pfx_____sys_sendmsg+0x10/0x10
[  665.197545][T15256]  ? import_iovec+0x74/0xa0
[  665.197559][T15256]  ___sys_sendmsg+0x21f/0x2a0
[  665.197570][T15256]  ? __pfx____sys_sendmsg+0x10/0x10
[  665.197612][T15256]  ? __fget_files+0x2a/0x420
[  665.197622][T15256]  ? __fget_files+0x3a0/0x420
[  665.197636][T15256]  __x64_sys_sendmsg+0x19b/0x260
[  665.197648][T15256]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  665.197664][T15256]  ? __pfx_ksys_write+0x10/0x10
[  665.197680][T15256]  ? do_syscall_64+0xbe/0xfa0
[  665.197694][T15256]  do_syscall_64+0xfa/0xfa0
[  665.197705][T15256]  ? lockdep_hardirqs_on+0x9c/0x150
[  665.197717][T15256]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.197727][T15256]  ? clear_bhb_loop+0x60/0xb0
[  665.197739][T15256]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.197748][T15256] RIP: 0033:0x7f8ef4d8f6c9
[  665.197758][T15256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.197767][T15256] RSP: 002b:00007f8ef5cd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  665.197779][T15256] RAX: ffffffffffffffda RBX: 00007f8ef4fe5fa0 RCX: 00007f8ef4d8f6c9
[  665.197786][T15256] RDX: 0000000020000041 RSI: 0000200000001640 RDI: 0000000000000003
[  665.197793][T15256] RBP: 00007f8ef5cd8090 R08: 0000000000000000 R09: 0000000000000000
[  665.197799][T15256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.197806][T15256] R13: 00007f8ef4fe6038 R14: 00007f8ef4fe5fa0 R15: 00007f8ef510fa28
[  665.197827][T15256]  </TASK>
[  665.537807][T15258] netlink: 'syz.2.2524': attribute type 1 has an invalid length.
[  665.603732][T15260] binder: BINDER_SET_CONTEXT_MGR already set
[  665.610165][T15260] binder: 15259:15260 ioctl 4018620d 2000000002c0 returned -16
[  665.748251][T13790] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  665.791343][T15269] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  666.065489][T15278] Cannot find del_set index 1 as target
[  666.134393][T13779] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  666.375264][T13779] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  666.411558][T13779] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  666.507668][T13779] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  666.536496][T13779] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  666.569275][T13779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  666.622212][T13779] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  666.869834][T13779] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -12
[  667.434168][T13790] usb 6-1: reset high-speed USB device number 89 using dummy_hcd
[  667.464376][T15273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.474162][T15273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.488474][T15273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.497618][T15273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.509710][   T30] audit: type=1326 audit(1762411610.430:2143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  667.532126][    C0] vkms_vblank_simulate: vblank timer overrun
[  667.648313][   T30] audit: type=1326 audit(1762411610.430:2144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  667.745911][   T30] audit: type=1326 audit(1762411610.430:2145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  667.808972][   T30] audit: type=1326 audit(1762411610.430:2146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  667.889302][T15296] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  667.900763][   T30] audit: type=1326 audit(1762411610.430:2147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  667.965216][   T30] audit: type=1326 audit(1762411610.430:2148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8ef4d8df10 code=0x7ffc0000
[  668.017013][   T30] audit: type=1326 audit(1762411610.430:2149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ef4d8f2cb code=0x7ffc0000
[  668.039997][   T30] audit: type=1326 audit(1762411610.430:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8ef4d8f2cb code=0x7ffc0000
[  668.062342][    C0] vkms_vblank_simulate: vblank timer overrun
[  668.084128][T13790] usb 6-1: device descriptor read/64, error -71
[  668.114704][   T30] audit: type=1326 audit(1762411610.450:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  668.143374][   T30] audit: type=1326 audit(1762411610.450:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15266 comm="syz.0.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f8ef4d8f6c9 code=0x7ffc0000
[  668.165749][    C0] vkms_vblank_simulate: vblank timer overrun
[  668.344199][T13790] usb 6-1: reset high-speed USB device number 89 using dummy_hcd
[  668.464210][T13779] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  668.505304][T13790] usb 6-1: device firmware changed
[  668.512982][T13088] usb 6-1: USB disconnect, device number 89
[  668.614128][T13779] usb 4-1: Using ep0 maxpacket: 16
[  668.621492][T13779] usb 4-1: config 0 interface 0 has no altsetting 0
[  668.628280][T13779] usb 4-1: New USB device found, idVendor=0dfc, idProduct=0101, bcdDevice= 0.00
[  668.637665][T13779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.651642][T13779] usb 4-1: config 0 descriptor??
[  668.685258][T13088] usb 6-1: new high-speed USB device number 90 using dummy_hcd
[  668.846244][T13088] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  668.858349][T13088] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  668.873637][T13088] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 4, skipping
[  668.891335][T13088] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  668.913238][T13088] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  668.922728][T13088] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  668.933062][T13088] usb 6-1: SerialNumber: syz
[  669.167011][T13088] usb 6-1: 0:2 : does not exist
[  669.178127][T13088] usb 6-1: unit 5 not found!
[  669.209200][T13088] usb 6-1: USB disconnect, device number 90
[  669.272388][T15299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  669.291495][T13790] usb 1-1: USB disconnect, device number 79
[  669.318225][T15299] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  669.540478][T13779] usbhid 4-1:0.0: can't add hid device: -71
[  669.543210][ T5947] udevd[5947]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  669.562454][T13779] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  669.582004][T13779] usb 4-1: USB disconnect, device number 94
[  669.733035][T15312] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2542'.
[  669.742612][T15312] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2542'.
[  669.926801][T15323] --map-set only usable from mangle table
[  669.964115][T13088] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  670.135961][T13088] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  670.156522][T15328] FAULT_INJECTION: forcing a failure.
