last executing test programs:

11.443460798s ago: executing program 4 (id=2482):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000"], 0x48) (async)
r0 = socket$packet(0x11, 0x3, 0x300) (async)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000140)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80801) (async)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r2, 0xc0145b0e, &(0x7f0000000040)) (async)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300)={0x1, 0x1000}, 0x4)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0x73220c8b}], 0x1}, 0x0) (async)
recvmmsg(r0, &(0x7f0000000400)=[{{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0}, 0x8}], 0x2, 0x0, 0x0)

10.58205217s ago: executing program 1 (id=2486):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TCSETS(r0, 0x5402, 0x0)
r1 = openat$tun(0xffffffffffffff9c, 0x0, 0xc140, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), r4)
sendmsg$TIPC_NL_LINK_SET(r4, 0x0, 0x400c000)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r5)
link(&(0x7f0000001240)='./file1\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r6 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r6, 0xc0585605, &(0x7f0000000540)={0x0, 0x1, @stop_pts=0x6f})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r7 = fsopen(&(0x7f0000000580)='overlay\x00', 0x0)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r8, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f0000000100)=[{0x50, 0xff, 0x0, 0x1000}, {0x6, 0x60, 0x0, 0x8}]})
write$ppp(r8, &(0x7f0000000300)="5af9", 0x2)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r9 = socket$l2tp6(0xa, 0x2, 0x73)
sendmmsg$inet6(r9, &(0x7f0000001300)=[{{&(0x7f0000000200)={0xa, 0x4e21, 0x2, @ipv4={'\x00', '\xff\xff', @empty}, 0x86c2}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000340)="58e9d602828a1478f02c740201ac33a621468552c7c0b45449d976aa4bebb3e2e1d8beb3f65828b1d0d3225c4d1e4c2b6f5cd78a341c8201e7c647025bb5fe31dcabf066379a13969da4e82a85dabe92a0657ec338908cec871e9b83f53a8cbca272f24fe5e9099b1c9fe1e3c0f042ee503a62fedc9101ccb1c882b6184577ef559dd964d2bcaa0bc0bf5062ec2d8ec9903453cb0d675e4c408b450451add67dd76b483940f810cdecddd5b71ef8f0b12c6e7e72bc63581ac2c7ac50f9921a30301ee67ee654072051415f85ccc720d90022694a0b1d29092f490af7fe4cedcc78377d4a", 0xe4}, {&(0x7f0000000240)="1321f6d9e1517f4394af1fc693af1d08fbea0235970d78779e16ed98625e4672ae76de30", 0x24}], 0x2}}, {{&(0x7f00000002c0)={0xa, 0x4e24, 0x5, @dev={0xfe, 0x80, '\x00', 0x27}, 0xcd8}, 0x1c, &(0x7f00000008c0)=[{&(0x7f0000000440)="8dea3951fe04c7fe6b80ff48f6125badf019981bc528497ee1994f3892da872a58c5e1af7b039f106c22ad207341a51517b86e72168874084f069c01ffbb2e529d571b564af22262a5cb762216dd5aca1dc317b920bcb695ae6d89cc27c32956ad0507ea2d753547bc71267737644718d8cb998e22f27ff2b22f6dd8fd09d2b99f499dfc9446ded456aff253a0a70254a5", 0x91}, {&(0x7f00000005c0)}, {&(0x7f0000000500)="8c6e1b45e81b46462c1fad8a639d45aaf72c", 0x12}, {&(0x7f0000000640)="b133eaded0c3086acf766db7aa977a0a4546171d83612406e530b9f3b44a165abd3b7fe5397ca39a13b79c4015b51d8234022b1a430042577ea82168dc09b56d06df408c9a0c27ac2f170d79b2693ed1dcf006a0bd9fc8ce66f8946cd6cc0cb74c8d33bff303e97ddabe6f24aac509eb2a6c4f7081f2f6e57fee678ee79fc4ff7f67bf", 0x83}, {&(0x7f0000000700)="227a04c6dcb62780a964b721acbe75742c3feb104af058b8a3a8e4ba9b762a9ec4989d438e02a6dfe5a655eb0f2e46e38f6b80e852c92d4815741cb5a8a32f04234ee66cf8f4584b2cdd85ed778d28e2407243a4cef46677f59362e83c775d175a8d162ac13c1bfea82be490eb20f2711b75bd5959f90b54704d096d87a5b1ec75aa3c9e671342372b2d8de17df4d5ce0ff53648adea02835e9f1d673df0ffd4e1689b944f798764671e56a83db47c47f41b382aa535a274fb90", 0xba}, {&(0x7f00000007c0)="5b5eba5139222e368f7a0864e191000a69cb5e3cb627ffce9868ceb8b0869a3b3d404a02ee5fa2da7c50fc0fe41607f0f16bbaf1803becf7da9b58a87fba8a27c8e5a0ac99e5313fff428226d26f17a92f260ddccf9b780882cb3f3817d7cea921c6c57bc840ebcb7842f50fbeff2eadbe", 0x71}], 0x6, &(0x7f0000000940)=[@pktinfo={{0x24, 0x29, 0x32, {@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}], 0x28}}, {{&(0x7f0000000980)={0xa, 0x4e20, 0x7169, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xf}, 0x1c, 0x0, 0x0, &(0x7f0000000ec0)=[@pktinfo={{0x24, 0x29, 0x32, {@local}}}, @dstopts_2292={{0xe8, 0x29, 0x4, {0x88, 0x19, '\x00', [@generic={0x3, 0xb0, "e77efbd0aaf73e13067302844807aadf9036ddddcc510cd4114668d2a5296473d1cf26a4b25886b63997242d1d164be662c80ffc6222e875e3f206d980d8abf94138c7b07a458bf036d03e87cc6ec280ab82df192dea7c1896bc7232ce37e803d3b0846942926ab88d32d5e3d17c0b6b8168c807f4a8ddb8e1d6a517759b62c59beb1cae8788b9c32c77c85fbc2513c302f5932889edc3df1b4c74da10348145a46ed7d5fc2c69fc89e56f31733fdefb"}, @hao={0xc9, 0x10, @local}, @jumbo={0xc2, 0x4, 0x80000000}]}}}, @dstopts_2292={{0xd8, 0x29, 0x4, {0xc, 0x18, '\x00', [@generic={0x9, 0x4d, "fa492151f3f138bc21e9fea068251a470f6bd8dfbaba47ccc8c82e93829b0028a96816e8dba7c87b0a0d74e4cc9596beb909f91c2ad085cfadbc10cd137b858670b123072efa7d615d10a13526"}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @private2}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x2f}, @hao={0xc9, 0x10, @mcast2}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x1}, @pad1, @calipso={0x7, 0x28, {0x1, 0x8, 0xd, 0x4d79, [0xed6, 0x6, 0x2, 0x10000]}}]}}}], 0x1e8}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000010c0)="106eba54c42b477fbbd9c057837b7e186d73ab36f5a8e720fc990eb4ea76d956c25c4025aa56e2fb4286fb8af6ec206b3e1140bd081ed469b26839e77d4d5f2bde60341db2ff4ea021e0472a9ea419b7a0376e526241db6913", 0x59}, {&(0x7f0000001400)="38919ca237547266c78662fefdfc8568d96709bb528179ea83f805fa86202f7f74355deb93882a14e5a594087557401ae9fc265f219a96e46ef1be163ac9c26c9afef20780ecb5fadb048b9784369fedd4217872a7fdc963924053efa8fea8088f9a34d6a2e4465a01301903badcc0724267929d717adfa31cfc9f3cfadefea3f2839234f3fff5a80ff949d8ac57c747d48b09b110f4d618895c95b74e9232807b305b74ff143179be053494ad7f4f0543d549e38274e28c24ebcffad8428ffaeea8a89b2fb9590dff04a449", 0xcc}], 0x2, &(0x7f00000012c0)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x2}}, @tclass={{0x14, 0x29, 0x43, 0x496}}], 0x30}}], 0x4, 0x20004810)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000029c0)={{0x1, 0x1, 0x18, r9, {0x5}}, './file0\x00'})

8.813675108s ago: executing program 3 (id=2491):
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000d40)=ANY=[@ANYBLOB="12010007000000ff1c1b1f1c4000010203010902240001010800fe09040000028301026809210800060122cb0f09058103ff0310ff0860347a00007317bf8fe576285306573bb441279f21c00c8158aedfa0a9b376427dde386f36528fe53f82b2c6f7"], 0x0)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f0e7402044cb483c1a9c3f8038b1420104000001090238000100000000090400"], 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x162682, 0x0)
r1 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020800000000000800000524050000082407000000009ef6230700000000a3a82f07070d240701060000fd800000001a4824030000000001"], 0x0)
syz_usb_control_io(r1, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x43f}}, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r1, &(0x7f0000001840)={0xffffffffffffff94, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x3d, @string={0x1}}}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x4a000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r4, 0x4068aea3, &(0x7f0000000000)={0xa3, 0x0, 0x0})
ioctl$KVM_SET_MSRS(r4, 0xc008aec1, &(0x7f0000000180)=ANY=[])
syz_usb_control_io(r1, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000480)={0x40, 0x18, 0x2, "aa85"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_clone(0x8000011, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r5, &(0x7f0000000140), 0x8, &(0x7f0000000400))
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000009c0)={0x1c, &(0x7f0000000800)=ANY=[@ANYBLOB='\a\x00\b'], 0x0, 0x0})
socket$netlink(0x10, 0x3, 0xc)
r6 = dup(r0)
fallocate(r6, 0x10, 0x0, 0x1062200)
write$binfmt_misc(r6, &(0x7f0000000dc0)="fe7c0e9fb104fb5eac6e2bebb23a226455286a136853371a4ab633e71a6b4242c96b36dcd0dc7762e56fbb0c3a571891aaf72654c56e35bb36da2d5bc2aa5e07e1e572a49e5ffeee639318cec3e674700c01c21758a55e2051f510ef3efdd6be1f376d2d7e384f15f9c45408dc", 0x6d)
syz_usb_connect(0x4, 0xbd8, &(0x7f0000000080)=ANY=[@ANYBLOB="12010003ac94b7107104290375c1010203010902c60b04020a00810904f80102e24783000624060001a005240003000d240f010500000039b106003106241a5801220905010c6006090603390af7e862bad8c20d05d90acd399534908959346ac0b6435ef521d3d0993377143e62694f1f1003efecd45a6623db82c72ba79d9df12a3bf00905060300040300050904000c101ba5bd04d4232e355e9a459e6aedd8d267fa2ac39a73236174157697c79765fbc4757523cea3a6408d4b1eb63ac1008e194e0e9d908962cb19ddb85a00f8be66211bffcfe0d9bf3260c4532830b4a0aa5d41d142d8fba90344cc4df748231f60ac889591b72b40a3df7740c4150a611f9abf5b2811a7114783f222372147ef2fbfd838f37d851f83ce802204d858900785a7b2b1e44cc1e621fe07a23d1b5a2128252081538265d1b34d3e5d831701967357f668eea3287dbf575b56066577ed2fddcc10fb1c46d81b877ea6837a09050b0240000404070725018007090046017627ae9c99c2f4a82d14971a9bc19247467aea04cd4256672e68d679f43d6d8ba4dfe4c5f2e5d1ad018f3262732a17be677ea2f339e335e236a5d0ccd3b58f9ff47d1c950905040108000380df09050a00ff03f10d0509050900080080000207250101080400090506104000035b070905001010004202810725010200000209050f0008005a0808643193d0321922bfb8c077609db181021be5c9f7fbe78db62156e52ae550e6b902a60cb66e82870f0eb68c6c6573e9e29c1540a508a7c67b6b204b9fc4d61eb8c1cf0a4005a87fc8f9f48e5df556dd334777dddb7c8af615e9167e0cd3507a7d13277d4b0725018004fcff0905090040000c08009324174db84d81168a1a63f7a934b169e283a426d509bc4dc2c25f82454712638dc0c787258bb2f0f95a9547f0dfb65924e41dec7d0ab94c591e457a55edf5cece1adaf5df65db78226d1082c01574fb99e1d59be31b8c71dd026b55293b036fba89b08ae767bcce2de869bf43014c2f242398d4607edc4a762c3303dc8c1ac099ac3b8ab2c0ae4f400cd0e0f7f9a10dff835309050c100800810103090508004000026e000905000110000f0d080905051008000c00034721fb3acf9ae2052396635186732fc0530ac5d519a27d1bf358e6a738b2769b9a1c46e0c41794387116be6c873c2acd6d7faf0c216dcef59a9e2ba3689ebd2e29cc5326095cf40905050040004d0500072501810404000725010309627c090500002000091d09090503002000040500090503018cacdc029e0904b80f0853a53a030924060000a6ad52a905240070080d240f01020000006c000200020824060001c371ed05240007000d240f010500000008000c000306241aff071107240a03020004102407f93cf20180050003000700ffff05240103000c241bff0108000002640e070905431000040107960725018309020009050d08ff030d960ebd07649b6eb21b5204656acf119b2a279c0c6b099de4e95f69e436e8e09b59aa26751100b621dd3ef728ce1a733eb47fffe6b24331f4d9f2d8dc3689e5bbe4c446adb18567c395788497fda2a4c2a34b1b9643077de3e5626fe5c516e3c493e699558d02f3a5fdfc7534840cedb10353229c1d16fb6d92c9690f90a0302e7058d5a28253c3fabe27b30aa8c11ea46822e24e94ccc4860565b295f9470f51b4faa5fab743de9c37da2b86d4849001a41418c5d57c206d0db586ac400017090508011000e703a907250101070300072501004900020905011010000f09090905020040005399214e238233f367dafd5bdede367855eef3bc5cbfc29f75fb31f8cf161dab291aa9f737545a77582a5559c532e14e235faa7c8c9cbffcd032a040bf1e5b7b8d3f16ed039447a3aeba144e1d8afbe7d009050f1008000309070725010306000009050710ff03040606090508100800ff0865072501831b0300c906d500f175af164855ee501cde6cb4da2bbb04abcd33df1dd1632182a5021a4fc8cc78ca03117aa14f0ef4c6252216f9ab6686d43859d2a90ef70905d285c1f791a1451f2b84ace3119429c144203b1b5f181592529f2745c89779b1e134d5a3db71658f97d807bc86fca3e3a1283fc47db0980ccb3bac5cb911c0d6177e14b8d845d71cdf94c610ef03becf63f247b5466313331f022615386a37113c805ab29c025e808156726be0d15ada7956818542e42d84b33a97883453959c079adbbd1573ec97c77c2185090403070e16485c020905800000040409000905030c200001defc0e240976137960f7747f7d9955380905090000040e40520725010080020009050c0c10000709815223b698002f7af994fe66f32f00e48c74a538083b9848392c0571d01498087792dac5bfe0052169f97e9c3eed9abe8b8c49577fda6a4c85359c2bd63f39c15a51b3f7b32bfe2dd667b86c6e88d72cd0336e07250182057e5c090501002000018a1007250103b308002704bfa4bdd729c9a6e5d54bdb32c9a48fef502af04973a982852e0b54904b0562622ac841c08309050310000403fa040905020cc29407107d072501000907009607edfd02715ab733fc3ebdd7540ac6658a3499fc56022d102ab48f2017541c2dba0b3f0647a5c9593359707dafcee2cefea67dea1f21e3f70cdfcb08f8679566fb8271cd8287edc12f5ed377636eab16560889bdd913c7686328136efa0031b35470b3e7abcd7d889b37a96bc690d361b4639c6391b2493e3b27cf8803da22f1b09e894dfeb3a42e2a358ca1c32e7ea769da2ae53a09050f0100040980011a23c330235f5414823e47c9a61c124be9c28eae4a6de90a3b69e82224fe09a45df2ef36fafb4ebbaddddea24dd49d3b719fcfe430e1f6d05111568c40d29c85b1c3b27ef02a7330c3e35d3d2eb1a7c1ddc85b45107ed212a4aa96322f0ccfdc73d64328a952a0aef35ac55ae71fd43a5f83acdaaad60226d82568158de9f170ac2ac877cd659aadea03ad579d45e806a040a0c16c6d5286658bff7f9bf41db47d84d7a594f2477658979e54b2bba7eed94686664f7f47f2216d28ce3c92ebd46af3663a1a21d2243abd837cac8b0d7647535790aaa6db391de04e3cf1b2953d7d76913f7bdf4f2979837ee6b01f0478c9428712a94c7db7ffcf6c70584c1ccd4c60090509030800040606ff02c9e54d544bb76b6dcdc8a24baedab7d2778554c3b4ee290767df018e1f0e202a697ad49685979562e88b1425dd4631ebf62dbca8cb31309193d8aabd7057721a8d26385781c373724e4c2c37e93fc847c7c8952bbb67dce55907219508b376bbc68474063ddc62f09965a2cae322c577f463bf20939eec8de84a3e5b5eae6a70c4e01dbefcbe59cb71be44e961da2eee9d7985a8c80841dbbf43f57340718f868f97eac65b27ac0f9ba34cc265e1980bf2461eb5905c779305dddcb953121c735ec10aa27e9ac52af8ab288de748059d293c40ece20ec48efe78faf5dc835c3329857c5808a802b7e35d1fc187cb2515517a689b8102189fe442072fdb0905010340000b010209050700080006004007250102530500f204aae3d4d57b80cc17d0413b6232e58e83f4a4a6387890051757f8d705c5e9a9470dd8db00461078e8a25c1820bb0e95f63ad8c0fc4e4445ad6ab0a6846bdc817c156e774fee088e363f48026c93b47adce2f83fe090e8dd7c3b42f0d01e1674b55eb400ff5344191dbcc56bc390ca7b45f5f5f47553d6447d34467d9d26c165a2d9e9c08a3e72b879a87c83ce22da8f7bf5c0db949f9db6b26745fe61445cca4f5596ad4b959a94d721d6c45adca89e4a500ffee4480c0f8ee6389a97da81bfcce9336e0b99d7c8935bc172a2919989ffe90465b0b15dc3dfdf7a08d8f498ffd9b96b0ba2c7cff954c8deaeceffd1f2170905000108002f05090905800200040725016430dc726073b682f567ecf98b23f7808b2e7fd5d886156e17dbdef70ea24dc6f912617bdc826b80ecac5bfb41a47723fb476cce36845dd8f88394d23b39d3ba3edbb635b3835f904fe6564270a8b51587133f632cc873a1dc4b90322983f6a8bc49983e09050400ff030001006704aa2f7a6e99293b74b490916ec48e40bfa0156bc2f2eda9f6f51e8ef4d6eda65e02c03f844e59eb9636b23c2af047bf76ebc158da70e55c50cc295e36c3134bc987dcb2e7a0359a25e6439101f775a337107b65e0250237f0b74d7a471e5f489e524b0ee5fe"], &(0x7f0000000d00)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x2, 0x5c, 0x44, 0x8, 0x4}, 0x2c, &(0x7f0000000c80)={0x5, 0xf, 0x2c, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0xbe, 0x9, 0x4}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x76, "88410ee73fb04d8d5e67f5e63229f4b6"}]}, 0x1, [{0x4, &(0x7f0000000cc0)=@lang_id={0x4, 0x3, 0xc07}}]})
lseek(r4, 0x0, 0x2)

