last executing test programs:

3m15.543835079s ago: executing program 2 (id=222):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x102)
socket$inet(0x2, 0x4, 0x7ff)
r1 = syz_open_dev$dmmidi(&(0x7f0000000040), 0x7, 0x6000)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c09425, &(0x7f0000000080)={"c10fe919f70eb9d2e58796b2e6d14f5e", 0x0, <r2=>0x0, {0x6, 0x1}, {0x3, 0x3}, 0x9, [0x8, 0x5, 0x8, 0x10, 0x1, 0x0, 0x3, 0x3, 0xf7bb, 0x9, 0x4ea, 0x5a46, 0x0, 0x800, 0x0, 0x4]})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(0xffffffffffffffff, 0x50009417, &(0x7f0000000140)={{r1}, r2, 0x0, @unused=[0x9, 0x9, 0xfffffffffffffffe, 0x1], @name="9dfe4500e2bef4cbccbe8cb89400fe48196fd2a060015199806460411d71a18d466c0ec9f9dec594ddf9fe945d42e57160d8518af6dccad06713e47d04e75572649955ce3893b7e4b5f42e9829554e3885c1dc7961987b413e8a787b8f19d5a73db3af4332de895413a14db005499e6b9120d3460ca02c22ede5f473f48a1f5ceca33937b57e1382b3fdb1c1fdbe13a380f571e42c740f69d57459031635b474eace8e6ba8c201d1d9f6beb5d2d4abd8f4f6c11976b3a69920b5b4bb832a355ea9d497c5e66c75d232bc1f6945caa0ef100f9fc387d4fd62e83b90a925bbf0f98e1e912cf78c13f4f7f98a0e456cbed53fff6c747b84de75fb2f37d96ed649fe492d56ac26348e2582c3d03666cdad708ff937338e0e9b4767040e9aa9e4019d960e9ef368842f8ca94c23dd20f67604fde83aa9cfd094b0ebfdc87f78538a009ba0609b59c39a45441d25143852527c2d9ce3081c4aa9df7b4e4057acaadcc51148d332321857cf0539341c8943b2285845ac71e81cb35be7a2d5b8e82378dd8f855406c18b82d2a4214b15816fdc7915f0288d320c60861c2a9db225f74e221d3bef573100aab243bff8c44507ea75725c12a66f03bc8c442ca4360f7545f1723eca63329475b68239adc3755610bdf45cbb691545571ea1bad2e5ad4d9a2ec15de0d28eb21b59e37c6056af742f5915c7deb883a419a3aafc5a39a6c6f4511696077679441c77d4c57094bbed620bfc1589acc83aeef86f4d60acaba79861f7915db47647bcb763d642bc0d13baac64fefbb4699b37cde72f434c938e142ce5581a99ea17cccdc29142f61b3ea10735a65a3d5b2781adec7eaf852d13f0f07b739cc6c71116759e0707d457aaf2f534e3e9333483b1d733657b528e2bd1f995660ea650adb09054e53632fbce94d9b6e0104ae28c5ce9e6899e50fdd7e240136bbe6121e9f0157a4bc3c6077330d4e3f9b551efad41e83cbc3a87de1baf272821a04585f858d02d91dda980aee1d7114684d7045fb6629b77ada14d94b2fc602e9470e828c70b1c527ccfa3c1f01a2332420c479e1cf1ce3c7f768b63e81a28a333867b8576f39a69b22c0e519fe848d8b07e2920dd3d2c8881f3bff14c0cdf93db70193e0c21b48eb7a6774c97a9709754e58974aaa5f2f3806777fd0c48cbf52af3417d902fc7713d89b95164542b52cd951dc98dc7fcf96ab1cd643deb348b528171ea4d0370bcb41652da847fe9b2a62bd462587d7aada2b1b959478904d3d751b863105b2357439b49052fcee2cf10dd77e45d9b8e1d64af8685ce2f7a167c690e7cd2a0060b9dd7a34f540fdcf674dbaccac96c64bba26f70e439421db72ce769467c472271d9c4cb9044076dd593886138543f72034ac5ccf88b705c654c466386325b83e78d2f11290ec8ed89bcc67d48aee435b904a1c7f2e30d561389740df1505fb0c600c57e76d85a773a4aa28a3711ba1f3e9fc2a253421227133be3139ed76076d94bf649d0af40689bfcf0b5705daddb867465f3117a5907516ae398a4ce8d2152492fdca7572210a9adae985b213a2c21aae350ada37aea33c847da3a40618d6c8e269f2f6f3900bd381bbb60e2bd51d16960beeb3c7c1046671d739019bc53bc69afc47305ab88008741edf031f78a67a4d6295e311427fc68fbf543b11f2dd1147fed278c03d6d553d8908f2abe1fb690cbeb933fcf8379bc3becc24068746c90fa1963da6e2506ea616a1b1dafac9dc367ef9c8ad96e7b7be33611c9a925a836459360d242516cb02fd2bf7018e422388a06f3692134abeaddb06d5d282ff8800b15f7c6c7070b6579214fda8c1beb4ddee02d9e017c177fd09be2083f4cfde82070842a5458abeb4043ca0173d8247a988bfccd106ffc0ce5187d7b79ff58561826e32c9e8c4a5db281b4959ccaa1c9d592c4c180c6433028340e4ebca4de4eb935ef96ec529bb1f167b8776de90f604e18eb3b4fccdc2d515ac882974b0878e0ad5695ac13652cf0911d350cafd424e1add1bcd0a1b2f3c9be7d1ff968c8f05d288eb25c67f49286c4820bae199883e1e32a12c18f2956c5c2de929b7ad3cde3a56f1229822aa4909e4540ba15161d495360edde41fc58a3c47b764107ef380d6d1f6b6ca87e59f2c894ad58c78958bccb62904c58cdd6beaba45f772482f9dbda5b034617a88696a879d9c2e4d268f1ef4e39e37e33f3cebf9d96fdfef4af196f24350bd70f9fe109ef227a4297c2b419fcf487baa5f24ec77625855b65538bc29ac5ba992bc3892dc761b13304f91d0a0af182b215be6aa4d1134663cb66484c6b1f38bb10e6bb6046c96dfa43a1f10d7802bdff8e7fc4903f19ee473506a91fc72ca4eac9cce3c1b7755d1dc06d6cf228af9cfe7e49c49560ab575ff903008905f3cc7a4e618c24dfb74b1b13ab400acb089d902f3c6cc005e3991aa7be22115363137ec7441226a59be36ce4348ccee1eb236fea471721b80194777fc6e2bd590c75dfc83d4593f67201a8abc6626b9e349268117a4f367ab4da29db0945e457656621aca6674ed6637f2db54de46e1a2a86c0d4e47359e8e24e2e74cc8155cabc5fea69955eeadc4d439ac15c9fb5f9fda38752f3d6f2d298472379dc5615eb3e46f46ad4c40d378e09a793f05a7f2cbbf966840873f68bf091aab40f0e15d1d1f88e178fdfba7e5e2e31b1a94675ea6d9b4f3be1819e6886156be264117537cc5b69ebcec38e92b2f112c2ce92a6edd79ba1f6aee5603d3175b673d994501fc63be65b30ca782bfc75f828cf96c54a85b910ab77969a729b5c2a69cde130a0b85b394121a3243773cda87af6d70e4ca230efac189fdaa83ce7ece5c5e1e2638eff899bdbd93557c4b1689c6173b3792aad28d392fcc3b2efdbc99908eef01dfb9b87fa973fd24128cd72acbded6ff718f48f78716945e071de52fb98f2538043adb0646582b89aa3f8654cbe20e242a8fd5c420c59d9611e5433d3cfc9be2066a622e045bb6aa02a60d17b35a7b8a5389714ca2980696daeb38ca16ecab58272d3a2ed1bb1edd04dd46412a5ff5d4eb5502c81e64e7c507c5c22e1ca196aaaf544abef1cea71c0e3c9ac2d977d0e6abf86005b399539b4170d56664e902c6ba871c7647fdcacc1ee6479af90e49e41a27951a5c6d49c8b715f405e701b02e48340caf666d8dc64e096a0cb5ada59335db8e9b806b2e23d25ba03af24159e3bf18dfabc8fd95750065aa75a51b80991008c7dd25f7039e1ae23ab6c9cea78a745a4fc8a5fb6dc7bfe0aef75d912baf9bb8bcac3665845b5db437531cfce40d30b97bcd48b980ee0c4dec2878766d43fa4b397f77c863aba2e1b772b2e7b79eeb788c69a88a0504b63c6fff9363a68f2b3ceb89c307b361e7a543bdac11aff1e0c5a43ba317756cdecdc68d985dce5e00832a88761759acf1f7c493093fac91aae9fbac1dfd02bc994171e7f808013684e7c979ec60fbd0a0807428984ac694db0b3f1d52047cdc8bebfa046c0cdbce8650ef5d0d876679c53981989bea6b56f3a3090e0848053fbbaa210eaa5e6066f80d37bac78044162794b7904ddd012258ec7a3b87b9544952e387cd141cb0276d79284a9a1ef1688c5bcce80eea1d7d0cde7e8ae9dd89c3657a64c7a026135fe6156507320fa2878d72974bc560ab27254f4cdec678b8fb88383be6b08dd1be304fa43d47465404bc7b0c3876869ca633f2d4e72d1b2deff6b97b7d99fe1f4a39be05b58964b523f272c5f07e72758638e3ac950db02bd5eeced00f9c7311118139bd2b5237658c8ab3fd700ccd95d288db9970d0a1a0f3ec784c80751763d72180ae1c71bb832491dc7eaed483fa0790f705ddc5a31afe86ad98278313d51a1e4c47e1b558ab47b7b4a600f11764f2fbb08fc1181c547b470b7aabe891cf46ac066b2762f01d1cf58dd84db041091fbb42cc39796e9c5242b26791081eb3ad1ac8e22dc4db54a5ca2859fca626e37aae79ef704854db105ed3e6b5f648ce379491e8cae8239640d959805bd960445b93e2c4db64cfd5e090f77f4cf96af3d102a3dacd49e4ac9b5728633e381a7190c71feb7d3aecbb546a56e0a153f72fbcbf0bdffaee30a948c23170353c418893a48976aba0f73c6514a16a2391aa12013ef58fe2fa821b898a2611fcfc708041cafcf705d4d32571ca66ec65f67a11901db24b1149444d43d593faff682ca64f4fadea46a676b04950f1dc02128b0315447c70d8d5890502a3ca6b44392305b5efc287eaf93ac57a158e323e6ecf6565861638f5d861b956630b9e83eb95336a30a7a2892475aca65e6775c045b1778df784bca89a653f4cd2c6eaffdbdea39ea859d6442231b7d081c43cb60971f569cb9dd6ecf7becea049d06c72a051afc1daadaff112fd6351eb0a683aaa49c74c68cbad8c5bb8d5fd854887bd29fa9d5cbd7cdf6286ae2dff8eeef5874ae831df09ff5a758c3c4547b0273eff9b71743c8b2d86b9c878040eb336f9105b5f916ea90990b8ab437eb9d7abed3f844cc147507bd4565bb38d93c1c60cd28ade2ec0817f3a4e4c38e7d1ecd6af52fc93204582e2a9782c7724440d511194fd7776e00d556373bb5b9ab2bc26f24a7498114c08e1118e99015ef3c183d9f7b75a4486ff9cfdda226eb7402e130e4efc0491fe311f971997795595debf8c139b4f6c54eaeec41444b7aa3e82cd165a443fc918850d52825ba563c5ea6aee6e03b0f8c1daf03b9b9ccd896f8527d52ddd6e74e11a5b5eeef94c2a05bbc48c55046fa85bd845c512e1201a58dfb348287ba359828f24f526faf80b28bfecd99fdbed97b815afaaa43deb43f827d8db9bae2e52e058f96f92ca674c942b96ed254859a918de73f87eed6eb8dd684392d280afbb25517de4f58871340fa146f8d6aa881dd3eb3b492e3af84ed4cc24f444ecfc7ef5d06cec652b079d4238dd87f35a2c4fdf4152ed97b8d5bfe6757d865dd6861b2b7983f1047ae7b0bf64264a93e496a9404198c40c00a48ad929e370d668479c1f73f6a2c2bd47d081a70a78f4b90d94bfb08c30d05de4cd3b39d9aee430319ebc02d5356a9af4f0fb305edf38d557550d9505d6380b60a8078045bf27911976d89452eb34c66247aeedc76633fd32d3fb0753413750b2a29d114a4867fa47c9d8f37adef9988dd678c045839dd9f33151074bdd9f9c3a34edef9aecb56e8f7c4001fbe3dce5f5bbd5bc549ed51da3982e7e2fd657518917967498199d86e82b83b67e650b7c40b093e7d07e3d1c57ec13f10efa30be5e7eb95828f412c137d4db50ca9ddfdc58e7cdc3b1bc4f2d1edb78e52ae27891704f4d7977dd1374de58db0cd81ca61fbcd4732d7e9de1ad67f4c4250a4c9c57f9a1985b4155ced0b5ddf9cc15ef2fcf8e384caf36b5fba497082d9ebe34ef0b9529cd68566d7597d95327a26a046d477228ca9c4b6eac6bb721ac016658e0c625b7bd2222a953c0e6935dfea6846f396a64798b5a4d6671d5a06675823d0da38da265b1fc0652388f21151a9e6ce8a0b658714c9d6dd3b756acb4b7c79f13a132cc5945e69fd7cd930bb66e59ce3944fff02f58de08f066574147304d8780aa7f5540fd81826c438284a279dd1edfa37b9ec35af0ed2dfd2f33f3c98b91562b869980572ff8f9e065da6b48e625f538b9873e9621c8cff068efea7b0b6edbbb20511f969f4"})
r3 = openat$ppp(0xffffff9c, &(0x7f0000001140), 0x444180, 0x0)
r4 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001180)={r0, r0, 0x22, 0x0, @void}, 0x10)
close_range(r0, r4, 0x0)
socket$netlink(0x10, 0x3, 0x6)
r5 = fcntl$dupfd(r1, 0x406, r3)
ioctl$KVM_SET_DEBUGREGS(r5, 0x4080aea2, &(0x7f00000011c0)={[0x3000, 0xeeef0000, 0xdddd1000, 0x2], 0x4, 0x0, 0x6})
setsockopt$inet_buf(r5, 0x0, 0x2e, &(0x7f0000001240)="d1854ea55740f59703ae0cf6fdd4ee1914b6ebadd6de1825afb819e154612af89ed223a18a23dfcb8151f752f12a090cc4481d999fd07707508059a09dd3fd5aa1b824de2e", 0x45)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f00000012c0)={0x1, 0x7, 0xd, 0x7f, '\x00', '\x00', '\x00', 0x4, 0x4, 0x6ed01f1a, 0x2, "4c176f60d7435745b0e05ae7d5448ac1"})
sendfile(r1, r1, 0x0, 0x2)
openat$vhost_vsock(0xffffff9c, &(0x7f0000001400), 0x2, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
recvfrom(r6, &(0x7f0000001440)=""/226, 0xe2, 0x40000000, &(0x7f0000001540)=@ethernet={0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x80)
fcntl$getflags(r1, 0x401)
connect(0xffffffffffffffff, &(0x7f00000015c0)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e21, 0x80000001, @ipv4={'\x00', '\xff\xff', @remote}, 0x4}}, 0x80)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, &(0x7f0000001680)={0x9, 0x0, &(0x7f0000001640)=[0x0, 0x0, 0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f00000016c0)={<r8=>0x0, 0x0, r5})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000001700)={0x0, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06464ce, &(0x7f0000001740)={0x0, 0x6, 0x2, 0x2, 0x1, [<r10=>0x0], [0x101, 0x80000001, 0x7ff, 0x9], [0x80, 0x8, 0x6, 0x3], [0x8, 0xf, 0x2, 0x3]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000017c0)={<r11=>0x0, 0x0, r0})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06464b8, &(0x7f0000001800)={r7, 0x8, 0xffff, 0xfffffffe, 0x1, [r8, r9, r10, r11], [0x6, 0x2291, 0xfffffdc8, 0x8], [0x834, 0x7ff, 0x0, 0x7], [0x5, 0xeea, 0x6, 0x2]})
ioctl$KVM_GET_FPU(r0, 0x81a0ae8c, &(0x7f0000001880))
r12 = socket$netlink(0x10, 0x3, 0x15)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r12, &(0x7f0000001a40))
setsockopt$CAN_RAW_LOOPBACK(r5, 0x65, 0x3, &(0x7f0000001a80)=0x1, 0x4)
sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000001f00)={&(0x7f0000001ac0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001ec0)={&(0x7f0000001b40)={0x364, 0x0, 0x10, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x94, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffc01}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfff}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}]}, @TIPC_NLA_NODE={0xc8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_ID={0x7a, 0x3, "7bca2a8defd6284f0fbf3392096f3e8a55d18c243e9f305a433fb7808dfb4cd8e799e8ea130eb4f14e7bf5df51bc4ef609e0f7666d1a7fa9377d4394aa3510b86cf1a608a3a023c190ddf88bf6fb29b44a5e6e7a4049d0ecc85e9341ecfd7d0b055ea287785017eabcbc14d3ddaefdaf0036f8b7d653"}, @TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "d901719df92ea48b8d2389b8422937cf63d86e4ba6f63d1c"}}]}, @TIPC_NLA_SOCK={0x64, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x213}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xa5c}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x904}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xe}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3068}]}, @TIPC_NLA_NODE={0x60, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x40, 0x4, {'gcm(aes)\x00', 0x18, "3f57c98f0aff7d0d35ec2b919d5c8faf685b5edf09f61c50"}}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x4}]}, @TIPC_NLA_NODE={0xc0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x101}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffff}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x6}, @TIPC_NLA_NODE_ID={0x91, 0x3, "f0e9976e7dba593dcd144d4a8931b1f5cc622e346da8d1e74127f67a89f75daa60d68bf01e59d8ff5ca4623262ee55cd70962f8a2936b405019595c5ae3493c041a5f0a43fa0a21b6e6e64fcc1be650b63b1bff044687a9936ae4ebfd22ba7f66a4efc61ce960cbe3420751dab6801fa742395eeda31c36d3f8b864a6a85236f18678299711d698277a7ca4d54"}]}, @TIPC_NLA_LINK={0x38, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6fd6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc420}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}]}]}, 0x364}, 0x1, 0x0, 0x0, 0x20000842}, 0x810)

3m15.495071263s ago: executing program 2 (id=224):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4c0000fc110000022bbd7000fbdbdf25e00000020000000000001a0000000000000004ee0200320024000900e6c7000000000000010000800000001e05000000000000000008000000000000985b5e015a0bd747b552c220c04efa0ed0dbbf081ce244af14e2792daa25e4b4fa13db60502b1dca5b6111634bae0d48"], 0x4c}}, 0x0)
unshare(0x6a040000)
r1 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_usb_connect(0x0, 0x36, &(0x7f00000008c0)=ANY=[], 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000c40)={0x44, &(0x7f0000000780)=ANY=[@ANYBLOB="00002e0000003212"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r4, &(0x7f00000004c0)={0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="20237a001a007a11ca944019a7939366731f8cfcdd5c942c1f863292e990ba9d5ea7ebdb9559a079700489664769256a9e653928c5cc5329e61f9a867e7c0c916d696661e20c3089df0bd5f43158a104cfd6934efd312823cff5da36fd21920ebb82739936927f366887acc1481f20e9d810a01bb1a71ab4fe1ca0cdb284b675"], &(0x7f0000000400)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000880)={0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="4007a50000006f7dfce39171708b78bd16fae825fcb6cc42437fd15a6ad1a02cb1262d8556dd709638e1e17b9da9b7cc7345f661805b0c363d45c2c28eddd8fc9de0b3b6ea57abe0eaa86656a419f45c3fcb92e01e93de9c0b798cdcffc6109943f4bddc733cbb3a9be505cb34610afdd980ce5e0b1cbc3061c5b01de62ee569b84bb3f7d315fd2e24ba550c60acdbdf7442e882869e5a570c9ea182430b"], &(0x7f0000000500)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000006c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000740)={0x20, 0x80, 0x1c, {0x8b5, 0x1, 0x6, 0x3ff, 0x8, 0xa1, 0x4, 0x7fffffff, 0x9, 0x2000, 0x7, 0x2}}, &(0x7f0000000780)={0x20, 0x85, 0x4, 0x9}, &(0x7f00000007c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000800)={0x20, 0x87, 0x2, 0x9}, &(0x7f0000000840)={0x20, 0x89, 0x2}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB='G\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010024bd7100fcdbdf253d0000000e0001006e8c5658537618b5e8bf190b65f464657673696d0000000f00351be3c027111bce8fba8b027163655f6d756c74690000000000000050bb4af6effdcbb601280ac6ddac2e77"], 0x50}, 0x1, 0x0, 0x0, 0x20008804}, 0x4050)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000140)={0x30, r7, 0x1, 0xea, 0x25dfdbfd, {{}, {0x0, 0x3}, {0x14}}}, 0x30}, 0x1, 0x0, 0x0, 0x4004018}, 0x0)
sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f00000001c0)={0x68, r7, 0x2, 0x70bd25, 0x25dfdbfe, {{}, {}, {0x4c, 0x18, {0x13, @link='broadcast-link\x00'}}}, ["", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4000880}, 0xc001)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f0000000240), 0x1, 0x0)
r9 = syz_io_uring_setup(0x20497, &(0x7f0000002c80)={0x0, 0xe3d3, 0x40, 0x800005, 0x1f0}, &(0x7f0000000640)=<r10=>0x0, &(0x7f0000002d00)=<r11=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r10, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r12 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r12, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000280)="390000001400810010003c000500018311001f9f660fcf066505acb612f691f3bd3508abca1be6eeb89c44ebb37358582bdbb7d553b4e92155", 0x39}], 0x1}, 0x0)
syz_io_uring_submit(r10, r11, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x8, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002e40)="f8f5", 0xfffffffffffffff0}], 0x1}, 0x0, 0x24004890})
io_uring_enter(r9, 0x3516, 0x0, 0x0, 0x0, 0x0)

3m12.201632019s ago: executing program 2 (id=234):
r0 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0xf0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000000)={0x50, 0x0, r2, {0x7, 0x26, 0x10001, 0x5260f54f, 0x4, 0x8, 0x0, 0x2, 0xf5, 0x0, 0x6cfacb893ffd6541, 0xc}}, 0x50)
preadv(r0, &(0x7f0000000c00)=[{&(0x7f0000000740)=""/121, 0x79}], 0x1, 0x80000000, 0x4)
ioctl$VIDIOC_S_FREQUENCY(r0, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000006c0)={0x1, &(0x7f0000000500)=[{0x6, 0x43, 0x0, 0x7fff0000}]})
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, 0x0, 0x0)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0xb, "08405af3"}, @local=@item_4, @local=@item_4={0x3, 0x2, 0x0, "6fe695cd"}]}}, 0x0}, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$int_in(r6, 0x5452, &(0x7f0000000280)=0xfff)
close_range(r3, 0xffffffffffffffff, 0x0)
r7 = getpid()
r8 = syz_open_procfs(0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x5, 0x8400, 0xc5d, 0x442, r8, 0xf317, '\x00', 0x0, r8, 0x1, 0x4, 0x4, 0x8}, 0x50)
syz_clone3(&(0x7f0000001240)={0x2d000000, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, &(0x7f0000000180)=[r7], 0x0, {r8}}, 0x58)

3m9.943323296s ago: executing program 2 (id=249):
r0 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_NAT_FAMILY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_NAT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x4000)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r0, &(0x7f0000002940), 0x40000000000017d, 0x811)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000040)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r2=>0x0}}, 0x10)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x7, r2, 0x4}, 0xc)
pipe2$watch_queue(&(0x7f0000000000), 0x80)
pipe2$9p(&(0x7f0000000080), 0x800)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x84)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)=ANY=[@ANYBLOB="140100002d00010000000000fcdbdf2504"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
recvfrom(r3, 0x0, 0x0, 0x40002000, 0x0, 0x0)
mkdir(&(0x7f0000000240)='./cgroup/../file0\x00', 0x6)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x84000, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_subtree(r6, &(0x7f0000000080), 0x2, 0x0)
ioctl$AUTOFS_IOC_FAIL(r7, 0x9361, 0x1)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
socket$inet6(0xa, 0x3, 0x4)