[  670.156522][T15328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  670.170169][T15328] CPU: 1 UID: 0 PID: 15328 Comm: syz.3.2545 Not tainted syzkaller #0 PREEMPT(full) 
[  670.170185][T15328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  670.170191][T15328] Call Trace:
[  670.170196][T15328]  <TASK>
[  670.170201][T15328]  dump_stack_lvl+0x189/0x250
[  670.170219][T15328]  ? __pfx____ratelimit+0x10/0x10
[  670.170232][T15328]  ? __pfx_dump_stack_lvl+0x10/0x10
[  670.170248][T15328]  ? __pfx__printk+0x10/0x10
[  670.170261][T15328]  ? __might_fault+0xb0/0x130
[  670.170281][T15328]  should_fail_ex+0x414/0x560
[  670.170298][T15328]  _copy_from_user+0x2d/0xb0
[  670.170312][T15328]  kstrtouint_from_user+0xc4/0x170
[  670.170324][T15328]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  670.170343][T15328]  proc_fail_nth_write+0x88/0x200
[  670.170355][T15328]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  670.170370][T15328]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  670.170383][T15328]  vfs_write+0x27e/0xb30
[  670.170401][T15328]  ? __pfx_vfs_write+0x10/0x10
[  670.170415][T15328]  ? __fget_files+0x2a/0x420
[  670.170427][T15328]  ? __fget_files+0x3a0/0x420
[  670.170435][T15328]  ? __fget_files+0x2a/0x420
[  670.170449][T15328]  ksys_write+0x145/0x250
[  670.170463][T15328]  ? __pfx_ksys_write+0x10/0x10
[  670.170478][T15328]  ? do_syscall_64+0xbe/0xfa0
[  670.170499][T15328]  do_syscall_64+0xfa/0xfa0
[  670.170511][T15328]  ? lockdep_hardirqs_on+0x9c/0x150
[  670.170524][T15328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.170534][T15328]  ? clear_bhb_loop+0x60/0xb0
[  670.170545][T15328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.170555][T15328] RIP: 0033:0x7fcb5e98e17f
[  670.170565][T15328] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  670.170573][T15328] RSP: 002b:00007fcb5f790030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  670.170585][T15328] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcb5e98e17f
[  670.170592][T15328] RDX: 0000000000000001 RSI: 00007fcb5f7900a0 RDI: 0000000000000014
[  670.170598][T15328] RBP: 00007fcb5f790090 R08: 0000000000000000 R09: 0000000000000000
[  670.170605][T15328] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  670.170610][T15328] R13: 00007fcb5ebe6038 R14: 00007fcb5ebe5fa0 R15: 00007fcb5ed0fa28
[  670.170627][T15328]  </TASK>
[  670.399075][T13088] usb 1-1: config 1 has no interface number 1
[  670.405613][T13791] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  670.413787][T13088] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  670.429259][T13088] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  670.442603][T13088] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  670.461651][T13088] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  670.498563][T13088] usb 1-1: Product: syz
[  670.519051][T13088] usb 1-1: Manufacturer: syz
[  670.531711][T13088] usb 1-1: SerialNumber: syz
[  670.741525][T15337] block device autoloading is deprecated and will be removed.
[  670.788075][T15309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.801542][T15309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.818386][T15309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.835843][T15309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.852912][T15309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.873131][T15309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  670.896650][T15342] SET target dimension over the limit!
[  670.926128][T15309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  670.989196][T15309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  671.170075][T15309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  671.214470][T15309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  671.255267][T13088] usb 1-1: found format II with max.bitrate = 2, frame size=62645
[  671.305518][T13088] usb 1-1: found format II with max.bitrate = 2, frame size=62645
[  671.361685][T13088] usb 1-1: USB disconnect, device number 80
[  672.884186][T13088] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  673.087048][T13088] usb 1-1: too many configurations: 239, using maximum allowed: 8
[  673.109522][T13088] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  673.118986][T13088] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.128687][T13088] usb 1-1: Product: syz
[  673.132877][T13088] usb 1-1: Manufacturer: syz
[  673.138261][T13088] usb 1-1: SerialNumber: syz
[  673.153811][T13088] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  673.173040][T13791] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  673.309535][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  673.309550][   T30] audit: type=1326 audit(1762411616.250:2162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.350466][   T30] audit: type=1326 audit(1762411616.250:2163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.382738][   T30] audit: type=1326 audit(1762411616.290:2164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.465148][   T30] audit: type=1326 audit(1762411616.290:2165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.492584][   T30] audit: type=1326 audit(1762411616.290:2166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.516755][   T30] audit: type=1326 audit(1762411616.290:2167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.540151][   T30] audit: type=1326 audit(1762411616.290:2168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.566506][   T30] audit: type=1326 audit(1762411616.290:2169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.609536][   T30] audit: type=1326 audit(1762411616.290:2170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.653391][   T30] audit: type=1326 audit(1762411616.290:2171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15371 comm="syz.3.2559" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7fcb5e98f6c9 code=0x7ffc0000
[  673.684392][T15365] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2556'.
[  673.693742][T15365] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2556'.
[  673.702822][   T43] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[  673.831419][T13779] usb 1-1: USB disconnect, device number 81
[  674.066555][   T43] usb 6-1: unable to get BOS descriptor or descriptor too short
[  674.080456][   T43] usb 6-1: unable to read config index 0 descriptor/start: -71
[  674.127545][   T43] usb 6-1: can't read configurations, error -71
[  674.204243][T13791] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  674.211382][T13791] ath9k_htc: Failed to initialize the device
[  674.220597][T13779] usb 1-1: ath9k_htc: USB layer deinitialized
[  674.875371][T13791] usb 1-1: new full-speed USB device number 82 using dummy_hcd
[  675.035487][T13791] usb 1-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  675.054198][T13791] usb 1-1: config 253 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  675.074078][T13791] usb 1-1: config 253 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  675.098335][T13791] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  675.107565][T13791] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  675.115701][T13791] usb 1-1: SerialNumber: syz
[  675.187458][T15387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.234362][T15404] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  675.234362][T15404] The task syz.3.2568 (15404) triggered the difference, watch for misbehavior.
[  675.259033][T15387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  675.339837][T13791] rndis_host 1-1:253.0: RNDIS init failed, -71
[  675.349042][T13791] rndis_host 1-1:253.0: probe with driver rndis_host failed with error -71
[  675.369540][T13791] usb 1-1: USB disconnect, device number 82
[  675.462628][T15410] FAULT_INJECTION: forcing a failure.