8.436653639s ago: executing program 1 (id=2493):
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0xf000, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x7, 0xf9, 0x80, 0x0, 0x0, 0x0, 0x42}, {0xeeef0000, 0x0, 0x10, 0x8, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x3}, {0x8080000, 0x0, 0x4}, {0x11000, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1a}, {0x100000, 0xd000, 0xd, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x84}, {0xeeee8000, 0x80a0000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, {0x8080000, 0x0, 0x0, 0xf9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x6000}, {0x1, 0xfffe}, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x900, [0x0, 0x0, 0x0, 0x3]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x2, 0x801)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x7, 0x2, 0x2, r2, 0xb})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x2, 0x5, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2], 0x8080000, 0x1144})
ioctl$KVM_RUN(r3, 0xae80, 0xf000000)

8.166163361s ago: executing program 4 (id=2495):
r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x3, 0x2, 0x0, &(0x7f0000048000), 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$setregs(0xd, r1, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000ecffffff9202"])
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000440)={'batadv0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010028bd7000010000000f000000080034000400000008000300", @ANYRES32=r7, @ANYBLOB="05003300f4"], 0x2c}}, 0x80)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, &(0x7f00000008c0)=""/4096)

8.148003339s ago: executing program 1 (id=2496):
socket$inet6_sctp(0xa, 0x801, 0x84)
close(0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000300)=[{0x0}], 0x1)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0), 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f00000006c0)=@mangle={'mangle\x00', 0x1d, 0x6, 0x530, 0x0, 0x280, 0x368, 0x1b0, 0x0, 0x488, 0x488, 0x488, 0x488, 0x488, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00'}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0x203}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1700"/20, @ANYRES32=0x1], 0x50)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0182101, &(0x7f00000004c0))
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r7, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)

8.029444744s ago: executing program 0 (id=2497):
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000000))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000040))
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x80000000})
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000100))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000140))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000180))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f00000001c0))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000200))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000240))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000280))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f00000002c0))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000300))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000340))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000380))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f00000003c0))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000400))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000440))
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000480))
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000500)={0x0, 0x0, <r0=>0x0, 0x0, 0x0, 0x3, &(0x7f00000004c0)=[0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000540)={<r1=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000580)={0x0, 0x5, 0x4, 0x87, 0x0, [0x0, <r2=>0x0], [0x1000, 0xe, 0x5, 0x6], [0x0, 0x6649, 0x6], [0x75613964, 0x3, 0xf38, 0xa0]})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000600)={0x0, <r3=>0x0})
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000640)={0x0, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f0000000680)={r0, 0x6, 0x6, 0xe9e, 0x0, [r1, r2, r3, r4], [0x8001, 0x1, 0x7, 0x9], [0xb3, 0x10, 0xfff, 0x5d1f], [0x100000001, 0x40, 0x4, 0x4]})
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000700))
r5 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000740)="3abe78634b187c78ebee93d2443b89eb74b0ff641d23f8bb56713a3e6990a4f4fb7f46433ca590365b1478f63bbe90701bc824142559fe8b6b89d295b394499ba817213ee9ffc0eec6ddcdd4aa274817b1662d18321c7f69beb9f47fd5799f2cd10e815208bd49573cd83ffddcbc68cf74dc47bfc989d61ef4fb5d2d17b45d9c9660bba943dc42756331686e815b1ef26831363904d7bfab07423e86534e498f51841babd54cfda6449445d44d", 0xad)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000800))
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000840)={'\x00', 0x1, 0xf0, 0x8, 0x8000, 0x3, <r6=>0xffffffffffffffff})
sched_setaffinity(r6, 0x8, &(0x7f00000008c0)=0x3)

7.857744798s ago: executing program 0 (id=2499):
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000000c0)={0x0, 0x40}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/vlan/vlan0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_open_dev$sndmidi(0x0, 0x5, 0x141101)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x10)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x30}, 0x9c)
bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r4, 0x2)
close(r4)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201010200000010f3b100000000010203010902240001010330050904000801030101000921"], 0x0)
mlock2(&(0x7f0000005000/0x3000)=nil, 0x3000, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)}, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000200)=[@acquire, @enter_looper], 0x53, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0)

6.665428492s ago: executing program 4 (id=2500):
syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='id=\x00\x00\x00\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
write$FUSE_INIT(r0, 0x0, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
move_pages(0x0, 0x1, &(0x7f0000006580)=[&(0x7f0000ffa000/0x4000)=nil], 0x0, &(0x7f0000000080), 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r4, 0x0, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
pselect6(0x40, &(0x7f0000000040)={0xa4, 0x4000000000000000, 0x1, 0x3fc, 0x0, 0xfffffffffffffffd}, &(0x7f0000000240)={0x18, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x800000000, 0x8000000000000, 0x2}, 0x0, 0x0, 0x0)

5.857826479s ago: executing program 4 (id=2502):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000001380)=@in6={0xa, 0x6e21, 0x0, @loopback, 0x1000000}, 0x80, 0x0}, 0x2004c849)
sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f00000001c0)=@in6={0xa, 0x4e21, 0x2, @mcast2, 0xd}, 0x55, 0x0, 0x0, 0x0, 0x0, 0xf7ffff7f}, 0x4000080)

5.693678385s ago: executing program 3 (id=2504):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
close(r0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x0, 0x8400)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0xc1105511, &(0x7f0000000040))

5.621094416s ago: executing program 4 (id=2505):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000780)=@file={0x0, './file0\x00'}, 0x6e)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r2=>0x0})
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="2800000011140100000000000000000008000100"], 0x28}}, 0x0)
setsockopt$sock_linger(r3, 0x1, 0x3d, &(0x7f0000000000)={0x8001}, 0x8)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="600000001000030400000000000000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=r2], 0x60}}, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
preadv(r5, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x2, 0x0)
read$FUSE(r5, &(0x7f0000005b80)={0x2020}, 0x2020)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000009c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000b00)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x8c, r6, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x80}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x2}, @ETHTOOL_A_LINKMODES_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_LINKMODES_LANES={0x8, 0x9, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xdfc8}, @ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x4}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0xa}]}, 0x8c}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="dc90070004000000"], &(0x7f0000000500)='syzkaller\x00', 0xd, 0xe5, &(0x7f0000000680)=""/229, 0x40f00, 0x1e, '\x00', r2, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x5, 0xe, 0x1, 0x2aec}, 0x10, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000840)=[{0x3, 0x2, 0x6, 0x4}, {0x4, 0x3, 0x0, 0xa}, {0x1, 0x1, 0xb, 0x2}, {0x4, 0x2, 0x3, 0x2}, {0x4, 0x5, 0x1, 0x1}], 0x10, 0x40}, 0x94)
writev(r7, &(0x7f0000000480)=[{&(0x7f0000000140)="9ab5c66c9f702ec2088aa7528aae4f4ce27451c8dc75a30528533eb719a771734de8256ff6c54a1262d6530b6e1031d753dd9c3772acb3a6675172ef116d0c3b6d3d428db960c77a5b179d825e309bf7d4f1527ac05bdf17402944fbb7ac0000110000", 0x63}, {&(0x7f0000000040)="183c41d360972d4b7641039bd8b9", 0xe}, {&(0x7f00000001c0)="47af6a594299906e4be3089ab2ed6d8953c8f3a22c409143c29e9d1dfa314e139db7260dfbdf47de1dd870653d168b5b5c8eaed374f30f35072159168745543c1301d139fa66aa8908fedff6aa082d6bf97c23f08476df2c8ebe1d8522dbb9164e1494dd510f8f0f73c936228ee187248311c1bc8c7c05e30eadf530c0e43491228efa27cc346f0f", 0x88}, {&(0x7f0000000280)="2bd262a6daa1f57b5620c55bd6c916a7dad28a98903489298444c8bbfc17fc04e43af2bf222985feebf4a48743ae73ada5c7c7257ea7aa8c163402a258bb66004bdd4933d83178d9eaa1dc4550892c4cb63d97f2d1bc5e5873f5bc4fe57608816010ae3c22000f61f550dc5b9d92691fbe58f63a9aebdb83cc", 0x79}, {&(0x7f00000005c0)="ccd44f1a008281fbd23c0a0a0d7c33bb3931c725091702946508db6a0b66569f7599f7bf2ab5a9eae3e613091e8bc055510b2865b57726cbfb6e41c8e92808d6849bbe8681c5bb5ef2a521c52c3174097c4f0c792ed2a65b1b2c46abc11ae43764baaa3332e7b4d3ec13ce4946108610cae64c08f816f00960d3c575b88bffb6e891fe747473db4ef998ab137d45", 0x8e}, {&(0x7f0000000340)="a49f4a0e9f44d97c075da71debb8d8e2", 0x10}, {&(0x7f0000000380)="025f1ba4fb7228cf13c696d7a980f31aaf6fda0138583c9917020e2327438ff444d5b01b584d86a1865a12db28375637791644bca70d56bb6d3a27bcd0a3b07cc2964b40fa6facf0148c", 0x4a}, {&(0x7f0000000400)="e66e8c4d2b0639fc15a4ab747ca58fb9e139593b89512321115a183cfc85ef472af79fbf2f84d6", 0x27}], 0x8)

5.497479033s ago: executing program 3 (id=2506):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x29, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[<r3=>0x0], &(0x7f00000000c0), 0x0, 0x1, 0x0, 0x0, r2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x0, 0x1, &(0x7f00000002c0)=[r2], &(0x7f0000000140)=[0x7], &(0x7f0000000800)=[r3], &(0x7f0000000100), 0x0, 0x40000008e})

5.270242747s ago: executing program 3 (id=2507):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0xd06d000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="64000000020301040000000000000000000c00040800054000000028090002000000000301000000080003400000008108000440d65cb58f64833f66d62e000000010800010003000003080005400000001016cb2c80ef320900020000000007010000000800010003000028080004400000000201c376636207421910aa41e70532eb53b99d7268901ba6615ae9ad29d19eeb80a666871f4337a202ee5579037169ffe581cfe3c3b1c8b90de677d59be40e28496cd6a92a2263fe4935b55e65817a49423aad2638f38e32c495ef26ab5c44ecec2fd9ab4e4ee9b3c3ec4f7d4df37f12e11716d6172b341788cc82b78ab61e937e79cb884f10b5dae92452e8c8f83c6db225bb80fbc93580d65467867a70bd2352e231841cded06bf364cab3409ba19fbf845aae758cae5d7ddb8c8f14d6cf9a16e7cc6a742e03baa827077aaa98f0aa10812c704f17dca2a05a569bcb340aa88107eaf4fb0efc4207a6fde0d83d5e28e00f20dfd8c6bf567d712d0f2c8c46a9003f8b109f4859f8f0382b4a421a8bf439f1ab256fc20f51d0d2330c61534f3e7795adfc19bc2fd0604c9318f25ef25b59c266fe8cf8055fc2e2425052d61e1e7ec667310b"], 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x10)
r1 = semget$private(0x0, 0x4000000009, 0x0)
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05604, &(0x7f0000000180)={0xd, @vbi})
semop(r1, &(0x7f00000002c0)=[{0x0, 0xec7b, 0x1000}], 0x1)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
semop(r1, &(0x7f0000000140)=[{0x0, 0xffff}], 0x1)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000001c0)=0x19)
writev(r3, &(0x7f0000000180)=[{&(0x7f00000006c0)="8d0c", 0x2}], 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x2000000000000030, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000100000018110000", @ANYRES16=r2, @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000700)={0x0, <r5=>0x0}, &(0x7f0000000740)=0xc)
quotactl_fd$Q_GETFMT(r2, 0xffffffff80000401, r5, &(0x7f0000000780))
close_range(r0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000280)={<r6=>0xffffffffffffffff}, 0x0)
ioctl$FBIOGETCMAP(r6, 0x4604, &(0x7f0000000680)={0x80000001, 0x9, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0]})
semctl$GETNCNT(r1, 0x0, 0xe, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$vsock_stream(0x28, 0x1, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x115)
creat(&(0x7f0000000080)='./file0\x00', 0x2a)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0xa}, @NFT_OBJECT_CT_TIMEOUT=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x20050800)

4.660767172s ago: executing program 4 (id=2508):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000180)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000480)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a4, &(0x7f0000000000)={{@any, 0xffff7dff}, @hyper, 0x0, 0x0, 0x4000000f8, 0x8, 0x0, 0x4000000, 0x7})
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
openat$userio(0xffffffffffffff9c, 0x0, 0x22242, 0x0)
syz_usb_connect(0x5, 0x255, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x4, 0x3}, 0x0)
fcntl$getownex(r4, 0x10, &(0x7f0000000200)={0x0, <r5=>0x0})
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r5, 0x10, &(0x7f0000000240)={0x7})
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
userfaultfd(0x801)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8)
r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x6, &(0x7f0000000040)=[{0xff7f, 0x3, 0x2, 0x2}, {0xcbd0, 0x7f, 0x9, 0x8}, {0x4, 0x1, 0xa, 0xd}, {0x9, 0xb4, 0x1, 0x7d1b}, {0x100, 0xe5, 0x9, 0x7}, {0x7, 0xc9, 0xaa, 0x3e1}]}, 0x10)

4.487797796s ago: executing program 1 (id=2509):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)={0x34, r2, 0xb3d3e8a28760fb9b, 0x70bd27, 0x20000, {}, [@ETHTOOL_A_STRSET_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000c804}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in=@multicast1, @in=@multicast1, 0x4e21, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee01}, {}, {}, 0x400000}}, 0xb8}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900e9990000000000001000e0000001000000000000000000000000e000000100"/51, @ANYBLOB], 0xb8}}, 0x0)

4.190068026s ago: executing program 1 (id=2510):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000001c0)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000000c0), 0x17, 0x20008050)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r3, r3, 0xfffffffffffffffe, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x89901)
r4 = syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
kcmp(r4, r4, 0x0, 0xffffffffffffffff, 0xffffffffffffffff)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
socket$nl_netfilter(0x10, 0x3, 0xc)
lsm_set_self_attr(0x68, &(0x7f0000000800)=ANY=[@ANYBLOB="6800eabe33b1000200000000000000002000"/32], 0x20, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xff55, 0x0, 0x32}, 0x4014)
sched_setattr(0x0, 0x0, 0x0)

4.189220764s ago: executing program 3 (id=2511):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x22, 0x2, 0x24)
sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="240000b6", @ANYRES16=0x0, @ANYBLOB="01002abd7000fddbdf250f000000080039000500000008000300", @ANYRES32=0x0, @ANYBLOB], 0x24}, 0x1, 0x1000000, 0x0, 0x24008850}, 0x4004a040)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, 0x0, 0x2, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xa}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4841}, 0x20000001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000640), 0x406000, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r4, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd"], 0xfdef)
syz_io_uring_setup(0x1f97, &(0x7f0000000080)={0x0, 0xe244, 0x13580}, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000600)='wchan\x00')
lseek(r6, 0x2000, 0x0)
ioctl$TIOCSERGETLSR(r6, 0x5459, &(0x7f0000000040))
ioctl$sock_SIOCADDRT(r3, 0x890b, &(0x7f0000000280)={0x0, @isdn={0x22, 0x8, 0x17, 0x7, 0x4}, @tipc=@name={0x1e, 0x2, 0x3, {{0x42, 0x3}, 0x7}}, @qipcrtr={0x2a, 0x0, 0x1}, 0x200, 0x0, 0x0, 0x0, 0x50b7, 0x0, 0x6, 0x9, 0x7f})
sync()
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
syz_open_dev$midi(0x0, 0x500, 0x32b800)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r1, 0x81f8943c, &(0x7f0000000300))
close(r0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000000906921a821f7d10a6e30840153401020000000000000000000000000900020073797a310000000005000100070000000c0007800800094000000081"], 0x34}, 0x1, 0x0, 0x0, 0x10000047}, 0x0)