3m8.908421299s ago: executing program 2 (id=260):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000001500010300000000000000000a00000008000200", @ANYRES32], 0x1c}}, 0x200040c4)
unshare(0x10000280)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2, 0x0, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_open_dev$video4linux(&(0x7f0000000080), 0x9dd, 0x80040)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="01000000000000000000020000000800", @ANYRES32=r7, @ANYBLOB="050032010900000008009f0004000000050018014f1800000008002607800900"], 0x3c}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000000000)="46238df09c74df30d43547b3816b499b6b1df7260290dce554dc0ea4cfc898cf1518470bbd788638cbae527f7439515a1004e3dac01b285ec61a4b3ca670ab1cf830e111a46d8fbc6f055d71d51fb4a7f3c8c81a397939c907daf315ecc0b15dc39e0710670568bb065c415ef8dbb54a7a95f12e7577daadfd56be3abc84fa7ddde243461e57ce0e03d97281549d7da4e3aa9a3fdef2033a30c834a1426000c76fd441e006ef26e097d2d06c4b8310f2d479faefc83eab5db4c8987473d1eb86089fb2afcb6e8fe9b17cb80cceabf4509a9ff5f056586543dd", 0xd9, 0x0, &(0x7f00000001c0)={0xa, 0x4e22, 0x8, @local, 0x4}, 0x1c)

3m8.634604229s ago: executing program 2 (id=262):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x183, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x40000f}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x14, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x4}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xa0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000040)={0xb, 0x1, 0x9})
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x29e, 0x0, 0xe}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000))

3m8.312346554s ago: executing program 32 (id=262):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x183, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x48, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x38, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0x40000f}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x14, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x4}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xa0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000040)={0xb, 0x1, 0x9})
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x29e, 0x0, 0xe}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000))

12.616438678s ago: executing program 4 (id=1085):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x13, &(0x7f00000005c0)=0x1, 0x4)
r1 = inotify_init()
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000000)={0x2710, 0x200, 0x280, &(0x7f00000001c0)=[0x3, 0x6, 0x4, 0x0, 0xff, 0x40, 0xd, 0x1, 0x3, 0x10000, 0x1, 0xfffffffffffffffd, 0x1, 0x80000000, 0x80, 0x5, 0xfffffffffffffff8, 0x40, 0x9, 0x9d5, 0x8, 0xfff, 0x1, 0x1, 0x8, 0x8, 0x100, 0x2, 0x100000000, 0x8f2, 0x4, 0x3, 0x619, 0x81, 0x1, 0x0, 0x5, 0x3, 0x191e, 0x4d, 0x45f9a9b71, 0x1, 0x4, 0x7fffffffffffffff, 0x2, 0x6, 0x8, 0x1, 0x7fff, 0x7, 0x0, 0x7, 0x0, 0x3, 0x2, 0x1, 0x0, 0xf, 0x4, 0x3, 0x5, 0x100000001, 0x8, 0x97ef, 0x0, 0x8, 0x1, 0x6, 0x5, 0x5, 0x6, 0xd5a, 0x0, 0x2, 0x1, 0x7cf1125b, 0x3, 0x8, 0x7, 0x57, 0x8, 0x7f, 0x0, 0x2, 0x6, 0x81, 0xfffffffffffffed9, 0x3, 0x6, 0x1, 0x5, 0x19, 0x1, 0xa9, 0x7, 0xc, 0x5, 0xa110, 0x400, 0x85b9808, 0x3ff, 0x1, 0x1, 0x9, 0x3, 0x1, 0x3, 0x1, 0x8000, 0x4, 0x800, 0xffffffff00000001, 0x4, 0x6, 0x2, 0x9, 0xfffffffffffffffa, 0x630cb504, 0x2, 0x9687, 0x401, 0x8000000000000000, 0x2, 0x3f91, 0x4, 0xa1, 0x8f05, 0xfffffffffffffffb]})
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

11.328512315s ago: executing program 4 (id=1092):
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="0b00000000cf1c7b1808d17e7dffff5377c495fdf065b435ffb579e8e3e96b31c5"], 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0xfe, {0x6, 0x0, 0x8100, 0x0, {0xc3}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES8], 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200c8004, &(0x7f0000000100)={0xa, 0xe20, 0xd, @mcast1}, 0x1c)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0xc001, 0x0, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x88, 0x1, &(0x7f0000000080), 0x4)
syz_open_procfs(0x0, 0x0)

9.167758799s ago: executing program 3 (id=1108):
socket$can_bcm(0x1d, 0x2, 0x2) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1b000000", @ANYRES16=r3, @ANYBLOB="0d030000000000000000130000000c0009800800020000030000"], 0x20}}, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r4 = socket$inet6(0xa, 0x3, 0xff)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="020500020e00000000000000070000000500060000000e000a004e24fffffffdfc010000000000000000000000000000988500000000000002000100000004d4008100000000000005000500000000000a004e22fffff800fc010000000000000000000000000001060000000000000058d2981d233a988f865fdff79ca44ac7776752248e463363c48592225eed6f1be696dc5543a3bdcb2de95954d99edeb8cdcaa250ecfe75fbdbd51eea1390"], 0x70}, 0x1, 0x400000000000000}, 0x0) (async)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80) (async)
r6 = syz_io_uring_setup(0x45c8, &(0x7f0000000200)={0x0, 0x86f7, 0x200, 0x3}, &(0x7f0000000280)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) (async)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="9b4307000001aaaaaaaaaa0008004500fb1c000000000001907800000000ffffffffe0009078fffd0000"], 0x0) (async)
io_uring_enter(r6, 0x48e9, 0x0, 0x2, 0x0, 0x0) (async)
connect$inet6(r4, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c) (async)
syz_open_dev$vivid(&(0x7f0000000080), 0x0, 0x2)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
r9 = dup2(r4, r4) (async)
r10 = socket(0x2b, 0x1, 0x1) (async)
r11 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r11, 0x29, 0x20, &(0x7f0000000180)={@loopback, 0x8000000, 0x0, 0xff, 0x1}, 0x20) (async)
futex(&(0x7f00000000c0)=0x1, 0xb, 0x2, &(0x7f0000000100)={0x0, 0x3938700}, &(0x7f0000000140)=0x2, 0x1) (async)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff, 0x0, 0x4}, 0x20)
sendmmsg$unix(r9, 0x0, 0x0, 0x4008890)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r12 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r12, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)

8.540589533s ago: executing program 4 (id=1109):
r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b//\\\\\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\xc5n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3V\x9c\x8c\xf8\xf7\xe2\xd5\x8bE\xee5\x00\xaa\xd5\xfc\x1b$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\xec\xac\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xec\x9es\xee\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\x00\x00\x00\x00\x00\x00\x00\x00_\tN\xfd\xa2\xc2SPu\xe7\xc0+SL\xa1', 0x0)

8.396025723s ago: executing program 4 (id=1111):
mremap(&(0x7f0000aaf000/0x3000)=nil, 0x3000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d6f64653d3030303030303030303130303030302c75f365725f69643da78dc28333b7c223d1b4", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020}, 0x2020)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x356, 0x3a, '\xf1', 0x3a, '', 0x3a, './file0', 0x3a, [0x50]}, 0x29)
socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_netfilter(r1, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82187202, &(0x7f0000000300)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000040)={0x8b, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r5, 0x100000)
r6 = socket(0x10, 0x3, 0x0)
write(r6, &(0x7f0000000240)="2600000011003f20000000bf8a9d719797efcee3130000000d39036892f3f77156c2aea30a4b", 0x26)
close_range(0xffffffffffffffff, r6, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r7, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

8.373027736s ago: executing program 5 (id=1112):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000080)=0x7)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
r6 = dup3(0xffffffffffffffff, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000002440)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000002240)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000000)=""/15)
sendmmsg(r1, &(0x7f0000000e00)=[{{&(0x7f0000000080)=@phonet={0x23, 0x6, 0x8f, 0x3}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000000)="0a9fdaa4a4d9379d01097a5afc6a054b506a85159893e3cfa2", 0x19}, {&(0x7f0000000240)="eddf7bf1960b61c5aef9ea449c9f03e7630c1cd90884df133becb078c95a8269cbe8062108a819631095ddba4a02cf5a252cc72a4ce021284210906fc691fc446c96e0ee", 0x44}, {&(0x7f00000002c0)="885b99f588bcdf0bdf3a3a2bd868790c04827ba62e4f65aaae79c4a01913724ad615b0d80046613f4f4dc1f9fb11bb1e6334a53b31a367a71ee4424b141915fd7716b2a82be6d272a787eac2e4d1853f7ea82ed28fad0105e89a92178454eee383f26beef50847b6c27960aecc77c53bdd7f2f0e32d920293b75788ad5359eb5ece83309e2ff5672483e9ff75e981a7925b28fabef36ed84ac0c898b540b1bdae53d0219240ffb", 0xa7}], 0x3}}, {{&(0x7f00000001c0)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x8000}, 0x80, 0x0}}], 0x2, 0x4004000)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x3c, r7, 0x301, 0x800000, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)

7.453208153s ago: executing program 3 (id=1114):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x194c2)
fcntl$setstatus(r0, 0x4, 0x2400)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000002a00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r3, &(0x7f0000000040), 0xc)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r4, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x68000)
fcntl$setstatus(r5, 0x4, 0x2000)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x427c2, 0x19e)
sched_setscheduler(0x0, 0x1, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, 0x0)
r7 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
ioctl$EVIOCSFF(r7, 0x40304580, &(0x7f0000000b40)={0x56, 0x0, 0x8, {0x80c, 0x1}, {0x45, 0x400}, @rumble={0xdc, 0x8}})
write$char_usb(r7, &(0x7f0000000040)="e2", 0x2250)
writev(r4, &(0x7f00000004c0)=[{&(0x7f0000000380)='Q', 0x1}], 0x1)
ioctl$sock_qrtr_TIOCINQ(r3, 0x541b, &(0x7f0000000340))
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000080)=r2, 0x4)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x5, 0x1, 0x401, 0x0, 0x0, {0x7, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4000050}, 0x40)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000003c0)={'wlan0\x00', &(0x7f00000002c0)=@ethtool_eee={0x45, 0xc0000000, 0x1, 0x7, 0x10000, 0xa, 0x4, 0x7, [0x0, 0x1]}})
pselect6(0x40, &(0x7f0000000080)={0x8, 0xfffffffffffffffc, 0x4, 0x0, 0x80000, 0x2, 0x9, 0x10001}, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.359624657s ago: executing program 3 (id=1119):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
lsm_set_self_attr(0x68, 0x0, 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
r3 = syz_open_dev$usbfs(0x0, 0x76, 0x101301)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
readv(r6, &(0x7f00000001c0), 0x0)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f0000000080)={0x0, 'syzkaller1\x00', {0x4}, 0x1})
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local})
r8 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(r3, 0xc0105502, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89101)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
socket$inet_smc(0x2b, 0x1, 0x0)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

6.00691005s ago: executing program 0 (id=1122):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x0, 0x5000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000140)={0x1fd, 0x0, 0x2000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r4, 0x2020}, {r4, 0x30fa}], 0x2, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r4, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0xdddd1000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x10000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10)
r6 = accept4$alg(r5, 0x0, 0x0, 0x0)
io_setup(0x42, &(0x7f0000000100)=<r7=>0x0)
write$RDMA_USER_CM_CMD_ACCEPT(0xffffffffffffffff, &(0x7f0000000680)={0x8, 0x120, 0xfa00, {0x0, {0x58c, 0x2, "28e3d0b17f60bf0e865834a9a318498f4cf2f436807fbfeef30b530d458aefc3f4330c57c02d8b1e0df7cac93e5cbb8f1d7f4ddb398852c9a74ec8ff4fbf25229f099987cfe732002cc0d4d55ba56194d5e3d61c58c6e00a9e899c6b9745a27353b9472f1ce775ec7fc2bf744184dd4ae72ebb00b0f989994895ee4affbcad496547693d077764b4725924c2140b60b14447d4fc264fe864edf89f4e3eb73772524bea1a767d6a1d12d625bb785d92f630c2b5cce114e6a1d7faede3b512bd52ec138caf8f27f4ffebc21f888942414a80abb5854d4df2349a519e637eb37db6147e1ab0a2f048e5ae44922da1872464399bc3093e4c6180f7549c5cbb16f1b6", 0x3, 0x8, 0x7, 0x59, 0x3, 0x1, 0x6}}}, 0x128)
io_submit(r7, 0x0, &(0x7f0000000580))
sendmmsg$alg(r6, &(0x7f0000000300)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="82", 0x1}], 0x1, &(0x7f0000000280)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x2000c001}], 0x1, 0x4000040)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r9, 0x10e, 0xb, &(0x7f0000000000)=0x40b, 0x4)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x18, r10, 0x1, 0x0, 0x25dfdbfd, {0x23}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}]}, 0x18}}, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f00000002c0)=0xffffffff)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r8, 0x89f1, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000440)={'syztnl0\x00', 0x0, 0x0, 0x7, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x3c, 0x14, 0x0, 0x0, 0x0, 0x5e55b37311de6d89, 0x0, @dev, @initdev={0xac, 0x1e, 0x1, 0x0}}}}})

5.66568348s ago: executing program 1 (id=1123):
syz_emit_ethernet(0x34d, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000fa", 0x317, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [{0x3, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000000000000000d8a000000"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x2, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x19, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b6e483b108474bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f000000000000000"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x18, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)

5.60038115s ago: executing program 5 (id=1124):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FLUSH_PMKSA(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x8000)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x6b, 0xc00000, 0x0, 0x200b49, 0x2, 0x8, 0xfff, 0x3}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
pipe2$watch_queue(0x0, 0x80)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f00000002c0), 0x40f00, 0x10, '\x00', 0x0, 0x25, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480)={0xbd4a, 0x2, 0x7eab, 0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000640)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000080}, 0x20000000)
r4 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r4, &(0x7f00000000c0)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x3, {{0x2}, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x20040080)
r5 = openat$qat_adf_ctl(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r5, 0x40046103, 0x1)
openat$sysfs(0xffffff9c, 0x0, 0x281, 0x3)
setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f0000000140)='wg0\x00', 0x4)
r6 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$apparmor_current(r6, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x8)
r7 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, 0x0)
bind$can_j1939(r7, 0x0, 0x0)
close(r7)

5.554672856s ago: executing program 4 (id=1125):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000200), 0x2, 0x2)
ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000840)={0x4, @sliced={0x3, [0x5, 0x6, 0x7, 0x9, 0x1b, 0x4, 0x0, 0x7bd, 0x5, 0xa9, 0x0, 0x3, 0x5b05, 0x4, 0x7fff, 0x4, 0x3, 0x6, 0x8, 0x401, 0x2, 0x7, 0x4, 0x7, 0x100, 0x5, 0x4, 0x7, 0x4, 0x0, 0x3, 0x8, 0x0, 0x4, 0x85fe, 0xe732, 0x10, 0x1, 0x400, 0x10, 0x9, 0x0, 0x6, 0xd, 0x80, 0x6, 0x6, 0x6], 0x3}})
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r2, &(0x7f0000000340), 0x8)
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc04c565d, &(0x7f00000000c0)=@overlay={0xba8, 0x7, 0x4, 0x20, 0x3ff, {}, {0x4, 0x2, 0xc9, 0x8, 0x6, 0xfa, "2bcff706"}, 0x7, 0x3, {}, 0x6, 0x0, r2})
ppoll(&(0x7f0000000080)=[{r1, 0x4}, {r1, 0x9106}], 0x2, 0x0, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000680)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031ed3afa84c401f0ece6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cdbef2662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3ddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc521718348071ec6288906347dcd62b75c72ce26424630ff7bb"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r4, 0xffffffffffffffff, 0x22, 0x0, @val=@perf_event={0xb}}, 0x18)
syz_usb_control_io$hid(r3, &(0x7f00000002c0)={0x14, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, '\x00'}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r5, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=ANY=[@ANYRES32, @ANYBLOB="f00014000a0001000180c2000000000008000f0004"], 0x30}}, 0x0)
syz_open_dev$loop(0x0, 0x2, 0x2001)

5.456378028s ago: executing program 1 (id=1126):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
landlock_create_ruleset(&(0x7f0000000140)={0x100, 0x1, 0x3}, 0x18, 0x5)
r2 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x700})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x1})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x2, 0x3, 0xffffe000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
getpid()
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xffffffffffffffff]}, 0x0, 0x8)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x4)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000400))
sendmsg$nl_route(r6, 0x0, 0x8044)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
timer_create(0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)

4.541861473s ago: executing program 0 (id=1127):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)

4.265112407s ago: executing program 0 (id=1128):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000380)={{0x3, 0x81}, 'port0\x00', 0x41, 0x20010, 0x2, 0x1ff, 0x8000, 0xfffffffe, 0x8, 0x0, 0x4, 0xf4})
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000563000/0x2000)=nil)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x100004, 0x220104, 0xe2a3, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1000000}, 0x50)

3.773412229s ago: executing program 1 (id=1129):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x0, &(0x7f0000000040)})
sched_setattr(0x0, &(0x7f0000000240)={0x38, 0x5, 0x8, 0x8001, 0x3, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x28020480)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, 0xffffffffffffffff, 0xffffffffffffffff)
r3 = socket(0x10, 0x80002, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000002d000100000000000000000004000080050011802f"], 0x1c}], 0x1}, 0x310)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x4008004)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'ip6tnl0\x00', <r6=>0x0})
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x40)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340), 0x200000000000011b}, 0x4c894)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x181040, 0x0)
setsockopt$packet_drop_memb(r3, 0x107, 0x2, &(0x7f0000000200)={r6, 0x1, 0x6, @broadcast}, 0x10)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4400ae8f, &(0x7f0000000400)=@arm64={0x6, 0x5, 0xe, '\x00', 0x6})
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000070000040"])
timer_create(0x2, &(0x7f00000001c0)={0x0, 0x2c, 0x800000000004}, &(0x7f00000002c0))

3.676310173s ago: executing program 5 (id=1130):
sendto$inet(0xffffffffffffffff, &(0x7f0000000100)="1ce0", 0xffeb, 0x0, &(0x7f0000001100)={0x2, 0x0, @private}, 0x10)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r1, 0x0, 0x0, 0xfffffe04, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f00000000c0)={0x0, 0x0, {0x0, 0x0, 0x100f, 0x9, 0x3, 0x9, 0x5}})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x141, 0x0, 0x4}, 0x18)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aac020000060a0b040000000000000000020000003c020480380201800a0001006d6174636800000028020280080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbad362baa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45dcfad1db7c7dda3e2c8d5ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000100627066000900010073797a30000000000900020073797a3200000000440005800800024000000002080001"], 0x2d4}}, 0x4048010)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x7, 0xec, 0x9, 0x0, 0x2, 0x200, 0x81}}, {0x4}}]}]}, 0x48}}, 0x0)
r7 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r7, 0xc0045103, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
gettid()

2.95615367s ago: executing program 3 (id=1131):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
sendto$rxrpc(r0, 0x0, 0x0, 0x44800, 0x0, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000001280)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x8, @empty, 0xfffe}}, 0x24)

2.828322236s ago: executing program 3 (id=1132):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r3, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r5 = memfd_create(&(0x7f0000000540)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\"%/u\x17\xdam\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d[\v\xfc\xad\x0f\xa8\xc5\xad\x001\x8b%\xaa?\x00\x00\x00\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc2Gj+kV', 0x3)
ftruncate(r5, 0xffff)
fcntl$addseals(r5, 0x409, 0x7)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f00000000c0)={{0x1, 0x1, 0x18, <r6=>r4, {0x180, 0x26}}, './file0\x00'})
unlinkat(r6, &(0x7f0000000140)='./file0\x00', 0x200)
r7 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f0000000000)={r5, 0x0, 0x0, 0x8000})
lseek(r7, 0x9, 0x2)
r8 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x3)
ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000bc0)={"c718ae3ddd25e4c2826499cb6a055b56a5a7336f377a556f824db28eb6743cf045afd0e932534b9eb3b847abbcef63c85319991745999ed89ff49783a84d57cf175a89f8733d74a1bdddcb0a6c3f7535ef976e79da1b52de6403f6710d606fafaf685ec19f369b7829b12aa2b8cd2ab52f9c688683979cdb9516cb61f2adb9aefd44fce30bddb81ebefa818f31f60d89a4e390920c7ed0e2512fd59f719e734b0a1d1f3ff7babb54258a1585514aac353b21fe733671e0543929c06f72fc598939003ac6777f3497523536fd25ac4f1e265f5038fa7455f2cc6131d4a189a16b0f0b89e6a495e1d95b840c36488adc22cb2d1b8af57f6dce7214152ba1b3c0d3ad0a6db821518e44b24cb36a02d76ea11a1c45879fc77e7bb2af8c345ddddf49f41228df2114f2c27d16499fa36097a5015ad61a6a9484c09e0a2dfb50f7b7ca71135dc32804a80380a6e20e0ae03be775e472cd31d6a31e615937c38e746a5cf6c9d8194242990dd497a2c52af50300000000000000cebbd983c3f86dbe92c4b751c04693cb09af88521ab305ceabf6d2bab40bb1b219fbe95ace2f6c49fea798e76b4ef336dff5ac0f7ab022b800ac1aa42fd231b52465a410177ed85dcc9c6d794e2aa0b90cdc409541aa85fa16e3cbc3a9d6c83ffd4d01e5ba898555eeffccf0cb28ce5df0ba31cb793675276162de2fdcb486455bca57edf4fb14e1533554eb22527d66a28a960c430f6136927f54e670c46292454fe28485f35405025844fd24fe846f6656c77d9b5f2b4750ac4805897b02c85caba80000bb96f71f468c9e746d860238b3b113ab1eef51e1507f8832d5d69528083d44548e491477cda51d7e083a134097438e9d7ea34eae8a2e6b516327db9310c7478a37f5c562037196131cc7c84fa29c3c2576f2ae7570b5a98aaa49ca7ddfd5a8c046ce82e4a2d06082ad7a3ab0dfbe208630b1410b674781855752c9c57c1c5ab0a74a336ce89b3a9c0d37a3ca4e698a798a85faf7f4f1dc020b7dd5750062c9810c4bc1ad7afe338f2b0f29059e684fe16098eb30da105be01ca11a293635dfc6d25ecc770ba72792fd3c6851d951b770d0f9edafb1cb4241350d85b04ed737a9bfd7e8301c43b65a95dda76d6850860ba3195040b14c8ad1a8b52472787621147182352a1dbd93595cbc26e813ccd75e16f9247fe82ed150c121f0041022522ec76476f0a9cffa3be1d3ffffffffffffffff29358bbfd8b7a12fe94a0355beb9420eee0a5c11220100c782b89e9430de84b220e8c0df4bd40be3400c58f149319f891fe86fba751dab3326bf2deb9e782b37ec9c7adf36025a091a4b3600"})
ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f00000001c0)={{0xf000, 0x4000, 0xe, 0x7, 0x7f, 0x1, 0x10, 0x0, 0x0, 0x95, 0x9, 0x6}, {0xffff1000, 0x8080000, 0x3, 0x3, 0x2, 0x4, 0x3, 0x0, 0x6, 0xc, 0x1, 0x5}, {0x8080000, 0xffff1000, 0x1a, 0x5, 0x5, 0x9, 0x8, 0x8, 0x11, 0x9, 0x2, 0x1}, {0x4000, 0xeeee8000, 0x3, 0x5, 0x1, 0x45, 0x7, 0x5, 0x6, 0x6, 0xff, 0x1}, {0x2, 0xdddd1000, 0x3, 0x1, 0x5, 0xfd, 0x8, 0x2, 0x7, 0x5, 0x5, 0xb}, {0x80a0000, 0xd5d62002, 0x4, 0x3, 0x0, 0xb, 0x3, 0xde, 0x9, 0x27, 0x0, 0x8f}, {0x6000, 0x3000, 0x3, 0x2, 0x1, 0x31, 0x5a, 0xff, 0xd, 0x1, 0x7, 0xff}, {0x1, 0x1000, 0x9, 0x7, 0x2, 0x7, 0x3, 0x1, 0x1, 0x3, 0x8, 0x81}, {0x10000, 0x77a}, {0x5000, 0x7}, 0x0, 0x0, 0x10000, 0x4c0, 0x8, 0x2001, 0x1000, [0xa07, 0x4, 0x401, 0x40000000]})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000029c0)=@newtfilter={0x50, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r12, {0x0, 0xf}, {}, {0x7, 0x7}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_LIST={0xe, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc, 0x3, 0x0, 0x0, {{0x5, 0x4, 0x3}}}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x10040090}, 0x2008c014)
mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000300)='./file0\x00', &(0x7f0000000380), &(0x7f00000003c0)='./file0\x00', 0x8, 0x2)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="201006000000065f01"], 0x0, 0x0, 0x0, 0x0}, 0x0)