[  675.462628][T15410] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.477364][T15410] CPU: 1 UID: 0 PID: 15410 Comm: syz.5.2571 Not tainted syzkaller #0 PREEMPT(full) 
[  675.477380][T15410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  675.477386][T15410] Call Trace:
[  675.477391][T15410]  <TASK>
[  675.477396][T15410]  dump_stack_lvl+0x189/0x250
[  675.477414][T15410]  ? __pfx____ratelimit+0x10/0x10
[  675.477427][T15410]  ? __pfx_dump_stack_lvl+0x10/0x10
[  675.477439][T15410]  ? __pfx__printk+0x10/0x10
[  675.477450][T15410]  ? __might_fault+0xb0/0x130
[  675.477469][T15410]  should_fail_ex+0x414/0x560
[  675.477486][T15410]  _copy_from_user+0x2d/0xb0
[  675.477499][T15410]  ___sys_sendmsg+0x158/0x2a0
[  675.477512][T15410]  ? __pfx____sys_sendmsg+0x10/0x10
[  675.477544][T15410]  ? __might_fault+0xb0/0x130
[  675.477558][T15410]  __sys_sendmmsg+0x227/0x430
[  675.477572][T15410]  ? __pfx___sys_sendmmsg+0x10/0x10
[  675.477587][T15410]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  675.477610][T15410]  ? ksys_write+0x22a/0x250
[  675.477625][T15410]  ? __pfx_ksys_write+0x10/0x10
[  675.477640][T15410]  __x64_sys_sendmmsg+0xa0/0xc0
[  675.477652][T15410]  do_syscall_64+0xfa/0xfa0
[  675.477664][T15410]  ? lockdep_hardirqs_on+0x9c/0x150
[  675.477676][T15410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.477686][T15410]  ? clear_bhb_loop+0x60/0xb0
[  675.477698][T15410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.477708][T15410] RIP: 0033:0x7f056438f6c9
[  675.477718][T15410] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.477728][T15410] RSP: 002b:00007f056527b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  675.477739][T15410] RAX: ffffffffffffffda RBX: 00007f05645e5fa0 RCX: 00007f056438f6c9
[  675.477747][T15410] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003
[  675.477753][T15410] RBP: 00007f056527b090 R08: 0000000000000000 R09: 0000000000000000
[  675.477759][T15410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.477765][T15410] R13: 00007f05645e6038 R14: 00007f05645e5fa0 R15: 00007f056470fa28
[  675.477781][T15410]  </TASK>
[  676.261413][T15427] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2574'.
[  677.030440][T13791] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[  677.562347][T13791] usb 6-1: unable to get BOS descriptor or descriptor too short
[  677.575120][T13791] usb 6-1: unable to read config index 0 descriptor/start: -71
[  677.593823][T13791] usb 6-1: can't read configurations, error -71
[  678.304165][T13779] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  678.363526][T15453] syzkaller0: entered promiscuous mode
[  678.383002][T15453] syzkaller0: entered allmulticast mode
[  678.632845][T13779] usb 1-1: unable to get BOS descriptor or descriptor too short
[  678.649301][T13779] usb 1-1: unable to read config index 0 descriptor/start: -71
[  678.657351][T13779] usb 1-1: can't read configurations, error -71
[  678.799505][T15463] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  678.808012][T15463] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  678.817450][T15463] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  678.954195][   T43] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[  679.104183][   T43] usb 6-1: Using ep0 maxpacket: 32
[  679.111015][   T43] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  679.121827][   T43] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  679.133370][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  679.144589][   T43] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  679.154654][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  679.164781][   T43] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  679.174591][   T43] usb 6-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  679.198069][   T43] usb 6-1: New USB device found, idVendor=072f, idProduct=2200, bcdDevice=3f.bf
[  679.207452][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.215745][   T43] usb 6-1: Product: syz
[  679.219931][   T43] usb 6-1: Manufacturer: syz
[  679.225573][   T43] usb 6-1: SerialNumber: syz
[  679.232985][   T43] usb 6-1: config 0 descriptor??
[  679.243104][T15461] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  679.253556][   T43] usb 6-1: NFC: Reader power on cmd error -90
[  679.259759][   T43] pn533_usb 6-1:0.0: NFC: Couldn't poweron the reader (error -90)
[  679.268158][   T43] pn533_usb 6-1:0.0: probe with driver pn533_usb failed with error -90
[  679.491410][T13791] usb 6-1: USB disconnect, device number 95
[  679.634643][T15473] FAULT_INJECTION: forcing a failure.
[  679.634643][T15473] name failslab, interval 1, probability 0, space 0, times 0
[  679.743310][T15473] CPU: 0 UID: 0 PID: 15473 Comm: syz.1.2589 Not tainted syzkaller #0 PREEMPT(full) 
[  679.743336][T15473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  679.743346][T15473] Call Trace:
[  679.743354][T15473]  <TASK>
[  679.743362][T15473]  dump_stack_lvl+0x189/0x250
[  679.743389][T15473]  ? __pfx____ratelimit+0x10/0x10
[  679.743411][T15473]  ? __pfx_dump_stack_lvl+0x10/0x10
[  679.743432][T15473]  ? __pfx__printk+0x10/0x10
[  679.743454][T15473]  ? __pfx___might_resched+0x10/0x10
[  679.743470][T15473]  ? fs_reclaim_acquire+0x7d/0x100
[  679.743499][T15473]  should_fail_ex+0x414/0x560
[  679.743526][T15473]  should_failslab+0xa8/0x100
[  679.743545][T15473]  __kmalloc_cache_noprof+0x6f/0x6f0
[  679.743575][T15473]  ? call_usermodehelper_setup+0x8e/0x270
[  679.743592][T15473]  ? trace_kmalloc+0x1f/0xd0
[  679.743611][T15473]  ? __kmalloc_node_track_caller_noprof+0x587/0x800
[  679.743639][T15473]  call_usermodehelper_setup+0x8e/0x270
[  679.743655][T15473]  ? __pfx_free_modprobe_argv+0x10/0x10
[  679.743676][T15473]  __request_module+0x39f/0x5e0
[  679.743693][T15473]  ? kmem_cache_alloc_noprof+0x5af/0x6e0
[  679.743715][T15473]  ? __sock_create+0x33c/0x9f0
[  679.743735][T15473]  ? __pfx___request_module+0x10/0x10
[  679.743753][T15473]  ? __lock_acquire+0xab9/0xd20
[  679.743789][T15473]  pppox_create+0x9d/0x1b0
[  679.743811][T15473]  __sock_create+0x4b3/0x9f0
[  679.743840][T15473]  __sys_socket+0xd7/0x1b0
[  679.743864][T15473]  __x64_sys_socket+0x7a/0x90
[  679.743887][T15473]  do_syscall_64+0xfa/0xfa0
[  679.743906][T15473]  ? lockdep_hardirqs_on+0x9c/0x150
[  679.743927][T15473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.743944][T15473]  ? clear_bhb_loop+0x60/0xb0
[  679.743966][T15473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.743984][T15473] RIP: 0033:0x7fbc7b78f6c9
[  679.744004][T15473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.744015][T15473] RSP: 002b:00007fbc7c572038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029
[  679.744033][T15473] RAX: ffffffffffffffda RBX: 00007fbc7b9e6090 RCX: 00007fbc7b78f6c9
[  679.744046][T15473] RDX: 0000000000000003 RSI: 0000000000000003 RDI: 0000000000000018
[  679.744056][T15473] RBP: 00007fbc7c572090 R08: 0000000000000000 R09: 0000000000000000
[  679.744066][T15473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.744076][T15473] R13: 00007fbc7b9e6128 R14: 00007fbc7b9e6090 R15: 00007fbc7bb0fa28
[  679.744104][T15473]  </TASK>
[  680.118029][T15478] FAULT_INJECTION: forcing a failure.