4.002077891s ago: executing program 0 (id=2512):
syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB='id=\x00\x00\x00\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
write$FUSE_INIT(r0, 0x0, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r3, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
move_pages(0x0, 0x1, &(0x7f0000006580)=[&(0x7f0000ffa000/0x4000)=nil], 0x0, &(0x7f0000000080), 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)
getdents64(r4, 0x0, 0x0)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
pselect6(0x40, &(0x7f0000000040)={0xa4, 0x4000000000000000, 0x1, 0x3fc, 0x0, 0xfffffffffffffffd}, &(0x7f0000000240)={0x18, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x800000000, 0x8000000000000, 0x2}, 0x0, 0x0, 0x0)

3.710079084s ago: executing program 2 (id=2514):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x200001}, {{0x0, 0x0, 0x0}, 0x2046}, {{0x0, 0x0, 0x0}, 0x10001}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000800)=""/213, 0xd5}, {&(0x7f0000000900)=""/242, 0xf2}, {&(0x7f0000003e00)=""/4098, 0x1002}, {&(0x7f0000000440)=""/234, 0xea}], 0x4}, 0x101}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000002e00)=""/4094, 0xffe}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f0000000340)=""/113, 0x71}], 0x4}, 0x4db}, {{0x0, 0x0, 0x0}, 0x8}], 0x8, 0x40010020, 0x0)

3.618347658s ago: executing program 2 (id=2515):
r0 = syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x222000c, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESOCT, @ANYBLOB="2c67728c75705f69643d", @ANYRESOCT=r0, @ANYRES32=r1])
setxattr$system_posix_acl(&(0x7f0000000140)='./file0\x00', &(0x7f0000002b80)='system.posix_acl_access\x00', &(0x7f0000002cc0)=ANY=[@ANYBLOB="0200"], 0x4, 0x3)
io_setup(0x239f, &(0x7f0000000380)=<r2=>0x0)
r3 = eventfd2(0x5, 0x1)
lsetxattr$security_capability(&(0x7f0000000080)='./cgroup/cgroup.procs\x00', 0x0, 0x0, 0x0, 0x0)
io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x9841, r3, &(0x7f0000000080)='H', 0x1, 0x5, 0x0, 0x1, r3}])
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x60, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x0, 0x0, 0xfff}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x4}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000009, 0x204031, 0xffffffffffffffff, 0xec776000)
ioctl$SNDCTL_DSP_SETTRIGGER(r4, 0x40045010, &(0x7f0000000040)=0x2)
ioctl$SNDCTL_DSP_SETFMT(r4, 0x40045010, &(0x7f0000000080)=0xd8ec)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x1, {{@in6=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x2}, {0x0, 0x61, 0x0, 0x2000000000}, 0x0, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in=@remote, 0x0, 0x1}, 0x0, @in6=@private1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x2}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x1}, 0x0)
move_pages(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000000000/0x1000)=nil], 0x0, 0x0, 0x0)

3.183747921s ago: executing program 2 (id=2516):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002d00)=[{{0x0, 0x0, 0x0}, 0x8103}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000001300)=""/193, 0xc1}, {&(0x7f0000000000)=""/261, 0x105}, {&(0x7f0000003d40)=""/4097, 0x1001}], 0x3}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000001900)=""/229, 0xe5}, {&(0x7f0000006080)=""/4111, 0x100f}, {&(0x7f0000001ac0)=""/4112, 0x1010}, {&(0x7f00000011c0)=""/158, 0x9e}], 0x4}, 0x20000f}, {{0x0, 0x0, 0x0}, 0x9}], 0x8, 0x20, 0x0)

2.991202038s ago: executing program 2 (id=2517):
r0 = socket$inet6(0xa, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet(0x2, 0x4000000805, 0x0)
listen(r1, 0x5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000"], 0x7c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x4, 0x0, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_BETA={0x8, 0x6, 0x5}, @TCA_FQ_PIE_ALPHA={0x8, 0x5, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
sendmsg$MPTCP_PM_CMD_REMOVE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x2})
ustat(0x1, &(0x7f0000000000))
ioctl$VIDIOC_QUERYMENU(r3, 0xc008561c, &(0x7f0000000000)={0x980900, 0x3, @name="51da06bc7338e17dfebb1580e15b95473b09f0d1fb8aa1e9959ef9dc00"})
ioctl$VIDIOC_DQEVENT(r2, 0x80885659, &(0x7f0000000100))
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x40, 0x0, 0x10, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x2400c888)
sendmmsg(r1, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, &(0x7f0000000200)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="120000000000000084"], 0x18}}], 0x2, 0x844)
setsockopt$inet_int(r0, 0x0, 0x3, &(0x7f0000000340)=0x80000001, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010101}], 0x10)

2.631153145s ago: executing program 0 (id=2518):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5543, 0x522, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe0, 0xc, [{{0x9, 0x4, 0x0, 0x43, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x80}}}}}]}}]}}, 0x0) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = eventfd(0x5)
poll(&(0x7f00000072c0)=[{r3, 0x1110}], 0x1, 0x9) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2000000000007ffd, 0x0, 0xd4}, 0x0) (async)
timer_settime(0x0, 0x1, &(0x7f0000000500)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) (async)
r4 = syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000480)=ANY=[@ANYBLOB="12010066d5067f102505a8a440000102030109021b000101f0880f0904000901070101108cd730496dc05ab3b22a31a9d2090905010200"], &(0x7f0000000540)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x300, 0xc, 0x7, 0xc, 0xff, 0x6}, 0xcb, &(0x7f0000000880)={0x5, 0xf, 0xcb, 0x5, [@generic={0x3e, 0x10, 0x3, "5f286e449a4e82d1311cf75fed3ed214cf33d58f40cf682f729632875b9735c1311152a13ad7b239771bc4784cc19a6a3f81d3696bde61cac915e1"}, @generic={0x5a, 0x10, 0xa, "9b1ff72e2b89d94f9d37b4a0ed04067609cb63c7368606fafa49ecea2f99c26d595b3e15c11332be5029322fe31a88ec4f36936c8ac7fcfe20d31c048d3f469c808f3bd7af50e14d053e3e74376cdb954b392a0358cafa"}, @ssp_cap={0x10, 0x10, 0xa, 0x0, 0x1, 0x6, 0xf, 0x4, [0x0]}, @ss_container_id={0x14, 0x10, 0x4, 0x8, "e6bf7137f350214d2e5e891fa93c382e"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x2, 0x8, 0x2, 0x7}]}, 0x4, [{0x0, 0x0}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x413}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0xfcff}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x444}}]})
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='oom_adj\x00')
read$rfkill(r5, 0x0, 0x300)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000000)={&(0x7f000067d000/0x2000)=nil, &(0x7f000053d000/0x1000)=nil, 0x2000})
syz_usb_ep_write(r4, 0x8, 0x3, &(0x7f00000005c0)="ff810d")
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_GUEST_MEMFD(r8, 0xc040aed4, &(0x7f00000001c0)={0x200001fe0000})
fchown(r9, 0x0, 0x0)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x48) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x3}, 0x10}, 0x94) (async)
r10 = dup(0xffffffffffffffff)
syz_open_dev$sg(&(0x7f00000001c0), 0x6, 0x2) (async)
writev(r10, &(0x7f0000000180)=[{&(0x7f0000000040)="d33a060a21876c0ba8dd6f4c17fde54ec871b3e2ace7ceceb8526d49513d23e2ece106ed6c12028862a9506094f5e59198f1405a9f3ce257834d2199bb3a1d86b4200a78a70c960a8e710c917b2fed9fc251363070d76273", 0x58}, {&(0x7f0000000100)="206744699e250fbfc3183557dfa74c26220983aad0576a2d55ff6dea15f7201cf0f2162ff6f3662d97e58ceefbbf384e21c41ba80d2b8326378ac722b783a309c27963de", 0x44}], 0x2) (async)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="0900000000000000c07aca"], 0x0, 0x0, 0x0, 0x0}, 0x0)

1.910082655s ago: executing program 2 (id=2519):
syz_usb_connect(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xea, 0xd0, 0x1c, 0x20, 0x525, 0xa4a4, 0x2063, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0xfd, 0x20, 0x0, [{{0x9, 0x4, 0xa7, 0x1, 0x3, 0xa5, 0x98, 0x85, 0x0, [], [{{0x9, 0x5, 0xa, 0x2, 0x400, 0x6, 0xc}}, {{0x9, 0x5, 0x6, 0x2, 0x20, 0x7, 0x7, 0x1}}, {{0x9, 0x5, 0x3, 0x1, 0x20, 0x8, 0x2, 0x4}}]}}]}}]}}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x3, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000000300)=""/56}, 0x20)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0xee00, 0xee01}}, './file0\x00'})
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10)
r3 = dup(r2)
sendmsg$inet(r3, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0xffeb}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0xf}, 0x0)
recvmmsg(r3, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}, 0x37}], 0x1, 0x40010022, 0x0)
read$FUSE(r3, &(0x7f0000001540)={0x2020}, 0x2020)
read$qrtrtun(r1, &(0x7f0000000080)=""/17, 0x11)

1.90060694s ago: executing program 0 (id=2520):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x20)
recvmsg$kcm(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000240)=""/194, 0xc2}, {&(0x7f0000000380)=""/198, 0xc6}, {&(0x7f0000001f00)=""/195, 0xc3}, {&(0x7f0000000940)=""/213, 0xd5}, {&(0x7f0000000f00)=""/4085, 0xff5}, {&(0x7f0000002000)=""/226, 0xe2}, {&(0x7f0000000700)=""/217, 0xd9}, {&(0x7f0000000480)=""/172, 0xac}, {&(0x7f0000000540)=""/191, 0xbf}], 0x9, 0x0, 0x0, 0xa00}, 0x40012100)

1.483473501s ago: executing program 0 (id=2521):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0xd06d000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="64000000020301040000000000000000000c00040800054000000028090002000000000301000000080003400000008108000440d65cb58f64833f66d62e000000010800010003000003080005400000001016cb2c80ef320900020000000007010000000800010003000028080004400000000201c376636207421910aa41e70532eb53b99d7268901ba6615ae9ad29d19eeb80a666871f4337a202ee5579037169ffe581cfe3c3b1c8b90de677d59be40e28496cd6a92a2263fe4935b55e65817a49423aad2638f38e32c495ef26ab5c44ecec2fd9ab4e4ee9b3c3ec4f7d4df37f12e11716d6172b341788cc82b78ab61e937e79cb884f10b5dae92452e8c8f83c6db225bb80fbc93580d65467867a70bd2352e231841cded06bf364cab3409ba19fbf845aae758cae5d7ddb8c8f14d6cf9a16e7cc6a742e03baa827077aaa98f0aa10812c704f17dca2a05a569bcb340aa88107eaf4fb0efc4207a6fde0d83d5e28e00f20dfd8c6bf567d712d0f2c8c46a9003f8b109f4859f8f0382b4a421a8bf439f1ab256fc20f51d0d2330c61534f3e7795adfc19bc2fd0604c9318f25ef25b59c266fe8cf8055fc2e2425052d61e1e7ec667310b"], 0x64}, 0x1, 0x0, 0x0, 0x20000000}, 0x10)
r1 = semget$private(0x0, 0x4000000009, 0x0)
r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05604, &(0x7f0000000180)={0xd, @vbi})
semop(r1, &(0x7f00000002c0)=[{0x0, 0xec7b, 0x1000}], 0x1)
truncate(&(0x7f0000000040)='./file0\x00', 0x0)
semop(r1, &(0x7f0000000140)=[{0x0, 0xffff}], 0x1)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000001c0)=0x19)
writev(r3, &(0x7f0000000180)=[{&(0x7f00000006c0)="8d0c", 0x2}], 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x2000000000000030, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000100000018110000", @ANYRES16=r2, @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000700)={0x0, <r5=>0x0}, &(0x7f0000000740)=0xc)
quotactl_fd$Q_GETFMT(r2, 0xffffffff80000401, r5, &(0x7f0000000780))
close_range(r0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000280)={<r6=>0xffffffffffffffff}, 0x0)
ioctl$FBIOGETCMAP(r6, 0x4604, &(0x7f0000000680)={0x80000001, 0x9, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0]})
semctl$GETNCNT(r1, 0x0, 0xe, 0x0)
socket$packet(0x11, 0x2, 0x300)
socket$vsock_stream(0x28, 0x1, 0x0)
creat(&(0x7f0000000040)='./file0\x00', 0x115)
creat(&(0x7f0000000080)='./file0\x00', 0x2a)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x801, 0x0, 0x0, {0x7, 0x0, 0xa}, @NFT_OBJECT_CT_TIMEOUT=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x68}}, 0x20050800)