2.448475234s ago: executing program 0 (id=1133):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000080)=0x7)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
r7 = dup3(r6, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000002440)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000002240)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000000)=""/15)
sendmmsg(r1, &(0x7f0000000e00)=[{{&(0x7f0000000080)=@phonet={0x23, 0x6, 0x8f, 0x3}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000000)="0a9fdaa4a4d9379d01097a5afc6a054b506a85159893e3cfa2", 0x19}, {&(0x7f0000000240)="eddf7bf1960b61c5aef9ea449c9f03e7630c1cd90884df133becb078c95a8269cbe8062108a819631095ddba4a02cf5a252cc72a4ce021284210906fc691fc446c96e0ee", 0x44}, {&(0x7f00000002c0)="885b99f588bcdf0bdf3a3a2bd868790c04827ba62e4f65aaae79c4a01913724ad615b0d80046613f4f4dc1f9fb11bb1e6334a53b31a367a71ee4424b141915fd7716b2a82be6d272a787eac2e4d1853f7ea82ed28fad0105e89a92178454eee383f26beef50847b6c27960aecc77c53bdd7f2f0e32d920293b75788ad5359eb5ece83309e2ff5672483e9ff75e981a7925b28fabef36ed84ac0c898b540b1bdae53d0219240ffb", 0xa7}], 0x3}}, {{&(0x7f00000001c0)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x8000}, 0x80, 0x0}}], 0x2, 0x4004000)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x3c, r8, 0x301, 0x800000, 0x25dfdbfb, {0x1c}, [@ETHTOOL_A_LINKMODES_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x40006)

2.360276787s ago: executing program 4 (id=1134):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12011001daa18c4089612d187301010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, &(0x7f0000000000)={0x20, 0x2, 0x2, {0x2, 0x11}}, 0x0, &(0x7f00000000c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, 0x0, 0x0}, &(0x7f0000000a00)={0x84, &(0x7f0000000580)={0x20, 0x14}, 0x0, &(0x7f0000000680)={0x0, 0x8, 0x1, 0x3}, 0x0, 0x0, &(0x7f0000000740)={0x40, 0x7, 0x2, 0x10}, 0x0, 0x0, &(0x7f0000000800)={0x40, 0xf, 0x2}, &(0x7f0000000840)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, &(0x7f0000000880)={0x40, 0x17, 0x6, @local}, &(0x7f00000008c0)={0x40, 0x19, 0x2, "1836"}, &(0x7f0000000900)={0x40, 0x1a, 0x2, 0x3d}, &(0x7f0000000940)={0x40, 0x1c, 0x1, 0x3}, &(0x7f0000000980)={0x40, 0x1e, 0x1, 0xe4}, 0x0})
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
io_setup(0x9, &(0x7f0000000b80)=<r2=>0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x7, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x54fe12d6, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x8ad, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x3, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r3, &(0x7f0000000040)="e2", 0x918)
io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x0, r1}])
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0)

2.287011698s ago: executing program 1 (id=1135):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000280)={0x1d, r1, 0x0, {0x0, 0xf0, 0x2}, 0xfe}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000004c0)="b003846833bdd790c2", 0x9}}, 0xee)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000340)={0x1d, r5, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
sendmsg$sock(r4, &(0x7f0000000200)={&(0x7f00000005c0)=@can={0x1d, 0x0, 0xee00}, 0x80, &(0x7f0000000a40)=[{&(0x7f0000000640)="d70843d0d3a7d851fa", 0x9}], 0x1}, 0x4000040)

2.016618062s ago: executing program 5 (id=1136):
syz_emit_ethernet(0x34d, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000fa", 0x317, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, [{0x3, 0xa, "a78c000005dc8080a2030003004003493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000000000000000d8a000000"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x2, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x19, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b6e483b108474bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f000000000000000"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x18, 0xc, "5e14ccb44d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600aa89c8f267d76ece1c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)

1.992183504s ago: executing program 5 (id=1137):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
unshare(0x6a040000)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x17, &(0x7f0000000140)=0xec62, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000840)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
modify_ldt$write(0x1, &(0x7f0000000000)={0xfff}, 0x10)
modify_ldt$write(0x1, 0x0, 0x0)
r3 = openat$sw_sync(0xffffff9c, &(0x7f0000000040), 0x80, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000b80)=@nat={'nat\x00', 0x62, 0x5, 0x4b8, 0x1f4, 0x298, 0xffffffff, 0x298, 0x1f4, 0x424, 0x424, 0xffffffff, 0x424, 0x424, 0x5, 0x0, {[{{@uncond, 0x0, 0x1c0, 0x1f4, 0x0, {0x22e}, [@common=@inet=@hashlimit2={{0x150}, {'virt_wifi0\x00', {0x7fffdfffffffffff, 0x80000000001000, 0x3, 0x100004, 0x82, 0x4000005, 0x3, 0x0, 0x18}, {0x6}}}]}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @gre_key=0x7, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xa4}, @REDIRECT={0x34, 'REDIRECT\x00', 0x0, {0x1, {0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @port=0x5, @port=0x4e21}}}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 'veth1_to_hsr\x00', 'ipvlan0\x00', {}, {}, 0x8, 0x3}, 0x0, 0x70, 0xa4}, @DNAT0={0x34, 'DNAT\x00', 0x0, {0x1, {0x0, @private, @multicast2, @port=0x4e20, @gre_key=0x8}}}}, {{@ip={@remote, @dev, 0x0, 0x0, 'veth1_to_batadv\x00', 'syzkaller0\x00', {0xff}}, 0x0, 0xb4, 0xe8, 0x0, {}, [@common=@ttl={{0x24}, {0x0, 0xff}}, @common=@socket0={{0x20}}]}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @gre_key}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x514)
ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000001c0))
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f00000000c0)={0x6, "89698ab74a98235749a9a89924cc7208716bde2e9da33997943b7e3eafdabafb"})
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r4, 0xc10c5541, &(0x7f0000000280)={0x0, 0x804})
syz_emit_ethernet(0x46, &(0x7f0000002e80)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd60122d9200103afffe8000000000000000000000000000b3ff0200"/50], 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90f, 0x20, '\x00', @p_u8=&(0x7f0000000040)=0x1}})

1.0382308s ago: executing program 0 (id=1138):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x1000, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x0, 0x5000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000140)={0x1fd, 0x0, 0x2000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r4, 0x2020}, {r4, 0x30fa}], 0x2, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000640)=0x10)
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x100000b, 0x8012, r4, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000040)={0x4, 0x3, 0xdddd1000, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x1, 0x10000, 0x1000, &(0x7f0000fff000/0x1000)=nil})
mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x10)
r6 = accept4$alg(r5, 0x0, 0x0, 0x0)
io_setup(0x42, &(0x7f0000000100)=<r7=>0x0)
write$RDMA_USER_CM_CMD_ACCEPT(0xffffffffffffffff, &(0x7f0000000680)={0x8, 0x120, 0xfa00, {0x0, {0x58c, 0x2, "28e3d0b17f60bf0e865834a9a318498f4cf2f436807fbfeef30b530d458aefc3f4330c57c02d8b1e0df7cac93e5cbb8f1d7f4ddb398852c9a74ec8ff4fbf25229f099987cfe732002cc0d4d55ba56194d5e3d61c58c6e00a9e899c6b9745a27353b9472f1ce775ec7fc2bf744184dd4ae72ebb00b0f989994895ee4affbcad496547693d077764b4725924c2140b60b14447d4fc264fe864edf89f4e3eb73772524bea1a767d6a1d12d625bb785d92f630c2b5cce114e6a1d7faede3b512bd52ec138caf8f27f4ffebc21f888942414a80abb5854d4df2349a519e637eb37db6147e1ab0a2f048e5ae44922da1872464399bc3093e4c6180f7549c5cbb16f1b6", 0x3, 0x8, 0x7, 0x59, 0x3, 0x1, 0x6}}}, 0x128)
io_submit(r7, 0x0, &(0x7f0000000580))
sendmmsg$alg(r6, &(0x7f0000000300)=[{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="82", 0x1}], 0x1, &(0x7f0000000280)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10, 0x2000c001}], 0x1, 0x4000040)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r9, 0x10e, 0xb, &(0x7f0000000000)=0x40b, 0x4)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x18, r10, 0x1, 0x0, 0x25dfdbfd, {0x23}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x4}]}, 0x18}}, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f00000002c0)=0xffffffff)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r8, 0x89f1, &(0x7f00000000c0)={'sit0\x00', &(0x7f0000000440)={'syztnl0\x00', 0x0, 0x0, 0x7, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x3c, 0x14, 0x0, 0x0, 0x0, 0x5e55b37311de6d89, 0x0, @dev, @initdev={0xac, 0x1e, 0x1, 0x0}}}}})

418.549011ms ago: executing program 5 (id=1139):
r0 = socket$kcm(0x10, 0x2, 0x0)
socket$inet(0x2, 0x80803, 0x6)
rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x2, 0x8000, 0x5}, 0x4}, 0x20, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000080)={'syz1\x00', {0xf9e, 0x3, 0x4}, 0x4d, [0x8, 0x6, 0x9, 0xfffffff7, 0x2, 0xfffffffc, 0x7fffffff, 0x80000001, 0x6, 0x1, 0xfd, 0x0, 0x7, 0x7, 0xf70, 0x3c00, 0xe7, 0x4007, 0x401, 0xbc5e, 0x4, 0x5, 0x8, 0xffff, 0x11, 0xe, 0x14, 0x20000000, 0x15098855, 0x6, 0x2, 0xfffffffb, 0x7fffffff, 0xc, 0xfffffff7, 0x4, 0xe79, 0x7, 0x1, 0x1, 0x1, 0x40000000, 0x401, 0x9, 0xbdc7, 0xb, 0x1, 0x9, 0x3, 0x1, 0x6, 0x2, 0x5, 0x49, 0x5, 0x9, 0x0, 0x1, 0x1000, 0x3, 0x4, 0x6, 0x7ff, 0xb8547353], [0x4, 0xffffffff, 0x1, 0x5, 0x7ffffdff, 0x1, 0x550, 0x6, 0x2, 0xfffffffc, 0x10001, 0xc, 0x36, 0x4, 0x81, 0x1, 0x9, 0x98, 0x8, 0xe56d, 0xa4, 0x9, 0x99d, 0x8, 0x100000, 0xd, 0x2, 0xfffffffe, 0x6e38, 0x0, 0xa, 0x6, 0x3, 0x0, 0x5, 0x7, 0x4, 0xd, 0x80, 0xfff, 0x1000004, 0x0, 0x40000040, 0x1, 0x8, 0x1, 0x8, 0xb, 0x34f1, 0x1ff, 0x4, 0x1b2c5a97, 0x0, 0x9, 0x17, 0x0, 0x1, 0x1, 0x6, 0x6, 0xac, 0x2, 0x8000056, 0xcfb9], [0x3, 0xdb8, 0x9, 0xf, 0x2, 0x200006, 0x4000005, 0x5, 0x2, 0x80, 0xfffffffd, 0xc8d3, 0x33, 0x9a45, 0x0, 0xee40000, 0x1, 0x1, 0x4, 0x69d, 0x8, 0xffff, 0x0, 0x0, 0x40000007, 0x9, 0x4, 0x800, 0x7, 0x9, 0x10000, 0xfffffffd, 0x1, 0xfffffffe, 0x2, 0x0, 0x4, 0x8be, 0x9, 0x2, 0x8, 0x7, 0x6, 0x2, 0x81, 0x400, 0x1, 0x55f2, 0xdf46, 0xfffffffd, 0x7f, 0x9, 0x8000, 0x40, 0x3, 0x10002, 0xa, 0x6, 0x2, 0xfffffefe, 0xda15, 0xa, 0xffffffff, 0x10], [0x0, 0x5, 0x8, 0x246d, 0x6, 0x101, 0x7fffffff, 0x5, 0x6, 0x606, 0x1, 0x9, 0x80000001, 0x2, 0xb, 0x2, 0x7, 0x1, 0x7, 0x8, 0x7ff, 0x1, 0x6, 0x2, 0x0, 0x20c, 0xfffffffd, 0xa18, 0x61c8, 0x6, 0x7ff, 0x101, 0xff, 0x7, 0x9, 0x10000006, 0x7, 0x101, 0x9, 0x3000000, 0x9, 0x4000006, 0x7, 0xfffffffd, 0x0, 0x1, 0x4, 0x10000b, 0x100, 0x8, 0x3c, 0x1000, 0x3, 0x1, 0x2015, 0x8000, 0x7, 0x7d, 0x8, 0x7, 0xfffdfffc, 0xb, 0x6, 0xeff]}, 0x45c)
ioctl$UI_DEV_CREATE(r4, 0x5501)
ioctl$UI_DEV_SETUP(r4, 0x405c5503, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000500)={[0x6]}, 0x8, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000005c0), 0xc)
r6 = syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0x2000e7b3, 0x13500}, &(0x7f0000000280), &(0x7f0000001880))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r6, 0x21, &(0x7f0000000440)=r5, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)
add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x4a, &(0x7f0000000080)=0x474c, 0x4)
openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
timer_create(0xfffffffd, 0x0, 0x0)
r8 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x101, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r8, 0xc0040d07, &(0x7f0000000040)=0x121)
sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)

364.678553ms ago: executing program 1 (id=1140):
r0 = syz_open_procfs(0x0, &(0x7f0000000280)='ns\x00')
readlinkat(r0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000002780)=""/4112, 0x1010)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB='LINE1 \aMaster Capture!Switch\' '], 0x33)
socket$netlink(0x10, 0x3, 0x4)
close(r2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0xfffffe2f, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r1], 0x38}}, 0x10)

245.618298ms ago: executing program 3 (id=1141):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1002, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x8, 0x2, 0x1})
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000000a00)={0xf, {"a2e3ad21ed0d1bf91b28090955f70e06d038e7ff7fc6e5539b0d650e8b089b3f360768090890e0878f0e1ac6e7049b3346959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07450936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0xfffffffffffffd6a}}, 0x1006)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r2, 0xc0189377, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x26, 0xf}}, './file0\x00'})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc044560f, &(0x7f0000000100)=@mmap={0x4, 0x2, 0x4, 0x0, 0x3, {0x0, 0xea60}, {0x0, 0xd, 0x0, 0x0, 0x0, 0x0, "2063569a"}})
recvmmsg(0xffffffffffffffff, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/21, 0x15}, 0x2}], 0x1, 0x45833af92e4bbafe, 0x0)
socket$netlink(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r2, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x8c, 0x2, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@CTA_EXPECT_MASK={0x78, 0x3, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040}, 0x40000)
r3 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendfile(r4, r3, 0x0, 0x7ffff088)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$int_in(r6, 0x5452, &(0x7f0000000040)=0x8001)
r7 = getpgid(0x0)
fcntl$setownex(r6, 0xf, &(0x7f0000000140)={0x2, r7})
fcntl$setsig(r6, 0xa, 0x1c)
sendmmsg$unix(r5, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015)
r8 = openat$apparmor_task_exec(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r8, &(0x7f0000000080)={'stack ', '\x00'}, 0x7)

232.769346ms ago: executing program 1 (id=1142):
r0 = eventfd2(0x0, 0x0)
io_setup(0x6, &(0x7f0000000040)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000400)=[&(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0xa, r0, &(0x7f0000000100)="8a510eb48dbdfcb4", 0x8, 0x9}])
socket$pppl2tp(0x18, 0x1, 0x1)
r2 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r2, 0x48e9, 0xfeff, 0x2, 0x0, 0x0)
io_submit(r1, 0x1, &(0x7f0000002900)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x3511, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r0}])

0s ago: executing program 0 (id=1143):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x374, 0x3, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x6)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x3801, 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000))
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
truncate(&(0x7f0000000000)='./file1\x00', 0xa)

kernel console output (not intermixed with test programs):

cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  199.479440][ T7912] RSP: 002b:00000000f54bd55c EFLAGS: 00000206 ORIG_RAX: 000000000000016a
[  199.479458][ T7912] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  199.479470][ T7912] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  199.479481][ T7912] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  199.479490][ T7912] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  199.479500][ T7912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  199.479527][ T7912]  </TASK>
[  199.754313][    C0] vkms_vblank_simulate: vblank timer overrun
[  199.792157][ T5945] Error reading MAC address
[  199.808683][ T7891] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  199.816154][ T7891] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  199.916423][ T5971] IPVS: starting estimator thread 0...
[  199.935128][ T7910] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  200.036455][ T5945] sr9700 5-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  200.048987][ T7920] IPVS: using max 31 ests per chain, 74400 per kthread
[  200.140357][ T7925] netlink: 'syz.1.505': attribute type 10 has an invalid length.
[  200.186757][ T7925] team0: Port device veth0_virt_wifi added
[  200.358859][ T7927] netlink: 'syz.0.506': attribute type 2 has an invalid length.
[  200.438989][ T7933] IPv6: NLM_F_CREATE should be specified when creating new route
[  200.709057][ T7940] netlink: 4 bytes leftover after parsing attributes in process `syz.5.511'.
[  201.047143][   T43] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  201.213191][   T43] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  201.246794][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  201.308247][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  201.349607][   T43] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  201.397928][   T43] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  201.450429][ T1557] usb 5-1: USB disconnect, device number 20
[  201.458763][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.484134][ T7956] netlink: 28 bytes leftover after parsing attributes in process `syz.0.515'.
[  201.532728][   T43] usb 4-1: config 0 descriptor??
[  201.694440][ T5863] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  201.951247][ T5863] usb 2-1: Using ep0 maxpacket: 32
[  201.965271][ T5863] usb 2-1: unable to get BOS descriptor or descriptor too short
[  201.978197][ T5863] usb 2-1: unable to read config index 0 descriptor/start: -71
[  202.013291][ T5863] usb 2-1: can't read configurations, error -71
[  202.019230][   T43] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  202.280816][ T5944] usb 4-1: USB disconnect, device number 17
[  202.287219][ T5945] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  202.615106][ T5945] usb 1-1: Using ep0 maxpacket: 8
[  202.631157][ T1557] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  202.663186][ T5945] usb 1-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  202.676421][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.689204][ T7977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.523'.
[  202.707699][ T5945] usb 1-1: Product: syz
[  202.730736][ T7977] syz_tun: entered allmulticast mode
[  202.736250][ T5945] usb 1-1: Manufacturer: syz
[  202.742858][ T5945] usb 1-1: SerialNumber: syz
[  202.750504][ T7978] netlink: 4 bytes leftover after parsing attributes in process `syz.5.522'.
[  202.759138][ T5945] usb 1-1: config 0 descriptor??
[  202.808201][ T5945] gspca_main: se401-2.14.0 probing 047d:5003
[  202.930097][ T7973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.939572][ T7973] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.965862][ T5864] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  203.381112][ T5863] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  203.567831][ T5863] usb 6-1: unable to read config index 0 descriptor/start: -61
[  203.584083][ T5863] usb 6-1: can't read configurations, error -61
[  204.217292][ T5863] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  204.243907][ T5945] input: se401 as /devices/platform/dummy_hcd.0/usb1/1-1/input/input11
[  204.464493][ T5863] usb 6-1: unable to read config index 0 descriptor/start: -61
[  204.490625][ T7989] delete_channel: no stack
[  204.532324][ T5863] usb 6-1: can't read configurations, error -61
[  204.596429][ T5863] usb usb6-port1: attempt power cycle
[  204.614077][ T8002] vlan0: entered promiscuous mode
[  204.927702][ T8004] netlink: 'syz.3.531': attribute type 1 has an invalid length.
[  205.071415][ T5863] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  205.093951][ T5863] usb 6-1: unable to read config index 0 descriptor/start: -61
[  205.106910][ T5863] usb 6-1: can't read configurations, error -61
[  205.178296][ T8005] gretap1: entered allmulticast mode
[  205.219127][ T8005] bond1: (slave gretap1): making interface the new active one
[  205.251816][ T8005] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  205.260903][ T5863] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  205.294402][ T5863] usb 6-1: unable to read config index 0 descriptor/start: -61
[  205.318690][ T5863] usb 6-1: can't read configurations, error -61
[  205.335141][ T5863] usb usb6-port1: unable to enumerate USB device
[  205.547551][ T5863] usb 1-1: USB disconnect, device number 24
[  205.921979][ T5945] usb 4-1: new low-speed USB device number 18 using dummy_hcd
[  205.996841][ T1557] usb 5-1: unable to get BOS descriptor or descriptor too short
[  206.014948][ T1557] usb 5-1: too many configurations: 111, using maximum allowed: 8
[  206.049959][ T1557] usb 5-1: unable to read config index 0 descriptor/start: -71
[  206.078115][ T1557] usb 5-1: can't read configurations, error -71
[  206.093354][ T5945] usb 4-1: device descriptor read/64, error -71
[  206.361141][ T5945] usb 4-1: new low-speed USB device number 19 using dummy_hcd
[  206.462816][ T8026] program syz.1.537 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  206.562918][ T5945] usb 4-1: device descriptor read/64, error -71
[  206.721973][ T5945] usb usb4-port1: attempt power cycle
[  206.834039][ T8039] netlink: 132 bytes leftover after parsing attributes in process `syz.5.542'.
[  207.111381][ T5945] usb 4-1: new low-speed USB device number 20 using dummy_hcd
[  207.208301][ T5945] usb 4-1: device descriptor read/8, error -71
[  207.511298][ T5945] usb 4-1: new low-speed USB device number 21 using dummy_hcd
[  207.547171][ T5945] usb 4-1: device descriptor read/8, error -71
[  207.671529][ T5945] usb usb4-port1: unable to enumerate USB device
[  207.809691][ T8057] netlink: 'syz.1.547': attribute type 1 has an invalid length.
[  207.818581][ T8057] netlink: 'syz.1.547': attribute type 1 has an invalid length.
[  207.872744][ T8057] netlink: 'syz.1.547': attribute type 12 has an invalid length.
[  207.880558][ T8057] netlink: 'syz.1.547': attribute type 29 has an invalid length.
[  207.908321][ T8057] netlink: 148 bytes leftover after parsing attributes in process `syz.1.547'.
[  207.928784][ T8055] netlink: 'syz.0.545': attribute type 2 has an invalid length.
[  207.981171][ T8057] netlink: 'syz.1.547': attribute type 2 has an invalid length.
[  207.992172][ T8057] netlink: 'syz.1.547': attribute type 3 has an invalid length.
[  208.019287][ T8057] netlink: 'syz.1.547': attribute type 1 has an invalid length.
[  208.261121][ T5971] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  208.421118][ T5971] usb 5-1: device descriptor read/64, error -71
[  208.671198][ T5971] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  208.811286][ T5971] usb 5-1: device descriptor read/64, error -71
[  209.060330][ T5971] usb usb5-port1: attempt power cycle
[  209.461085][ T5971] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  209.483065][ T5971] usb 5-1: device descriptor read/8, error -71
[  209.551197][ T5863] usb 1-1: new low-speed USB device number 25 using dummy_hcd
[  209.731126][ T5971] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  209.736561][ T5863] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  209.747768][ T5863] usb 1-1: config 0 has no interface number 0
[  209.756105][ T5863] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  209.761883][ T5971] usb 5-1: device descriptor read/8, error -71
[  209.804019][ T5863] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  209.831657][ T5863] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  209.858029][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.891324][ T5863] usb 1-1: config 0 descriptor??
[  209.901700][ T5971] usb usb5-port1: unable to enumerate USB device
[  209.918951][ T8087] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  209.951266][ T5863] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  211.317900][ T8114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.563'.
[  212.149235][ T8125] @: renamed from vlan0 (while UP)
[  212.188732][ T5945] usb 1-1: USB disconnect, device number 25
[  212.338803][ T8132] team0: mtu less than device minimum
[  212.486834][ T8135] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  213.772620][ T8157] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  214.029200][ T8166] netlink: 'syz.3.578': attribute type 1 has an invalid length.
[  214.053814][ T8166] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  214.191860][ T1557] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  214.357142][ T1557] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  214.367961][ T1557] usb 5-1: config 0 has no interface number 0
[  214.376757][ T1557] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  214.394806][ T1557] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  214.409349][ T1557] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  214.421364][ T5945] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  214.435604][ T1557] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.444244][ T1557] usb 5-1: Product: syz
[  214.448589][ T1557] usb 5-1: Manufacturer: syz
[  214.462482][ T1557] usb 5-1: SerialNumber: syz
[  214.474323][ T1557] usb 5-1: config 0 descriptor??
[  214.581537][ T5945] usb 4-1: device descriptor read/64, error -71
[  214.622660][ T8170] FAULT_INJECTION: forcing a failure.
[  214.622660][ T8170] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  214.671938][ T8170] CPU: 1 UID: 0 PID: 8170 Comm: syz.1.581 Not tainted syzkaller #0 PREEMPT(full) 
[  214.671963][ T8170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  214.671972][ T8170] Call Trace:
[  214.671979][ T8170]  <TASK>
[  214.671990][ T8170]  dump_stack_lvl+0x189/0x250
[  214.672014][ T8170]  ? __pfx____ratelimit+0x10/0x10
[  214.672032][ T8170]  ? __pfx_dump_stack_lvl+0x10/0x10
[  214.672050][ T8170]  ? __pfx__printk+0x10/0x10
[  214.672072][ T8170]  ? __might_fault+0xb0/0x130
[  214.672102][ T8170]  should_fail_ex+0x414/0x560
[  214.672125][ T8170]  _copy_from_user+0x2d/0xb0
[  214.672142][ T8170]  ia32_restore_sigcontext+0xe5/0x5b0
[  214.672160][ T8170]  ? __pfx_ia32_restore_sigcontext+0x10/0x10
[  214.672175][ T8170]  ? _raw_spin_lock_irq+0xae/0xf0
[  214.672192][ T8170]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  214.672220][ T8170]  ? _raw_spin_unlock_irq+0x23/0x50
[  214.672249][ T8170]  ? lockdep_hardirqs_on+0x9c/0x150
[  214.672267][ T8170]  __ia32_compat_sys_rt_sigreturn+0x140/0x200
[  214.672284][ T8170]  ? __task_pid_nr_ns+0x28/0x470
[  214.672306][ T8170]  ? __pfx___ia32_compat_sys_rt_sigreturn+0x10/0x10
[  214.672328][ T8170]  ? do_int80_emulation+0xec/0x390
[  214.672347][ T8170]  ? asm_int80_emulation+0x1a/0x20
[  214.672371][ T8170]  do_int80_emulation+0x126/0x390
[  214.672388][ T8170]  ? clear_bhb_loop+0x60/0xb0
[  214.672403][ T8170]  ? clear_bhb_loop+0x60/0xb0
[  214.672423][ T8170]  asm_int80_emulation+0x1a/0x20
[  214.672438][ T8170] RIP: 0023:0xf7fd1567
[  214.672453][ T8170] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 77 00 00 00 cd 80 90 90 90 90 90 90 90 90 b8 ad 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 90 f3 0f 1e fb 55 89 e5 53 57 56 83 ec 34
[  214.672467][ T8170] RSP: 002b:00000000f54e6080 EFLAGS: 00000282 ORIG_RAX: 00000000000000ad
[  214.672484][ T8170] RAX: ffffffffffffffda RBX: 0000000080000040 RCX: 00000000f54e610c
[  214.672496][ T8170] RDX: 00000000f54e608c RSI: 0000000000000000 RDI: 0000000000000000
[  214.672506][ T8170] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.672515][ T8170] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  214.672524][ T8170] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.672549][ T8170]  </TASK>
[  214.908139][ T8157] netlink: 'syz.4.576': attribute type 10 has an invalid length.
[  214.993406][ T5945] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  215.080563][ T8157] mac80211_hwsim hwsim9 wlan1: entered promiscuous mode
[  215.114071][ T8157] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  215.181136][ T5945] usb 4-1: device descriptor read/64, error -71
[  215.257311][ T8187] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  215.264077][ T8187] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  215.272002][ T8187] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  215.278503][ T8187] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  215.285690][ T8187] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  215.292151][ T8187] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  215.299798][ T8187] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  215.306304][ T8187] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  215.326843][ T5945] usb usb4-port1: attempt power cycle
[  215.338738][ T8189] netlink: 29 bytes leftover after parsing attributes in process `syz.0.585'.
[  215.354513][ T1557] usbtouchscreen 5-1:0.214: Failed to read FW rev: -71
[  215.376560][ T1557] usbtouchscreen 5-1:0.214: probe with driver usbtouchscreen failed with error -71
[  215.432304][ T1557] usb 5-1: USB disconnect, device number 27
[  215.445401][ T8190] netlink: 4 bytes leftover after parsing attributes in process `syz.1.583'.
[  215.467255][ T8190] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[  215.500642][ T8190] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  215.512271][ T8190] bridge0: port 3(netdevsim0) entered disabled state
[  215.579423][ T8192] netlink: 20 bytes leftover after parsing attributes in process `syz.5.586'.
[  215.599983][ T8190] bridge_slave_1: left allmulticast mode
[  215.618936][ T8190] bridge_slave_1: left promiscuous mode
[  215.635303][ T8190] bridge0: port 2(bridge_slave_1) entered disabled state
[  215.654705][ T8190] bridge_slave_0: left allmulticast mode
[  215.660753][ T8190] bridge_slave_0: left promiscuous mode
[  215.674805][ T8190] bridge0: port 1(bridge_slave_0) entered disabled state
[  215.684113][ T5945] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  215.727070][ T5945] usb 4-1: device descriptor read/8, error -71
[  216.051165][ T5945] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  216.134816][ T5945] usb 4-1: device descriptor read/8, error -71
[  216.251456][ T5945] usb usb4-port1: unable to enumerate USB device
[  216.295099][ T8206] netlink: 4 bytes leftover after parsing attributes in process `syz.4.592'.
[  217.071183][ T5945] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  217.243142][ T5945] usb 1-1: config index 0 descriptor too short (expected 65134, got 72)
[  217.265552][ T5945] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  217.279096][ T5945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.294184][ T5945] usb 1-1: Product: syz
[  217.298448][ T5945] usb 1-1: Manufacturer: syz
[  217.306028][ T5945] usb 1-1: SerialNumber: syz
[  217.324443][ T5945] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  217.355564][   T10] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  217.551383][   T43] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  217.591262][ T5944] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  217.681220][   T43] usb 6-1: device descriptor read/64, error -71
[  217.772183][ T5944] usb 4-1: Using ep0 maxpacket: 8
[  217.779265][ T5944] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  217.790555][ T5944] usb 4-1: config 0 interface 0 has no altsetting 0
[  217.800967][ T5944] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76
[  217.810382][ T5944] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.824708][ T5944] usb 4-1: Product: syz
[  217.828988][ T5944] usb 4-1: Manufacturer: syz
[  217.833751][ T5944] usb 4-1: SerialNumber: syz
[  217.845207][ T5944] usb 4-1: config 0 descriptor??
[  217.854696][ T5944] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found
[  217.931272][   T43] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  218.060174][ T5944] snd_usb_toneport 4-1:0.0: cannot get proper max packet size
[  218.068390][ T5944] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected
[  218.079590][ T5944] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  218.084641][   T43] usb 6-1: device descriptor read/64, error -71
[  218.232893][   T43] usb usb6-port1: attempt power cycle
[  218.404745][   T10] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  218.414030][   T10] ath9k_htc: Failed to initialize the device
[  218.426686][ T1557] usb 1-1: USB disconnect, device number 26
[  218.468574][ T1557] usb 1-1: ath9k_htc: USB layer deinitialized
[  218.532294][ T8242] binder: 8236:8242 ioctl c0306201 80000080 returned -14
[  218.651584][   T43] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  218.691432][   T43] usb 6-1: device descriptor read/8, error -71
[  218.736223][ T8249] netlink: 36 bytes leftover after parsing attributes in process `syz.0.605'.
[  218.756374][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  218.756429][   T30] audit: type=1326 audit(1757311875.741:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8241 comm="syz.0.605" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x0
[  219.242762][   T43] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  219.277698][   T43] usb 6-1: device descriptor read/8, error -71
[  219.483188][   T43] usb usb6-port1: unable to enumerate USB device
[  219.772373][   T43] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  219.783050][   T43] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  219.795124][   T43] hid-generic 0003:0004:0000.0006: unknown main item tag 0x0
[  219.820500][   T43] hid-generic 0003:0004:0000.0006: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  219.946472][ T8257] fido_id[8257]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  220.180652][ T5971] IPVS: starting estimator thread 0...
[  220.319638][ T8264] IPVS: using max 35 ests per chain, 84000 per kthread
[  220.470932][   T43] usb 4-1: USB disconnect, device number 26
[  220.589576][ T8277] FAULT_INJECTION: forcing a failure.
[  220.589576][ T8277] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  220.615753][ T8278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.613'.
[  220.664429][ T8277] CPU: 0 UID: 0 PID: 8277 Comm: syz.1.614 Not tainted syzkaller #0 PREEMPT(full) 
[  220.664455][ T8277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  220.664465][ T8277] Call Trace:
[  220.664473][ T8277]  <TASK>
[  220.664480][ T8277]  dump_stack_lvl+0x189/0x250
[  220.664505][ T8277]  ? __pfx____ratelimit+0x10/0x10
[  220.664523][ T8277]  ? __pfx_dump_stack_lvl+0x10/0x10
[  220.664541][ T8277]  ? __pfx__printk+0x10/0x10
[  220.664564][ T8277]  ? __might_fault+0xb0/0x130
[  220.664597][ T8277]  should_fail_ex+0x414/0x560
[  220.664625][ T8277]  _copy_from_user+0x2d/0xb0
[  220.664646][ T8277]  generic_map_update_batch+0x572/0x7f0
[  220.664677][ T8277]  ? __pfx_generic_map_update_batch+0x10/0x10
[  220.664694][ T8277]  ? __fget_files+0x2a/0x420
[  220.664713][ T8277]  ? __pfx_generic_map_update_batch+0x10/0x10
[  220.664729][ T8277]  bpf_map_do_batch+0x369/0x5f0
[  220.664763][ T8277]  __sys_bpf+0x6af/0x870
[  220.664785][ T8277]  ? __pfx___sys_bpf+0x10/0x10
[  220.664816][ T8277]  ? ksys_write+0x22a/0x250
[  220.664847][ T8277]  __ia32_sys_bpf+0x7c/0x90
[  220.664867][ T8277]  __do_fast_syscall_32+0xb6/0x2b0
[  220.664885][ T8277]  ? lockdep_hardirqs_on+0x9c/0x150
[  220.664904][ T8277]  do_fast_syscall_32+0x34/0x80
[  220.664922][ T8277]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  220.664941][ T8277] RIP: 0023:0xf7fd1539
[  220.664955][ T8277] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  220.664969][ T8277] RSP: 002b:00000000f54e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000165
[  220.664987][ T8277] RAX: ffffffffffffffda RBX: 000000000000001a RCX: 0000000080000540
[  220.664999][ T8277] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000
[  220.665009][ T8277] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  220.665019][ T8277] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  220.665028][ T8277] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  220.665054][ T8277]  </TASK>
[  220.872253][    C0] vkms_vblank_simulate: vblank timer overrun
[  221.081411][   T43] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  221.161964][ T1557] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  221.172561][ T8287] netlink: 16 bytes leftover after parsing attributes in process `syz.1.617'.
[  221.215190][ T8289] netlink: 8 bytes leftover after parsing attributes in process `syz.5.619'.
[  221.231569][   T43] usb 4-1: device descriptor read/64, error -71
[  221.342038][ T1557] usb 1-1: Using ep0 maxpacket: 16
[  221.349647][ T1557] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  221.360472][ T1557] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  221.398939][ T1557] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  221.423885][ T1557] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  221.461598][ T1557] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  221.481448][   T43] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  221.489243][ T1557] usb 1-1: Product: syz
[  221.503839][ T1557] usb 1-1: Manufacturer: syz
[  221.518770][ T1557] usb 1-1: SerialNumber: syz
[  221.625507][   T43] usb 4-1: device descriptor read/64, error -71
[  221.743079][   T43] usb usb4-port1: attempt power cycle
[  221.901335][   T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  221.901483][   T10] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  221.995240][ T1557] usb 1-1: 0:2 : does not exist
[  222.061116][   T24] usb 5-1: Using ep0 maxpacket: 8
[  222.067978][   T24] usb 5-1: config 135 has an invalid interface number: 230 but max is 0
[  222.077778][   T24] usb 5-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  222.081231][   T10] usb 2-1: Using ep0 maxpacket: 8
[  222.092183][   T24] usb 5-1: config 135 has no interface number 0
[  222.096116][   T10] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  222.099506][   T24] usb 5-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30
[  222.108701][   T10] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  222.129443][   T43] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  222.129495][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  222.148692][   T24] usb 5-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53
[  222.151235][   T10] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  222.168620][   T24] usb 5-1: config 135 interface 230 has no altsetting 0
[  222.176444][   T10] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  222.182330][   T43] usb 4-1: device descriptor read/8, error -71
[  222.194756][   T10] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  222.206932][   T24] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  222.209863][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.219014][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.238534][   T24] usb 5-1: Product: syz
[  222.244943][   T24] usb 5-1: Manufacturer: syz
[  222.249607][   T24] usb 5-1: SerialNumber: syz
[  222.265677][   T24] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  222.281122][   T24] usb 5-1: No valid video chain found.
[  222.441146][   T43] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  222.494000][   T43] usb 4-1: device descriptor read/8, error -71
[  222.518772][   T24] usb 5-1: USB disconnect, device number 28
[  222.602657][   T43] usb usb4-port1: unable to enumerate USB device
[  222.673270][ T5974] usb 2-1: USB disconnect, device number 23
[  222.871499][   T43] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  223.041110][   T43] usb 6-1: Using ep0 maxpacket: 16
[  223.050059][   T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.061399][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 34, changing to 9
[  223.072845][   T43] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  223.087439][   T43] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  223.099762][   T43] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  223.112278][   T43] usb 6-1: Manufacturer: syz
[  223.119827][   T43] usb 6-1: config 0 descriptor??
[  223.366180][   T43] usb 6-1: USB disconnect, device number 15
[  223.428607][ T8283] netlink: 'syz.0.616': attribute type 21 has an invalid length.
[  223.497400][ T8283] netlink: 128 bytes leftover after parsing attributes in process `syz.0.616'.
[  223.514225][ T8283] netlink: 'syz.0.616': attribute type 4 has an invalid length.
[  223.526436][ T8283] netlink: 3 bytes leftover after parsing attributes in process `syz.0.616'.
[  224.190542][ T8338] netlink: 4 bytes leftover after parsing attributes in process `syz.5.634'.
[  224.687826][ T5863] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  224.839525][ T5944] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  224.878392][ T5944] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  224.951238][ T5863] usb 4-1: Using ep0 maxpacket: 32
[  225.103167][ T5863] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.122151][ T1557] usb 1-1: USB disconnect, device number 27
[  225.252182][ T5863] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  225.337557][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.376235][ T5863] usb 4-1: Product: syz
[  225.411212][ T5863] usb 4-1: Manufacturer: syz
[  225.415943][ T5863] usb 4-1: SerialNumber: syz
[  225.527473][ T5863] usb 4-1: config 0 descriptor??
[  225.570256][ T5863] cdc_ether 4-1:0.0: skipping garbage
[  225.615667][ T5863] usb 4-1: bad CDC descriptors
[  225.654398][ T5863] usb 4-1: unsupported MDLM descriptors
[  226.468170][ T8336] sctp: [Deprecated]: syz.3.635 (pid 8336) Use of int in maxseg socket option.
[  226.468170][ T8336] Use struct sctp_assoc_value instead
[  226.514414][ T1557] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[  226.713505][ T1557] usb 6-1: unable to get BOS descriptor or descriptor too short
[  226.722640][ T1557] usb 6-1: not running at top speed; connect to a high speed hub
[  226.744827][ T1557] usb 6-1: config 129 has an invalid interface number: 114 but max is 0
[  226.763370][ T1557] usb 6-1: config 129 has no interface number 0
[  226.784203][ T1557] usb 6-1: config 129 interface 114 has no altsetting 0
[  226.825299][ T1557] usb 6-1: New USB device found, idVendor=1293, idProduct=0002, bcdDevice=3a.3a
[  226.837174][ T1557] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.846807][ T1557] usb 6-1: Product: syz
[  226.897500][ T1557] usb 6-1: Manufacturer: syz
[  226.917736][ T1557] usb 6-1: SerialNumber: syz
[  227.144408][ T8373] net_ratelimit: 68 callbacks suppressed
[  227.144422][ T8373] openvswitch: netlink: Multiple metadata blocks provided
[  227.798807][ T1557] usb 6-1: USB disconnect, device number 16
[  228.085986][ T8388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.650'.