[  680.118029][T15478] name failslab, interval 1, probability 0, space 0, times 0
[  680.130869][T15478] CPU: 0 UID: 0 PID: 15478 Comm: syz.2.2591 Not tainted syzkaller #0 PREEMPT(full) 
[  680.130892][T15478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  680.130902][T15478] Call Trace:
[  680.130909][T15478]  <TASK>
[  680.130916][T15478]  dump_stack_lvl+0x189/0x250
[  680.130943][T15478]  ? __pfx____ratelimit+0x10/0x10
[  680.130966][T15478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  680.130988][T15478]  ? __pfx__printk+0x10/0x10
[  680.131008][T15478]  ? __pfx___might_resched+0x10/0x10
[  680.131026][T15478]  ? fs_reclaim_acquire+0x7d/0x100
[  680.131054][T15478]  should_fail_ex+0x414/0x560
[  680.131082][T15478]  should_failslab+0xa8/0x100
[  680.131102][T15478]  kmem_cache_alloc_noprof+0x74/0x6e0
[  680.131126][T15478]  ? __kernfs_new_node+0xd7/0x7e0
[  680.131147][T15478]  ? __kasan_slab_alloc+0x6c/0x80
[  680.131174][T15478]  __kernfs_new_node+0xd7/0x7e0
[  680.131194][T15478]  ? __lock_acquire+0xab9/0xd20
[  680.131217][T15478]  ? __pfx___kernfs_new_node+0x10/0x10
[  680.131240][T15478]  ? kernfs_root+0x1c/0x230
[  680.131263][T15478]  ? kernfs_root+0x1c/0x230
[  680.131280][T15478]  ? kernfs_root+0x1c/0x230
[  680.131296][T15478]  ? kernfs_root+0x1c/0x230
[  680.131320][T15478]  kernfs_new_node+0x102/0x210
[  680.131346][T15478]  __kernfs_create_file+0x4b/0x2e0
[  680.131367][T15478]  sysfs_add_file_mode_ns+0x238/0x300
[  680.131392][T15478]  internal_create_group+0x66d/0x1110
[  680.131426][T15478]  ? __pfx_internal_create_group+0x10/0x10
[  680.131455][T15478]  sysfs_create_groups+0x59/0x120
[  680.131476][T15478]  device_add_attrs+0x13f/0x5a0
[  680.131502][T15478]  ? __pfx_device_add_attrs+0x10/0x10
[  680.131527][T15478]  ? kobject_put+0x43f/0x480
[  680.131553][T15478]  ? device_add_class_symlinks+0x21f/0x240
[  680.131575][T15478]  device_add+0x496/0xb50
[  680.131599][T15478]  input_register_device+0x9d3/0x1140
[  680.131623][T15478]  uinput_create_device+0x422/0x670
[  680.131653][T15478]  uinput_ioctl_handler+0x3f0/0x1570
[  680.131680][T15478]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[  680.131717][T15478]  ? __fget_files+0x2a/0x420
[  680.131735][T15478]  ? bpf_lsm_file_ioctl+0x9/0x20
[  680.131752][T15478]  ? __pfx_uinput_ioctl+0x10/0x10
[  680.131775][T15478]  __se_sys_ioctl+0xfc/0x170
[  680.131800][T15478]  do_syscall_64+0xfa/0xfa0
[  680.131819][T15478]  ? lockdep_hardirqs_on+0x9c/0x150
[  680.131840][T15478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.131858][T15478]  ? clear_bhb_loop+0x60/0xb0
[  680.131880][T15478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.131895][T15478] RIP: 0033:0x7fc1b3f8f6c9
[  680.131909][T15478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.131924][T15478] RSP: 002b:00007fc1b4dc8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  680.131943][T15478] RAX: ffffffffffffffda RBX: 00007fc1b41e5fa0 RCX: 00007fc1b3f8f6c9
[  680.131956][T15478] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  680.131967][T15478] RBP: 00007fc1b4dc8090 R08: 0000000000000000 R09: 0000000000000000
[  680.131978][T15478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  680.131989][T15478] R13: 00007fc1b41e6038 R14: 00007fc1b41e5fa0 R15: 00007fc1b430fa28
[  680.132021][T15478]  </TASK>
[  680.604737][T13789] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  683.064213][T13791] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  683.100667][T15518] netdevsim netdevsim5: loading /lib/firmware/. failed with error -22
[  683.109165][T15518] netdevsim netdevsim5: Direct firmware load for . failed with error -22
[  683.164957][T15518] netdevsim netdevsim5: Falling back to sysfs fallback for: .
[  683.234986][T15522] FAULT_INJECTION: forcing a failure.