1.116668314s ago: executing program 1 (id=2522):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, 0x0)
ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000300)={0x4, @capture={0x1000, 0x0, {0xa, 0x1}, 0x9, 0xf}})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000000)={0x0, 0x1, 0x3})
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000100)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r0], 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xa005, 0x10100}, &(0x7f0000000080)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x230}})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
vmsplice(r6, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0)
write$binfmt_script(r6, &(0x7f0000000400)={'#! ', './file0'}, 0xb)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file1/file4/file7/file6\x00', 0x2)
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r8 = ioctl$KVM_CREATE_GUEST_MEMFD(r0, 0xc040aed4, &(0x7f0000000040)={0x52a, 0x6})
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="9a1a3dccdef1b4ee717075551a8784cda970e68757ae6d8f49c643a5c392cbe527db04b8d8be8928ac6a7b4a110c8e69ed8513e12287e1f05bd4e8677c89c98a22f5aaaa82526af15f8e6727b051774d0f39b6b26f19ac0551", @ANYRESHEX=r9, @ANYBLOB=',rootmode=00000000000000000140000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c67726f75705f69643dbfd16fb3631c56a130102477340c28acabe76679fd12cb4a719bbd2644935a76374fa93eb45ece889b2653f3dc38681338e4da3238fed7d97f165997a432a78e89ef060000000000000000dcfbf7c08adf671ba1453a5fde6f751f4c235437fee270e0ae4334d2571418719f18025cdadb", @ANYRESDEC=0x0, @ANYRES64=r8])
read$FUSE(r9, &(0x7f0000004280)={0x2020, 0x0, <r10=>0x0, <r11=>0x0}, 0x2020)
write$FUSE_INIT(r9, &(0x7f0000004200)={0x50, 0x0, r10, {0x7, 0x29, 0x1, 0x20b61000, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x7}}, 0x50)
syz_fuse_handle_req(r9, &(0x7f00000088c0)="761d830cb682c898eff0bd8cf89f15f4a12940213fdafa0f39ad239dbbe11851c2c7cd20f42c8d001b2cb0a97c0138f8bfeb1a5c117e02b3fbc1cba97a7d02e2d84a1018dab174d3ef91a5d9dc46dabb244d9115c89eff75d2da2e2f7578a4920d9dbe0cbd7c553e52bd778fefcdd2ee42a7e04889538a980f8f4293e8c1009a536db29275381f3b27aad6eb446e127671226111b5d8ef39caa7d016b1602e34eac24bc60a483c8c1a76f9489c9f6ebe2205f966871ee207c097c8d340683b187270a7422ee117f5e75dd70da830ef93c28fd4aa1f7a36d9a017557fc3463a728fd27a36d7923c975777245ac7a9df6e965cbd0c46629372a7631864a9da8cab08301b2a30e8deeac591fa9ba0389e1817a326d5842e1978dc1463f78badbb207551e2e4cdcfa668b3b7bbc9a8b209c673c9b20625cb996b87f313d59271e92df97b9b6b0a80da04d7b70fc8e3669b7a94610f75a69956e37a61342c7bc0bed83b1b961a4bbd8ac0e9ee959e275deff57b196abf2c103088561312a16ce7c5df67777a2ad9b2ecbb1d97af5d0988998e0a444c08f96b80a1ec27c1ea529be76a5836ae15d07b27893e357b1a170e025533f79946407d0fd5ef0e7af0ef5190a459d05b15d749805ac0461f65d6eaba156f9785b993b0ced640bec4fa11cebf4bb5488ce85304b23041373c77357ed0b637264dd251c081d2c575e46b4fd71af12d42335a4eac44222e5ba245e05dca8a16068f6330bd553850dd8a1af9ba69b4541959a25ea91b4662a596f6a4f8560c6aa7173897e0c6ada50d423bb8765b8ba19eb9936fb92edb685bbfe694f1648d88f1f9ef7d8ec7cecf4d9c5db05c9a1298176dc6f76f3145d438ee2dcb91b460027b3cd5f446ccc36e0d8b507f40afb1bc483a5febb9114bb406bd8fa2a5e084ca81d38ba9db65e87de94129db0c6b72d81a5c26ba6d3f703292009e302d560cb7e94c76b4cff0fa646d64f093bca010f2f10357c396bb6192669e6abec240d34b3a18e46961e290e902da0726d6850d832129fbf2b2ebf58116a909692344316d175a42c0433e7cd7124deed863b2bb7882ec571b8d4d9c48bfbd800abd963cf627a8bb7831b304baf62fe2ae1c753cfbbd48bd4548b23d9628eb334be84e2c4328c4791c9582bc5eb825593ddf6ae6dfe4deefcad4781d25ca680ae597e4f2e75eabfff5022bd53e80c069c1219d6dbea31c2ad85c788d5fcae83d964e74b2b5beedf2f411e70e5a37307ada87b129b1e45f09a59bae807b2ad634028906237a6f4f602b8525983ec8db4f018cd3d90066eddd0b83e03d9f8cb12590768700d3e89003c01051bad266be7c5eef0691274e0398333e90dae8f90b8b4d82b11b2a5db02f68f31f1274a4070b5183a1a74ac564f196561dff289860e490bf649051cf2a22677253d81c4300fca4518e9c681c2d2abde8cc7db1532c65fcdab8e6b212c92dd42a623caac3afadd29b61ef0c513c8004f98b744ad95b05cd6832e5d38177dc6e131ef2fb5b22fd010b330474d010177dcfc5c4f39b2f5ad80d95a20c2cb62fb04ca63d930935b7e1ff8912341bb8f9ac3a255a31e0c6a1c68bacb3734d074de72d94c96be9e4e2f80002c8cb0f604c9b10574ab4f12ed47231941cd1c91cf7e96b49548ebe668faa5e14a8c13302be1959618df4feaf704065195bcbf9566b6bd351af8b3bea61812a881f1841ae8873f15625f2c0948a0e134f080d6424f8df0002ffe8744a8accfd346e6464bc9be9793fd3183234aab031076c291e500ecdfc3e9be869c23bf0fb323dabaef6e490a6e3866a1de1312afa5d4686b492e1f9aee230ea1643c0219debaad7b66a8cc3908bf5a3492d6d70126eac292536a6e2e789747725e181dc5276b506fc7c698e59089f09a5648b21463ca11bce12d05abc4b9dd6408a07bd8bc90e25f984d2bdfee8effd51894075783c803addd7312a603fe05060c374bd3cc8a871bc0b4c959a6a2af1571d30ca462c46f08f887de11eccb603d94b6bb4dd177301afb9e7cb62896e1ef7c84c278f50fc066c33f8c1452fa00eb5677091ddd2d8fee7232ec7e461b079737980b0f5dc08000000a3995a00b05d223a6e12c03c01ed6d6dc9938d817e29bfa84d13d220aeddb3c4e7200e127e9cf4813537830b08d217fc5c91ad3add289a8f52b278fc05263bb1b6f5e161b5ec299a4020308c85958a4dc6208989ca2af5a29143d3b8150887e6d27fe2a20099ab547ef012bab8728e16cdfc00e7b20dd709714141e3c784301fe3dce23225e30aa208ddb0e3a4bd48f8d0b8273afdf003a687e276717b20ee2659fc1f3a93b3acff5bdbd76748d2765ddc2bb6d48abaac6590ddef219b29e998795fb48d668614551f3cfe4aa11600a6064ca6e2bf5233332378497f249fb8df6a3472a01c7853aeaa4bb0a28518bf66e033e79f6081d5562dfb3e91462605340b5b5caecc9a5e567181b3bea74e3e51cfb3f1a5b4a28bf7aca0a6dc0eca0a655735dde2103c8f4e53ab287be2e2e072de41829c077c4b65c29a51dfd60128836830e35dc51912fb107d3b971447d5c324a84b07537581b4a9536f399ae9b9822cc72388713e74806e8e77411d79c422cf4cbeb6bb32cd5605b0f87ee4d7c29de4c93a9bd01ccf13fa6d737e8e767b15af8abf689c43c43ccc033af76959502af27e9b58241433c3c824cd2148328b7beae98814dedce0196f6e4984916e081c3fc3b42b4baf9b2e41e353a42898a65227d36854970cea9f766578a0657028d101c39843b900dc3af1af4157a41d238a9c681c629d6d019324238831dc62eff0904072c7f0c0444a136ac3e602023152caa5c6879f23b88f20b7adf9ae37d7bc33ed80a7a88eedf6ab8ab719debd84f231babe4c000705db75e3fc25814f16d833237022aabce3bbf6a06d29ddbd25574a4d9194d7389393ac065979751a7a795c7fa8fc6476afefc66990702707578216ba49a1b230e7c19441af251ed03dac43de5e3c52b0b4038d89bb0051fcd31f2e920318c36aab22c5726979a5ca27310a90eb7555c6de045cfd8fc08cf4a6174b7c0865821ab6c5079bdde229cf185dfacd8c89ae89315f0a812802f62084d5193faa673823b80c6f83c61b2958b78a2f09058e37a1aef37c27491d5dae69f88a29fd9633bca6631d6720bd7893437c86bca3af15496c5d6efb8ad10353c0cb1b4715fd819c26d427028b5f10eb9aabb17e332d0db378d7cb1f024f0fafdede09d9cf40f9dbc1106ef509dcb9969dee26a45adbc453b6b0272685813d41b5f60c1ac3d1a3801211b73431b34fe3f231b3a6fb5d2f368f04145fc401c8b36c492c4e255d9eef6e5c906d469e3b326cafb7f49c59de427f3b6dbcbc9108fe421cedc57a66b99d15769dde6891027a7f3c4f12f0c831d666bc9f000a7dc07b8d4cd955983fead67a8757cc3729a94577d3de6e0479a4f69b24547eddfa5ceef2e7aab98348bc7ce0370f02000ddab8bd699f53db7a830837b279e3025591a46d6714ef72a2d2fbdd7bf6b71eb276aed95b77258122aa67806f88ea8969ef030e2e660fd1818cf663dccbb87f1c3f0b70008ed07261ac1dcb68b87ba7b3f8b63ec27e1ad2ca3af753ef3c43bf67bf3880dfa1a11c8940d616b2bfb04daef9dd2039564306f749c5e7dad3b05761e42c3246367fe2b392e7ca267b7a1b33b58135bcd67a2d9a81e7c5afbcc25873399f709f37adf5ceeb8be519e64887245cbf249e6976409c60e31ef41e69e13ee01ed7763f5ee825229c590c170b08464f28d2c989e1a6c701c46912c3f97a7f973bf4eacc8151fcb59ac641f0e83c5e3101c88e8d2710b7aa8cb72f6503a3fccb999a36c609f6d6f8707f6dc0ca025209aed8ecfba36b9ee52e2afc25e35da71fb9d577f80064c768b0003a788577aba71dc524d7808b033d602d870b66cdb339086109fbf2987f0bbe556d5ef4bb753dc4e1893f3937aa8465293beb7e96d00caf416dcc84a80a6ce8ebd01785611c1628310b099f375045e73a341ae06ec5423d59a7f5f9f21c40b52356d65e815ab5a4f74d8d4b7c6350b8bcf12907da2b1f502ce73b0aa73b4efabe91cebe116822177d797806edefaaac9c540ff02440baf9ae4b42c45104f01794461ba3ea1e7f9514e491032f8ba535ad104148be572a41598570843fd6fe90c97e7187fb433303852138f2dff0eb24f756ae378678919eb180822981eef929c724ec2295abfb0eb588fc406faf740ee71d4b285c05c289ea27feeb6c9d744beacafd2f601d23ad06afcd903f4e9ee3375806afaf21f01ef0a493dcf92ff9d8858105e86029a12cef0bc37f3b54fcebf5646f5f02952efb2d80dd1bb3bab3bc18a31eedd327757a17565d3e267a054a63e1883638d7cbef83a8308ac2e2b7c657c21fa4495ec9506bc0b6c67b7f12a392ee0e557ac06625a5851effac29801c21746dd0bbd2e25d13ab020ed4e133a1eafbd58d26d1a1a3f71f1a958f2ec5c15f5c055c9f1d1ddb33048e48bb9acad7f167f67305ce4bb1dc4a6373b7c1726f5b298a5c7c74d960fe30ff9e1fc0bdc3408640cafb34e2a3a2bcce2ec0ca7bd13edd9f365ce338b63c1bf6c3c6e1d2171ee58dce6075cad284f5e7e466914bcd1afe28546fab2d9f537309a5b36e62de5dadc378aef8591797d3311f8cf5e965242840430ee123b9ac7dcca493a4bcb108eb85a9e52cc33b62b515b95634c57b58b52f72b10b4306e7282349b999e9deb93d867b95f2e14bf20f56c1068e2b0684dc67ffe1dff590145b28bb8dff42e44e6228ec5783662a5a67b34f46863e6711f0e3cacbb88447aee4be56aa318eaa570df303a1c88223cbdf2faa1840ca1e72018136aa3cf9d2ae00be52e5d51600f57a3c7421e15b778229fe8165fc50ed2dc7c577ceba7342ff6996dfd7087a2f61843064889bc505473a3aa7d96dbb7c550f4552331e4b601c1bc3bc1e6a7717264dcec37617dde6017edf48c8b6f9675d3a8978ecdf0bdeb716f9166f0bc7f9de5b47e7ab99ed8624c3f8487bb1fe2b5cce35bfbce2fcde38d0c5100f7819e0bcd360c7bb9f80d4392fa74d938ccd83d6f40d1a55e03a79c45ff68468ca42ac99a4de8c777f952d2ee6138fe62ee4d4a8b76ce799b8a0e7fac09f9610a472635f8b8b1721d1fee535a83722eb87d8c866544b8916f8af56361de6eea4427233cc804fe55ff9b3b2c88bff72115deda64d75fbc72b1742997a291d55251e8b2efffa37ba0e762c7d7bde8a81359d9c6dc2141f86d3eb31c63739f0790178a0e3dc3c1d403834df18c81e68430957249ca3cf55ec376af9d8b049490e890d0fa5782a9d6b23d4c1428037b053eae32bd6732ba96de194f210eb8fc79be3928deace54ad8e473791e7281a89b0d8e27b232269b8c35c85f9ecb72362170839753fb29d9930f39e869e9b07ff85da8a4a57be5b09bcaaf355bcf030f26d2f66a4ec6864c26e901fb3bf6fab435c16b4985cabc2f84d37a51ee8a1378cc7fd480c41826c2f1bdff2cf37ba2bdf2c8cf909968b9fce9af8448aaa63014dcac7a739e1b3ebfe30b6d934120c4bd63d2269becbe9fcf201f1a3009bdaecd4b90cfb3ba7e4d4f190ba0c6235a8d0ea23e451250f0a66fa189a030641d8a49a18807881ebcfeb0176093a158b2deb8837003fe0b1d4bf06e8f9bd7c8efd8775137497027ba997d2f7b4b98ec5b7e0f4614f532b81a6f96048a81da770423e8a952901e32051b0a0cb4e3c0c743ae9112d973480bab294cb7b49bb7a9051bffa60b85311dda853ce405f228a4126f1cb3c84c3b5ca4ef7efcc4e3effa3ba5ec31df051a270a48c1e80d387da573bcf78ba2428cd0126f2dcaf4d9bfd6ad568c2b368ddae77b8f2aaa4e6252c43ac997f0878fc746910b72becfedcd108087f3beea5a5dac569ec678a3a7819c4da0b4fe057952a0fd5c1065411f152f97103d03f0764165870c8886a8186d02f82ee7cbbe8f0cfe45e51bc8b495af35cf54867fbc856b4849a967d1bea98e93cea10c785a05940e83f1b75176fb9914ca914d92c7a7273ac3224a466e1ad6f451afdf98670623e50f1a45efe0ef75208eed5351a80da812a7cdeb46ebed49a224fcdc0bf32c66ea635703673b6800244ad2a6312a538185cf6cfd504b029d442aeba0203b8dcefb5acfd3f05ab59fa3b8a6f00544993682df4ec6213a010817fda6ab2ae011b28169c4ef9ff14c598c5e7026b5c4db1139c55d38024e7de8326855f189a96e400d1e070b60629e011e3670eb08841ed3c2606a9e81f8a847b6d0f08051679effd982173a8127e903509f4cc797f46fb819373982f9673c4b0c1a4b460e6f4a0c1c21a6815c00f9f6e72670fb57a03f53251518e6d9c7e1991ae88d574f3f5d2ed40246930766075434c3e37db8e2cd93af4d43e4b2bf0a4cb9d977f51fc96383d5da825259509e2484a31efb70682ac092324e335180a702cfad9d9f81a6ca5ea8c9176f74f71c51673c6e9e64037b4b13e9236e740adcc0c302f3661635185e9ec1cfdb7cec12db7d1c923cd779bba58994c7ff4f3be3a1eb21c7fd150a774150f2754340b304781c4be6500dbafe53c79c63c1a473c213ad2aff8300391cd6cc530214fc9df616fd4e67fc0d1eea8c2a824aeb11628b42138d4324b354cf7b88b1df675375e8a2735ccd325f5671b5fa22440f37b9958e770d96d869da814fda78550477d32712f862a6668c8177ab4c50dfce53ce31a0be6172e77785e43097d7a6b7850219a2ec3c31999cf98572c8bf36bef79391d588d17322357e810b5da925c1c439d3ca167bf5960ad91ad25318fa61bda11cb38adaa9ff651916874e16e7f72fecd224341d4c171202a85220f91e1e75a0100838e6f869a789df159074d56fa3e18b5450963dbd5c5321c10c063997b3172d2cfc3aa3edada0b493eab7d02ea10420c87519a522a299f91eddcc3f2e0ca6ad0917e2533a11d8c71eafdafd1c83f65e8fc120ad53ba92a6395052600f3b3a31e8fe88278aedd5d6fa664b35d6f23f0aba7d58694c9b524ac7780091648df0a029f7e8127108f31fbf11d400841321ece7344cad44ebbb0537b06742f5bb698b4e64201feadc473f7eb6bcb37dcf71f4a29bc6f591bb39e64ecf19c05eff3bd31a233d93d089667b9cad49d71fb25822eead10d5e2ea4eb5ca8e4710621cd0541f1014eb3fa226fac163af19f468a4c78daee28ae9429a3e3f6e17dec9804ad55f7b734ca935e604eee5385f1572ba73f375e1c9c5fd46c712fa4333efbc5dcb0349605f9141322da4136566c7bc47ba4c186c92cebe4fd2f2c74c38873170b1ce6806c06f815b63008e42b34b7f63d31ba77bf5de8535c1ea8d13e5d9dd46f951e5e765c5a259547604cd4e72eaa856d415c601e330677aaee9a5871978dd50c2b79252e09dec44c01ab8b3a5ec9a3c867a05a310c4d09f8380b657c297c04cec6a3475ba1bb81e075cbd05390cb8a7f33a614efa66f6d98a69c81f4ecfd2ff47d74f1bb50d33ebc5b6229fa8f17288904c828415968398cf9bd5037cae2965c9b716eb5732c4c71acf061a47850542fa859ca1255129c24712437d7db2aa5585ff21c9f26f36cac60704df53cba9edb19bbd1ce992cb58cdae1be756b9049ffcd4f913ff348e5214cc201508198027d18f3f066a7a5c0470cd0dd72468d8fb4526c26c07e7c4c72119bf3358740394e5dba42dd27229ad93f99c6138fb9f6c1bf29fe5ad58545b526f528389cb689b59e813a4b218c41a607c3e64f18a07d5430ec9a3af83e50b5566c9d4382da9a5d5ec6cb5058a870b228c49d6c05c99935478dd3fc4f98bff4f5e8dc2dbb8f6401e0d1798204cc1e16e69bccc30734e91968b61ec2cd04df14fd59f9f018dda9d7c90409ba707580b53c647971da9919c80886ef39d18a642aa939c69269e9b009a06545bd702380c877211fbd5a11043a72aa5777d7c90a878f3d5b13cffb74cf15cf4b3852c558589efd753ce8f9ec410ef3f8da6501e57f617853b99aeebf33d1daaec0e4dfa48d06bec8221d86daf37e66a7ea881651d782fe7024fc93066aa27a1bbae9215f42548e878c3a349631069284d53b8771892cc58b1d3e37f82e1fdcc55d2f42f7745a5a3424fd7866be4ca37b4e5f446782dc5e30621494453fdbfa19861ef66e7d2919f5105b8df680decbcdc3650ed9789754f9556243fa53ad07eabc4fabb667c634457a012b248260572ed4a89a137e63bb83fa6e8ca22b76c8d451c844afceaf55ca917eeeead551ef32129935c18161c89fd83a7d62816962b7fb86db839c350fb5f00e6eb777ade8c0e678f204f5934875b088e59037e08699fee74462b02410314811ffeff244068b9c0c9181b3bbc7f705541183f109373551429e8ddf3db2b01e9c304a5aa43f9021ec3150507e6762407372b5834d4979fcfd253ac3fbb9d54c4ea1eb665cbf1942ad55cec0b2a183c447d910afecd7611e02f1144b6beb3bf6ae8837c67db01bb9a6146344375baab5bcfff67fb23c0a22f41f8b7453b9d076f0a44897ac01ba98026a687f181d4f7c5195db543b20a8f4e600e719125d67890e5904ba7dab61c0419460dd5def6ce2308be0c3049aa24f60e9401b42490b9c9aebe1d2171102cd9019f9053a4c994d6b184b499b1c3f8bba0ae7ea46ff34a4a1d4b3a90e3c5e079445cf7984123d717f72709849266bc5b39608eb915f0b7ce572fff8eefe486702c6595f091e014a26bad6b9f64dc1fb118c47be183438d29e6dd98b77f97006dca7c8371903441a074d3aeac0e9fd00446cf9c7729e25bc5277ac272da5c050c607adc90057cda447c3710036a8f76b0706ae6cbd28de6cbd331a1ea2e5b1c61fe77176c4bea5d5e46dbb08a12c7100984aa26a02ff7ec83c96f375e65927933846f70e72c4decc0af60eeb11c7bca3ba62adbd0d9fa989b1e7c6e2e7c0f6e47c578914de9d7ba6c107882396420990023809ba3791136a5a97492c677fe90194c86c1c7972ac1f30df2bbccd319721c4fe96231e2f5df4da62992a1469e0a59a94827f3e3f5497e79c2860b0f9f8aeb24bac96adca8c3f9ca4f5d0ef77fa135fc6156ba6145a7a08879d75c0c35011acb19408b5d4af7f38109028a8285f5a31d30da886b70d734f01ef43ee2ff5f7e25f43fe47cff35388bec4e7d381d075f249628d10e74eada1e2af8caec7a3a89528b7d1da329fdfa337b5b507c14503fd89b96a33b52d327d41242456d836f464adc7ae2874dc41052fc86048314d5d31e89b20d16440f13af11a40be5f5524b8730af2c847102c6ef65d6baa2a0a6af98823605e9164f162c196b3b948def8d590a3f4ff19942a2ef8cd06d4b2fbafa4667c4116e146cf6a5116fb6971a2de211f3dc0d64ae99cc37877d7bd87c99a8c2d7dae406dacae89b6b6d44abd5dc6a581ad94dda6c962f0eb56a50c12b93a4312280a8519acbcca7d67fa6b92c75bfda0e257b5b1b0f566ea5ab487c390e02aa5b6cf544f211b98835a2b44e8b41a6418be54a7bb5cae4702aafe7f4d36893cb1d8c810844073c6f8560e0e3e46830cfb34f3ed1c633420a0da9d8bf62ea56fee88c1f0db7cc5997af1ab02c8bc568f4447d19f6c87cca057cd9c1dc6de139b2de4e0b26d8ee38e4019884a453292ca2ab00dbef7219269e61947e57faf1b2c653c0a4995ec58efdff79314a1961170a7f4e0883dfd21257de039986a0ffee0470667b3a5ef7997ea016e3245b293fa46d07f4095a982665dc6fc549104db25182eaf84b417f393d163889e7a2b83fd3aea8b4eeaf75d9550989e9541a1d91e2f968c32584c8a6a790fede715a2bc734dcd5f9b9883075314a9cf7954935b2469bd5cca61d0e0d491a627e51ee555dfc1c9d5ffb143fc7d31ad6e95258d4eaee798fd94fb52434a6f635bf778fce8d4e94885939cc3dc18bcc845850951a64a2267da0747966cbbbd169b60db08da5704f63d95a05ab4d629a29ad36223ed2a9decce89acdfd7cd8f9abbcb12bec072df2b2cafa6c017a25328ed091abb25db2cb8c0f40da5c3751872c70e89274444e337173de974908fa494fe5459a5939b29122895b66f7b6349a13611cf5e74aba8f62fdb8fe6f5a8604b499f7fa3e47c9566a2e48187e474809e845baab6bd4e2f0bf6f794e086e9f03d0eb3a9e4250b209a491cb2db591f2b0351e7733a776ac12396a5c7827b82377fe4a0e3c54722f08ee441e168ee586a0f13401c33b57a612993a6b3fe93594c6964afaeb971825c700943ab60cdb23306f82bf2ec32d05b7c75a35d5e432fa1146f6db1b33ffbfcf3cd9f40598e5a80b633d84c654e462d791d8bb83cfc5615729d5ef1bc33800dd34b8cb7bbf3383055e782877c8806e8f29389e55a27da788e1a08029cfb724ba73cb0ef1a860ff861372b509ec8200f20a5dc5841c5644fb5febe3d2e9733cca528f2b9af0e0b814f97c711b035d7e3fbb1951d8210d330e6bffdf0e2faa19088a89c6a737435c2e8958fd1126e0f2ca325990514f0ca8ec784040bc6e2238b3a548ce3ecd065e08451b049bb55cd000023861ad400d7ff659bbcf6721bbe7128d73b95411a6684a6b12a5277c08df26fcf79eb64ce4b1f6664a445f758cea910ae48bda79165bcd408dedb32b6ab6de7bff43a09f51d4ad29b3acdcc0a6266e8afcdf0e8c8bc3f8ffc85106d278dc95c8f652347ada2034f30886ba78ab80389447f5c99118efd3d58bc43469bf44ae3d3fdd0b33824e69fea0d0fd62b709ee5868fdc29a5963dd4869305eb70e4bad13bd974cc3243d83ee7407cf6e8ea88ea28ec72c4fc827aeb15dac717869b290a3ac94d6e8538ae1b23f9ebffdad3c4b1855d74f450a06eebb1d2bbb154d9cdbc384f5c8116c85daff1af4bf6ed9bc7ed98323ec98a083d56d60d2b500ac65ba2773d01747c74fadfd9ab55dd567fdf2996d9f696374a7835776a1b6b1dc3b4a00467218ae97bb1cd4631ce37f356f494545101cfd84feaa4c20f5a024687d99f074229439182a3cb87b1c3003dd646b60472d0942821209cb90f744436cb86fd8d76506b6a003b232fdf4b5790171cad9d70cd11a017b217904cbc2122ece2972ff87df0f25df761ec0775b5c9f86553267f5d9d666c2bdfcbddf942a687ec1489e3ee1f5846abad42384745e66dd888717b320326b2f90c1633a6cb3d1564a575e0296f1b12f4184a0696fa98946f7497f28440a6b68e959dab767406c2c5583b6ab79bcec82e89f4b36eb624a081096d286ae3910f2a94da414d1317fdbb6cc9f073032ddabe3c15133cc383d76b839531ed107ffdc492a7ea5b8bb4397b90beb45c066968303833674c150cae4b5d3c6edb96bfac63465d18433c4620f91a2d5a66f19a67176ea8ced53d25d1c22d2beb2ff9a97207f47bd16c18cd3ed7693d1e46d16b2786bc59b0818f03a8f35d3823b86bd1eea6ec4e81570be58287eb2789d59c5dbf7e16bbd54414efcbfc90e0ed9f0f55af31ff40c7392c6136e02448608852bab13ec71998aa03a40c6f9ce279cbb7db97d5a700", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x78, 0x0, 0xba0, {0xa, 0x7, 0x0, {0xfffffffffffffffd, 0x9, 0x4000000000003, 0x7, 0x0, 0x5, 0x8000, 0xe, 0x9, 0xa000, 0xa91, r11, 0x0, 0x80972, 0x2c}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
quotactl_fd$Q_SETQUOTA(r8, 0xffffffff80000802, r11, &(0x7f0000000280)={0x0, 0x6, 0x8000000000000000, 0x30, 0xa, 0xfffffffffffffff3, 0x7, 0x3, 0x20})
ppoll(&(0x7f0000000080)=[{r7, 0x4}], 0x1, &(0x7f00000000c0)={0x77359400}, &(0x7f0000000180)={[0x9]}, 0x8)
ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f00000001c0)={0x0, @reserved})
socket$nl_crypto(0x10, 0x3, 0x15)