[  228.609674][ T1557] usb 4-1: USB disconnect, device number 31
[  229.181895][ T1557] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  229.314747][ T8408] netlink: 'syz.5.656': attribute type 3 has an invalid length.
[  229.478622][ T1557] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  229.506767][ T1557] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  229.586219][ T1557] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  229.642522][ T1557] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  229.655581][ T1557] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.673743][ T1557] usb 1-1: Product: syz
[  229.681280][ T1557] usb 1-1: Manufacturer: syz
[  229.771937][ T1557] usb 1-1: SerialNumber: syz
[  229.810051][ T1557] hub 1-1:1.0: bad descriptor, ignoring hub
[  229.817307][ T1557] hub 1-1:1.0: probe with driver hub failed with error -5
[  230.208094][ T1557] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 28 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  230.296889][ T1557] usb 1-1: USB disconnect, device number 28
[  230.334554][ T1557] usblp0: removed
[  230.781457][ T1557] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  230.982751][ T1557] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  231.003356][ T1557] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  231.004893][   T30] audit: type=1326 audit(1757311887.991:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.078085][ T1557] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  231.133474][   T30] audit: type=1326 audit(1757311887.991:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.215562][   T30] audit: type=1326 audit(1757311888.041:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=344 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.232403][ T1557] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  231.278869][ T1557] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.311868][ T1557] usb 1-1: Product: syz
[  231.320784][ T1557] usb 1-1: Manufacturer: syz
[  231.325367][   T30] audit: type=1326 audit(1757311888.041:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.336899][ T1557] usb 1-1: SerialNumber: syz
[  231.358275][   T30] audit: type=1326 audit(1757311888.041:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.380275][    C0] vkms_vblank_simulate: vblank timer overrun
[  231.397869][   T30] audit: type=1326 audit(1757311888.041:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=365 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.425071][ T1557] hub 1-1:1.0: bad descriptor, ignoring hub
[  231.430186][   T30] audit: type=1326 audit(1757311888.041:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.459814][   T30] audit: type=1326 audit(1757311888.041:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.485964][   T30] audit: type=1326 audit(1757311888.041:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.587159][ T1557] hub 1-1:1.0: probe with driver hub failed with error -5
[  231.621204][   T43] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  231.633517][ T1557] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  231.691625][   T30] audit: type=1326 audit(1757311888.041:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8432 comm="syz.3.663" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc4539 code=0x7ffc0000
[  231.723260][ T1557] usb 1-1: USB disconnect, device number 29
[  231.753904][ T1557] usblp0: removed
[  231.791424][   T43] usb 2-1: Using ep0 maxpacket: 8
[  231.804659][   T43] usb 2-1: config 5 has an invalid interface number: 35 but max is 1
[  231.828139][   T43] usb 2-1: config 5 has an invalid interface number: 4 but max is 1
[  231.858370][   T43] usb 2-1: config 5 has an invalid interface number: 4 but max is 1
[  231.894030][   T43] usb 2-1: config 5 has no interface number 0
[  231.907834][ T8445] netlink: 'syz.3.666': attribute type 2 has an invalid length.
[  231.916259][   T43] usb 2-1: config 5 has no interface number 1
[  231.931809][   T43] usb 2-1: config 5 interface 35 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  231.955907][   T43] usb 2-1: config 5 interface 4 altsetting 9 endpoint 0x5 has an invalid bInterval 64, changing to 10
[  231.979456][   T43] usb 2-1: config 5 interface 4 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  231.996732][   T43] usb 2-1: config 5 interface 35 has no altsetting 0
[  232.009417][   T43] usb 2-1: config 5 interface 4 has no altsetting 0
[  232.016698][   T43] usb 2-1: config 5 interface 4 has no altsetting 1
[  232.043082][   T43] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  232.066199][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.087797][   T43] usb 2-1: Product: syz
[  232.098407][   T43] usb 2-1: Manufacturer: syz
[  232.108747][   T43] usb 2-1: SerialNumber: syz
[  232.333228][ T5864] Bluetooth: hci3: SCO packet for unknown connection handle 201
[  232.335006][   T43] ttusbir 2-1:5.35: cannot find expected altsetting
[  232.365793][   T43] ttusbir 2-1:5.4: cannot find expected altsetting
[  232.394245][   T43] usb 2-1: USB disconnect, device number 24
[  233.769414][ T8481] hub 9-0:1.0: USB hub found
[  233.775515][ T8481] hub 9-0:1.0: 1 port detected
[  234.946922][   T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  235.021699][ T8502] netlink: 'syz.0.681': attribute type 2 has an invalid length.
[  235.348034][   T10] usb 5-1: device descriptor read/64, error -71
[  235.631394][   T10] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  235.638156][ T8506] program syz.5.683 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  235.771108][   T10] usb 5-1: device descriptor read/64, error -71
[  235.891522][   T10] usb usb5-port1: attempt power cycle
[  235.943783][ T8513] netlink: 36 bytes leftover after parsing attributes in process `syz.5.683'.
[  236.252386][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  236.281742][   T10] usb 5-1: device descriptor read/8, error -71
[  236.486383][ T8523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.688'.
[  236.502073][ T8523] bond_slave_0: entered promiscuous mode
[  236.507817][ T8523] bond_slave_1: entered promiscuous mode
[  236.534771][ T8523] macvtap1: entered promiscuous mode
[  236.553346][ T8523] bond0: entered promiscuous mode
[  236.570557][ T8523] macvtap1: entered allmulticast mode
[  236.578949][   T10] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  236.616461][ T8523] bond0: entered allmulticast mode
[  236.631924][   T10] usb 5-1: device descriptor read/8, error -71
[  236.649435][ T8528] binder: 8524:8528 ioctl c0306201 80000080 returned -14
[  236.666359][ T8523] bond_slave_0: entered allmulticast mode
[  236.672563][ T8523] bond_slave_1: entered allmulticast mode
[  236.679855][ T8523] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  236.799009][   T10] usb usb5-port1: unable to enumerate USB device
[  237.444803][ T8536] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8)
[  237.451564][ T8536] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  237.542044][ T8536] vhci_hcd vhci_hcd.0: Device attached
[  237.711277][   T43] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  237.731126][ T1557] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[  237.961206][   T43] usb 2-1: Using ep0 maxpacket: 16
[  237.971922][   T43] usb 2-1: config 0 has no interfaces?
[  237.977447][   T43] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  237.992222][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.011116][   T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  238.011378][   T43] usb 2-1: config 0 descriptor??
[  238.087756][ T8548] netlink: 'syz.5.694': attribute type 2 has an invalid length.
[  238.213247][ T8552] netlink: 1072 bytes leftover after parsing attributes in process `syz.4.698'.
[  238.230742][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.249135][   T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  238.261350][ T8536] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  238.265981][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.271552][ T8536] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  238.280937][   T10] usb 1-1: config 0 descriptor??
[  238.328594][ T8536] ip6gre1: entered promiscuous mode
[  238.352032][ T5944] usb 2-1: USB disconnect, device number 25
[  238.366884][ T8537] vhci_hcd: connection closed
[  238.376592][   T49] vhci_hcd: stop threads
[  238.395090][   T49] vhci_hcd: release socket
[  238.408169][   T49] vhci_hcd: disconnect device
[  238.413347][ T1557] usb 35-1: device descriptor read/64, error -71
[  238.505352][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  238.520909][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  238.541953][   T10] usb 1-1: USB disconnect, device number 30
[  238.591176][ T1557] vhci_hcd: vhci_device speed not set
[  238.611106][ T5863] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  238.725943][ T8560] netlink: 12 bytes leftover after parsing attributes in process `syz.3.701'.
[  238.764303][ T5863] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  238.775379][ T5863] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16
[  238.810695][ T5863] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  238.820193][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.829721][ T5863] usb 5-1: Product: syz
[  238.839180][ T5863] usb 5-1: Manufacturer: syz
[  238.844218][ T5863] usb 5-1: SerialNumber: syz
[  238.955279][ T5944] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  239.032188][   T10] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  239.081826][   T43] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  239.138400][ T5944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.173161][ T5944] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.186358][ T5944] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  239.215423][ T5944] usb 6-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[  239.227467][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  239.242994][ T5944] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.251690][   T43] usb 4-1: Using ep0 maxpacket: 8
[  239.254411][   T10] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  239.258744][   T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  239.273654][ T5944] usb 6-1: config 0 descriptor??
[  239.291268][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.305403][   T43] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  239.319210][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.328421][   T10] usb 1-1: config 0 descriptor??
[  239.336742][   T43] usb 4-1: Product: syz
[  239.360037][   T43] usb 4-1: Manufacturer: syz
[  239.394726][   T43] usb 4-1: SerialNumber: syz
[  239.442564][   T43] usb 4-1: config 0 descriptor??
[  239.469116][   T43] streamzap 4-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  239.513185][ T8565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  239.522539][ T8565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  239.687632][ T1557] usb 4-1: USB disconnect, device number 32
[  239.800306][ T5944] dragonrise 0003:0079:0011.0008: unknown main item tag 0x0
[  239.823856][ T5944] dragonrise 0003:0079:0011.0008: hidraw0: USB HID v0.00 Device [HID 0079:0011] on usb-dummy_hcd.5-1/input0
[  239.961700][ T8565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  239.987957][ T8565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.009103][ T8565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.054417][ T8565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.115602][ T5944] usb 6-1: USB disconnect, device number 17
[  240.314665][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  240.371200][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  240.392899][   T10] usb 1-1: USB disconnect, device number 31
[  241.562126][ T8608] tipc: Started in network mode
[  241.571193][ T8608] tipc: Node identity 36a39322bec2, cluster identity 4711
[  241.614158][ T8608] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  241.632094][ T8609] syzkaller0: entered promiscuous mode
[  241.662079][ T8609] syzkaller0: entered allmulticast mode
[  241.822850][ T5863] cdc_ncm 5-1:1.0: skipping garbage
[  241.837792][ T5863] cdc_ncm 5-1:1.0: NCM or ECM functional descriptors missing
[  241.855541][ T5863] cdc_ncm 5-1:1.0: bind() failure
[  241.911200][ T5974] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  241.944259][ T5863] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[  241.966556][ T5863] cdc_ncm 5-1:1.1: bind() failure
[  242.009961][ T5863] usb 5-1: USB disconnect, device number 33
[  242.083356][ T5974] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  242.096106][ T5974] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  242.161404][ T5974] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.201082][ T5974] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  242.285550][ T5974] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  242.299682][ T5974] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  242.313798][ T5974] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0
[  242.349363][ T5974] usb 6-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41
[  242.429699][ T8626] fuse: Bad value for 'fd'
[  242.443143][ T8626] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  242.461884][ T5864] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  242.462127][ T5878] Bluetooth: hci2: hardware error 0xf4
[  242.475523][ T5974] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.488813][ T5974] usb 6-1: Product: syz
[  242.493507][ T5974] usb 6-1: Manufacturer: syz
[  242.505566][ T5974] usb 6-1: SerialNumber: syz
[  242.527085][ T5974] usb 6-1: config 0 descriptor??
[  242.655304][ T8631] netlink: 'syz.0.722': attribute type 10 has an invalid length.
[  242.674203][ T8631] bridge0: port 2(bridge_slave_1) entered disabled state
[  242.683146][ T8631] bridge0: port 1(bridge_slave_0) entered disabled state
[  242.731621][ T1557] tipc: Node number set to 2288096034
[  242.818019][ T8631] bridge0: port 2(bridge_slave_1) entered blocking state
[  242.825329][ T8631] bridge0: port 2(bridge_slave_1) entered forwarding state
[  242.832968][ T8631] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.840502][ T8631] bridge0: port 1(bridge_slave_0) entered forwarding state
[  242.867730][ T8631] bridge0: entered promiscuous mode
[  242.877250][ T8631] bridge0: entered allmulticast mode
[  242.898568][ T8631] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  242.909594][ T8609] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  242.932476][ T8608] tipc: Resetting bearer <eth:syzkaller0>
[  242.944594][ T8607] tipc: Resetting bearer <eth:syzkaller0>
[  242.947553][ T5974] usb 6-1: ucan: probing device on interface #0
[  243.121410][ T8607] tipc: Disabling bearer <eth:syzkaller0>
[  243.211305][ T5974] usb 6-1: ucan: invalid endpoint configuration
[  243.232809][ T5974] usb 6-1: ucan: probe failed; try to update the device firmware
[  243.274790][ T5974] usb 6-1: USB disconnect, device number 18
[  243.935204][ T8656] netlink: 'syz.4.729': attribute type 2 has an invalid length.
[  244.549404][ T8671] netlink: 4 bytes leftover after parsing attributes in process `syz.1.734'.
[  244.563248][ T5878] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  244.803231][   T43] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  244.971258][   T43] usb 2-1: device descriptor read/64, error -71
[  245.211628][   T43] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  245.501110][   T43] usb 2-1: device descriptor read/64, error -71
[  245.641803][   T43] usb usb2-port1: attempt power cycle
[  245.723749][ T8699] openvswitch: netlink: Message has 5 unknown bytes.
[  245.741610][ T8699] netlink: 68 bytes leftover after parsing attributes in process `syz.3.743'.
[  245.943569][ T8712] netlink: 'syz.5.742': attribute type 4 has an invalid length.
[  246.051119][   T43] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  246.152224][   T43] usb 2-1: device descriptor read/8, error -71
[  246.309993][ T8716] netlink: 20 bytes leftover after parsing attributes in process `syz.0.748'.
[  246.391126][   T43] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  246.415177][   T43] usb 2-1: device descriptor read/8, error -71
[  246.475401][ T8716] netlink: 24 bytes leftover after parsing attributes in process `syz.0.748'.
[  246.531857][   T43] usb usb2-port1: unable to enumerate USB device
[  246.601403][ T1557] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  246.891115][ T1557] usb 5-1: Using ep0 maxpacket: 32
[  246.904306][ T1557] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  246.913498][ T1557] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.925651][ T1557] usb 5-1: config 0 descriptor??
[  247.082025][ T8721] netlink: 'syz.0.749': attribute type 2 has an invalid length.
[  247.163641][ T8715] program syz.4.747 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  247.207823][ T1557] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  247.223142][ T1557] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  247.262176][ T1557] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  247.498394][ T8725] binder: 8722:8725 ioctl c0306201 80000080 returned -14
[  248.718613][ T8741] loop7: detected capacity change from 0 to 7
[  248.741255][   T43] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  248.811841][ T5974] usb 4-1: new low-speed USB device number 33 using dummy_hcd
[  248.919301][ T8741] Dev loop7: unable to read RDB block 7
[  248.924992][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.925021][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.925040][   T43] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  248.925076][   T43] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  248.925095][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.927781][   T43] usb 1-1: config 0 descriptor??
[  248.950299][ T8741]  loop7: unable to read partition table
[  248.998681][ T8741] loop7: partition table beyond EOD, truncated
[  249.009029][ T8741] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  249.062936][ T5974] usb 4-1: No LPM exit latency info found, disabling LPM.
[  249.077672][ T5974] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  249.087940][ T8746] binder: 8742:8746 ioctl c0306201 80000080 returned -14
[  249.095103][ T5974] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  249.095136][ T5974] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  249.098443][ T5974] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  249.318529][ T5974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.430392][ T5974] usb 4-1: Product: 쑕豉㦛쒗닽唜⿻ᯨ䌛
[  249.443545][   T43] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  249.463556][ T5974] usb 4-1: Manufacturer: 龜�ꅘ矑괾寓哜ิﱣ桮뫕��⎼曃㵟輽剑եឌ�ɨᵘ豀딅㷠콹͚孤�쀔惩䲆ꦚẓ�੨阓﷕簴�氊��窾챪厣ɠ㒺롬钡例�턥묳炒ং邲┒냨㩟寒�긕�གྷ轕錣⭓�ڊ�殘ꞈ뎑�⌮錒�Ⓦ臈�㖴ﲘ铸嗿嫼�埘�奊ᴑ䄿蓳㵋㭉⬞厈㟮탤㙬�唆
[  249.497383][    C1] vkms_vblank_simulate: vblank timer overrun
[  249.691103][ T5974] usb 4-1: SerialNumber: à š
[  249.944951][ T5974] usb 4-1: 0:2 : does not exist
[  250.031069][ T5974] usb 4-1: USB disconnect, device number 33
[  250.794221][    C1] plantronics 0003:047F:FFFF.0009: usb_submit_urb(ctrl) failed: -1
[  250.981151][ T5974] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  251.017285][ T8767] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  251.143127][ T5974] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  251.155879][ T5974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  251.166889][ T5974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  251.176689][ T5974] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  251.189766][ T5974] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  251.199271][ T5974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.213334][ T5974] usb 4-1: config 0 descriptor??
[  251.466307][ T8771] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  251.474803][ T8771] syzkaller0: entered promiscuous mode
[  251.480308][ T8771] syzkaller0: entered allmulticast mode
[  251.735107][ T5974] plantronics 0003:047F:FFFF.000A: hiddev1,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  251.748098][   T43] usb 1-1: USB disconnect, device number 32
[  251.829039][ T8775] sch_tbf: burst 325 is lower than device syzkaller0 mtu (1514) !
[  251.913349][ T8777] tipc: Resetting bearer <eth:syzkaller0>
[  251.927576][ T8768] tipc: Resetting bearer <eth:syzkaller0>
[  251.938685][   T24] usb 4-1: USB disconnect, device number 34
[  251.986682][ T8768] tipc: Disabling bearer <eth:syzkaller0>
[  252.559156][ T8785] netlink: 'syz.0.766': attribute type 2 has an invalid length.
[  252.979515][ T8796] netlink: 48 bytes leftover after parsing attributes in process `syz.5.772'.
[  253.054748][ T8798] binder: 8793:8798 ioctl c0306201 80000080 returned -14
[  253.363346][ T8800] netlink: 4 bytes leftover after parsing attributes in process `syz.5.773'.
[  253.396784][ T8800] netlink: 4 bytes leftover after parsing attributes in process `syz.5.773'.
[  254.251649][ T8824] FAULT_INJECTION: forcing a failure.
[  254.251649][ T8824] name failslab, interval 1, probability 0, space 0, times 0
[  254.264599][ T8824] CPU: 1 UID: 0 PID: 8824 Comm: syz.3.780 Not tainted syzkaller #0 PREEMPT(full) 
[  254.264623][ T8824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  254.264645][ T8824] Call Trace:
[  254.264653][ T8824]  <TASK>
[  254.264661][ T8824]  dump_stack_lvl+0x189/0x250
[  254.264684][ T8824]  ? __pfx____ratelimit+0x10/0x10
[  254.264701][ T8824]  ? __pfx_dump_stack_lvl+0x10/0x10
[  254.264718][ T8824]  ? __pfx__printk+0x10/0x10
[  254.264745][ T8824]  ? __pfx___might_resched+0x10/0x10
[  254.264759][ T8824]  ? fs_reclaim_acquire+0x7d/0x100
[  254.264788][ T8824]  should_fail_ex+0x414/0x560
[  254.264816][ T8824]  ? __pfx_sock_alloc_inode+0x10/0x10
[  254.264838][ T8824]  should_failslab+0xa8/0x100
[  254.264862][ T8824]  ? __pfx_sock_alloc_inode+0x10/0x10
[  254.264882][ T8824]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  254.264904][ T8824]  ? sock_alloc_inode+0x28/0xc0
[  254.264930][ T8824]  ? __pfx_sock_alloc_inode+0x10/0x10
[  254.264951][ T8824]  sock_alloc_inode+0x28/0xc0
[  254.264973][ T8824]  alloc_inode+0x67/0x1b0
[  254.264996][ T8824]  __sock_create+0x12d/0x9f0
[  254.265036][ T8824]  udp_sock_create6+0xcb/0x690
[  254.265065][ T8824]  ? __pfx_udp_sock_create6+0x10/0x10
[  254.265088][ T8824]  ? __ipv6_chk_addr_and_flags+0x686/0x7e0
[  254.265105][ T8824]  ? __ipv6_chk_addr_and_flags+0x187/0x7e0
[  254.265126][ T8824]  ? tipc_udp_enable+0x64d/0xb30
[  254.265151][ T8824]  tipc_udp_enable+0x86d/0xb30
[  254.265176][ T8824]  ? __pfx_tipc_udp_enable+0x10/0x10
[  254.265193][ T8824]  ? __tipc_nl_bearer_enable+0xab3/0x13f0
[  254.265280][ T8824]  ? __tipc_nl_bearer_enable+0xab3/0x13f0
[  254.265303][ T8824]  __tipc_nl_bearer_enable+0xc1e/0x13f0
[  254.265331][ T8824]  ? __pfx___tipc_nl_bearer_enable+0x10/0x10
[  254.265348][ T8824]  ? __mutex_lock+0x335/0x1350
[  254.265379][ T8824]  ? tipc_nl_bearer_enable+0x17/0x40
[  254.265401][ T8824]  ? __pfx___mutex_lock+0x10/0x10
[  254.265430][ T8824]  ? __nla_parse+0x40/0x60
[  254.265452][ T8824]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  254.265474][ T8824]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[  254.265500][ T8824]  tipc_nl_bearer_enable+0x22/0x40
[  254.265518][ T8824]  genl_family_rcv_msg_doit+0x212/0x300
[  254.265547][ T8824]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  254.265597][ T8824]  genl_rcv_msg+0x60e/0x790
[  254.265625][ T8824]  ? __pfx_genl_rcv_msg+0x10/0x10
[  254.265645][ T8824]  ? __pfx_tipc_nl_bearer_enable+0x10/0x10
[  254.265665][ T8824]  ? __asan_memcpy+0x40/0x70
[  254.265683][ T8824]  ? __pfx_ref_tracker_free+0x10/0x10
[  254.265707][ T8824]  netlink_rcv_skb+0x205/0x470
[  254.265722][ T8824]  ? __lock_acquire+0xab9/0xd20
[  254.265745][ T8824]  ? __pfx_genl_rcv_msg+0x10/0x10
[  254.265767][ T8824]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  254.265804][ T8824]  ? down_read+0x1ad/0x2e0
[  254.265825][ T8824]  genl_rcv+0x28/0x40
[  254.265844][ T8824]  netlink_unicast+0x82c/0x9e0
[  254.265877][ T8824]  ? __pfx_netlink_unicast+0x10/0x10
[  254.265902][ T8824]  ? netlink_sendmsg+0x642/0xb30
[  254.265917][ T8824]  ? skb_put+0x11b/0x210
[  254.265939][ T8824]  netlink_sendmsg+0x805/0xb30
[  254.265967][ T8824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.265987][ T8824]  ? __import_iovec+0x5d4/0x7f0
[  254.266015][ T8824]  ? aa_sock_msg_perm+0xf1/0x1d0
[  254.266035][ T8824]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  254.266052][ T8824]  ? __pfx_netlink_sendmsg+0x10/0x10
[  254.266070][ T8824]  __sock_sendmsg+0x21c/0x270
[  254.266098][ T8824]  ____sys_sendmsg+0x505/0x830
[  254.266143][ T8824]  ? __pfx_____sys_sendmsg+0x10/0x10
[  254.266182][ T8824]  ___sys_sendmsg+0x21f/0x2a0
[  254.266205][ T8824]  ? __pfx____sys_sendmsg+0x10/0x10
[  254.266274][ T8824]  ? __fget_files+0x2a/0x420
[  254.266288][ T8824]  ? __fget_files+0x3a0/0x420
[  254.266315][ T8824]  __sys_sendmsg+0x164/0x220
[  254.266337][ T8824]  ? __pfx___sys_sendmsg+0x10/0x10
[  254.266379][ T8824]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.266400][ T8824]  __do_fast_syscall_32+0xb6/0x2b0
[  254.266418][ T8824]  ? lockdep_hardirqs_on+0x9c/0x150
[  254.266439][ T8824]  do_fast_syscall_32+0x34/0x80
[  254.266457][ T8824]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  254.266477][ T8824] RIP: 0023:0xf7fc4539
[  254.266493][ T8824] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  254.266507][ T8824] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  254.266525][ T8824] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  254.266537][ T8824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  254.266546][ T8824] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  254.266556][ T8824] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  254.266570][ T8824] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  254.266598][ T8824]  </TASK>
[  254.266677][ T8824] socket: no more sockets
[  254.758434][ T8824] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  255.083904][ T8831] netlink: 20 bytes leftover after parsing attributes in process `syz.0.783'.
[  255.485034][ T5863] IPVS: starting estimator thread 0...
[  255.492890][ T8841] IPVS: sed: SCTP 172.20.20.187:0 - no destination available
[  255.621949][ T8846] binder: 8838:8846 ioctl c0306201 80000080 returned -14
[  255.651257][ T8842] IPVS: using max 30 ests per chain, 72000 per kthread
[  255.673453][ T8841] syz.0.787 (8841) used greatest stack depth: 18248 bytes left
[  255.768059][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.774754][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  255.817448][ T8853] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  255.964972][ T8858] FAULT_INJECTION: forcing a failure.
[  255.964972][ T8858] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  256.014196][ T8858] CPU: 0 UID: 0 PID: 8858 Comm: syz.1.792 Not tainted syzkaller #0 PREEMPT(full) 
[  256.014221][ T8858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  256.014232][ T8858] Call Trace:
[  256.014239][ T8858]  <TASK>
[  256.014247][ T8858]  dump_stack_lvl+0x189/0x250
[  256.014271][ T8858]  ? __pfx____ratelimit+0x10/0x10
[  256.014288][ T8858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.014308][ T8858]  ? __pfx__printk+0x10/0x10
[  256.014333][ T8858]  ? fs_reclaim_acquire+0x7d/0x100
[  256.014367][ T8858]  should_fail_ex+0x414/0x560
[  256.014396][ T8858]  prepare_alloc_pages+0x213/0x610
[  256.014421][ T8858]  __alloc_frozen_pages_noprof+0x123/0x370