[  683.234986][T15522] name failslab, interval 1, probability 0, space 0, times 0
[  683.247656][T15522] CPU: 1 UID: 0 PID: 15522 Comm: syz.3.2602 Not tainted syzkaller #0 PREEMPT(full) 
[  683.247678][T15522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  683.247685][T15522] Call Trace:
[  683.247690][T15522]  <TASK>
[  683.247695][T15522]  dump_stack_lvl+0x189/0x250
[  683.247713][T15522]  ? __pfx____ratelimit+0x10/0x10
[  683.247726][T15522]  ? __pfx_dump_stack_lvl+0x10/0x10
[  683.247739][T15522]  ? __pfx__printk+0x10/0x10
[  683.247751][T15522]  ? skb_network_protocol+0x508/0x760
[  683.247767][T15522]  should_fail_ex+0x414/0x560
[  683.247784][T15522]  should_failslab+0xa8/0x100
[  683.247796][T15522]  kmem_cache_alloc_noprof+0x74/0x6e0
[  683.247808][T15522]  ? dev_queue_xmit_nit+0x2d/0xcc0
[  683.247817][T15522]  ? skb_clone+0x212/0x3a0
[  683.247830][T15522]  skb_clone+0x212/0x3a0
[  683.247840][T15522]  ? dev_queue_xmit_nit+0x25a/0xcc0
[  683.247850][T15522]  dev_queue_xmit_nit+0x416/0xcc0
[  683.247860][T15522]  ? dev_queue_xmit_nit+0x2d/0xcc0
[  683.247875][T15522]  dev_hard_start_xmit+0x1be/0x830
[  683.247894][T15522]  __dev_queue_xmit+0x1b8d/0x3b50
[  683.247904][T15522]  ? kasan_save_track+0x3e/0x80
[  683.247916][T15522]  ? __kasan_slab_alloc+0x6c/0x80
[  683.247928][T15522]  ? kmem_cache_alloc_noprof+0x367/0x6e0
[  683.247944][T15522]  ? __dev_queue_xmit+0x27b/0x3b50
[  683.247969][T15522]  ? __pfx___dev_queue_xmit+0x10/0x10
[  683.247987][T15522]  ? __copy_skb_header+0xa7/0x550
[  683.247998][T15522]  ? __asan_memcpy+0x40/0x70
[  683.248019][T15522]  ? skb_clone+0x246/0x3a0
[  683.248031][T15522]  __netlink_deliver_tap+0x5ad/0x850
[  683.248048][T15522]  ? netlink_deliver_tap+0x2e/0x1b0
[  683.248058][T15522]  netlink_deliver_tap+0x19c/0x1b0
[  683.248068][T15522]  netlink_unicast+0x7fa/0x9e0
[  683.248085][T15522]  ? __pfx_netlink_unicast+0x10/0x10
[  683.248099][T15522]  ? netlink_sendmsg+0x642/0xb30
[  683.248107][T15522]  ? skb_put+0x11b/0x210
[  683.248118][T15522]  netlink_sendmsg+0x805/0xb30
[  683.248133][T15522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  683.248144][T15522]  ? aa_sock_msg_perm+0xf1/0x1d0
[  683.248159][T15522]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  683.248169][T15522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  683.248179][T15522]  __sock_sendmsg+0x21c/0x270
[  683.248193][T15522]  ____sys_sendmsg+0x505/0x830
[  683.248207][T15522]  ? __pfx_____sys_sendmsg+0x10/0x10
[  683.248226][T15522]  ? import_iovec+0x74/0xa0
[  683.248240][T15522]  ___sys_sendmsg+0x21f/0x2a0
[  683.248252][T15522]  ? __pfx____sys_sendmsg+0x10/0x10
[  683.248280][T15522]  ? __fget_files+0x2a/0x420
[  683.248289][T15522]  ? __fget_files+0x3a0/0x420
[  683.248304][T15522]  __x64_sys_sendmsg+0x19b/0x260
[  683.248315][T15522]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  683.248330][T15522]  ? __pfx_ksys_write+0x10/0x10
[  683.248345][T15522]  ? do_syscall_64+0xbe/0xfa0
[  683.248360][T15522]  do_syscall_64+0xfa/0xfa0
[  683.248371][T15522]  ? lockdep_hardirqs_on+0x9c/0x150
[  683.248384][T15522]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.248394][T15522]  ? clear_bhb_loop+0x60/0xb0
[  683.248405][T15522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.248415][T15522] RIP: 0033:0x7fcb5e98f6c9
[  683.248424][T15522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.248433][T15522] RSP: 002b:00007fcb5f790038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  683.248445][T15522] RAX: ffffffffffffffda RBX: 00007fcb5ebe5fa0 RCX: 00007fcb5e98f6c9
[  683.248453][T15522] RDX: 0000000000004000 RSI: 00002000000002c0 RDI: 0000000000000003
[  683.248459][T15522] RBP: 00007fcb5f790090 R08: 0000000000000000 R09: 0000000000000000
[  683.248465][T15522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  683.248472][T15522] R13: 00007fcb5ebe6038 R14: 00007fcb5ebe5fa0 R15: 00007fcb5ed0fa28
[  683.248488][T15522]  </TASK>
[  683.254239][T13791] usb 1-1: Using ep0 maxpacket: 32
[  683.716045][T13791] usb 1-1: config 1 has an invalid interface number: 233 but max is 0
[  683.728698][T13791] usb 1-1: config 1 has no interface number 0
[  683.739563][T13791] usb 1-1: config 1 interface 233 altsetting 250 bulk endpoint 0x9 has invalid maxpacket 8
[  683.765365][T13791] usb 1-1: config 1 interface 233 has no altsetting 0
[  683.793305][T13791] usb 1-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=34.ac
[  683.821421][T13791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.834866][T13791] usb 1-1: Product: syz
[  683.839037][T13791] usb 1-1: Manufacturer: syz
[  683.843807][T13791] usb 1-1: SerialNumber: syz
[  683.893677][T15516] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  683.997784][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  683.997801][   T30] audit: type=1326 audit(1762411626.930:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15492 comm="syz.2.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b3f8f6c9 code=0x7ffc0000
[  684.224891][   T30] audit: type=1326 audit(1762411626.940:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15492 comm="syz.2.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b3f8f6c9 code=0x7ffc0000
[  684.654126][ T5908] usb 6-1: new high-speed USB device number 96 using dummy_hcd
[  685.207681][   T30] audit: type=1326 audit(1762411628.140:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15492 comm="syz.2.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc1b3f8f6c9 code=0x7ffc0000
[  685.429703][ T5908] usb 6-1: Using ep0 maxpacket: 32
[  685.431225][   T30] audit: type=1326 audit(1762411628.250:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15492 comm="syz.2.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b3f8f6c9 code=0x7ffc0000
[  685.469653][ T5908] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  685.484492][ T5908] usb 6-1: config 0 has no interface number 0
[  685.491410][ T5908] usb 6-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  685.504933][ T5908] usb 6-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  685.514336][ T5908] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.522414][ T5908] usb 6-1: Product: syz
[  685.527096][ T5908] usb 6-1: Manufacturer: syz
[  685.531732][ T5908] usb 6-1: SerialNumber: syz
[  685.539687][ T5908] usb 6-1: config 0 descriptor??