353.323602ms ago: executing program 2 (id=2523):
r0 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_G_TUNER(r0, 0xc054561d, &(0x7f0000000140)={0x0, "3e70842faca4ce8c2d626ca0f49a02d8da492c5c741cf44e2395e63077543266", 0x5})
r1 = socket$unix(0x1, 0x1, 0x0)
close(r1)
socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0xc, 0x0, 0x0)

0s ago: executing program 3 (id=2524):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$inet(r5, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r4, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004e40000040000004a"], 0x48)

kernel console output (not intermixed with test programs):

usb2: Invalid write control endpoint
[  640.553110][ T2344] pvrusb2: Attached sub-driver cs53l32a
[  640.575735][ T5974] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  640.602513][ T2344] pvrusb2: Invalid write control endpoint
[  640.608831][ T2344] pvrusb2: Invalid write control endpoint
[  640.614947][ T2344] pvrusb2: Invalid write control endpoint
[  640.636912][T14715] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  640.651873][T14715] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  640.663924][T14708] netlink: 'syz.2.2038': attribute type 7 has an invalid length.
[  640.671766][T14708] netlink: 'syz.2.2038': attribute type 8 has an invalid length.
[  640.684563][ T2344] pvrusb2: Invalid write control endpoint
[  640.684698][ T5974] dvb-usb: bulk message failed: -22 (6/0)
[  640.696366][ T2344] pvrusb2: Module ID 4 (tuner) for device OnAir USB2 Hybrid USB tuner failed to load.  Possible missing sub-device kernel module or initialization failure within module.
[  640.714952][ T2344] pvrusb2: Device being rendered inoperable
[  640.721753][ T2344] pvrusb2: ***WARNING*** pvrusb2 driver initialization failed due to the failure of one or more sub-device kernel modules.
[  640.735259][ T2344] pvrusb2: You need to resolve the failing condition before this driver can function.  There should be some earlier messages giving more information about the problem.
[  640.771751][ T5974] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  640.827404][ T5974] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input39
[  640.872326][ T5974] dvb-usb: schedule remote query interval to 150 msecs.
[  640.887831][ T5974] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  641.049579][ T5974] dvb-usb: bulk message failed: -22 (1/0)
[  641.077575][ T5974] dvb-usb: error while querying for an remote control event.
[  641.098309][   T24] usb 5-1: new full-speed USB device number 69 using dummy_hcd
[  641.237425][ T5974] dvb-usb: bulk message failed: -22 (1/0)
[  641.247088][ T5974] dvb-usb: error while querying for an remote control event.
[  641.252785][   T24] usb 5-1: config 1 has an invalid interface number: 128 but max is 1
[  641.263969][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  641.281490][   T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  641.299455][   T24] usb 5-1: config 1 has no interface number 0
[  641.312179][   T24] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  641.326432][   T24] usb 5-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  641.341520][   T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  641.353903][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.363780][   T24] usb 5-1: Product: syz
[  641.369681][   T24] usb 5-1: Manufacturer: syz
[  641.374531][   T24] usb 5-1: SerialNumber: syz
[  641.395475][   T24] cdc_wdm 5-1:1.128: skipping garbage
[  641.410577][   T24] cdc_wdm 5-1:1.128: cdc-wdm0: USB WDM device
[  641.416691][   T24] cdc_wdm 5-1:1.128: Unknown control protocol
[  641.427659][ T5974] dvb-usb: bulk message failed: -22 (1/0)
[  641.436531][ T5974] dvb-usb: error while querying for an remote control event.
[  641.597399][ T5974] dvb-usb: bulk message failed: -22 (1/0)
[  641.606667][T14683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  641.623648][ T5974] dvb-usb: error while querying for an remote control event.
[  641.629840][T14683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  641.802097][ T5974] usb 5-1: USB disconnect, device number 69
[  641.818063][ T2098] dvb-usb: bulk message failed: -22 (1/0)
[  641.826400][ T2098] dvb-usb: error while querying for an remote control event.
[  641.923665][T14721] fuse: Bad value for 'fd'
[  642.007485][ T2098] dvb-usb: bulk message failed: -22 (1/0)
[  642.016945][ T2098] dvb-usb: error while querying for an remote control event.
[  642.220257][ T2098] dvb-usb: bulk message failed: -22 (1/0)
[  642.236247][ T2098] dvb-usb: error while querying for an remote control event.
[  642.447294][ T5974] dvb-usb: bulk message failed: -22 (1/0)
[  642.457313][ T5974] dvb-usb: error while querying for an remote control event.
[  642.596497][ T5974] usb 2-1: USB disconnect, device number 75
[  642.617467][ T2098] dvb-usb: bulk message failed: -22 (1/0)
[  642.633464][ T2098] dvb-usb: error while querying for an remote control event.
[  642.817499][ T5974] dvb-usb: bulk message failed: -22 (1/0)
[  642.827286][ T5974] dvb-usb: error while querying for an remote control event.
[  642.872371][ T5974] usb 3-1: USB disconnect, device number 86
[  642.945129][ T5974] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  643.648291][T14745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2046'.
[  643.774163][T14744] input: syz1 as /devices/virtual/input/input40
[  644.047579][ T5916] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  644.199185][ T5916] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  644.214426][ T5916] usb 4-1: too many endpoints for config 0 interface 0 altsetting 1: 199, using maximum allowed: 30
[  644.250179][   T24] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  644.275490][ T5916] usb 4-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 199
[  644.289473][ T5916] usb 4-1: config 0 interface 0 has no altsetting 0
[  644.300787][ T5916] usb 4-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  644.310234][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.319758][ T5916] usb 4-1: Product: syz
[  644.324210][ T5916] usb 4-1: Manufacturer: syz
[  644.329097][ T5916] usb 4-1: SerialNumber: syz
[  644.338080][ T5916] usb 4-1: config 0 descriptor??
[  644.346073][ T5916] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  644.467691][   T24] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 256
[  644.489942][ T5916] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  644.499562][   T24] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  644.521691][ T5916] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  644.537276][   T24] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.99
[  644.564905][ T5916] usb 4-1: media controller created
[  644.577545][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.617895][ T5916] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  644.659373][T14750] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  644.670073][   T24] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  644.706320][   T24] usb 3-1: invalid MIDI out EP 0
[  644.883770][   T24] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  645.148890][ T5916] DVB: Unable to find symbol tda10046_attach()
[  645.178675][ T5916] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  645.227616][ T5916] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  645.277825][ T5916] dvb_usb_m920x 4-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  645.347403][ T5916] usb 4-1: USB disconnect, device number 76
[  645.567604][T14757] fuse: Bad value for 'fd'
[  645.593286][ T5916] usb 3-1: USB disconnect, device number 87
[  645.605700][T14760] kvm: pic: non byte write
[  645.704247][T14762] loop6: detected capacity change from 0 to 63
[  645.733706][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.770250][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.789990][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.803824][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.805120][T14769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  645.817431][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  645.844998][T14769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.027448][ T2098] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  646.135733][    C1] hrtimer: interrupt took 792319 ns
[  646.332985][ T2098] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  646.346740][ T2098] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  646.367003][ T2098] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  646.381414][ T2098] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  646.397050][ T2098] usb 2-1: config 0 descriptor??
[  646.413918][ T2098] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  647.017358][T14787] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  648.454414][T14806] fuse: Bad value for 'fd'
[  648.734525][ T2098] usb 2-1: USB disconnect, device number 76
[  649.849845][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  649.849866][   T30] audit: type=1800 audit(1753992221.690:753): pid=14823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2068" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  649.908865][T14827] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  649.925010][T14827] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  650.546991][T14836] hub 9-0:1.0: USB hub found
[  650.552779][T14836] hub 9-0:1.0: 1 port detected
[  651.857548][ T2098] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  652.039581][ T2098] usb 2-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  652.051072][ T2098] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.066451][ T2098] usb 2-1: config 0 descriptor??
[  652.100739][ T2098] gspca_main: STV06xx-2.14.0 probing 046d:0870
[  652.613304][T14853] fuse: Bad value for 'fd'
[  653.315149][T14862] vim2m vim2m.0: vidioc_s_fmt queue busy
[  653.679565][ T2098] gspca_stv06xx: I2C: Read error writing address: -71
[  653.694787][ T2098] usb 2-1: USB disconnect, device number 77
[  654.049461][T14870] FAULT_INJECTION: forcing a failure.
[  654.049461][T14870] name failslab, interval 1, probability 0, space 0, times 0
[  654.120094][T14870] CPU: 1 UID: 0 PID: 14870 Comm: syz.2.2080 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  654.120126][T14870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  654.120138][T14870] Call Trace:
[  654.120147][T14870]  <TASK>
[  654.120157][T14870]  dump_stack_lvl+0x189/0x250
[  654.120184][T14870]  ? __pfx____ratelimit+0x10/0x10
[  654.120208][T14870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  654.120229][T14870]  ? __pfx__printk+0x10/0x10
[  654.120261][T14870]  ? __pfx___might_resched+0x10/0x10
[  654.120288][T14870]  ? fs_reclaim_acquire+0x7d/0x100
[  654.120322][T14870]  should_fail_ex+0x414/0x560
[  654.120350][T14870]  should_failslab+0xa8/0x100
[  654.120378][T14870]  kmem_cache_alloc_noprof+0x73/0x3c0
[  654.120400][T14870]  ? __kernfs_new_node+0xd7/0x7e0
[  654.120425][T14870]  __kernfs_new_node+0xd7/0x7e0
[  654.120441][T14870]  ? __lock_acquire+0xab9/0xd20
[  654.120475][T14870]  ? __pfx___kernfs_new_node+0x10/0x10
[  654.120494][T14870]  ? kernfs_root+0x1c/0x230
[  654.120527][T14870]  ? kernfs_root+0x1c/0x230
[  654.120552][T14870]  ? kernfs_root+0x1c/0x230
[  654.120575][T14870]  ? kernfs_root+0x1c/0x230
[  654.120606][T14870]  kernfs_new_node+0x102/0x210
[  654.120631][T14870]  __kernfs_create_file+0x4b/0x2e0
[  654.120659][T14870]  sysfs_add_file_mode_ns+0x238/0x300
[  654.120695][T14870]  internal_create_group+0x66d/0x1110
[  654.120743][T14870]  ? __pfx_internal_create_group+0x10/0x10
[  654.120774][T14870]  ? kernfs_add_one+0xf0/0x520
[  654.120803][T14870]  sysfs_create_groups+0x59/0x120
[  654.120836][T14870]  device_add_attrs+0x13f/0x5a0
[  654.120873][T14870]  ? __pfx_device_add_attrs+0x10/0x10
[  654.120908][T14870]  ? device_add_class_symlinks+0x21f/0x240
[  654.120950][T14870]  device_add+0x496/0xb50
[  654.120983][T14870]  input_register_device+0x9ca/0x10b0
[  654.121020][T14870]  uinput_create_device+0x422/0x670
[  654.121059][T14870]  uinput_ioctl_handler+0x3f0/0x1570
[  654.121092][T14870]  ? __pfx_uinput_ioctl_handler+0x10/0x10
[  654.121134][T14870]  ? ksys_write+0x1e1/0x250
[  654.121166][T14870]  ? bpf_lsm_file_ioctl+0x9/0x20
[  654.121187][T14870]  ? __pfx_uinput_ioctl+0x10/0x10
[  654.121215][T14870]  __se_sys_ioctl+0xf9/0x170
[  654.121240][T14870]  do_syscall_64+0xfa/0x3b0
[  654.121263][T14870]  ? lockdep_hardirqs_on+0x9c/0x150
[  654.121285][T14870]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.121304][T14870]  ? clear_bhb_loop+0x60/0xb0
[  654.121329][T14870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.121348][T14870] RIP: 0033:0x7fda6078eb69
[  654.121368][T14870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  654.121385][T14870] RSP: 002b:00007fda61633038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  654.121407][T14870] RAX: ffffffffffffffda RBX: 00007fda609b5fa0 RCX: 00007fda6078eb69
[  654.121423][T14870] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[  654.121436][T14870] RBP: 00007fda61633090 R08: 0000000000000000 R09: 0000000000000000
[  654.121448][T14870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  654.121460][T14870] R13: 0000000000000000 R14: 00007fda609b5fa0 R15: 00007fda60adfa28
[  654.121494][T14870]  </TASK>
[  654.937457][ T2098] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  655.098692][ T5916] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  655.105635][ T2098] usb 4-1: Using ep0 maxpacket: 8
[  655.123060][ T2098] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[  655.143004][ T2098] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  655.151907][T14890] fuse: Bad value for 'fd'
[  655.162859][ T2098] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.177267][ T2098] usb 4-1: Product: syz
[  655.181558][ T2098] usb 4-1: Manufacturer: syz
[  655.192087][ T2098] usb 4-1: SerialNumber: syz
[  655.205233][ T2098] usb 4-1: config 0 descriptor??
[  655.224906][T14892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  655.225878][ T2098] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  655.243309][T14892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  655.269243][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  655.276830][ T5916] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  655.291263][ T5916] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  655.302476][ T5916] usb 2-1: config 0 has no interface number 0
[  655.316051][ T5916] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  655.325744][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  655.338794][ T5916] usb 2-1: Product: syz
[  655.343002][ T5916] usb 2-1: Manufacturer: syz
[  655.353852][ T5916] usb 2-1: SerialNumber: syz
[  655.376176][ T5916] usb 2-1: config 0 descriptor??
[  655.495563][T14888] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2087'.
[  655.601694][ T5916] usb 2-1: Found UVC 0.00 device syz (046d:08d3)
[  655.650755][ T5916] usb 2-1: No valid video chain found.
[  655.878619][ T5916] usb 2-1: USB disconnect, device number 78
[  656.003227][T14902] usb usb8: usbfs: process 14902 (syz.0.2091) did not claim interface 0 before use
[  656.690565][T14912] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2096'.
[  656.827686][T14913] netlink: 'syz.1.2095': attribute type 8 has an invalid length.
[  656.846306][T14913] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2095'.
[  657.130103][T14925] fuse: Bad value for 'fd'
[  659.011009][ T2098] gspca_zc3xx: i2c_r status error 10
[  659.117635][ T5916] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  659.267638][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  659.285959][T14941] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2103'.
[  659.298262][ T5916] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  659.311323][ T5916] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  659.321834][ T5916] usb 2-1: config 0 has no interface number 0
[  659.344020][ T5916] usb 2-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  659.356352][ T5916] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.399515][ T5916] usb 2-1: Product: syz
[  659.408688][ T5916] usb 2-1: Manufacturer: syz
[  659.420244][ T5916] usb 2-1: SerialNumber: syz
[  659.446619][ T5916] usb 2-1: config 0 descriptor??
[  659.673361][ T5916] usb 2-1: Found UVC 0.00 device syz (046d:08d3)
[  659.684453][ T5916] usb 2-1: No valid video chain found.
[  659.693966][ T2098] gspca_zc3xx: reg_r err -71
[  659.698964][ T2098] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  659.736442][ T2098] usb 4-1: USB disconnect, device number 77
[  659.890313][ T5974] usb 2-1: USB disconnect, device number 79
[  660.078978][   T30] audit: type=1400 audit(1753992231.920:754): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=14963 comm="syz.4.2112"
[  660.152540][   T30] audit: type=1400 audit(1753992231.940:755): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=14963 comm="syz.4.2112"
[  660.778356][T14979] netlink: 208 bytes leftover after parsing attributes in process `syz.2.2115'.
[  661.227427][   T24] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  661.400122][   T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  661.433649][   T24] usb 3-1: New USB device found, idVendor=1ac7, idProduct=0003, bcdDevice=cc.0b
[  661.454282][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.498706][   T24] usb 3-1: Product: syz
[  661.502899][   T24] usb 3-1: Manufacturer: syz
[  661.589566][   T24] usb 3-1: SerialNumber: syz
[  661.630725][   T24] usb 3-1: config 0 descriptor??
[  661.987010][T14994] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2121'.
[  662.383128][   T24] usb 3-1: USB disconnect, device number 88
[  662.929604][T15032] loop6: detected capacity change from 0 to 63