[  256.014443][ T8858]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  256.014464][ T8858]  ? process_measurement+0x3d8/0x1a40
[  256.014488][ T8858]  ? policy_nodemask+0x27c/0x720
[  256.014508][ T8858]  ? __lock_acquire+0xab9/0xd20
[  256.014546][ T8858]  alloc_pages_mpol+0x232/0x4a0
[  256.014578][ T8858]  vma_alloc_folio_noprof+0xe4/0x200
[  256.014604][ T8858]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  256.014639][ T8858]  folio_prealloc+0x30/0x180
[  256.014662][ T8858]  __handle_mm_fault+0x2ab9/0x5440
[  256.014700][ T8858]  ? __pfx___handle_mm_fault+0x10/0x10
[  256.014740][ T8858]  ? find_vma+0xe7/0x160
[  256.014767][ T8858]  ? __pfx_find_vma+0x10/0x10
[  256.014788][ T8858]  handle_mm_fault+0x40a/0x8e0
[  256.014820][ T8858]  do_user_addr_fault+0x764/0x1390
[  256.014862][ T8858]  exc_page_fault+0x76/0xf0
[  256.014882][ T8858]  asm_exc_page_fault+0x26/0x30
[  256.014898][ T8858] RIP: 0010:rep_movs_alternative+0x33/0x90
[  256.014920][ T8858] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 0a 04 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  256.014935][ T8858] RSP: 0018:ffffc90003f2fa38 EFLAGS: 00050202
[  256.014951][ T8858] RAX: 7364697020757063 RBX: ffff88802419c000 RCX: 0000000000000009
[  256.014964][ T8858] RDX: 0000000000000000 RSI: ffff88802419c000 RDI: 0000000080001380
[  256.014975][ T8858] RBP: ffffc90003f2fbb0 R08: ffff88802419c008 R09: 1ffff11004833801
[  256.014988][ T8858] R10: dffffc0000000000 R11: ffffed1004833802 R12: 1ffff920007e5faf
[  256.015000][ T8858] R13: 0000000080001380 R14: ffffc90003f2fd88 R15: 0000000000000009
[  256.015029][ T8858]  _copy_to_iter+0x24f/0x1790
[  256.015049][ T8858]  ? seq_read_iter+0xb7a/0xe10
[  256.015073][ T8858]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  256.015099][ T8858]  ? __pfx__copy_to_iter+0x10/0x10
[  256.015117][ T8858]  ? kernfs_seq_stop+0x17e/0x200
[  256.015145][ T8858]  ? kernfs_put_active+0xa0/0x100
[  256.015164][ T8858]  ? kernfs_seq_stop+0x17e/0x200
[  256.015191][ T8858]  seq_read_iter+0xbeb/0xe10
[  256.015232][ T8858]  vfs_read+0x557/0xa30
[  256.015252][ T8858]  ? fdget_pos+0x247/0x320
[  256.015275][ T8858]  ? __pfx_vfs_read+0x10/0x10
[  256.015306][ T8858]  ? __fget_files+0x2a/0x420
[  256.015332][ T8858]  ksys_read+0x145/0x250
[  256.015355][ T8858]  ? __pfx_ksys_read+0x10/0x10
[  256.015380][ T8858]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.015401][ T8858]  __do_fast_syscall_32+0xb6/0x2b0
[  256.015420][ T8858]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.015441][ T8858]  do_fast_syscall_32+0x34/0x80
[  256.015459][ T8858]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  256.015478][ T8858] RIP: 0023:0xf7fd1539
[  256.015492][ T8858] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  256.015507][ T8858] RSP: 002b:00000000f54e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  256.015523][ T8858] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001380
[  256.015534][ T8858] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  256.015544][ T8858] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  256.015553][ T8858] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  256.015563][ T8858] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  256.015592][ T8858]  </TASK>
[  256.591052][ T8852] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  256.601410][ T8852] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  256.636340][ T8852] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  256.699253][ T8852] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  256.912184][ T8869] netlink: 'syz.5.795': attribute type 72 has an invalid length.
[  256.935753][ T8869] netlink: 12 bytes leftover after parsing attributes in process `syz.5.795'.
[  256.941485][   T43] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  257.020267][ T8874] netlink: 'syz.1.796': attribute type 2 has an invalid length.
[  257.101178][   T43] usb 4-1: Using ep0 maxpacket: 32
[  257.108087][   T43] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  257.116430][   T43] usb 4-1: config 0 has no interface number 0
[  257.124616][   T43] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.141498][   T43] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.158765][   T43] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  257.168129][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.295913][   T43] usb 4-1: config 0 descriptor??
[  257.922611][ T5878] Bluetooth: hci0: command 0x0c1a tx timeout
[  257.964166][   T43] uclogic 0003:28BD:0094.000B: pen parameters not found
[  257.971332][   T43] uclogic 0003:28BD:0094.000B: interface is invalid, ignoring
[  258.172586][ T8860] netlink: 92 bytes leftover after parsing attributes in process `syz.3.793'.
[  258.181662][ T8860] netlink: 56 bytes leftover after parsing attributes in process `syz.3.793'.
[  258.197189][ T8860] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  258.238796][ T8860] netlink: 84 bytes leftover after parsing attributes in process `syz.3.793'.
[  258.254389][   T43] usb 4-1: USB disconnect, device number 35
[  258.274885][ T8894] netlink: 'syz.5.801': attribute type 2 has an invalid length.
[  258.541131][ T5923] usb 6-1: new low-speed USB device number 19 using dummy_hcd
[  258.641541][ T5878] Bluetooth: hci4: command 0x0405 tx timeout
[  258.643844][ T5864] Bluetooth: hci3: command 0x0c1a tx timeout
[  258.701540][ T5923] usb 6-1: device descriptor read/64, error -71
[  258.721207][ T5864] Bluetooth: hci1: command 0x0c1a tx timeout
[  258.988009][ T5923] usb 6-1: new low-speed USB device number 20 using dummy_hcd
[  259.330834][ T5923] usb 6-1: device descriptor read/64, error -71
[  259.526384][ T5923] usb usb6-port1: attempt power cycle
[  260.101120][ T5923] usb 6-1: new low-speed USB device number 21 using dummy_hcd
[  260.151825][ T5923] usb 6-1: device descriptor read/8, error -71
[  260.581111][ T5923] usb 6-1: new low-speed USB device number 22 using dummy_hcd
[  260.781608][ T5923] usb 6-1: device descriptor read/8, error -71
[  260.941952][ T5923] usb usb6-port1: unable to enumerate USB device
[  261.003827][ T8917] netlink: 'syz.1.807': attribute type 72 has an invalid length.
[  261.012103][ T8917] netlink: 12 bytes leftover after parsing attributes in process `syz.1.807'.
[  262.811705][ T8943] FAULT_INJECTION: forcing a failure.
[  262.811705][ T8943] name failslab, interval 1, probability 0, space 0, times 0
[  262.865083][ T8943] CPU: 1 UID: 0 PID: 8943 Comm: syz.5.815 Not tainted syzkaller #0 PREEMPT(full) 
[  262.865107][ T8943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  262.865115][ T8943] Call Trace:
[  262.865120][ T8943]  <TASK>
[  262.865125][ T8943]  dump_stack_lvl+0x189/0x250
[  262.865142][ T8943]  ? __pfx____ratelimit+0x10/0x10
[  262.865153][ T8943]  ? __pfx_dump_stack_lvl+0x10/0x10
[  262.865164][ T8943]  ? __pfx__printk+0x10/0x10
[  262.865176][ T8943]  ? genl_rcv+0x28/0x40
[  262.865188][ T8943]  ? ____sys_sendmsg+0x505/0x830
[  262.865200][ T8943]  ? __sys_sendmsg+0x164/0x220
[  262.865216][ T8943]  should_fail_ex+0x414/0x560
[  262.865233][ T8943]  should_failslab+0xa8/0x100
[  262.865249][ T8943]  kmem_cache_alloc_noprof+0x73/0x3c0
[  262.865262][ T8943]  ? skb_clone+0x212/0x3a0
[  262.865277][ T8943]  skb_clone+0x212/0x3a0
[  262.865290][ T8943]  __netlink_deliver_tap+0x404/0x850
[  262.865307][ T8943]  ? netlink_deliver_tap+0x2e/0x1b0
[  262.865317][ T8943]  netlink_deliver_tap+0x19c/0x1b0
[  262.865327][ T8943]  netlink_sendskb+0x68/0x140
[  262.865343][ T8943]  netlink_unicast+0x397/0x9e0
[  262.865356][ T8943]  ? __asan_memcpy+0x40/0x70
[  262.865372][ T8943]  ? __pfx_netlink_unicast+0x10/0x10
[  262.865391][ T8943]  netlink_rcv_skb+0x28c/0x470
[  262.865400][ T8943]  ? __lock_acquire+0xab9/0xd20
[  262.865414][ T8943]  ? __pfx_genl_rcv_msg+0x10/0x10
[  262.865427][ T8943]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  262.865447][ T8943]  ? down_read+0x1ad/0x2e0
[  262.865460][ T8943]  genl_rcv+0x28/0x40
[  262.865471][ T8943]  netlink_unicast+0x82c/0x9e0
[  262.865490][ T8943]  ? __pfx_netlink_unicast+0x10/0x10
[  262.865505][ T8943]  ? netlink_sendmsg+0x642/0xb30
[  262.865513][ T8943]  ? skb_put+0x11b/0x210
[  262.865529][ T8943]  netlink_sendmsg+0x805/0xb30
[  262.865550][ T8943]  ? __pfx_netlink_sendmsg+0x10/0x10
[  262.865561][ T8943]  ? __import_iovec+0x5d4/0x7f0
[  262.865573][ T8943]  ? aa_sock_msg_perm+0xf1/0x1d0
[  262.865584][ T8943]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  262.865594][ T8943]  ? __pfx_netlink_sendmsg+0x10/0x10
[  262.865605][ T8943]  __sock_sendmsg+0x21c/0x270
[  262.865622][ T8943]  ____sys_sendmsg+0x505/0x830
[  262.865636][ T8943]  ? __pfx_____sys_sendmsg+0x10/0x10
[  262.865657][ T8943]  ___sys_sendmsg+0x21f/0x2a0
[  262.865670][ T8943]  ? __pfx____sys_sendmsg+0x10/0x10
[  262.865700][ T8943]  ? __fget_files+0x2a/0x420
[  262.865708][ T8943]  ? __fget_files+0x3a0/0x420
[  262.865722][ T8943]  __sys_sendmsg+0x164/0x220
[  262.865735][ T8943]  ? __pfx___sys_sendmsg+0x10/0x10
[  262.865755][ T8943]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.865766][ T8943]  __do_fast_syscall_32+0xb6/0x2b0
[  262.865777][ T8943]  ? lockdep_hardirqs_on+0x9c/0x150
[  262.865788][ T8943]  do_fast_syscall_32+0x34/0x80
[  262.865799][ T8943]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  262.865811][ T8943] RIP: 0023:0xf7f87539
[  262.865820][ T8943] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  262.865828][ T8943] RSP: 002b:00000000f549655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  262.865839][ T8943] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080004100
[  262.865845][ T8943] RDX: 0000000000000840 RSI: 0000000000000000 RDI: 0000000000000000
[  262.865851][ T8943] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  262.865856][ T8943] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  262.865862][ T8943] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  262.865876][ T8943]  </TASK>
[  263.211252][    C1] vkms_vblank_simulate: vblank timer overrun
[  263.502095][ T5923] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  263.565362][ T8957] input: syz1 as /devices/virtual/input/input16
[  263.615779][ T8957] program syz.0.817 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  263.754864][ T5923] usb 2-1: not running at top speed; connect to a high speed hub
[  263.770066][ T5923] usb 2-1: config 128 has an invalid interface number: 219 but max is 2
[  263.835072][ T5923] usb 2-1: config 128 has an invalid interface number: 152 but max is 2
[  263.895721][ T5923] usb 2-1: config 128 has an invalid interface number: 195 but max is 2
[  263.957603][ T5923] usb 2-1: config 128 has no interface number 0
[  264.042838][ T5923] usb 2-1: config 128 has no interface number 1
[  264.065411][ T5923] usb 2-1: config 128 has no interface number 2
[  264.079493][ T5923] usb 2-1: config 128 interface 219 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  264.120098][ T5923] usb 2-1: config 128 interface 219 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  264.145599][ T5923] usb 2-1: config 128 interface 219 altsetting 2 endpoint 0xD has invalid maxpacket 512, setting to 64
[  264.339172][ T5923] usb 2-1: config 128 interface 219 altsetting 2 has a duplicate endpoint with address 0xB, skipping
[  264.355815][ T5923] usb 2-1: config 128 interface 219 altsetting 2 has a duplicate endpoint with address 0xB, skipping
[  264.371349][ T5923] usb 2-1: config 128 interface 219 altsetting 2 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  264.401318][   T43] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  264.401391][ T5923] usb 2-1: config 128 interface 219 altsetting 2 has a duplicate endpoint with address 0xE, skipping
[  264.426895][ T5923] usb 2-1: config 128 interface 219 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  264.441566][ T5923] usb 2-1: config 128 interface 219 altsetting 2 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  264.487944][ T5923] usb 2-1: config 128 interface 152 altsetting 176 has a duplicate endpoint with address 0x4, skipping
[  264.545742][ T5923] usb 2-1: config 128 interface 152 altsetting 176 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  264.567169][ T5923] usb 2-1: config 128 interface 152 altsetting 176 has a duplicate endpoint with address 0xD, skipping
[  264.590155][ T5923] usb 2-1: config 128 interface 152 altsetting 176 has an invalid descriptor for endpoint zero, skipping
[  264.605068][ T5923] usb 2-1: config 128 interface 152 altsetting 176 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  264.618038][ T5923] usb 2-1: config 128 interface 195 altsetting 0 has a duplicate endpoint with address 0x7, skipping
[  264.629599][ T5923] usb 2-1: config 128 interface 195 altsetting 0 has a duplicate endpoint with address 0xD, skipping
[  264.644148][ T5923] usb 2-1: config 128 interface 195 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  264.679135][ T5923] usb 2-1: config 128 interface 195 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  264.689442][   T43] usb 6-1: Using ep0 maxpacket: 32
[  264.690335][ T5923] usb 2-1: config 128 interface 195 altsetting 0 has a duplicate endpoint with address 0x4, skipping
[  264.710914][ T5923] usb 2-1: config 128 interface 219 has no altsetting 0
[  264.718913][ T5923] usb 2-1: config 128 interface 152 has no altsetting 0
[  264.723133][   T43] usb 6-1: config 16 has an invalid interface number: 221 but max is 0
[  264.735112][   T43] usb 6-1: config 16 has no interface number 0
[  264.741591][   T43] usb 6-1: config 16 interface 221 has no altsetting 0
[  264.750714][   T43] usb 6-1: New USB device found, idVendor=041e, idProduct=401d, bcdDevice=1c.97
[  264.752403][ T5923] usb 2-1: New USB device found, idVendor=055d, idProduct=9001, bcdDevice=92.b7
[  264.760140][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.784484][   T43] usb 6-1: Product: syz
[  264.789905][   T43] usb 6-1: Manufacturer: syz
[  264.795852][   T43] usb 6-1: SerialNumber: syz
[  264.820380][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.843047][ T5923] usb 2-1: Product: ꎇ篙춛䟆阮疯㭅欜稻䰯俳쯹䪹㿸윘辖㚈ⶇ⠺絭癅죳�⼲�㗔ཕ彠鯊鄆콦ⱜ嵌⑌碥᧫薀散᧮깲鱀�財묇�ᛘ郲䃰욻彊뵤䈳܆쇎䭈㞀亄㳃黋丹优㖰砾犉쿮㺴쌱䘒
[  264.845288][ T8970] usb usb7: usbfs: process 8970 (syz.3.824) did not claim interface 0 before use
[  264.911063][ T5923] usb 2-1: Manufacturer: Ч
[  264.915625][ T5923] usb 2-1: SerialNumber: syz
[  265.038846][   T43] gspca_main: spca505-2.14.0 probing 041e:401d
[  265.057177][   T43] gspca_spca505: reg write: error -71
[  265.067786][   T43] spca505 6-1:16.221: probe with driver spca505 failed with error -5
[  265.084623][   T43] usb 6-1: USB disconnect, device number 23
[  265.286946][ T5923] usb 2-1: USB disconnect, device number 30
[  265.434156][ T8984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.830'.
[  265.530228][ T8988] netlink: 24 bytes leftover after parsing attributes in process `syz.0.830'.
[  266.007939][ T9007] bridge0: entered promiscuous mode
[  266.133600][ T9005] netlink: 132 bytes leftover after parsing attributes in process `syz.3.833'.
[  266.421489][ T9014] netlink: 12 bytes leftover after parsing attributes in process `syz.5.836'.
[  267.867676][ T9028] trusted_key: syz.4.840 sent an empty control message without MSG_MORE.
[  268.084843][ T9031] netlink: 12 bytes leftover after parsing attributes in process `syz.4.841'.
[  268.094021][ T5863] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  268.244104][   T30] kauditd_printk_skb: 36 callbacks suppressed
[  268.244195][   T30] audit: type=1326 audit(1757311925.231:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.288803][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  268.289092][   T30] audit: type=1326 audit(1757311925.261:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.331388][   T30] audit: type=1326 audit(1757311925.261:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=298 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.355484][   T30] audit: type=1326 audit(1757311925.261:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.362587][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  268.377312][    C1] vkms_vblank_simulate: vblank timer overrun
[  268.378237][   T30] audit: type=1326 audit(1757311925.261:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.392946][ T5863] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  268.424891][   T30] audit: type=1326 audit(1757311925.261:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.447586][   T30] audit: type=1326 audit(1757311925.261:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.473661][   T30] audit: type=1326 audit(1757311925.261:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.518765][   T30] audit: type=1326 audit(1757311925.261:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.540681][    C1] vkms_vblank_simulate: vblank timer overrun
[  268.547308][   T43] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  268.558993][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.620893][ T5863] usb 4-1: config 0 descriptor??
[  268.641605][   T30] audit: type=1326 audit(1757311925.261:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9033 comm="syz.5.845" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f87539 code=0x7ffc0000
[  268.647241][ T9040] mac80211_hwsim hwsim9 syzkaller0: entered promiscuous mode
[  268.678345][ T9040] mac80211_hwsim hwsim9 syzkaller0: entered allmulticast mode
[  268.741774][   T43] usb 6-1: Using ep0 maxpacket: 16
[  268.755315][   T43] usb 6-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  268.766373][   T43] usb 6-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  268.790758][   T43] usb 6-1: Product: syz
[  268.801970][   T43] usb 6-1: Manufacturer: syz
[  268.815518][   T43] usb 6-1: SerialNumber: syz
[  268.836559][   T43] usb 6-1: config 0 descriptor??
[  268.899369][ T5863] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  268.925285][ T5863] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  268.939218][ T5863] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  268.949016][ T5863] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  268.963777][ T9050] netlink: 12 bytes leftover after parsing attributes in process `syz.4.850'.
[  268.984629][ T5863] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  268.993772][ T5863] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  269.020839][ T5863] pyra 0003:1E7D:2CF6.000C: unknown main item tag 0x0
[  269.045710][ T5863] pyra 0003:1E7D:2CF6.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0
[  269.071922][ T9050] netlink: 'syz.4.850': attribute type 11 has an invalid length.
[  269.087310][ T9035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.103032][ T9050] vxlan0: entered promiscuous mode
[  269.141695][ T9035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.161499][ T4610] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  269.205935][ T5863] pyra 0003:1E7D:2CF6.000C: couldn't init struct pyra_device
[  269.239504][ T4610] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  269.275404][ T5863] pyra 0003:1E7D:2CF6.000C: couldn't install mouse
[  269.298947][ T4610] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  269.316185][ T5863] pyra 0003:1E7D:2CF6.000C: probe with driver pyra failed with error -32
[  269.331208][ T4610] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  269.386382][ T9035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.395585][ T5944] usb 4-1: USB disconnect, device number 36
[  269.421683][ T9035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  269.485038][ T5863] usb 6-1: USB disconnect, device number 24
[  269.669360][ T9060] bridge1: entered promiscuous mode
[  269.955546][ T9065] tipc: Started in network mode
[  269.960497][ T9065] tipc: Node identity 080211000001, cluster identity 4711
[  269.976764][ T9065] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  270.273587][ T9072] tipc: Started in network mode
[  270.303888][ T9072] tipc: Node identity 4aed413be96c, cluster identity 4711
[  270.423064][ T9072] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  270.443857][ T9072] syzkaller0: entered promiscuous mode
[  270.449551][ T9072] syzkaller0: entered allmulticast mode
[  270.471676][ T9072] tipc: Resetting bearer <eth:syzkaller0>
[  270.591390][ T9070] tipc: Resetting bearer <eth:syzkaller0>
[  270.781941][ T9070] tipc: Disabling bearer <eth:syzkaller0>
[  271.020393][ T9085] netlink: 24 bytes leftover after parsing attributes in process `syz.0.859'.
[  271.091100][   T43] tipc: Node number set to 134418688
[  271.304147][ T9095] netlink: 'syz.0.863': attribute type 1 has an invalid length.
[  271.315603][ T9095] netlink: 'syz.0.863': attribute type 1 has an invalid length.
[  271.330357][ T9095] netlink: 'syz.0.863': attribute type 12 has an invalid length.
[  271.342938][ T9095] netlink: 'syz.0.863': attribute type 29 has an invalid length.
[  271.377762][ T9095] netlink: 148 bytes leftover after parsing attributes in process `syz.0.863'.
[  271.410883][ T9095] netlink: 'syz.0.863': attribute type 2 has an invalid length.
[  271.418917][ T9095] netlink: 'syz.0.863': attribute type 3 has an invalid length.
[  271.429070][ T9095] netlink: 'syz.0.863': attribute type 1 has an invalid length.
[  271.454476][   T43] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  271.701853][   T43] usb 2-1: Using ep0 maxpacket: 32
[  271.714075][   T43] usb 2-1: config 131 has an invalid interface number: 110 but max is 0
[  271.731676][   T43] usb 2-1: config 131 has no interface number 0
[  271.881132][   T43] usb 2-1: config 131 interface 110 has no altsetting 0
[  271.891435][   T43] usb 2-1: New USB device found, idVendor=13d3, idProduct=3408, bcdDevice=e5.54
[  271.901363][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.911078][ T5971] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  271.919309][   T43] usb 2-1: Product: syz
[  271.928571][   T43] usb 2-1: Manufacturer: syz
[  271.938710][   T43] usb 2-1: SerialNumber: syz
[  272.076317][ T5971] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  272.134815][ T5971] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  272.148918][ T5971] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  272.159030][ T5971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.170660][   T43] usb 2-1: USB disconnect, device number 31
[  272.181343][ T5971] usb 1-1: Product: syz
[  272.185615][ T5971] usb 1-1: Manufacturer: syz
[  272.197638][ T5971] usb 1-1: SerialNumber: syz
[  272.533374][ T5971] usb 1-1: 0:2 : does not exist
[  272.585039][ T5971] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  272.624793][ T5971] usb 1-1: USB disconnect, device number 33
[  272.661220][ T5863] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  272.718139][ T6739] udevd[6739]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  272.835488][ T5863] usb 6-1: Using ep0 maxpacket: 16
[  272.903964][ T5863] usb 6-1: unable to get BOS descriptor or descriptor too short
[  272.935872][ T5863] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.956186][ T5863] usb 6-1: config 0 has no interfaces?
[  273.021118][ T5863] usb 6-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40
[  273.030345][ T5863] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.038497][ T5863] usb 6-1: Product: syz
[  273.047387][ T5863] usb 6-1: Manufacturer: syz
[  273.061137][ T5863] usb 6-1: SerialNumber: syz
[  273.184074][ T5863] usb 6-1: config 0 descriptor??
[  273.651133][ T5923] IPVS: starting estimator thread 0...
[  273.671074][ T5863] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  273.774160][ T9127] IPVS: using max 27 ests per chain, 64800 per kthread
[  273.831538][ T5863] usb 1-1: Using ep0 maxpacket: 16
[  273.912163][ T5863] usb 1-1: config 0 has an invalid interface number: 161 but max is 0
[  273.940777][ T5863] usb 1-1: config 0 has no interface number 0
[  273.978340][ T5863] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0102, bcdDevice=9a.fd
[  273.999516][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.018323][ T5863] usb 1-1: Product: syz
[  274.023027][ T5863] usb 1-1: Manufacturer: syz
[  274.027656][ T5863] usb 1-1: SerialNumber: syz
[  274.042657][ T5863] usb 1-1: config 0 descriptor??
[  274.055291][ T5863] kvaser_usb 1-1:0.161: error -ENODEV: Cannot get usb endpoint(s)
[  274.280708][ T9141] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  274.287340][ T9141] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  274.299894][ T9141] vhci_hcd vhci_hcd.0: Device attached
[  274.307508][ T9142] vhci_hcd: connection closed
[  274.308054][ T1088] vhci_hcd: stop threads
[  274.318215][ T1088] vhci_hcd: release socket
[  274.334947][ T5863] usb 1-1: USB disconnect, device number 34
[  274.341848][ T1088] vhci_hcd: disconnect device
[  275.328519][ T5971] usb 6-1: USB disconnect, device number 25
[  275.861224][ T5971] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  276.047257][ T9180] binder: 9173:9180 ioctl c0306201 80000080 returned -14
[  276.064444][ T5971] usb 6-1: Using ep0 maxpacket: 32
[  276.346929][ T5971] usb 6-1: config 0 has an invalid interface number: 231 but max is 0
[  276.366371][ T9175] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  276.377158][ T5971] usb 6-1: config 0 has no interface number 0
[  276.400737][ T5971] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  276.483538][ T5971] usb 6-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[  276.504941][ T5971] usb 6-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b
[  276.518137][ T5971] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.576110][ T5971] usb 6-1: Product: syz
[  276.585405][ T5971] usb 6-1: Manufacturer: syz
[  276.590043][ T5971] usb 6-1: SerialNumber: syz
[  276.603394][ T5971] usb 6-1: config 0 descriptor??
[  276.625532][ T9165] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  276.634620][ T9165] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  276.664693][ T5971] plusb 6-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, f6:ab:e1:0d:f5:8a
[  276.851241][ T5863] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  276.964416][ T9190] netlink: 12 bytes leftover after parsing attributes in process `syz.4.893'.
[  277.034230][ T5863] usb 2-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  277.034261][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.034280][ T5863] usb 2-1: Product: syz
[  277.034294][ T5863] usb 2-1: Manufacturer: syz
[  277.034306][ T5863] usb 2-1: SerialNumber: syz
[  277.037430][ T5863] usb 2-1: config 0 descriptor??
[  277.921271][ T5863] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  277.964692][ T5863] asix 2-1:0.0: probe with driver asix failed with error -71
[  277.978078][ T9219] program syz.0.897 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  278.080178][ T5863] usb 2-1: USB disconnect, device number 32
[  278.632723][ T5971] usb 6-1: USB disconnect, device number 26
[  278.640653][ T5971] plusb 6-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.5-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1
[  280.168031][ T9261] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  280.221621][ T9263] syzkaller0: entered promiscuous mode
[  280.227142][ T9263] syzkaller0: entered allmulticast mode
[  280.282325][ T9261] tipc: Resetting bearer <eth:syzkaller0>
[  280.307002][ T9258] tipc: Resetting bearer <eth:syzkaller0>
[  280.350739][ T9258] tipc: Disabling bearer <eth:syzkaller0>
[  280.708317][ T9268] program syz.1.907 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  280.991864][ T9274] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  280.998514][ T9274] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  281.026588][ T9274] vhci_hcd vhci_hcd.0: Device attached