[  685.549509][ T5908] em28xx 6-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  685.559526][ T5908] em28xx 6-1:0.132: Video interface 132 found:
[  685.631810][   T30] audit: type=1326 audit(1762411628.250:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15492 comm="syz.2.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b3f8f6c9 code=0x7ffc0000
[  685.656220][   T30] audit: type=1326 audit(1762411628.250:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15492 comm="syz.2.2595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7fc1b3f8f6c9 code=0x7ffc0000
[  685.735388][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  685.741726][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  686.046641][ T5908] em28xx 6-1:0.132: unknown em28xx chip ID (0)
[  686.326691][T15558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  686.335916][T15558] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  686.382435][T13791] imon_raw 1-1:1.233: IR endpoint missing
[  686.404855][T13791] usb 1-1: USB disconnect, device number 85
[  687.208086][T15571] syzkaller0: entered promiscuous mode
[  687.214379][T15571] syzkaller0: entered allmulticast mode
[  687.245509][T15571] unsupported nla_type 52263
[  687.325648][ T5908] em28xx 6-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  687.335330][ T5908] em28xx 6-1:0.132: board has no eeprom
[  687.394102][ T5908] em28xx 6-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  687.405787][ T5908] em28xx 6-1:0.132: analog set to bulk mode.
[  687.417967][T13779] em28xx 6-1:0.132: Registering V4L2 extension
[  687.582531][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  687.628774][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  687.656973][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  687.677334][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  687.753820][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  687.768987][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  687.787146][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  687.813514][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  688.344090][ T5908] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  688.431093][T13779] em28xx 6-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[  688.498282][T15558] delete_channel: no stack
[  688.511199][T13791] usb 6-1: USB disconnect, device number 96
[  688.518297][T13791] em28xx 6-1:0.132: Disconnecting em28xx
[  688.524529][T13779] em28xx 6-1:0.132: Config register raw data: 0xffffffed
[  688.550757][ T5908] usb 1-1: unable to get BOS descriptor or descriptor too short
[  688.558475][T13779] em28xx 6-1:0.132: AC97 chip type couldn't be determined
[  688.565821][T13779] em28xx 6-1:0.132: No AC97 audio processor
[  688.603372][T13779] usb 6-1: Decoder not found
[  688.675673][T13779] em28xx 6-1:0.132: failed to create media graph
[  688.765532][ T5908] usb 1-1: config 176 has an invalid interface number: 218 but max is 0
[  688.806368][ T5908] usb 1-1: config 176 has no interface number 0
[  688.829091][T13779] em28xx 6-1:0.132: V4L2 device video103 deregistered
[  688.862580][ T5908] usb 1-1: config 176 interface 218 has no altsetting 0
[  688.929869][T13779] em28xx 6-1:0.132: Remote control support is not available for this card.
[  688.948839][T15597] ==================================================================
[  688.956918][T15597] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[  688.964332][T15597] Read of size 8 at addr ffff888057cd4740 by task v4l_id/15597
[  688.971870][T15597] 
[  688.974193][T15597] CPU: 0 UID: 0 PID: 15597 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  688.974214][T15597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  688.974226][T15597] Call Trace:
[  688.974235][T15597]  <TASK>
[  688.974243][T15597]  dump_stack_lvl+0x189/0x250
[  688.974268][T15597]  ? __virt_addr_valid+0x1c8/0x5c0
[  688.974290][T15597]  ? rcu_is_watching+0x15/0xb0
[  688.974310][T15597]  ? __pfx_dump_stack_lvl+0x10/0x10
[  688.974331][T15597]  ? rcu_is_watching+0x15/0xb0
[  688.974349][T15597]  ? lock_release+0x4b/0x3e0
[  688.974366][T15597]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  688.974388][T15597]  ? __virt_addr_valid+0x1c8/0x5c0
[  688.974409][T15597]  ? __virt_addr_valid+0x4a5/0x5c0
[  688.974432][T15597]  print_report+0xca/0x240
[  688.974451][T15597]  ? v4l2_fh_open+0xac/0x420
[  688.974468][T15597]  kasan_report+0x118/0x150
[  688.974491][T15597]  ? v4l2_fh_open+0xac/0x420
[  688.974512][T15597]  v4l2_fh_open+0xac/0x420
[  688.974529][T15597]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  688.974555][T15597]  em28xx_v4l2_open+0x157/0x9a0
[  688.974584][T15597]  v4l2_open+0x1bf/0x3a0
[  688.974605][T15597]  chrdev_open+0x4cc/0x5e0
[  688.974623][T15597]  ? __pfx_chrdev_open+0x10/0x10
[  688.974641][T15597]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  688.974662][T15597]  ? __pfx_chrdev_open+0x10/0x10
[  688.974678][T15597]  do_dentry_open+0x953/0x13f0
[  688.974703][T15597]  vfs_open+0x3b/0x340
[  688.974720][T15597]  ? path_openat+0x2ecd/0x3830
[  688.974742][T15597]  path_openat+0x2ee5/0x3830
[  688.974776][T15597]  ? __pfx_path_openat+0x10/0x10
[  688.974805][T15597]  do_filp_open+0x1fa/0x410
[  688.974825][T15597]  ? __lock_acquire+0xab9/0xd20