[  662.936987][ T5974] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  662.949415][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.011103][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.021023][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.030010][ T6455] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.132964][T15032] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.141555][T15034] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.150491][T15032] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.159302][T15034] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.167524][T15034] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.194022][T15032] Buffer I/O error on dev loop6, logical block 0, async page read
[  663.218122][ T5846] usb 4-1: new full-speed USB device number 78 using dummy_hcd
[  663.227821][ T5974] usb 3-1: Using ep0 maxpacket: 32
[  663.242772][ T5974] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  663.254293][ T5974] usb 3-1: config 0 has no interface number 0
[  663.270566][ T5974] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  663.459347][ T5846] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  663.472139][ T5846] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  663.561596][ T5974] usb 3-1: config 0 interface 1 has no altsetting 0
[  663.576957][ T5974] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  663.658086][ T5974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.708188][ T5846] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  663.738315][ T5974] usb 3-1: Product: syz
[  663.742595][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.753631][ T5974] usb 3-1: Manufacturer: syz
[  663.779726][ T5974] usb 3-1: SerialNumber: syz
[  663.784425][ T5846] usb 4-1: Product: syz
[  663.791281][ T5846] usb 4-1: Manufacturer: syz
[  663.796628][ T5974] usb 3-1: config 0 descriptor??
[  663.805059][ T5846] usb 4-1: SerialNumber: syz
[  663.823628][T15033] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  664.046157][ T5974] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  664.071915][ T5974] cx231xx 3-1:0.1: Failed to read PCB config
[  664.120349][ T5974] cx231xx 3-1:0.1: probe with driver cx231xx failed with error -71
[  664.164723][ T5974] usb 3-1: USB disconnect, device number 89
[  664.604270][ T5974] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  664.850558][T15031] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  664.863372][T15031] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  665.317851][ T5974] usb 3-1: Using ep0 maxpacket: 32
[  665.331414][ T5974] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  665.344677][ T5974] usb 3-1: config 0 has no interface number 0
[  665.361350][ T5974] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  665.407031][ T5974] usb 3-1: config 0 interface 1 has no altsetting 0
[  665.428589][ T5974] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  665.447814][ T5974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.463001][ T5974] usb 3-1: Product: syz
[  665.473440][ T5974] usb 3-1: Manufacturer: syz
[  665.488167][ T5974] usb 3-1: SerialNumber: syz
[  665.621386][ T5974] usb 3-1: config 0 descriptor??
[  665.781041][ T5974] usb 3-1: can't set config #0, error -71
[  665.884220][ T5974] usb 3-1: USB disconnect, device number 90
[  665.923808][T15046] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2128'.
[  666.065629][ T5846] cdc_ncm 4-1:1.0: bind() failure
[  666.132981][ T5846] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71
[  666.218561][ T5846] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71
[  666.278171][ T5916] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  666.423098][ T5846] usbtest 4-1:1.1: probe with driver usbtest failed with error -71
[  666.450636][ T5846] usb 4-1: USB disconnect, device number 78
[  666.465074][ T5916] usb 5-1: Using ep0 maxpacket: 16
[  666.491387][ T5916] usb 5-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[  666.493503][T15054] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2131'.
[  666.533434][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.533500][T15054] program syz.2.2131 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  666.558648][ T5916] usb 5-1: Product: syz
[  666.563506][ T5916] usb 5-1: Manufacturer: syz
[  666.565315][T15057] FAULT_INJECTION: forcing a failure.
[  666.565315][T15057] name failslab, interval 1, probability 0, space 0, times 0
[  666.569018][ T5916] usb 5-1: SerialNumber: syz
[  666.584779][T15057] CPU: 0 UID: 0 PID: 15057 Comm: syz.0.2132 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  666.584814][T15057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  666.584826][T15057] Call Trace:
[  666.584834][T15057]  <TASK>
[  666.584842][T15057]  dump_stack_lvl+0x189/0x250
[  666.584869][T15057]  ? __pfx____ratelimit+0x10/0x10
[  666.584890][T15057]  ? __pfx_dump_stack_lvl+0x10/0x10
[  666.584910][T15057]  ? __pfx__printk+0x10/0x10
[  666.584934][T15057]  ? __lock_acquire+0xab9/0xd20
[  666.584967][T15057]  should_fail_ex+0x414/0x560
[  666.584996][T15057]  should_failslab+0xa8/0x100
[  666.585021][T15057]  kmem_cache_alloc_noprof+0x73/0x3c0
[  666.585044][T15057]  ? skb_clone+0x212/0x3a0
[  666.585073][T15057]  skb_clone+0x212/0x3a0
[  666.585101][T15057]  __netlink_deliver_tap+0x404/0x850
[  666.585136][T15057]  ? netlink_deliver_tap+0x2e/0x1b0
[  666.585160][T15057]  netlink_deliver_tap+0x19c/0x1b0
[  666.585182][T15057]  netlink_unicast+0x7fa/0x9e0
[  666.585211][T15057]  ? __pfx_netlink_unicast+0x10/0x10
[  666.585233][T15057]  ? netlink_sendmsg+0x642/0xb30
[  666.585252][T15057]  ? skb_put+0x11b/0x210
[  666.585278][T15057]  netlink_sendmsg+0x805/0xb30
[  666.585309][T15057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  666.585334][T15057]  ? aa_sock_msg_perm+0x94/0x160
[  666.585355][T15057]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  666.585372][T15057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  666.585394][T15057]  __sock_sendmsg+0x219/0x270
[  666.585416][T15057]  ____sys_sendmsg+0x505/0x830
[  666.585445][T15057]  ? __pfx_____sys_sendmsg+0x10/0x10
[  666.585478][T15057]  ? import_iovec+0x74/0xa0
[  666.585501][T15057]  ___sys_sendmsg+0x21f/0x2a0
[  666.585526][T15057]  ? __pfx____sys_sendmsg+0x10/0x10
[  666.585587][T15057]  ? __fget_files+0x2a/0x420
[  666.585608][T15057]  ? __fget_files+0x3a0/0x420
[  666.585641][T15057]  __x64_sys_sendmsg+0x19b/0x260
[  666.585667][T15057]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  666.585706][T15057]  ? __pfx_ksys_write+0x10/0x10
[  666.585724][T15057]  ? rcu_is_watching+0x15/0xb0
[  666.585753][T15057]  ? do_syscall_64+0xbe/0x3b0
[  666.585778][T15057]  do_syscall_64+0xfa/0x3b0
[  666.585797][T15057]  ? lockdep_hardirqs_on+0x9c/0x150
[  666.585824][T15057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.585841][T15057]  ? clear_bhb_loop+0x60/0xb0
[  666.585863][T15057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.585880][T15057] RIP: 0033:0x7ff60c38eb69
[  666.585897][T15057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  666.585913][T15057] RSP: 002b:00007ff60d151038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  666.585936][T15057] RAX: ffffffffffffffda RBX: 00007ff60c5b5fa0 RCX: 00007ff60c38eb69
[  666.585951][T15057] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  666.585963][T15057] RBP: 00007ff60d151090 R08: 0000000000000000 R09: 0000000000000000
[  666.585974][T15057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  666.585985][T15057] R13: 0000000000000000 R14: 00007ff60c5b5fa0 R15: 00007ff60c6dfa28
[  666.586015][T15057]  </TASK>
[  667.130864][T15049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  667.143780][T15049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  667.596160][ T5916] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  667.896677][ T5916] snd-usb-audio 5-1:222.0: probe with driver snd-usb-audio failed with error -71
[  667.946058][ T6455] udevd[6455]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  668.006266][ T5916] usb 5-1: USB disconnect, device number 70
[  668.419573][T15069] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2136'.
[  668.687429][ T5974] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  668.859156][ T5974] usb 2-1: Using ep0 maxpacket: 32
[  668.921256][ T5974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  668.959500][ T5974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  669.029090][ T5974] usb 2-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00
[  669.033264][T15092] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2141'.
[  669.093359][ T5974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.152721][ T5974] usb 2-1: config 0 descriptor??
[  669.161401][T15093] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2141'.
[  669.423175][ T5974] usbhid 2-1:0.0: can't add hid device: -71
[  669.457572][ T5974] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  669.506045][ T5974] usb 2-1: USB disconnect, device number 80
[  669.509206][T15096] fuse: Bad value for 'fd'
[  671.194014][T15117] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  671.212830][T15117] syzkaller0: entered promiscuous mode
[  671.231666][T15117] syzkaller0: entered allmulticast mode
[  671.267307][ T5846] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  671.515289][T15125] PKCS7: Unknown OID: [5] (bad)
[  671.520615][T15125] PKCS7: Only support pkcs7_signedData type
[  671.552802][ T5846] usb 4-1: Using ep0 maxpacket: 8
[  671.575473][ T5846] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[  671.760658][ T5846] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  671.790855][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.827899][ T5846] usb 4-1: Product: syz
[  671.842972][ T5846] usb 4-1: Manufacturer: syz
[  671.857896][ T5846] usb 4-1: SerialNumber: syz
[  671.882612][ T5846] usb 4-1: config 0 descriptor??
[  671.907050][ T5846] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  672.045948][T15122] tipc: Resetting bearer <eth:syzkaller0>
[  672.098530][T15122] tipc: Disabling bearer <eth:syzkaller0>
[  672.127869][T15124] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2152'.
[  672.735207][T15131] fuse: Bad value for 'fd'
[  673.012701][T15133] loop8: detected capacity change from 0 to 8
[  673.043842][ T6347] Dev loop8: unable to read RDB block 8
[  673.057092][ T6347]  loop8: unable to read partition table
[  673.074697][ T6347] loop8: partition table beyond EOD, truncated
[  673.112171][T15133] Dev loop8: unable to read RDB block 8
[  673.127529][T15133]  loop8: unable to read partition table
[  673.133614][T15133] loop8: partition table beyond EOD, truncated
[  673.140574][T15133] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  673.317719][ T5909] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  673.372862][T15139] loop6: detected capacity change from 0 to 63
[  673.388965][T15139] buffer_io_error: 16 callbacks suppressed
[  673.388984][T15139] Buffer I/O error on dev loop6, logical block 0, async page read
[  673.407608][T15139] Buffer I/O error on dev loop6, logical block 1, async page read
[  673.415830][T15139] Buffer I/O error on dev loop6, logical block 2, async page read
[  673.427991][ T5916] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  673.439234][T15139] Buffer I/O error on dev loop6, logical block 3, async page read
[  673.448218][T15139] Buffer I/O error on dev loop6, logical block 0, async page read
[  673.459250][T15139] Buffer I/O error on dev loop6, logical block 1, async page read
[  673.467914][T15139] Buffer I/O error on dev loop6, logical block 2, async page read
[  673.482127][T15139] Buffer I/O error on dev loop6, logical block 3, async page read
[  673.490784][ T6347] Buffer I/O error on dev loop6, logical block 0, async page read
[  673.499567][ T6347] Buffer I/O error on dev loop6, logical block 1, async page read
[  673.508086][ T5909] usb 2-1: Using ep0 maxpacket: 8
[  673.515603][ T5909] usb 2-1: config 5 has an invalid interface number: 206 but max is 1
[  673.531402][ T5909] usb 2-1: config 5 has an invalid interface number: 157 but max is 1
[  673.550151][ T5909] usb 2-1: config 5 has no interface number 0
[  673.556278][ T5909] usb 2-1: config 5 has no interface number 1
[  673.563734][ T5909] usb 2-1: config 5 interface 206 has no altsetting 0
[  673.571313][ T5909] usb 2-1: config 5 interface 157 has no altsetting 0
[  673.584229][ T5909] usb 2-1: New USB device found, idVendor=046d, idProduct=08ad, bcdDevice=66.9d
[  673.593514][ T5909] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.601935][ T5916] usb 3-1: Using ep0 maxpacket: 32
[  673.607589][ T5909] usb 2-1: Product: syz
[  673.611872][ T5909] usb 2-1: Manufacturer: syz
[  673.616808][ T5909] usb 2-1: SerialNumber: syz
[  673.622596][ T5916] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  673.630923][ T5916] usb 3-1: config 0 has no interface number 0
[  673.639002][ T5916] usb 3-1: config 0 interface 12 has no altsetting 0
[  673.650914][ T5916] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  673.660839][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.670225][ T5916] usb 3-1: Product: syz
[  673.677456][ T5916] usb 3-1: Manufacturer: syz
[  673.682109][ T5916] usb 3-1: SerialNumber: syz
[  673.694315][ T5916] usb 3-1: config 0 descriptor??
[  673.894812][ T5909] usb 2-1: USB disconnect, device number 81
[  674.005661][ T5846] gspca_zc3xx: reg_r err -32
[  674.324698][ T5916] f81534 3-1:0.12: f81534_set_register: reg: 1003 data: 68 failed: -71
[  674.485550][ T5916] f81534 3-1:0.12: f81534_find_config_idx: read failed: -71
[  674.499895][ T5916] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  674.553487][ T5916] f81534 3-1:0.12: probe with driver f81534 failed with error -71
[  674.582508][ T5916] usb 3-1: USB disconnect, device number 91
[  674.597928][ T5846] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  674.604428][ T5846] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -32
[  675.145777][T15164] fuse: Bad value for 'fd'
[  675.507369][T15173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  675.539639][T15173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  676.058745][ T5916] usb 4-1: USB disconnect, device number 79
[  677.170157][T15188] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  677.217340][ T5846] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  677.477357][ T5846] usb 4-1: Using ep0 maxpacket: 16
[  677.486562][ T5846] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  677.499198][ T5846] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  677.520577][ T5846] usb 4-1: too many endpoints for config 1 interface 1 altsetting 48: 49, using maximum allowed: 30
[  677.541849][ T5846] usb 4-1: config 1 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 49
[  677.567278][ T5846] usb 4-1: config 1 interface 1 has no altsetting 0
[  677.580427][ T5846] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  677.589864][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.616160][ T5846] usb 4-1: Product: syz
[  677.646560][ T5846] usb 4-1: Manufacturer: syz
[  677.657407][ T5846] usb 4-1: SerialNumber: syz
[  677.691057][ T5846] usb 4-1: selecting invalid altsetting 1
[  677.710303][ T5846] usb 4-1: selecting invalid altsetting 0
[  677.743100][ T5846] usb 4-1: selecting invalid altsetting 0
[  677.771783][ T5846] cdc_ncm 4-1:1.0: bind() failure
[  677.905137][ T5846] usb 4-1: selecting invalid altsetting 0
[  677.916341][ T5846] usbtest 4-1:1.1: probe with driver usbtest failed with error -22
[  677.967140][ T5846] usb 4-1: USB disconnect, device number 80
[  678.081507][T15203] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2175'.
[  678.117331][T15203] IPv6: NLM_F_CREATE should be specified when creating new route
[  678.204105][T15205] fuse: Bad value for 'fd'
[  678.655270][ T5916] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  678.686768][T15211] erspan1: entered allmulticast mode
[  678.887282][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  678.892076][T15207] loop8: detected capacity change from 0 to 8
[  678.894151][ T5916] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3
[  678.948225][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  678.969896][ T6455] Dev loop8: unable to read RDB block 8
[  678.990399][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 11965, setting to 1024
[  678.997855][ T6455]  loop8: unable to read partition table
[  679.013727][ T5916] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  679.015425][ T5916] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  679.015453][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=249
[  679.015475][ T5916] usb 5-1: SerialNumber: syz
[  679.020373][ T5916] usb 5-1: config 0 descriptor??
[  679.021286][T15209] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  679.021569][T15209] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  679.039848][ T6455] loop8: partition table beyond EOD, 
[  679.115045][T15217] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2182'.
[  679.161027][ T6455] truncated
[  679.162426][T15207] Dev loop8: unable to read RDB block 8
[  679.162478][T15207]  loop8: unable to read partition table
[  679.162719][T15207] loop8: partition table beyond EOD, truncated
[  679.162742][T15207] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  679.568002][ T5974] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  679.655833][T15226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.665637][T15226] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  679.717373][   T30] audit: type=1326 audit(1753992251.540:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  679.763567][ T5974] usb 3-1: Using ep0 maxpacket: 16
[  679.776697][   T30] audit: type=1326 audit(1753992251.540:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  679.808587][   T30] audit: type=1326 audit(1753992251.540:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  679.831469][ T5974] usb 3-1: config 0 has an invalid interface number: 105 but max is 0