[  281.261506][ T5863] usb 35-1: new high-speed USB device number 4 using vhci_hcd
[  281.295018][ T5944] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  281.464471][ T5944] usb 2-1: Using ep0 maxpacket: 16
[  281.503716][ T5944] usb 2-1: config 0 has no interfaces?
[  281.518298][ T5944] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  281.574948][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.612441][ T5944] usb 2-1: config 0 descriptor??
[  281.836205][ T9275] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2
[  281.837097][   T24] usb 2-1: USB disconnect, device number 33
[  281.857593][   T49] vhci_hcd: stop threads
[  281.867918][   T49] vhci_hcd: release socket
[  281.878765][   T49] vhci_hcd: disconnect device
[  282.221120][ T5971] usb 6-1: new low-speed USB device number 27 using dummy_hcd
[  282.385090][ T5971] usb 6-1: unable to get BOS descriptor or descriptor too short
[  282.410270][ T5971] usb 6-1: config 7 has an invalid interface number: 199 but max is 0
[  282.431575][ T5971] usb 6-1: config 7 has no interface number 0
[  282.445770][ T5971] usb 6-1: config 7 interface 199 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 4
[  282.483957][ T5971] usb 6-1: config 7 interface 199 altsetting 1 endpoint 0x3 has invalid maxpacket 32, setting to 0
[  282.508593][ T5971] usb 6-1: No eUSB2 isoc ep 3 companion for config 7 interface 199 altsetting 1
[  282.550376][ T5971] usb 6-1: config 7 interface 199 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 8
[  282.578420][ T5971] usb 6-1: config 7 interface 199 has no altsetting 0
[  282.614349][ T5971] usb 6-1: string descriptor 0 read error: -22
[  282.625738][ T5971] usb 6-1: New USB device found, idVendor=0c45, idProduct=6282, bcdDevice=cb.15
[  282.669532][ T5971] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.734698][ T5971] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6282
[  282.778325][ T9310] netlink: 4 bytes leftover after parsing attributes in process `syz.3.921'.
[  282.797841][ T9312] netlink: 4 bytes leftover after parsing attributes in process `syz.3.921'.
[  282.845014][ T9310] netlink: 'syz.3.921': attribute type 4 has an invalid length.
[  282.949498][ T5971] gspca_sn9c20x: Write register 1000 failed -71
[  282.958291][ T5971] gspca_sn9c20x: Device initialization failed
[  282.984082][ T5971] gspca_sn9c20x 6-1:7.199: probe with driver gspca_sn9c20x failed with error -71
[  283.019107][ T5971] usb 6-1: USB disconnect, device number 27
[  283.128275][ T9322] vlan2: entered allmulticast mode
[  283.135942][ T9322] macsec0: entered allmulticast mode
[  283.142016][ T9322] veth1_macvtap: entered allmulticast mode
[  283.162213][ T9327] netlink: 36 bytes leftover after parsing attributes in process `syz.0.925'.
[  283.167636][ T9324] openvswitch: netlink: IP tunnel dst address not specified
[  284.381289][   T10] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  284.521094][   T10] usb 6-1: device descriptor read/64, error -71
[  284.851271][   T10] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  285.161197][   T10] usb 6-1: device descriptor read/64, error -71
[  285.301545][   T10] usb usb6-port1: attempt power cycle
[  285.658092][   T10] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  285.687694][   T10] usb 6-1: device descriptor read/8, error -71
[  285.931456][   T10] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  285.971834][   T10] usb 6-1: device descriptor read/8, error -71
[  286.023439][ T9400] program syz.1.950 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  286.108847][   T10] usb usb6-port1: unable to enumerate USB device
[  286.401244][ T5863] vhci_hcd: vhci_device speed not set
[  288.547212][ T9456] loop6: detected capacity change from 0 to 524288000
[  288.736231][ T9468] FAULT_INJECTION: forcing a failure.
[  288.736231][ T9468] name failslab, interval 1, probability 0, space 0, times 0
[  288.757061][ T9468] CPU: 1 UID: 0 PID: 9468 Comm: syz.0.971 Not tainted syzkaller #0 PREEMPT(full) 
[  288.757085][ T9468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  288.757095][ T9468] Call Trace:
[  288.757102][ T9468]  <TASK>
[  288.757110][ T9468]  dump_stack_lvl+0x189/0x250
[  288.757135][ T9468]  ? __pfx____ratelimit+0x10/0x10
[  288.757149][ T9468]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.757164][ T9468]  ? __pfx__printk+0x10/0x10
[  288.757186][ T9468]  ? __pfx___might_resched+0x10/0x10
[  288.757204][ T9468]  should_fail_ex+0x414/0x560
[  288.757232][ T9468]  should_failslab+0xa8/0x100
[  288.757255][ T9468]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  288.757278][ T9468]  ? __alloc_skb+0x112/0x2d0
[  288.757300][ T9468]  __alloc_skb+0x112/0x2d0
[  288.757321][ T9468]  netlink_sendmsg+0x5c6/0xb30
[  288.757347][ T9468]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.757366][ T9468]  ? __import_iovec+0x5d4/0x7f0
[  288.757384][ T9468]  ? aa_sock_msg_perm+0xf1/0x1d0
[  288.757401][ T9468]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  288.757418][ T9468]  ? __pfx_netlink_sendmsg+0x10/0x10
[  288.757436][ T9468]  __sock_sendmsg+0x21c/0x270
[  288.757462][ T9468]  ____sys_sendmsg+0x505/0x830
[  288.757487][ T9468]  ? __pfx_____sys_sendmsg+0x10/0x10
[  288.757519][ T9468]  ___sys_sendmsg+0x21f/0x2a0
[  288.757541][ T9468]  ? __pfx____sys_sendmsg+0x10/0x10
[  288.757595][ T9468]  ? __fget_files+0x2a/0x420
[  288.757609][ T9468]  ? __fget_files+0x3a0/0x420
[  288.757633][ T9468]  __sys_sendmsg+0x164/0x220
[  288.757655][ T9468]  ? __pfx___sys_sendmsg+0x10/0x10
[  288.757690][ T9468]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.757709][ T9468]  __do_fast_syscall_32+0xb6/0x2b0
[  288.757726][ T9468]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.757746][ T9468]  do_fast_syscall_32+0x34/0x80
[  288.757763][ T9468]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  288.757782][ T9468] RIP: 0023:0xf70ee539
[  288.757797][ T9468] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  288.757812][ T9468] RSP: 002b:00000000f54de55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  288.757830][ T9468] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  288.757842][ T9468] RDX: 0000000000040810 RSI: 0000000000000000 RDI: 0000000000000000
[  288.757851][ T9468] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  288.757860][ T9468] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  288.757869][ T9468] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  288.757892][ T9468]  </TASK>
[  289.075870][ T9471] netlink: 'syz.3.970': attribute type 16 has an invalid length.
[  290.219400][ T9436] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  290.225836][ T9436] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  290.232319][ T9436] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  290.238532][ T9436] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  290.245091][ T5864] Bluetooth: hci0: command 0x0c1a tx timeout
[  290.416524][ T9478] netlink: 156 bytes leftover after parsing attributes in process `syz.3.975'.
[  290.443916][ T9481] netlink: 8 bytes leftover after parsing attributes in process `syz.5.973'.
[  290.961462][ T5971] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  291.182568][ T5971] usb 4-1: Using ep0 maxpacket: 8
[  291.237149][ T5971] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  291.300859][ T5971] usb 4-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  291.310481][ T5971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.611832][ T5971] usb 4-1: Product: syz
[  291.634260][ T5971] usb 4-1: Manufacturer: syz
[  291.638896][ T5971] usb 4-1: SerialNumber: syz
[  291.650082][ T5971] usb 4-1: config 0 descriptor??
[  291.680887][ T5971] streamzap 4-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  291.820213][ T9516] netlink: 'syz.1.985': attribute type 72 has an invalid length.
[  291.828253][ T9516] netlink: 32 bytes leftover after parsing attributes in process `syz.1.985'.
[  291.935294][ T9521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  291.944331][ T9521] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.079910][ T9521] misc userio: The device must be registered before sending interrupts
[  292.243137][ T5864] Bluetooth: hci1: command 0x0c1a tx timeout
[  292.250072][ T5864] Bluetooth: hci4: command 0x0405 tx timeout
[  292.270492][ T5878] Bluetooth: hci3: command 0x0c1a tx timeout
[  292.437206][ T5863] usb 4-1: USB disconnect, device number 37
[  292.936629][ T9534] netlink: 8 bytes leftover after parsing attributes in process `syz.3.989'.
[  293.024928][ T9539] netem: incorrect ge model size
[  293.049116][ T9539] netem: change failed
[  293.076982][ T9536] netlink: 'syz.5.987': attribute type 2 has an invalid length.
[  293.088747][ T9541] netem: incorrect ge model size
[  293.094472][ T9541] netem: change failed
[  293.331150][ T5923] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  293.373216][ T9550] ALSA: mixer_oss: invalid OSS volume ''
[  293.505454][ T5923] usb 4-1: Using ep0 maxpacket: 32
[  293.535342][ T9554] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  293.551776][ T5863] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  293.575878][ T5923] usb 4-1: config 0 has an invalid interface number: 136 but max is 0
[  293.591150][ T5923] usb 4-1: config 0 has no interface number 0
[  293.607558][ T5923] usb 4-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  293.636810][ T5923] usb 4-1: config 0 interface 136 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  293.665869][ T5923] usb 4-1: config 0 interface 136 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  293.707072][ T5923] usb 4-1: config 0 interface 136 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  293.709337][ T9560] netlink: 4 bytes leftover after parsing attributes in process `syz.4.996'.
[  293.736941][ T5863] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  293.752854][ T5923] usb 4-1: config 0 interface 136 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  293.768155][ T5863] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  293.795568][ T5923] usb 4-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0
[  293.808577][ T5863] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  293.828273][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.837674][ T5863] usb 2-1: config 1 has no interface number 1
[  293.861503][ T5863] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  293.881912][ T5923] usb 4-1: config 0 descriptor??
[  293.904098][ T5863] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  293.922720][ T5923] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  293.966165][ T5863] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  293.993395][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.049857][ T5863] usb 2-1: Product: syz
[  294.067821][ T5863] usb 2-1: Manufacturer: syz
[  294.093169][ T5863] usb 2-1: SerialNumber: syz
[  294.137482][ T5875] udevd[5875]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.136/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  294.170469][ T5923] usb 4-1: USB disconnect, device number 38
[  294.428152][ T5863] usb 2-1: No endpoint at altset 1, falling back to MIDI 1.0
[  294.619588][ T5863] usb 2-1: MIDIStreaming interface descriptor not found
[  294.751154][ T5863] usb 2-1: USB disconnect, device number 34
[  294.938425][ T5871] udevd[5871]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  295.384021][ T9610] block device autoloading is deprecated and will be removed.
[  295.569731][ T9616] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1003'.
[  295.802317][ T9622] netlink: 1180 bytes leftover after parsing attributes in process `syz.5.1006'.
[  295.901691][ T9627] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1005'.
[  296.131334][ T5971] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  296.301214][ T5971] usb 6-1: Using ep0 maxpacket: 16
[  296.321134][ T5971] usb 6-1: too many configurations: 77, using maximum allowed: 8
[  296.335476][ T5971] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 98
[  296.344357][ T5971] usb 6-1: can't read configurations, error -22
[  296.501288][ T5971] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  296.662056][ T5971] usb 6-1: Using ep0 maxpacket: 16
[  296.678314][ T5971] usb 6-1: too many configurations: 77, using maximum allowed: 8
[  296.698349][ T5971] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 98
[  296.709999][ T5971] usb 6-1: can't read configurations, error -22
[  296.725359][ T5971] usb usb6-port1: attempt power cycle
[  296.866789][ T9634] sctp: [Deprecated]: syz.1.1008 (pid 9634) Use of int in max_burst socket option.
[  296.866789][ T9634] Use struct sctp_assoc_value instead
[  297.071175][ T5971] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  297.092154][ T5971] usb 6-1: Using ep0 maxpacket: 16
[  297.102459][ T5971] usb 6-1: too many configurations: 77, using maximum allowed: 8
[  297.112779][ T5971] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 98
[  297.137456][ T5971] usb 6-1: can't read configurations, error -22
[  297.171356][   T24] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  297.298855][ T5971] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  297.311098][   T24] usb 1-1: device descriptor read/64, error -71
[  297.321882][ T5971] usb 6-1: Using ep0 maxpacket: 16
[  297.349638][ T5971] usb 6-1: too many configurations: 77, using maximum allowed: 8
[  297.414673][ T5971] usb 6-1: invalid descriptor for config index 0: type = 0x2, length = 98
[  297.431041][ T5971] usb 6-1: can't read configurations, error -22
[  297.449991][ T5971] usb usb6-port1: unable to enumerate USB device
[  297.601072][   T24] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[  297.731136][   T24] usb 1-1: device descriptor read/64, error -71
[  297.841551][   T24] usb usb1-port1: attempt power cycle
[  298.039448][ T9657] FAULT_INJECTION: forcing a failure.
[  298.039448][ T9657] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  298.071110][ T9657] CPU: 1 UID: 0 PID: 9657 Comm: syz.3.1013 Not tainted syzkaller #0 PREEMPT(full) 
[  298.071135][ T9657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  298.071145][ T9657] Call Trace:
[  298.071152][ T9657]  <TASK>
[  298.071159][ T9657]  dump_stack_lvl+0x189/0x250
[  298.071184][ T9657]  ? __pfx____ratelimit+0x10/0x10
[  298.071199][ T9657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.071218][ T9657]  ? __pfx__printk+0x10/0x10
[  298.071252][ T9657]  should_fail_ex+0x414/0x560
[  298.071281][ T9657]  _copy_to_user+0x31/0xb0
[  298.071305][ T9657]  simple_read_from_buffer+0xe1/0x170
[  298.071333][ T9657]  proc_fail_nth_read+0x1b3/0x220
[  298.071355][ T9657]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  298.071377][ T9657]  ? rw_verify_area+0x2a6/0x4d0
[  298.071396][ T9657]  ? __lock_acquire+0xab9/0xd20
[  298.071422][ T9657]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  298.071442][ T9657]  vfs_read+0x200/0xa30
[  298.071461][ T9657]  ? fdget_pos+0x247/0x320
[  298.071480][ T9657]  ? __pfx___mutex_lock+0x10/0x10
[  298.071498][ T9657]  ? __pfx_vfs_read+0x10/0x10
[  298.071521][ T9657]  ? __fget_files+0x2a/0x420
[  298.071540][ T9657]  ? __fget_files+0x3a0/0x420
[  298.071553][ T9657]  ? __fget_files+0x2a/0x420
[  298.071577][ T9657]  ksys_read+0x145/0x250
[  298.071600][ T9657]  ? __pfx_ksys_read+0x10/0x10
[  298.071624][ T9657]  ? lockdep_hardirqs_on+0x9c/0x150
[  298.071643][ T9657]  __do_fast_syscall_32+0xb6/0x2b0
[  298.071659][ T9657]  ? lockdep_hardirqs_on+0x9c/0x150
[  298.071678][ T9657]  do_fast_syscall_32+0x34/0x80
[  298.071695][ T9657]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  298.071713][ T9657] RIP: 0023:0xf7fc4539
[  298.071728][ T9657] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  298.071742][ T9657] RSP: 002b:00000000f54d6590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  298.071759][ T9657] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54d6620
[  298.071770][ T9657] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000
[  298.071780][ T9657] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  298.071789][ T9657] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  298.071799][ T9657] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  298.071826][ T9657]  </TASK>
[  298.646875][   T24] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[  298.691582][   T24] usb 1-1: device descriptor read/8, error -71
[  298.819482][ T9668] loop2: detected capacity change from 0 to 7
[  298.830199][ T9668]  loop2:
[  298.834371][ T9668] loop2: partition table partially beyond EOD, truncated
[  298.932521][   T24] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[  298.961907][   T24] usb 1-1: device descriptor read/8, error -71
[  299.084384][   T24] usb usb1-port1: unable to enumerate USB device
[  300.560113][ T9691] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  300.582289][ T9691] syzkaller0: entered promiscuous mode
[  300.587965][ T9691] syzkaller0: entered allmulticast mode
[  300.703519][ T9691] tipc: Resetting bearer <eth:syzkaller0>
[  300.742236][ T9690] tipc: Resetting bearer <eth:syzkaller0>
[  300.817727][ T9690] tipc: Disabling bearer <eth:syzkaller0>
[  302.162541][ T9722] program syz.4.1033 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  302.356030][ T9718] JFS: charset not found
[  306.084069][   T30] kauditd_printk_skb: 78 callbacks suppressed
[  306.084088][   T30] audit: type=1800 audit(1757311963.071:886): pid=9784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1050" name="file0" dev="tmpfs" ino=1142 res=0 errno=0
[  306.261515][ T5971] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  306.372066][ T5945] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  306.472633][ T5971] usb 2-1: Using ep0 maxpacket: 16
[  306.489399][ T5971] usb 2-1: config 8 has an invalid interface number: 39 but max is 0
[  306.501181][ T5971] usb 2-1: config 8 has an invalid descriptor of length 108, skipping remainder of the config
[  306.515751][ T5971] usb 2-1: config 8 has no interface number 0
[  306.522163][ T5971] usb 2-1: config 8 interface 39 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  306.539118][ T5971] usb 2-1: config 8 interface 39 has no altsetting 0
[  306.541139][ T5945] usb 4-1: Using ep0 maxpacket: 32
[  306.550250][ T5971] usb 2-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  306.560744][ T5971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.642770][ T5971] usb 2-1: Product: syz
[  306.646974][ T5971] usb 2-1: Manufacturer: syz
[  306.671541][ T5971] usb 2-1: SerialNumber: syz
[  306.700664][ T5945] usb 4-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b
[  306.717367][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.737876][ T5945] usb 4-1: Product: syz
[  306.746596][ T5945] usb 4-1: Manufacturer: syz
[  306.776819][ T5945] usb 4-1: SerialNumber: syz
[  306.975154][ T9804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.014807][ T9804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.048131][   T30] audit: type=1800 audit(1757311964.031:887): pid=9784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1050" name="file0" dev="tmpfs" ino=1142 res=0 errno=0
[  307.099318][ T5945] usb 4-1: palm_os_4_probe - error -71 getting connection info
[  307.235655][ T5945] visor 4-1:1.0: Handspring Visor / Palm OS converter detected
[  307.329137][ T5945] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  307.451820][ T5945] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  307.490479][ T5945] usb 4-1: USB disconnect, device number 39
[  307.552999][ T5945] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  307.668587][ T5945] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  307.753253][ T5945] visor 4-1:1.0: device disconnected
[  307.875278][ T9814] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1058'.
[  307.903613][ T9814] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1058'.
[  307.989112][ T9814] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1058'.
[  308.874364][   T30] audit: type=1400 audit(1757311965.861:888): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=9827 comm="syz.0.1062"
[  309.023850][ T5971] ipheth 2-1:8.39: Unable to find endpoints
[  309.068528][ T5971] usb 2-1: USB disconnect, device number 35
[  309.541344][ T5878] Bluetooth: hci0: unexpected event for opcode 0x080b
[  309.544640][ T9848] FAULT_INJECTION: forcing a failure.
[  309.544640][ T9848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.576639][ T9850] binder: BINDER_SET_CONTEXT_MGR already set
[  309.583176][ T9850] binder: 9844:9850 ioctl 4018620d 80000040 returned -16
[  309.618250][ T9848] CPU: 0 UID: 0 PID: 9848 Comm: syz.3.1069 Not tainted syzkaller #0 PREEMPT(full) 
[  309.618276][ T9848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  309.618289][ T9848] Call Trace:
[  309.618296][ T9848]  <TASK>
[  309.618304][ T9848]  dump_stack_lvl+0x189/0x250
[  309.618330][ T9848]  ? __pfx____ratelimit+0x10/0x10
[  309.618347][ T9848]  ? __pfx_dump_stack_lvl+0x10/0x10
[  309.618366][ T9848]  ? __pfx__printk+0x10/0x10
[  309.618389][ T9848]  ? __might_fault+0xb0/0x130
[  309.618421][ T9848]  should_fail_ex+0x414/0x560
[  309.618449][ T9848]  _copy_from_iter+0x1de/0x1790
[  309.618474][ T9848]  ? _copy_from_iter+0x24f/0x1790
[  309.618497][ T9848]  ? __pfx__copy_from_iter+0x10/0x10
[  309.618514][ T9848]  ? sock_alloc_send_pskb+0x875/0x990
[  309.618534][ T9848]  ? finish_task_switch+0x18b/0x950
[  309.618559][ T9848]  ? __pfx__copy_from_iter+0x10/0x10
[  309.618579][ T9848]  ? page_copy_sane+0x16a/0x280
[  309.618600][ T9848]  copy_page_from_iter+0xdd/0x170
[  309.618623][ T9848]  skb_copy_datagram_from_iter+0x306/0x720
[  309.618656][ T9848]  tun_get_user+0x1691/0x3e20
[  309.618693][ T9848]  ? aa_file_perm+0x44d/0x1550
[  309.618711][ T9848]  ? __pfx_tun_get_user+0x10/0x10
[  309.618728][ T9848]  ? _parse_integer_limit+0x1ae/0x1f0
[  309.618754][ T9848]  ? __lock_acquire+0xab9/0xd20
[  309.618782][ T9848]  ? ref_tracker_alloc+0x318/0x460
[  309.618796][ T9848]  ? __lock_acquire+0xab9/0xd20
[  309.618826][ T9848]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  309.618847][ T9848]  ? tun_get+0x1c/0x2f0
[  309.618870][ T9848]  ? tun_get+0x1c/0x2f0
[  309.618887][ T9848]  ? tun_get+0x1c/0x2f0
[  309.618909][ T9848]  tun_chr_write_iter+0x113/0x200
[  309.618930][ T9848]  vfs_write+0x5c6/0xb30
[  309.618956][ T9848]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  309.618975][ T9848]  ? __pfx_vfs_write+0x10/0x10
[  309.619006][ T9848]  ? __fget_files+0x2a/0x420
[  309.619030][ T9848]  ksys_write+0x145/0x250
[  309.619052][ T9848]  ? __pfx_ksys_write+0x10/0x10
[  309.619076][ T9848]  ? lockdep_hardirqs_on+0x9c/0x150
[  309.619095][ T9848]  __do_fast_syscall_32+0xb6/0x2b0
[  309.619114][ T9848]  ? lockdep_hardirqs_on+0x9c/0x150
[  309.619134][ T9848]  do_fast_syscall_32+0x34/0x80
[  309.619152][ T9848]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  309.619175][ T9848] RIP: 0023:0xf7fc4539
[  309.619189][ T9848] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  309.619204][ T9848] RSP: 002b:00000000f54d6520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[  309.619222][ T9848] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000080000340
[  309.619234][ T9848] RDX: 000000000000fdef RSI: 00000000f7454ff4 RDI: 0000000000000000
[  309.619244][ T9848] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  309.619254][ T9848] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  309.619268][ T9848] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  309.619294][ T9848]  </TASK>
[  309.620082][ T9850] binder: 9844:9850 ioctl c0306201 800007c0 returned -11
[  309.901111][ T5971] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  310.166923][ T5971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.182177][ T5971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.198276][ T5971] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  310.309313][ T5971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.502411][ T5971] usb 6-1: config 0 descriptor??
[  310.523889][ T5971] usbhid 6-1:0.0: can't add hid device: -22
[  310.560495][ T5971] usbhid 6-1:0.0: probe with driver usbhid failed with error -22
[  312.101703][ T1557] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  312.149962][ T9884] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1078'.
[  312.326281][ T1557] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  312.363014][ T1557] usb 5-1: USB disconnect, device number 34
[  312.539527][ T9895] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1082'.
[  312.684952][ T9897] 8021q: adding VLAN 0 to HW filter on device bond2
[  312.735865][ T9899] bond_slave_0: entered promiscuous mode
[  312.741653][ T9899] bond_slave_1: entered promiscuous mode
[  312.787542][ T9899] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  312.828913][ T9899] bond2: (slave macvlan2): making interface the new active one
[  312.846526][ T9899] bond2: (slave macvlan2): Enslaving as an active interface with an up link
[  312.852064][ T9908] fuse: Unknown parameter 'uóer_id'
[  313.347592][ T5945] usb 6-1: USB disconnect, device number 36
[  314.050527][ T9921] netlink: 6 bytes leftover after parsing attributes in process `syz.1.1088'.
[  314.521197][ T5945] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  314.764807][ T5945] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  314.777337][ T5945] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  314.815524][ T5945] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  314.865961][ T5945] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.684593][ T5945] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  315.708913][ T5945] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input17
[  315.991264][ T5923] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  316.085941][ T5945] input: failed to attach handler kbd to device input17, error: -5
[  316.193274][ T5923] usb 2-1: Using ep0 maxpacket: 32
[  316.203733][ T5945] usb 5-1: USB disconnect, device number 35
[  316.214903][ T5923] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  316.230365][ T5923] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  316.260030][ T5923] usb 2-1: config 0 has no interface number 0
[  316.274931][ T5923] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  316.313791][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.375005][ T5923] usb 2-1: Product: syz
[  316.385183][ T9972] netlink: 7 bytes leftover after parsing attributes in process `syz.3.1108'.
[  316.394123][ T5923] usb 2-1: Manufacturer: syz
[  316.394144][ T5923] usb 2-1: SerialNumber: syz
[  316.396935][ T5923] usb 2-1: config 0 descriptor??
[  316.743574][ T5923] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  316.962320][ T5923] usb 2-1: qt2_setup_urbs - submit read urb failed -8
[  316.996069][ T5923] quatech2 2-1:0.51: probe with driver quatech2 failed with error -8
[  317.060028][ T9982] fuse: Unknown parameter 'uóer_id'
[  317.282241][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.290676][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  317.328212][ T5945] usb 2-1: USB disconnect, device number 36
[  317.441469][ T5923] usb 1-1: new low-speed USB device number 39 using dummy_hcd
[  317.613452][ T5923] usb 1-1: unable to get BOS descriptor or descriptor too short
[  317.642269][ T5923] usb 1-1: config 9 has an invalid interface number: 198 but max is 0
[  317.659013][ T5923] usb 1-1: config 9 has no interface number 0
[  317.677996][ T5923] usb 1-1: config 9 interface 198 has no altsetting 0
[  317.694422][ T5923] usb 1-1: string descriptor 0 read error: -22