[  688.974842][T15597]  ? __pfx_do_filp_open+0x10/0x10
[  688.974873][T15597]  ? _raw_spin_unlock+0x28/0x50
[  688.974892][T15597]  ? alloc_fd+0x64c/0x6c0
[  688.974919][T15597]  do_sys_openat2+0x121/0x1c0
[  688.974940][T15597]  ? __pfx_do_sys_openat2+0x10/0x10
[  688.974960][T15597]  ? exc_page_fault+0x82/0x100
[  688.974983][T15597]  ? do_user_addr_fault+0xc85/0x1380
[  688.975002][T15597]  __x64_sys_openat+0x138/0x170
[  688.975024][T15597]  do_syscall_64+0xfa/0xfa0
[  688.975045][T15597]  ? lockdep_hardirqs_on+0x9c/0x150
[  688.975066][T15597]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.975084][T15597]  ? clear_bhb_loop+0x60/0xb0
[  688.975103][T15597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.975121][T15597] RIP: 0033:0x7fc97b0a7407
[  688.975137][T15597] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  688.975153][T15597] RSP: 002b:00007fff456e7090 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  688.975173][T15597] RAX: ffffffffffffffda RBX: 00007fc97b74d880 RCX: 00007fc97b0a7407
[  688.975186][T15597] RDX: 0000000000000000 RSI: 00007fff456e7f1b RDI: ffffffffffffff9c
[  688.975199][T15597] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  688.975210][T15597] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  688.975221][T15597] R13: 00007fff456e72e0 R14: 00007fc97b852000 R15: 0000562b3a1e44d8
[  688.975242][T15597]  </TASK>
[  688.975249][T15597] 
[  689.277314][T15597] Allocated by task 13779:
[  689.281719][T15597]  kasan_save_track+0x3e/0x80
[  689.286396][T15597]  __kasan_kmalloc+0x93/0xb0
[  689.290989][T15597]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  689.296345][T15597]  em28xx_v4l2_init+0x10b/0x2e70
[  689.301326][T15597]  em28xx_init_extension+0x120/0x1c0
[  689.306597][T15597]  process_scheduled_works+0xae1/0x17b0
[  689.312134][T15597]  worker_thread+0x8a0/0xda0
[  689.316716][T15597]  kthread+0x711/0x8a0
[  689.320774][T15597]  ret_from_fork+0x4bc/0x870
[  689.325342][T15597]  ret_from_fork_asm+0x1a/0x30
[  689.330178][T15597] 
[  689.332484][T15597] Freed by task 13779:
[  689.336536][T15597]  kasan_save_track+0x3e/0x80
[  689.341197][T15597]  __kasan_save_free_info+0x46/0x50
[  689.346387][T15597]  __kasan_slab_free+0x5c/0x80
[  689.351133][T15597]  kfree+0x19a/0x6d0
[  689.355009][T15597]  em28xx_v4l2_init+0x1683/0x2e70
[  689.360023][T15597]  em28xx_init_extension+0x120/0x1c0
[  689.365297][T15597]  process_scheduled_works+0xae1/0x17b0
[  689.370833][T15597]  worker_thread+0x8a0/0xda0
[  689.375398][T15597]  kthread+0x711/0x8a0
[  689.379450][T15597]  ret_from_fork+0x4bc/0x870
[  689.384030][T15597]  ret_from_fork_asm+0x1a/0x30
[  689.388783][T15597] 
[  689.391093][T15597] The buggy address belongs to the object at ffff888057cd4000
[  689.391093][T15597]  which belongs to the cache kmalloc-8k of size 8192
[  689.405135][T15597] The buggy address is located 1856 bytes inside of
[  689.405135][T15597]  freed 8192-byte region [ffff888057cd4000, ffff888057cd6000)
[  689.419085][T15597] 
[  689.421399][T15597] The buggy address belongs to the physical page:
[  689.427805][T15597] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57cd0
[  689.436557][T15597] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  689.445048][T15597] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  689.452594][T15597] page_type: f5(slab)
[  689.456575][T15597] raw: 00fff00000000040 ffff88801a027280 ffffea0001230c00 0000000000000002
[  689.465138][T15597] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  689.473740][T15597] head: 00fff00000000040 ffff88801a027280 ffffea0001230c00 0000000000000002
[  689.482402][T15597] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  689.491056][T15597] head: 00fff00000000003 ffffea00015f3401 00000000ffffffff 00000000ffffffff
[  689.499719][T15597] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  689.508386][T15597] page dumped because: kasan: bad access detected
[  689.514786][T15597] page_owner tracks the page as allocated
[  689.520489][T15597] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 15273, tgid 15266 (syz.0.2529), ts 667508501816, free_ts 666896955944
[  689.542001][T15597]  post_alloc_hook+0x240/0x2a0
[  689.546780][T15597]  get_page_from_freelist+0x2365/0x2440
[  689.552310][T15597]  __alloc_frozen_pages_noprof+0x181/0x370
[  689.558113][T15597]  alloc_pages_mpol+0x232/0x4a0
[  689.562960][T15597]  allocate_slab+0x96/0x350
[  689.567452][T15597]  ___slab_alloc+0xe94/0x18a0
[  689.572113][T15597]  __slab_alloc+0x65/0x100
[  689.576510][T15597]  __kmalloc_cache_noprof+0x411/0x6f0
[  689.581863][T15597]  audit_log_d_path+0xb8/0x1a0
[  689.586623][T15597]  audit_log_d_path_exe+0x42/0x70
[  689.591632][T15597]  audit_log_task+0x2b3/0x3c0
[  689.596286][T15597]  audit_seccomp+0x86/0x190
[  689.600785][T15597]  __seccomp_filter+0xce4/0x1e10
[  689.605717][T15597]  syscall_trace_enter+0xaa/0x160
[  689.610727][T15597]  do_syscall_64+0xd3/0xfa0
[  689.615225][T15597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.621115][T15597] page last free pid 5947 tgid 5947 stack trace:
[  689.627437][T15597]  __free_frozen_pages+0xbc4/0xd30
[  689.632546][T15597]  __put_partials+0x146/0x170
[  689.637213][T15597]  put_cpu_partial+0x1f2/0x2e0