[  679.842523][ T5974] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  679.857062][ T5974] usb 3-1: config 0 has no interface number 0
[  679.870947][ T5974] usb 3-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  679.888156][ T5974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.913320][ T5974] usb 3-1: Product: syz
[  679.926237][   T30] audit: type=1326 audit(1753992251.540:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  679.950847][ T5974] usb 3-1: Manufacturer: syz
[  679.955780][ T5974] usb 3-1: SerialNumber: syz
[  679.966139][   T30] audit: type=1326 audit(1753992251.540:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  679.994229][ T5974] usb 3-1: config 0 descriptor??
[  680.092699][   T30] audit: type=1326 audit(1753992251.540:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  680.277519][ T5974] usb 3-1: Found UVC 0.00 device syz (046d:08d3)
[  680.283946][ T5974] usb 3-1: No valid video chain found.
[  680.317434][   T30] audit: type=1326 audit(1753992251.540:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  680.371978][   T30] audit: type=1326 audit(1753992251.540:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  680.532492][ T5909] usb 3-1: USB disconnect, device number 92
[  680.593075][   T30] audit: type=1326 audit(1753992251.540:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  680.615629][    C1] vkms_vblank_simulate: vblank timer overrun
[  680.750670][   T30] audit: type=1326 audit(1753992251.540:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15221 comm="syz.0.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff60c38eb69 code=0x7ffc0000
[  681.403565][T15242] fuse: Bad value for 'fd'
[  681.486220][ T5916] usb 5-1: USB disconnect, device number 71
[  682.558194][ T5909] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  682.768110][ T5909] usb 5-1: Using ep0 maxpacket: 16
[  682.778286][ T5909] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  682.787851][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  682.795937][ T5909] usb 5-1: Product: syz
[  682.800293][ T5909] usb 5-1: Manufacturer: syz
[  682.804926][ T5909] usb 5-1: SerialNumber: syz
[  682.811401][ T5909] usb 5-1: config 0 descriptor??
[  683.099655][T15348] input: syz0 as /devices/virtual/input/input42
[  683.281011][T15248] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled
[  683.549760][T15225] delete_channel: no stack
[  684.389099][T15360] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2196'.
[  684.452323][T15360] syz_tun: entered promiscuous mode
[  684.663045][ T5917] usb 5-1: USB disconnect, device number 72
[  684.918835][T15368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  684.943317][T15371] fuse: Bad value for 'fd'
[  684.946707][T15368] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  685.137367][ T5974] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  685.317657][ T5917] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  685.319181][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  685.399531][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  685.454947][ T5974] usb 3-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  685.467637][ T5917] usb 5-1: Using ep0 maxpacket: 16
[  685.475354][ T5917] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  685.484615][ T5917] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  685.501798][ T5917] usb 5-1: config 0 has no interface number 0
[  685.512005][ T5974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.529042][ T5917] usb 5-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28
[  685.548825][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.561471][ T5917] usb 5-1: Product: syz
[  685.567089][ T5974] usb 3-1: config 0 descriptor??
[  685.642670][ T5917] usb 5-1: Manufacturer: syz
[  685.661537][ T5917] usb 5-1: SerialNumber: syz
[  685.677146][T15380] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2204'.
[  685.689536][ T5916] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  685.699743][ T5917] usb 5-1: config 0 descriptor??
[  685.822729][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  685.829556][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  685.851697][ T5974] usbhid 3-1:0.0: can't add hid device: -71
[  685.870624][ T5916] usb 4-1: Using ep0 maxpacket: 16
[  685.881484][ T5974] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  685.882232][ T5916] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  685.910290][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.940691][ T5917] usb 5-1: Found UVC 0.00 device syz (046d:08d3)
[  685.947382][ T5917] usb 5-1: No valid video chain found.
[  685.968938][ T5916] usb 4-1: config 0 descriptor??
[  685.982392][ T5916] gspca_main: sonixj-2.14.0 probing 0471:0327
[  685.989262][ T5974] usb 3-1: USB disconnect, device number 93
[  686.161211][ T5917] usb 5-1: USB disconnect, device number 73
[  686.287330][ T5846] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  686.446785][ T5846] usb 2-1: unable to get BOS descriptor or descriptor too short
[  686.466139][ T5846] usb 2-1: config 6 has an invalid interface number: 158 but max is 0
[  686.474693][ T5846] usb 2-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  686.485165][ T5846] usb 2-1: config 6 has no interface number 0
[  686.491469][ T5846] usb 2-1: config 6 interface 158 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  686.505392][ T5846] usb 2-1: config 6 interface 158 has no altsetting 0
[  686.514868][ T5846] usb 2-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=da.29
[  686.524480][ T5846] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.541264][ T5846] usb 2-1: Product: syz
[  686.551298][ T5846] usb 2-1: Manufacturer: syz
[  686.560508][ T5846] usb 2-1: SerialNumber: syz
[  686.593343][ T5916] gspca_sonixj: reg_r err -71
[  686.608992][ T5916] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[  686.623565][ T5916] usb 4-1: USB disconnect, device number 81
[  686.676967][T15392] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  686.686452][T15392] syzkaller0: entered promiscuous mode
[  686.692930][T15392] syzkaller0: entered allmulticast mode
[  686.710068][T15392] tipc: Resetting bearer <eth:syzkaller0>
[  686.725021][T15391] tipc: Resetting bearer <eth:syzkaller0>
[  686.748169][T15391] tipc: Disabling bearer <eth:syzkaller0>
[  686.850694][T15395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  686.866638][T15395] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  686.887027][T15395] openvswitch: netlink: Unexpected mask (mask=200040, allowed=10048)
[  687.175998][T15401] fuse: Bad value for 'fd'
[  687.448702][T15411] FAULT_INJECTION: forcing a failure.
[  687.448702][T15411] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.476238][T15411] CPU: 0 UID: 0 PID: 15411 Comm: syz.2.2215 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  687.476274][T15411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  687.476286][T15411] Call Trace:
[  687.476295][T15411]  <TASK>
[  687.476304][T15411]  dump_stack_lvl+0x189/0x250
[  687.476330][T15411]  ? __pfx____ratelimit+0x10/0x10
[  687.476353][T15411]  ? __pfx_dump_stack_lvl+0x10/0x10
[  687.476374][T15411]  ? __pfx__printk+0x10/0x10
[  687.476399][T15411]  ? __might_fault+0xb0/0x130
[  687.476436][T15411]  should_fail_ex+0x414/0x560
[  687.476466][T15411]  _copy_from_user+0x2d/0xb0
[  687.476490][T15411]  do_tcp_setsockopt+0x47d/0x1f10
[  687.476521][T15411]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  687.476548][T15411]  ? __pfx_aa_sk_perm+0x10/0x10
[  687.476571][T15411]  ? __fget_files+0x2a/0x420
[  687.476596][T15411]  ? aa_sock_opt_perm+0x74/0x110
[  687.476618][T15411]  ? sock_common_setsockopt+0x36/0xc0
[  687.476638][T15411]  ? tcp_setsockopt+0x3d/0xe0
[  687.476660][T15411]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  687.476684][T15411]  do_sock_setsockopt+0x179/0x1b0
[  687.476716][T15411]  __x64_sys_setsockopt+0x13f/0x1b0
[  687.476748][T15411]  do_syscall_64+0xfa/0x3b0
[  687.476779][T15411]  ? lockdep_hardirqs_on+0x9c/0x150
[  687.476800][T15411]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.476819][T15411]  ? clear_bhb_loop+0x60/0xb0
[  687.476843][T15411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.476862][T15411] RIP: 0033:0x7fda6078eb69
[  687.476880][T15411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  687.476897][T15411] RSP: 002b:00007fda61633038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  687.476920][T15411] RAX: ffffffffffffffda RBX: 00007fda609b5fa0 RCX: 00007fda6078eb69
[  687.476934][T15411] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000003
[  687.476946][T15411] RBP: 00007fda61633090 R08: 0000000000000044 R09: 0000000000000000
[  687.476959][T15411] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  687.476971][T15411] R13: 0000000000000000 R14: 00007fda609b5fa0 R15: 00007fda60adfa28
[  687.477003][T15411]  </TASK>
[  687.499926][T15412] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  687.733400][T15412] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  687.757553][ T5916] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  687.776614][T15412] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  687.826431][T15415] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2216'.
[  687.937403][ T5974] usb 5-1: new low-speed USB device number 74 using dummy_hcd
[  687.950189][ T5916] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  687.984339][ T5916] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  688.017650][ T5916] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.051112][ T5916] usb 4-1: config 0 descriptor??
[  688.090188][ T5974] usb 5-1: No LPM exit latency info found, disabling LPM.
[  688.116026][ T5974] usb 5-1: config 9 has an invalid interface number: 163 but max is 3
[  688.144200][ T5974] usb 5-1: config 9 has an invalid interface number: 49 but max is 3
[  688.186590][ T5974] usb 5-1: config 9 has an invalid interface number: 142 but max is 3
[  688.225231][ T5974] usb 5-1: config 9 has an invalid interface number: 27 but max is 3
[  688.246170][ T5974] usb 5-1: config 9 has no interface number 0
[  688.273797][ T5974] usb 5-1: config 9 has no interface number 1
[  688.291602][ T5974] usb 5-1: config 9 has no interface number 2
[  688.318300][ T5974] usb 5-1: config 9 has no interface number 3
[  688.332012][ T5974] usb 5-1: config 9 interface 163 altsetting 15 endpoint 0x9 has invalid maxpacket 1023, setting to 8
[  688.359167][ T5974] usb 5-1: config 9 interface 163 altsetting 15 endpoint 0xF has invalid maxpacket 64, setting to 8
[  688.392947][ T5974] usb 5-1: config 9 interface 163 altsetting 15 endpoint 0xC has invalid maxpacket 64, setting to 8
[  688.474690][ T5974] usb 5-1: config 9 interface 49 altsetting 252 endpoint 0x2 has invalid maxpacket 1024, setting to 8
[  688.491381][T15425] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2220'.
[  688.500615][ T5974] usb 5-1: config 9 interface 142 altsetting 10 has a duplicate endpoint with address 0xC, skipping
[  688.500649][ T5974] usb 5-1: config 9 interface 142 altsetting 10 has an invalid descriptor for endpoint zero, skipping
[  688.500671][ T5974] usb 5-1: config 9 interface 142 altsetting 10 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  688.500740][ T5974] usb 5-1: config 9 interface 27 altsetting 170 has a duplicate endpoint with address 0xF, skipping
[  688.597477][ T5974] usb 5-1: config 9 interface 163 has no altsetting 0
[  688.611469][ T5974] usb 5-1: config 9 interface 49 has no altsetting 0
[  688.625918][ T5974] usb 5-1: config 9 interface 142 has no altsetting 0
[  688.636883][ T5974] usb 5-1: config 9 interface 27 has no altsetting 0
[  688.651578][ T5974] usb 5-1: New USB device found, idVendor=1a72, idProduct=1009, bcdDevice=c5.65
[  688.670144][ T5974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.688025][ T5974] usb 5-1: Product: 倊
[  688.698073][ T5974] usb 5-1: Manufacturer: â°Š
[  688.709155][ T5974] usb 5-1: SerialNumber: à°�
[  688.789828][ T5846] rtsx_usb 2-1:6.158: probe with driver rtsx_usb failed with error -22
[  688.841227][ T5846] usb 2-1: USB disconnect, device number 82
[  688.848335][T15429] FAULT_INJECTION: forcing a failure.
[  688.848335][T15429] name failslab, interval 1, probability 0, space 0, times 0
[  688.874092][T15429] CPU: 1 UID: 0 PID: 15429 Comm: syz.2.2221 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  688.874121][T15429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  688.874134][T15429] Call Trace:
[  688.874142][T15429]  <TASK>
[  688.874155][T15429]  dump_stack_lvl+0x189/0x250
[  688.874176][T15429]  ? __pfx____ratelimit+0x10/0x10
[  688.874193][T15429]  ? __pfx_dump_stack_lvl+0x10/0x10
[  688.874213][T15429]  ? __pfx__printk+0x10/0x10
[  688.874246][T15429]  ? __lock_acquire+0xab9/0xd20
[  688.874274][T15429]  should_fail_ex+0x414/0x560
[  688.874302][T15429]  should_failslab+0xa8/0x100
[  688.874319][T15429]  kmem_cache_alloc_noprof+0x73/0x3c0
[  688.874334][T15429]  ? dst_alloc+0x105/0x170
[  688.874357][T15429]  dst_alloc+0x105/0x170
[  688.874389][T15429]  ip_route_output_key_hash_rcu+0x14e1/0x23d0
[  688.874418][T15429]  ? ip_route_output_key_hash_rcu+0x1311/0x23d0
[  688.874451][T15429]  ? ip_route_output_key_hash+0xde/0x2e0
[  688.874470][T15429]  ip_route_output_key_hash+0x1b9/0x2e0
[  688.874486][T15429]  ? look_up_lock_class+0x74/0x170
[  688.874501][T15429]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  688.874553][T15429]  tcp_v4_connect+0x751/0x1a00
[  688.874599][T15429]  ? __pfx_tcp_v4_connect+0x10/0x10
[  688.874624][T15429]  mptcp_connect+0x568/0x830
[  688.874641][T15429]  __inet_stream_connect+0x2ab/0xe80
[  688.874660][T15429]  ? __local_bh_enable_ip+0x12d/0x1c0
[  688.874681][T15429]  ? __pfx___inet_stream_connect+0x10/0x10
[  688.874701][T15429]  ? __local_bh_enable_ip+0x12d/0x1c0
[  688.874726][T15429]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  688.874763][T15429]  inet_stream_connect+0x66/0xa0
[  688.874781][T15429]  __sys_connect+0x313/0x440
[  688.874798][T15429]  ? __pfx___sys_connect+0x10/0x10
[  688.874810][T15429]  ? __irq_exit_rcu+0xca/0x1f0
[  688.874853][T15429]  __x64_sys_connect+0x7a/0x90
[  688.874877][T15429]  do_syscall_64+0xfa/0x3b0
[  688.874900][T15429]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.874917][T15429]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  688.874932][T15429]  ? clear_bhb_loop+0x60/0xb0
[  688.874946][T15429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  688.874958][T15429] RIP: 0033:0x7fda6078eb69
[  688.874970][T15429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  688.874981][T15429] RSP: 002b:00007fda61633038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  688.875002][T15429] RAX: ffffffffffffffda RBX: 00007fda609b5fa0 RCX: 00007fda6078eb69
[  688.875016][T15429] RDX: 0000000000000010 RSI: 0000200000000000 RDI: 0000000000000005
[  688.875028][T15429] RBP: 00007fda61633090 R08: 0000000000000000 R09: 0000000000000000
[  688.875040][T15429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  688.875051][T15429] R13: 0000000000000000 R14: 00007fda609b5fa0 R15: 00007fda60adfa28
[  688.875084][T15429]  </TASK>
[  689.156874][    C1] vkms_vblank_simulate: vblank timer overrun
[  689.292463][T15430] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  689.323117][T15430] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0
[  690.194269][T15437] fuse: Bad value for 'fd'
[  690.300968][ T5916] usbhid 4-1:0.0: can't add hid device: -71
[  690.322529][ T5916] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  690.380954][ T5916] usb 4-1: USB disconnect, device number 82
[  691.122331][ T5974] ftdi_sio 5-1:9.163: FTDI USB Serial Device converter detected
[  691.298844][T15451] netlink: 208 bytes leftover after parsing attributes in process `syz.2.2226'.
[  691.421696][T15447] input: syz0 as /devices/virtual/input/input43
[  691.500840][ T5974] ftdi_sio ttyUSB0: unknown device type: 0xc565
[  691.610580][ T5974] ftdi_sio 5-1:9.49: FTDI USB Serial Device converter detected
[  691.714913][ T5974] ftdi_sio ttyUSB1: unknown device type: 0xc565
[  691.806182][ T5974] ftdi_sio 5-1:9.142: FTDI USB Serial Device converter detected
[  691.816690][ T5974] ftdi_sio ttyUSB2: unknown device type: 0xc565
[  691.830013][ T5974] ftdi_sio 5-1:9.27: FTDI USB Serial Device converter detected
[  691.842953][ T5974] ftdi_sio ttyUSB3: unknown device type: 0xc565
[  691.862694][ T5974] usb 5-1: USB disconnect, device number 74
[  691.905558][ T5974] ftdi_sio 5-1:9.163: device disconnected
[  691.920483][ T5974] ftdi_sio 5-1:9.49: device disconnected
[  691.979206][ T5974] ftdi_sio 5-1:9.142: device disconnected
[  692.002085][ T5974] ftdi_sio 5-1:9.27: device disconnected
[  692.086394][T15459] tipc: MTU too low for tipc bearer
[  692.209071][T15462] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2230'.
[  692.272690][T15460] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2230'.
[  692.309625][T15459] kvm: pic: non byte write
[  692.559596][T15466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2232'.
[  692.595009][T15466] bridge_slave_1: left allmulticast mode
[  692.633869][T15466] bridge_slave_1: left promiscuous mode
[  692.663382][T15466] bridge0: port 2(bridge_slave_1) entered disabled state
[  692.699363][T15466] bridge_slave_0: left allmulticast mode
[  692.719798][T15466] bridge_slave_0: left promiscuous mode
[  692.740643][T15466] bridge0: port 1(bridge_slave_0) entered disabled state
[  692.870392][T15473] fuse: Bad value for 'fd'