[  317.820896][ T5923] usb 1-1: New USB device found, idVendor=15f4, idProduct=0015, bcdDevice=6f.2b
[  317.840889][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.894092][ T5923] dvb-usb: found a 'Hanftek UMT-010 DVB-T USB2.0' in warm state.
[  317.942399][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[  318.040222][ T5923] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  318.061274][ T5923] dvbdev: DVB: registering new adapter (Hanftek UMT-010 DVB-T USB2.0)
[  318.070524][ T5923] usb 1-1: media controller created
[  318.266924][ T9990] netlink: 6 bytes leftover after parsing attributes in process `syz.4.1111'.
[  318.280737][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  318.481134][ T5923] DVB: Unable to find symbol mt352_attach()
[  318.496009][ T5923] dvb-usb: no frontend was attached by 'Hanftek UMT-010 DVB-T USB2.0'
[  318.506340][ T5923] dvb-usb: bulk message failed: -22 (3/0)
[  318.541128][ T5923] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 successfully initialized and connected.
[  318.649281][ T5923] usb 1-1: USB disconnect, device number 39
[  318.735794][T10002] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1117'.
[  318.925354][ T5923] dvb-usb: Hanftek UMT-010 DVB-T USB2.0 successfully deinitialized and disconnected.
[  319.824945][T10021] netlink: 'syz.0.1122': attribute type 2 has an invalid length.
[  320.465731][T10033] QAT: failed to copy from user.
[  320.615750][ T5923] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  320.835846][ T5923] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  320.856085][ T5923] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  320.912869][ T5923] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  320.979590][ T5923] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  321.012631][ T5923] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  321.050480][ T5923] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  321.112449][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  321.140173][ T5923] usb 5-1: Product: syz
[  321.148661][ T5923] usb 5-1: Manufacturer: syz
[  321.219742][ T5923] cdc_wdm 5-1:1.0: skipping garbage
[  321.341332][ T5923] cdc_wdm 5-1:1.0: skipping garbage
[  321.537623][T10044] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  321.566487][ T5923] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  321.581012][ T5923] cdc_wdm 5-1:1.0: Unknown control protocol
[  321.638195][T10044] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  322.302153][T10052] netlink: 48 bytes leftover after parsing attributes in process `syz.5.1130'.
[  322.891847][ T5923] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  322.922992][ T5971] usb 5-1: USB disconnect, device number 36
[  323.038299][T10064] binder: 10061:10064 ioctl c0306201 80000080 returned -14
[  323.068535][ T5923] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  323.090179][T10068] vcan0: tx drop: invalid da for name 0x000000000000ee00
[  323.094132][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.146139][ T5923] usb 4-1: config 0 descriptor??
[  323.601367][ T5971] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  323.853258][T10060] kvm: vcpu 3: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  323.934188][ T5923] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  324.034928][ T5971] usb 5-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  324.047133][ T5971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.085589][ T5971] usb 5-1: Product: syz
[  324.099781][ T5971] usb 5-1: Manufacturer: syz
[  324.109903][ T5971] usb 5-1: SerialNumber: syz
[  324.145092][ T5971] usb 5-1: config 0 descriptor??
[  324.326582][ T5923] [drm:udl_init] *ERROR* Selecting channel failed
[  324.338984][    C1] vcan0: j1939_tp_rxtimer: 0xffff888072736400: rx timeout, send abort
[  324.524802][ T5923] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2
[  324.533590][ T5923] [drm] Initialized udl on minor 2
[  324.547886][ T5923] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  324.563543][T10080] netlink: 'syz.0.1138': attribute type 2 has an invalid length.
[  324.589404][ T5923] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  324.848435][    C1] vcan0: j1939_tp_rxtimer: 0xffff888072736400: abort rx timeout. Force session deactivation
[  324.871375][ T5863] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  324.898808][ T5863] udl 4-1:0.0: [drm] Cannot find any crtc or sizes
[  324.954018][ T5923] usb 4-1: USB disconnect, device number 40
[  325.181139][T10090] input: syz1 as /devices/virtual/input/input18
[  325.217953][T10090] netlink: 'syz.5.1139': attribute type 10 has an invalid length.
[  325.225924][T10090] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1139'.
[  325.508661][ T5971] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  325.523910][ T5971] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  325.573853][ T5971] asix 5-1:0.0: probe with driver asix failed with error -71
[  325.602409][T10087] 
[  325.604790][T10087] =====================================================
[  325.611858][T10087] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
[  325.619324][T10087] syzkaller #0 Not tainted
[  325.623748][T10087] -----------------------------------------------------
[  325.630673][T10087] syz.3.1141/10087 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  325.638394][T10087] ffffffff8de0c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigurg+0x12b/0x420
[  325.647126][T10087] 
[  325.647126][T10087] and this task is already holding:
[  325.654482][T10087] ffff8880539c52a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420
[  325.663298][T10087] which would create a new lock dependency:
[  325.669273][T10087]  (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3}
[  325.676862][T10087] 
[  325.676862][T10087] but this new dependency connects a SOFTIRQ-irq-safe lock:
[  325.686310][T10087]  (&dev->event_lock#2){..-.}-{3:3}
[  325.686351][T10087] 
[  325.686351][T10087] ... which became SOFTIRQ-irq-safe at:
[  325.699370][T10087]   lock_acquire+0x120/0x360
[  325.703986][T10087]   _raw_spin_lock_irqsave+0xa7/0xf0
[  325.709286][T10087]   input_inject_event+0xa5/0x340
[  325.714318][T10087]   led_trigger_event+0x138/0x210
[  325.719376][T10087]   kbd_bh+0x1c6/0x2e0
[  325.723520][T10087]   tasklet_action_common+0x36c/0x580
[  325.728874][T10087]   handle_softirqs+0x283/0x870
[  325.733703][T10087]   run_ksoftirqd+0x9b/0x100
[  325.738369][T10087]   smpboot_thread_fn+0x53f/0xa60
[  325.743474][T10087]   kthread+0x70e/0x8a0
[  325.747709][T10087]   ret_from_fork+0x3fc/0x770
[  325.752453][T10087]   ret_from_fork_asm+0x1a/0x30
[  325.757310][T10087] 
[  325.757310][T10087] to a SOFTIRQ-irq-unsafe lock:
[  325.764313][T10087]  (tasklist_lock){.+.+}-{3:3}
[  325.764333][T10087] 
[  325.764333][T10087] ... which became SOFTIRQ-irq-unsafe at:
[  325.777012][T10087] ...
[  325.777019][T10087]   lock_acquire+0x120/0x360
[  325.784202][T10087]   _raw_read_lock+0x36/0x50
[  325.788784][T10087]   __do_wait+0xde/0x740
[  325.793030][T10087]   do_wait+0x1f8/0x520
[  325.797166][T10087]   kernel_wait+0xab/0x170
[  325.801574][T10087]   call_usermodehelper_exec_work+0xbe/0x230
[  325.807576][T10087]   process_scheduled_works+0xae1/0x17b0
[  325.813184][T10087]   worker_thread+0x8a0/0xda0
[  325.817841][T10087]   kthread+0x70e/0x8a0
[  325.821988][T10087]   ret_from_fork+0x3fc/0x770
[  325.826646][T10087]   ret_from_fork_asm+0x1a/0x30
[  325.831477][T10087] 
[  325.831477][T10087] other info that might help us debug this:
[  325.831477][T10087] 
[  325.841682][T10087] Chain exists of:
[  325.841682][T10087]   &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock
[  325.841682][T10087] 
[  325.854694][T10087]  Possible interrupt unsafe locking scenario:
[  325.854694][T10087] 
[  325.863079][T10087]        CPU0                    CPU1
[  325.868434][T10087]        ----                    ----
[  325.873779][T10087]   lock(tasklist_lock);
[  325.878022][T10087]                                local_irq_disable();
[  325.884762][T10087]                                lock(&dev->event_lock#2);
[  325.891942][T10087]                                lock(&f_owner->lock);
[  325.898768][T10087]   <Interrupt>
[  325.902202][T10087]     lock(&dev->event_lock#2);
[  325.907058][T10087] 
[  325.907058][T10087]  *** DEADLOCK ***
[  325.907058][T10087] 
[  325.915443][T10087] 2 locks held by syz.3.1141/10087:
[  325.920964][T10087]  #0: ffff88802c826cc8 (&u->lock){+.+.}-{3:3}, at: queue_oob+0x1b0/0x4f0
[  325.929494][T10087]  #1: ffff8880539c52a0 (&f_owner->lock){....}-{3:3}, at: send_sigurg+0x55/0x420
[  325.938601][T10087] 
[  325.938601][T10087] the dependencies between SOFTIRQ-irq-safe lock and the holding lock:
[  325.948981][T10087]    -> (&dev->event_lock#2){..-.}-{3:3} {
[  325.954780][T10087]       IN-SOFTIRQ-W at:
[  325.959000][T10087]                           lock_acquire+0x120/0x360
[  325.966002][T10087]                           _raw_spin_lock_irqsave+0xa7/0xf0
[  325.973543][T10087]                           input_inject_event+0xa5/0x340
[  325.980697][T10087]                           led_trigger_event+0x138/0x210
[  325.987781][T10087]                           kbd_bh+0x1c6/0x2e0
[  325.993923][T10087]                           tasklet_action_common+0x36c/0x580
[  326.001387][T10087]                           handle_softirqs+0x283/0x870
[  326.008410][T10087]                           run_ksoftirqd+0x9b/0x100
[  326.015168][T10087]                           smpboot_thread_fn+0x53f/0xa60
[  326.022267][T10087]                           kthread+0x70e/0x8a0
[  326.028491][T10087]                           ret_from_fork+0x3fc/0x770
[  326.035228][T10087]                           ret_from_fork_asm+0x1a/0x30
[  326.042166][T10087]       INITIAL USE at:
[  326.046388][T10087]                          lock_acquire+0x120/0x360
[  326.053044][T10087]                          _raw_spin_lock_irqsave+0xa7/0xf0
[  326.060305][T10087]                          input_inject_event+0xa5/0x340
[  326.067302][T10087]                          kbd_led_trigger_activate+0xbc/0x100
[  326.075003][T10087]                          led_trigger_set+0x52a/0x950
[  326.081833][T10087]                          led_trigger_set_default+0x260/0x2a0
[  326.089376][T10087]                          led_classdev_register_ext+0x73d/0x930
[  326.097089][T10087]                          input_leds_connect+0x517/0x790
[  326.104197][T10087]                          input_register_device+0xcfd/0x1140
[  326.111643][T10087]                          atkbd_connect+0x72e/0xa00
[  326.118316][T10087]                          serio_driver_probe+0x82/0xd0
[  326.125248][T10087]                          really_probe+0x26d/0x9e0
[  326.131833][T10087]                          __driver_probe_device+0x18c/0x2f0
[  326.139185][T10087]                          driver_probe_device+0x4f/0x430
[  326.146373][T10087]                          __driver_attach+0x452/0x700
[  326.153328][T10087]                          bus_for_each_dev+0x233/0x2b0
[  326.160254][T10087]                          serio_handle_event+0x1f9/0x8d0
[  326.167340][T10087]                          process_scheduled_works+0xae1/0x17b0
[  326.174947][T10087]                          worker_thread+0x8a0/0xda0
[  326.181607][T10087]                          kthread+0x70e/0x8a0
[  326.187736][T10087]                          ret_from_fork+0x3fc/0x770
[  326.194421][T10087]                          ret_from_fork_asm+0x1a/0x30
[  326.201263][T10087]     }
[  326.204033][T10087]     ... key      at: [<ffffffff99e30fa0>] input_allocate_device.__key.5+0x0/0x20
[  326.213306][T10087]   -> (&client->buffer_lock){....}-{3:3} {
[  326.219196][T10087]      INITIAL USE at:
[  326.223246][T10087]                        lock_acquire+0x120/0x360
[  326.229645][T10087]                        _raw_spin_lock+0x2e/0x40
[  326.236042][T10087]                        evdev_pass_values+0xb9/0xbd0
[  326.242812][T10087]                        evdev_events+0x1e6/0x340
[  326.249216][T10087]                        input_pass_values+0x288/0x890
[  326.256041][T10087]                        input_event_dispose+0x3e5/0x6b0
[  326.263061][T10087]                        input_inject_event+0x1dd/0x340
[  326.269975][T10087]                        evdev_write+0x2fc/0x480
[  326.276284][T10087]                        vfs_write+0x27b/0xb30
[  326.282424][T10087]                        ksys_write+0x145/0x250
[  326.288655][T10087]                        __do_fast_syscall_32+0xb6/0x2b0
[  326.295662][T10087]                        do_fast_syscall_32+0x34/0x80
[  326.302437][T10087]                        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.310666][T10087]    }
[  326.313319][T10087]    ... key      at: [<ffffffff99e31240>] evdev_open.__key.25+0x0/0x20
[  326.321656][T10087]    ... acquired at:
[  326.325625][T10087]    lock_acquire+0x120/0x360
[  326.330305][T10087]    _raw_spin_lock+0x2e/0x40
[  326.334974][T10087]    evdev_pass_values+0xb9/0xbd0
[  326.339981][T10087]    evdev_events+0x1e6/0x340
[  326.344637][T10087]    input_pass_values+0x288/0x890
[  326.349744][T10087]    input_event_dispose+0x3e5/0x6b0
[  326.355011][T10087]    input_inject_event+0x1dd/0x340
[  326.360187][T10087]    evdev_write+0x2fc/0x480
[  326.364788][T10087]    vfs_write+0x27b/0xb30
[  326.369186][T10087]    ksys_write+0x145/0x250
[  326.373669][T10087]    __do_fast_syscall_32+0xb6/0x2b0
[  326.378934][T10087]    do_fast_syscall_32+0x34/0x80
[  326.383932][T10087]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.390416][T10087] 
[  326.392727][T10087]  -> (&new->fa_lock){....}-{3:3} {
[  326.397926][T10087]     INITIAL USE at:
[  326.401975][T10087]                      lock_acquire+0x120/0x360
[  326.408201][T10087]                      _raw_write_lock_irq+0xa2/0xf0
[  326.414856][T10087]                      fasync_remove_entry+0xf1/0x1c0
[  326.421600][T10087]                      sock_fasync+0x85/0xf0
[  326.427560][T10087]                      __fput+0x8a2/0xa70
[  326.433255][T10087]                      task_work_run+0x1d1/0x260
[  326.439595][T10087]                      get_signal+0x11ed/0x1340
[  326.445825][T10087]                      arch_do_signal_or_restart+0x9a/0x750
[  326.453189][T10087]                      exit_to_user_mode_loop+0x75/0x110
[  326.460295][T10087]                      __do_fast_syscall_32+0x1f4/0x2b0
[  326.467241][T10087]                      do_fast_syscall_32+0x34/0x80
[  326.473896][T10087]                      entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.481948][T10087]     INITIAL READ USE at:
[  326.486390][T10087]                           lock_acquire+0x120/0x360
[  326.493070][T10087]                           _raw_read_lock_irqsave+0xaf/0x100
[  326.500512][T10087]                           kill_fasync+0x199/0x4d0
[  326.507088][T10087]                           sock_wake_async+0x137/0x160
[  326.514199][T10087]                           sk_wake_async+0x184/0x280
[  326.520960][T10087]                           unix_release_sock+0x78c/0xd50
[  326.528087][T10087]                           unix_release+0x92/0xd0
[  326.534600][T10087]                           sock_close+0xc0/0x240
[  326.541013][T10087]                           __fput+0x449/0xa70
[  326.547245][T10087]                           task_work_run+0x1d1/0x260
[  326.554109][T10087]                           get_signal+0x11ed/0x1340
[  326.560891][T10087]                           arch_do_signal_or_restart+0x9a/0x750
[  326.568609][T10087]                           exit_to_user_mode_loop+0x75/0x110
[  326.576082][T10087]                           __do_fast_syscall_32+0x1f4/0x2b0
[  326.583540][T10087]                           do_fast_syscall_32+0x34/0x80
[  326.590554][T10087]                           entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.599142][T10087]   }
[  326.601712][T10087]   ... key      at: [<ffffffff99b31fc0>] fasync_insert_entry.__key+0x0/0x20
[  326.610470][T10087]   ... acquired at:
[  326.614347][T10087]    lock_acquire+0x120/0x360
[  326.619016][T10087]    _raw_read_lock_irqsave+0xaf/0x100
[  326.624477][T10087]    kill_fasync+0x199/0x4d0
[  326.629049][T10087]    evdev_pass_values+0x627/0xbd0
[  326.634151][T10087]    evdev_events+0x1e6/0x340
[  326.638817][T10087]    input_pass_values+0x288/0x890
[  326.643991][T10087]    input_event_dispose+0x330/0x6b0
[  326.649254][T10087]    input_inject_event+0x1dd/0x340
[  326.654430][T10087]    evdev_write+0x2fc/0x480
[  326.659008][T10087]    vfs_write+0x27b/0xb30
[  326.663403][T10087]    ksys_write+0x145/0x250
[  326.667912][T10087]    __do_fast_syscall_32+0xb6/0x2b0
[  326.673264][T10087]    do_fast_syscall_32+0x34/0x80
[  326.678264][T10087]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.684743][T10087] 
[  326.687044][T10087] -> (&f_owner->lock){....}-{3:3} {
[  326.692224][T10087]    INITIAL USE at:
[  326.696101][T10087]                    lock_acquire+0x120/0x360
[  326.702145][T10087]                    _raw_write_lock_irq+0xa2/0xf0
[  326.708621][T10087]                    __f_setown+0x67/0x370
[  326.714410][T10087]                    fcntl_dirnotify+0x3fa/0x6a0
[  326.720718][T10087]                    do_fcntl+0x6d0/0x1910
[  326.732580][T10087]                    do_compat_fcntl64+0x477/0x720
[  326.739062][T10087]                    __do_fast_syscall_32+0xb6/0x2b0
[  326.745884][T10087]                    do_fast_syscall_32+0x34/0x80
[  326.752277][T10087]                    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.760146][T10087]    INITIAL READ USE at:
[  326.764548][T10087]                         lock_acquire+0x120/0x360
[  326.771067][T10087]                         _raw_read_lock_irqsave+0xaf/0x100
[  326.778343][T10087]                         send_sigio+0x38/0x370
[  326.784569][T10087]                         kill_fasync+0x24d/0x4d0
[  326.791004][T10087]                         sock_wake_async+0x137/0x160
[  326.797755][T10087]                         sk_wake_async+0x184/0x280
[  326.804349][T10087]                         unix_release_sock+0x78c/0xd50
[  326.811371][T10087]                         unix_release+0x92/0xd0
[  326.817686][T10087]                         sock_close+0xc0/0x240
[  326.824001][T10087]                         __fput+0x449/0xa70
[  326.829988][T10087]                         task_work_run+0x1d1/0x260
[  326.836569][T10087]                         get_signal+0x11ed/0x1340
[  326.843138][T10087]                         arch_do_signal_or_restart+0x9a/0x750
[  326.850674][T10087]                         exit_to_user_mode_loop+0x75/0x110
[  326.857937][T10087]                         __do_fast_syscall_32+0x1f4/0x2b0
[  326.871292][T10087]                         do_fast_syscall_32+0x34/0x80
[  326.878132][T10087]                         entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.886495][T10087]  }
[  326.888974][T10087]  ... key      at: [<ffffffff99b31fa0>] file_f_owner_allocate.__key+0x0/0x20
[  326.897915][T10087]  ... acquired at:
[  326.901697][T10087]    lock_acquire+0x120/0x360
[  326.906371][T10087]    _raw_read_lock_irqsave+0xaf/0x100
[  326.911809][T10087]    send_sigio+0x38/0x370
[  326.916205][T10087]    kill_fasync+0x24d/0x4d0
[  326.920792][T10087]    sock_wake_async+0x137/0x160
[  326.925730][T10087]    sk_wake_async+0x184/0x280
[  326.930539][T10087]    unix_release_sock+0x78c/0xd50
[  326.935641][T10087]    unix_release+0x92/0xd0
[  326.940131][T10087]    sock_close+0xc0/0x240
[  326.944529][T10087]    __fput+0x449/0xa70
[  326.948679][T10087]    task_work_run+0x1d1/0x260
[  326.953423][T10087]    get_signal+0x11ed/0x1340
[  326.958092][T10087]    arch_do_signal_or_restart+0x9a/0x750
[  326.963795][T10087]    exit_to_user_mode_loop+0x75/0x110
[  326.969249][T10087]    __do_fast_syscall_32+0x1f4/0x2b0
[  326.974632][T10087]    do_fast_syscall_32+0x34/0x80
[  326.979642][T10087]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  326.986123][T10087] 
[  326.988424][T10087] 
[  326.988424][T10087] the dependencies between the lock to be acquired
[  326.988431][T10087]  and SOFTIRQ-irq-unsafe lock:
[  327.001935][T10087] -> (tasklist_lock){.+.+}-{3:3} {
[  327.007155][T10087]    HARDIRQ-ON-R at:
[  327.011228][T10087]                     lock_acquire+0x120/0x360
[  327.017379][T10087]                     _raw_read_lock+0x36/0x50
[  327.023645][T10087]                     __do_wait+0xde/0x740
[  327.029639][T10087]                     do_wait+0x1f8/0x520
[  327.035407][T10087]                     kernel_wait+0xab/0x170
[  327.041458][T10087]                     call_usermodehelper_exec_work+0xbe/0x230
[  327.049001][T10087]                     process_scheduled_works+0xae1/0x17b0
[  327.056175][T10087]                     worker_thread+0x8a0/0xda0
[  327.062397][T10087]                     kthread+0x70e/0x8a0
[  327.068095][T10087]                     ret_from_fork+0x3fc/0x770
[  327.074310][T10087]                     ret_from_fork_asm+0x1a/0x30
[  327.080725][T10087]    SOFTIRQ-ON-R at:
[  327.084683][T10087]                     lock_acquire+0x120/0x360
[  327.090817][T10087]                     _raw_read_lock+0x36/0x50
[  327.096951][T10087]                     __do_wait+0xde/0x740
[  327.102762][T10087]                     do_wait+0x1f8/0x520
[  327.108460][T10087]                     kernel_wait+0xab/0x170
[  327.114514][T10087]                     call_usermodehelper_exec_work+0xbe/0x230
[  327.122130][T10087]                     process_scheduled_works+0xae1/0x17b0
[  327.129328][T10087]                     worker_thread+0x8a0/0xda0
[  327.135566][T10087]                     kthread+0x70e/0x8a0
[  327.141292][T10087]                     ret_from_fork+0x3fc/0x770
[  327.147814][T10087]                     ret_from_fork_asm+0x1a/0x30
[  327.154223][T10087]    INITIAL USE at:
[  327.158371][T10087]                    lock_acquire+0x120/0x360
[  327.164434][T10087]                    _raw_write_lock_irq+0xa2/0xf0
[  327.171351][T10087]                    copy_process+0x224f/0x3c00
[  327.177575][T10087]                    kernel_clone+0x21e/0x840
[  327.183630][T10087]                    user_mode_thread+0xdd/0x140
[  327.189934][T10087]                    rest_init+0x23/0x300
[  327.195630][T10087]                    start_kernel+0x3a9/0x410
[  327.201774][T10087]                    x86_64_start_reservations+0x24/0x30
[  327.208784][T10087]                    x86_64_start_kernel+0x143/0x1c0
[  327.215521][T10087]                    common_startup_64+0x13e/0x147
[  327.222002][T10087]    INITIAL READ USE at:
[  327.226313][T10087]                         lock_acquire+0x120/0x360
[  327.232799][T10087]                         _raw_read_lock+0x36/0x50
[  327.239299][T10087]                         __do_wait+0xde/0x740
[  327.245441][T10087]                         do_wait+0x1f8/0x520
[  327.251491][T10087]                         kernel_wait+0xab/0x170
[  327.257798][T10087]                         call_usermodehelper_exec_work+0xbe/0x230
[  327.265670][T10087]                         process_scheduled_works+0xae1/0x17b0
[  327.273195][T10087]                         worker_thread+0x8a0/0xda0
[  327.279878][T10087]                         kthread+0x70e/0x8a0
[  327.285924][T10087]                         ret_from_fork+0x3fc/0x770
[  327.292578][T10087]                         ret_from_fork_asm+0x1a/0x30
[  327.299408][T10087]  }
[  327.301882][T10087]  ... key      at: [<ffffffff8de0c058>] tasklist_lock+0x18/0x40
[  327.309580][T10087]  ... acquired at:
[  327.313357][T10087]    lock_acquire+0x120/0x360
[  327.318015][T10087]    _raw_read_lock+0x36/0x50
[  327.322673][T10087]    send_sigurg+0x12b/0x420
[  327.327239][T10087]    sk_send_sigurg+0x6c/0x2e0
[  327.331981][T10087]    queue_oob+0x420/0x4f0
[  327.336380][T10087]    unix_stream_sendmsg+0xc3f/0xdf0
[  327.341651][T10087]    __sock_sendmsg+0x21c/0x270
[  327.346509][T10087]    ____sys_sendmsg+0x52d/0x830
[  327.351432][T10087]    ___sys_sendmsg+0x21f/0x2a0
[  327.356284][T10087]    __sys_sendmmsg+0x28e/0x430
[  327.361128][T10087]    __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  327.366855][T10087]    __do_fast_syscall_32+0xb6/0x2b0
[  327.372148][T10087]    do_fast_syscall_32+0x34/0x80
[  327.377240][T10087]    entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  327.383745][T10087] 
[  327.386043][T10087] 
[  327.386043][T10087] stack backtrace:
[  327.391908][T10087] CPU: 0 UID: 0 PID: 10087 Comm: syz.3.1141 Not tainted syzkaller #0 PREEMPT(full) 
[  327.391921][T10087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  327.391927][T10087] Call Trace:
[  327.391933][T10087]  <TASK>
[  327.391939][T10087]  dump_stack_lvl+0x189/0x250
[  327.391954][T10087]  ? __pfx_dump_stack_lvl+0x10/0x10
[  327.391965][T10087]  ? __pfx__printk+0x10/0x10
[  327.391980][T10087]  validate_chain+0x1f05/0x2140
[  327.391994][T10087]  __lock_acquire+0xab9/0xd20
[  327.392009][T10087]  ? send_sigurg+0x12b/0x420
[  327.392019][T10087]  lock_acquire+0x120/0x360
[  327.392032][T10087]  ? send_sigurg+0x12b/0x420
[  327.392041][T10087]  ? _raw_read_lock_irqsave+0xbb/0x100
[  327.392058][T10087]  _raw_read_lock+0x36/0x50
[  327.392071][T10087]  ? send_sigurg+0x12b/0x420
[  327.392080][T10087]  send_sigurg+0x12b/0x420
[  327.392091][T10087]  sk_send_sigurg+0x6c/0x2e0
[  327.392105][T10087]  queue_oob+0x420/0x4f0
[  327.392120][T10087]  ? __pfx_queue_oob+0x10/0x10
[  327.392133][T10087]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  327.392146][T10087]  unix_stream_sendmsg+0xc3f/0xdf0
[  327.392160][T10087]  ? __lock_acquire+0xab9/0xd20
[  327.392174][T10087]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  327.392187][T10087]  ? __asan_memset+0x22/0x50
[  327.392197][T10087]  ? __import_iovec+0x5d4/0x7f0
[  327.392209][T10087]  ? aa_sock_msg_perm+0xda/0x1d0
[  327.392218][T10087]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  327.392228][T10087]  ? __pfx_unix_stream_sendmsg+0x10/0x10
[  327.392240][T10087]  __sock_sendmsg+0x21c/0x270
[  327.392255][T10087]  ____sys_sendmsg+0x52d/0x830
[  327.392267][T10087]  ? __pfx_____sys_sendmsg+0x10/0x10
[  327.392279][T10087]  ? futex_unqueue+0x22/0x240
[  327.392289][T10087]  ? futex_unqueue+0x22/0x240
[  327.392300][T10087]  ___sys_sendmsg+0x21f/0x2a0
[  327.392311][T10087]  ? __pfx____sys_sendmsg+0x10/0x10
[  327.392327][T10087]  ? __fget_files+0x2a/0x420
[  327.392335][T10087]  ? __fget_files+0x3a0/0x420
[  327.392344][T10087]  __sys_sendmmsg+0x28e/0x430
[  327.392356][T10087]  ? __pfx___sys_sendmmsg+0x10/0x10
[  327.392368][T10087]  ? __pfx_do_futex+0x10/0x10
[  327.392384][T10087]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  327.392396][T10087]  __do_fast_syscall_32+0xb6/0x2b0
[  327.392409][T10087]  do_fast_syscall_32+0x34/0x80
[  327.392418][T10087]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  327.392430][T10087] RIP: 0023:0xf7fc4539
[  327.392440][T10087] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  327.392449][T10087] RSP: 002b:00000000f54d655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  327.392460][T10087] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080006c40
[  327.392467][T10087] RDX: 0000000000000001 RSI: 0000000000040015 RDI: 0000000000000000
[  327.392473][T10087] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  327.392478][T10087] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  327.392484][T10087] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  327.392492][T10087]  </TASK>
[  327.693284][ T5971] usb 5-1: USB disconnect, device number 37
[  327.768038][T10098] netdevsim netdevsim0 netdevsim0: entered allmulticast mode