[  689.641953][T15597]  __slab_free+0x2b9/0x390
[  689.646360][T15597]  qlist_free_all+0x97/0x140
[  689.650962][T15597]  kasan_quarantine_reduce+0x148/0x160
[  689.656429][T15597]  __kasan_slab_alloc+0x22/0x80
[  689.661266][T15597]  kmem_cache_alloc_node_noprof+0x433/0x710
[  689.667163][T15597]  __alloc_skb+0x112/0x2d0
[  689.671577][T15597]  alloc_skb_with_frags+0xca/0x890
[  689.676666][T15597]  sock_alloc_send_pskb+0x84d/0x980
[  689.681854][T15597]  unix_dgram_sendmsg+0x461/0x1850
[  689.686957][T15597]  __sock_sendmsg+0x21c/0x270
[  689.691623][T15597]  sock_write_iter+0x279/0x360
[  689.696372][T15597]  vfs_write+0x5c9/0xb30
[  689.700610][T15597]  ksys_write+0x145/0x250
[  689.704930][T15597] 
[  689.707240][T15597] Memory state around the buggy address:
[  689.712864][T15597]  ffff888057cd4600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  689.720916][T15597]  ffff888057cd4680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  689.728965][T15597] >ffff888057cd4700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  689.737008][T15597]                                            ^
[  689.743153][T15597]  ffff888057cd4780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  689.751201][T15597]  ffff888057cd4800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  689.759241][T15597] ==================================================================
[  689.777633][T13791] em28xx 6-1:0.132: Closing input extension
[  689.805404][ T5908] usb 1-1: New USB device found, idVendor=05ac, idProduct=b231, bcdDevice=85.00
[  689.816059][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.824361][ T5908] usb 1-1: Product: syz
[  689.828708][ T5908] usb 1-1: Manufacturer: syz
[  689.834554][ T5908] usb 1-1: SerialNumber: syz
[  689.869164][T15597] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  689.876394][T15597] CPU: 1 UID: 0 PID: 15597 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  689.885405][T15597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  689.895446][T15597] Call Trace:
[  689.898710][T15597]  <TASK>
[  689.901624][T15597]  dump_stack_lvl+0x99/0x250
[  689.906202][T15597]  ? __asan_memcpy+0x40/0x70
[  689.910778][T15597]  ? __pfx_dump_stack_lvl+0x10/0x10
[  689.915959][T15597]  ? __pfx__printk+0x10/0x10
[  689.920534][T15597]  vpanic+0x237/0x6d0
[  689.924503][T15597]  ? __pfx_vpanic+0x10/0x10
[  689.928991][T15597]  ? preempt_schedule+0xae/0xc0
[  689.933825][T15597]  ? __pfx_preempt_schedule+0x10/0x10
[  689.939179][T15597]  panic+0xb9/0xc0
[  689.942884][T15597]  ? __pfx_panic+0x10/0x10
[  689.947284][T15597]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  689.953170][T15597]  ? is_module_address+0x17/0xf0
[  689.958093][T15597]  ? v4l2_fh_open+0xac/0x420
[  689.962663][T15597]  check_panic_on_warn+0x89/0xb0
[  689.967585][T15597]  ? v4l2_fh_open+0xac/0x420
[  689.972166][T15597]  end_report+0x78/0x160
[  689.976386][T15597]  kasan_report+0x129/0x150
[  689.980868][T15597]  ? v4l2_fh_open+0xac/0x420
[  689.985440][T15597]  v4l2_fh_open+0xac/0x420
[  689.989838][T15597]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  689.995804][T15597]  em28xx_v4l2_open+0x157/0x9a0
[  690.000644][T15597]  v4l2_open+0x1bf/0x3a0
[  690.004867][T15597]  chrdev_open+0x4cc/0x5e0
[  690.009263][T15597]  ? __pfx_chrdev_open+0x10/0x10
[  690.014180][T15597]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  690.020489][T15597]  ? __pfx_chrdev_open+0x10/0x10
[  690.025403][T15597]  do_dentry_open+0x953/0x13f0
[  690.030154][T15597]  vfs_open+0x3b/0x340
[  690.034203][T15597]  ? path_openat+0x2ecd/0x3830
[  690.038949][T15597]  path_openat+0x2ee5/0x3830
[  690.043534][T15597]  ? __pfx_path_openat+0x10/0x10
[  690.048463][T15597]  do_filp_open+0x1fa/0x410
[  690.052947][T15597]  ? __lock_acquire+0xab9/0xd20
[  690.057780][T15597]  ? __pfx_do_filp_open+0x10/0x10
[  690.062797][T15597]  ? _raw_spin_unlock+0x28/0x50
[  690.067631][T15597]  ? alloc_fd+0x64c/0x6c0
[  690.071951][T15597]  do_sys_openat2+0x121/0x1c0
[  690.076619][T15597]  ? __pfx_do_sys_openat2+0x10/0x10
[  690.081801][T15597]  ? exc_page_fault+0x82/0x100
[  690.086553][T15597]  ? do_user_addr_fault+0xc85/0x1380
[  690.091820][T15597]  __x64_sys_openat+0x138/0x170
[  690.096655][T15597]  do_syscall_64+0xfa/0xfa0
[  690.101142][T15597]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.106322][T15597]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.112367][T15597]  ? clear_bhb_loop+0x60/0xb0
[  690.117025][T15597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.122899][T15597] RIP: 0033:0x7fc97b0a7407
[  690.127296][T15597] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  690.146884][T15597] RSP: 002b:00007fff456e7090 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  690.155277][T15597] RAX: ffffffffffffffda RBX: 00007fc97b74d880 RCX: 00007fc97b0a7407
[  690.163230][T15597] RDX: 0000000000000000 RSI: 00007fff456e7f1b RDI: ffffffffffffff9c
[  690.171202][T15597] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  690.179244][T15597] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  690.187194][T15597] R13: 00007fff456e72e0 R14: 00007fc97b852000 R15: 0000562b3a1e44d8
[  690.195712][T15597]  </TASK>
[  690.199031][T15597] Kernel Offset: disabled
[  690.203342][T15597] Rebooting in 86400 seconds..