[  693.259988][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  693.260008][   T30] audit: type=1326 audit(1753992265.110:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  693.336383][T15480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  693.359062][   T30] audit: type=1326 audit(1753992265.110:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  693.420346][T15480] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.464983][   T30] audit: type=1326 audit(1753992265.110:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  693.513951][   T30] audit: type=1326 audit(1753992265.110:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  693.687550][   T30] audit: type=1326 audit(1753992265.110:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  693.753207][   T30] audit: type=1326 audit(1753992265.110:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  693.843137][   T30] audit: type=1326 audit(1753992265.110:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  693.913220][   T30] audit: type=1326 audit(1753992265.110:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  694.039584][   T30] audit: type=1326 audit(1753992265.110:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  694.064903][ T5974] usb 3-1: new high-speed USB device number 94 using dummy_hcd
[  694.153811][   T30] audit: type=1326 audit(1753992265.110:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15476 comm="syz.3.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f662b18eb69 code=0x7ff00000
[  694.158770][T15490] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.227876][T15490] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.257462][ T5974] usb 3-1: Using ep0 maxpacket: 8
[  694.268112][ T5974] usb 3-1: unable to get BOS descriptor or descriptor too short
[  694.276862][ T5974] usb 3-1: config 0 has an invalid interface number: 165 but max is 0
[  694.307034][ T5974] usb 3-1: config 0 has no interface number 0
[  694.357518][ T5974] usb 3-1: config 0 interface 165 has no altsetting 0
[  694.391303][ T5974] usb 3-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=9b.2e
[  694.407396][ T5974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.439075][ T5974] usb 3-1: Product: syz
[  694.457470][ T5974] usb 3-1: Manufacturer: syz
[  694.468753][ T5974] usb 3-1: SerialNumber: syz
[  694.496496][ T5974] usb 3-1: config 0 descriptor??
[  694.775600][ T5974] comedi comedi5: Wrong number of endpoints
[  694.796533][ T5974] ni6501 3-1:0.165: driver 'ni6501' failed to auto-configure device.
[  694.823509][ T5974] usb 3-1: USB disconnect, device number 94
[  695.452849][T15506] fuse: Bad value for 'fd'
[  696.754874][T15533] netlink: 'syz.2.2248': attribute type 2 has an invalid length.
[  697.684521][T15539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  697.696694][T15539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  697.934582][T15543] 0ªî{X¹¦: left allmulticast mode
[  698.047325][ T5917] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  698.082441][T15549] fuse: Bad value for 'fd'
[  698.225228][T15543] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  698.269497][ T5917] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  698.289710][ T5917] usb 3-1: config 0 interface 0 has no altsetting 0
[  698.319085][ T5917] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  698.328396][ T5909] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  698.336586][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.354182][ T5917] usb 3-1: Product: syz
[  698.360213][ T5917] usb 3-1: Manufacturer: syz
[  698.365051][ T5917] usb 3-1: SerialNumber: syz
[  698.395598][ T5917] usb 3-1: config 0 descriptor??
[  698.409733][ T5917] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  698.411714][ T5917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  698.412333][ T5917] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  698.412367][ T5917] usb 3-1: media controller created
[  698.424717][T15554] fuse: Bad value for 'fd'
[  698.448781][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  698.567526][ T5909] usb 4-1: Using ep0 maxpacket: 32
[  698.621646][ T5909] usb 4-1: config 0 has an invalid interface number: 231 but max is 0
[  698.621681][ T5909] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  698.621702][ T5909] usb 4-1: config 0 has no interface number 0
[  698.621749][ T5909] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  698.621774][ T5909] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  698.629990][T15540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  698.630237][T15540] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  698.632122][T15540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  698.632404][T15540] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  698.633448][T15540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  698.634036][T15540] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  698.635338][ T5909] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  698.635358][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.635371][ T5909] usb 4-1: Product: syz
[  698.635380][ T5909] usb 4-1: Manufacturer: syz
[  698.635421][ T5909] usb 4-1: SerialNumber: syz
[  698.638367][ T5909] usb 4-1: config 0 descriptor??
[  698.821122][T15558] netlink: 'syz.1.2259': attribute type 2 has an invalid length.
[  698.879697][T15547] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  698.881719][ T5909] usb-storage 4-1:0.231: USB Mass Storage device detected
[  698.891305][ T5917] DVB: Unable to find symbol tda10046_attach()
[  698.891323][ T5917] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  698.891340][ T5917] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  698.923633][T15562] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2260'.
[  699.096855][ T5917] dvb_usb_m920x 3-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  699.100276][ T5917] usb 3-1: USB disconnect, device number 95
[  699.174126][T15545] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  699.186796][T15545] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  699.196857][ T5916] usb 4-1: USB disconnect, device number 83
[  699.710430][ T5846] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  699.946097][ T5846] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  699.963084][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.049780][ T5846] usb 5-1: Product: syz
[  700.059915][ T5846] usb 5-1: Manufacturer: syz
[  700.070090][ T5846] usb 5-1: SerialNumber: syz
[  700.091929][ T5846] usb 5-1: config 0 descriptor??
[  700.471632][ T5846] usb 5-1: Firmware version (0.0) predates our first public release.
[  700.501707][ T5846] usb 5-1: Please update to version 0.2 or newer
[  700.620168][ T5846] usb 5-1: USB disconnect, device number 75
[  701.086278][T15599] fuse: Bad value for 'fd'
[  702.000954][T15615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  702.077786][T15615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  702.132671][T15618] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2276'.
[  702.185282][T15618] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2276'.
[  702.258090][T11823] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  702.417543][T11823] usb 5-1: Using ep0 maxpacket: 8
[  702.422932][T11823] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  702.456520][T11823] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  702.564506][T11823] usb 5-1: config 0 descriptor??
[  702.798285][T11823] asix 5-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  703.201152][T15638] fuse: Bad value for 'fd'
[  703.412901][T15616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  703.457841][T15616] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  703.472939][T11823] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  703.497013][T11823] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  703.515549][T15641] netlink: 'syz.1.2282': attribute type 7 has an invalid length.
[  703.548362][T11823] asix 5-1:0.0: probe with driver asix failed with error -71
[  703.578764][T15641] : entered promiscuous mode
[  703.617922][T11823] usb 5-1: USB disconnect, device number 76
[  707.655047][T15679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  707.672442][T15679] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  707.747975][T15679] FAULT_INJECTION: forcing a failure.
[  707.747975][T15679] name failslab, interval 1, probability 0, space 0, times 0
[  707.881201][T15679] CPU: 0 UID: 0 PID: 15679 Comm: syz.0.2289 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  707.881231][T15679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  707.881242][T15679] Call Trace:
[  707.881251][T15679]  <TASK>
[  707.881260][T15679]  dump_stack_lvl+0x189/0x250
[  707.881337][T15679]  ? __pfx____ratelimit+0x10/0x10
[  707.881360][T15679]  ? __pfx_dump_stack_lvl+0x10/0x10
[  707.881380][T15679]  ? __pfx__printk+0x10/0x10
[  707.881410][T15679]  ? __pfx___might_resched+0x10/0x10
[  707.881441][T15679]  should_fail_ex+0x414/0x560
[  707.881472][T15679]  should_failslab+0xa8/0x100
[  707.881501][T15679]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  707.881527][T15679]  ? __alloc_skb+0x112/0x2d0
[  707.881555][T15679]  __alloc_skb+0x112/0x2d0
[  707.881583][T15679]  netlink_sendmsg+0x5c6/0xb30
[  707.881618][T15679]  ? __pfx_netlink_sendmsg+0x10/0x10
[  707.881645][T15679]  ? aa_sock_msg_perm+0x94/0x160
[  707.881667][T15679]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  707.881686][T15679]  ? __pfx_netlink_sendmsg+0x10/0x10
[  707.881710][T15679]  __sock_sendmsg+0x219/0x270
[  707.881735][T15679]  ____sys_sendmsg+0x505/0x830
[  707.881764][T15679]  ? __pfx_____sys_sendmsg+0x10/0x10
[  707.881800][T15679]  ? import_iovec+0x74/0xa0
[  707.881825][T15679]  ___sys_sendmsg+0x21f/0x2a0
[  707.881854][T15679]  ? __pfx____sys_sendmsg+0x10/0x10
[  707.881920][T15679]  ? __fget_files+0x2a/0x420
[  707.881945][T15679]  ? __fget_files+0x3a0/0x420
[  707.881981][T15679]  __x64_sys_sendmsg+0x19b/0x260
[  707.882011][T15679]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  707.882049][T15679]  ? __pfx_ksys_write+0x10/0x10
[  707.882069][T15679]  ? rcu_is_watching+0x15/0xb0
[  707.882102][T15679]  ? do_syscall_64+0xbe/0x3b0
[  707.882130][T15679]  do_syscall_64+0xfa/0x3b0
[  707.882148][T15679]  ? lockdep_hardirqs_on+0x9c/0x150
[  707.882168][T15679]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.882186][T15679]  ? clear_bhb_loop+0x60/0xb0
[  707.882208][T15679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.882225][T15679] RIP: 0033:0x7ff60c38eb69
[  707.882242][T15679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  707.882258][T15679] RSP: 002b:00007ff60d130038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  707.882288][T15679] RAX: ffffffffffffffda RBX: 00007ff60c5b6080 RCX: 00007ff60c38eb69
[  707.882301][T15679] RDX: 0000000024040010 RSI: 00002000000009c0 RDI: 0000000000000005
[  707.882314][T15679] RBP: 00007ff60d130090 R08: 0000000000000000 R09: 0000000000000000
[  707.882326][T15679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.882337][T15679] R13: 0000000000000000 R14: 00007ff60c5b6080 R15: 00007ff60c6dfa28
[  707.882369][T15679]  </TASK>
[  708.295260][T15685] fuse: Bad value for 'fd'
[  708.906229][T11823] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  708.992892][T15706] loop6: detected capacity change from 0 to 524287999
[  709.059559][T11823] usb 4-1: Using ep0 maxpacket: 8
[  709.085256][T11823] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  709.094090][T11823] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  709.104932][T11823] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  709.122119][T11823] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  709.133629][T11823] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  709.160663][T11823] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  709.170728][T11823] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.493581][T11823] usb 4-1: GET_CAPABILITIES returned 0
[  709.499521][ T5846] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  709.507329][T11823] usbtmc 4-1:16.0: can't read capabilities
[  709.660966][T15695] ALSA: mixer_oss: invalid index 1872895089
[  709.691665][ T5846] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  709.694710][ T5916] usb 4-1: USB disconnect, device number 84
[  709.771782][ T5846] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  709.788638][ T5846] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  709.799064][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.821095][ T5846] usb 5-1: config 0 descriptor??
[  709.844361][ T5846] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  710.476164][T15720] fuse: Bad value for 'fd'
[  710.927395][ T5846] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  711.089104][ T5846] usb 2-1: Using ep0 maxpacket: 8
[  711.096413][ T5846] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  711.110216][ T5846] usb 2-1: config 179 has no interface number 0
[  711.117976][ T5846] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  711.137352][ T5846] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  711.166633][ T5846] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  711.192691][ T5846] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  711.325665][ T5846] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  711.405644][ T5846] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  711.414959][ T5846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  711.560501][T15725] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  711.813917][T15728] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  712.489801][ T5846] usb 5-1: USB disconnect, device number 77
[  713.925665][ T5917] usb 2-1: USB disconnect, device number 83
[  713.925785][    C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  713.940571][    C0] dummy_hcd dummy_hcd.1: timer fired with no URBs pending?
[  714.665489][T15744] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1113132006 (1113132006 ns) > initial count (497682314 ns). Using initial count to start timer.
[  715.422697][T15772] fuse: Bad value for 'fd'
[  715.781507][T15779] vim2m vim2m.0: vidioc_s_fmt queue busy
[  715.998069][T15779] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2320'.
[  716.164697][T15789] lo: entered allmulticast mode
[  716.178621][T15790] netlink: 'syz.2.2323': attribute type 1 has an invalid length.
[  716.445033][T15795] bond2: (slave geneve2): making interface the new active one
[  716.481098][T15795] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  716.520378][T15798] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[  716.576869][ T6983] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  716.609614][ T6983] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  716.674120][ T6983] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  716.685388][ T6983] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  717.267546][ T5916] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  717.447538][ T5916] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  717.478169][ T5916] usb 2-1: config 0 has no interfaces?
[  717.527390][ T5916] usb 2-1: New USB device found, idVendor=0421, idProduct=0223, bcdDevice=43.58
[  717.578539][ T5916] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.597923][ T5846] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  717.836244][ T5916] usb 2-1: config 0 descriptor??
[  717.857243][ T5846] usb 4-1: Using ep0 maxpacket: 32
[  717.866390][ T5846] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  717.876266][ T5846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  717.884513][ T5846] usb 4-1: Product: syz
[  717.897566][ T5846] usb 4-1: Manufacturer: syz
[  717.909549][T15815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  717.920351][T15815] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  717.945283][ T5846] usb 4-1: SerialNumber: syz
[  717.982219][ T5846] usb 4-1: config 0 descriptor??
[  718.241861][T15808] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1113132006 (1113132006 ns) > initial count (497682314 ns). Using initial count to start timer.
[  718.264565][ T5846] snd-usb-6fire 4-1:0.0: unable to receive device firmware state.
[  718.785860][ T5846] snd-usb-6fire 4-1:0.0: probe with driver snd-usb-6fire failed with error -121
[  718.816238][ T5846] usb 4-1: USB disconnect, device number 85
[  718.898477][T15818] fuse: Bad value for 'fd'
[  719.708730][ T5916] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[  719.912969][ T5846] usb 2-1: USB disconnect, device number 84
[  721.155886][   T30] kauditd_printk_skb: 2033 callbacks suppressed
[  721.155907][   T30] audit: type=1800 audit(1753992293.000:2822): pid=15848 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2338" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  721.490011][T15854] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2337'.
[  722.095627][T15860] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2340'.
[  722.546359][ T5917] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  722.784542][ T5917] usb 4-1: config index 0 descriptor too short (expected 8192, got 77)
[  722.793460][ T5917] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  722.805902][ T5917] usb 4-1: config 0 has no interfaces?
[  722.816879][ T5917] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  722.828628][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  722.841618][ T5917] usb 4-1: Product: syz
[  722.845909][ T5917] usb 4-1: Manufacturer: syz
[  722.881539][ T5917] usb 4-1: SerialNumber: syz
[  722.921484][ T5917] usb 4-1: config 0 descriptor??
[  722.997011][T15867] fuse: Bad value for 'fd'
[  723.222879][T15862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  723.436119][T15871] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  723.542474][T15862] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  724.384421][ T5916] usb 5-1: unable to get BOS descriptor or descriptor too short
[  724.444695][ T5916] usb 5-1: unable to read config index 0 descriptor/start: -71
[  724.508591][ T5916] usb 5-1: can't read configurations, error -71
[  725.584725][ T5917] usb 4-1: USB disconnect, device number 86
[  725.831286][T15892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  725.884293][T15892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  726.228266][T15903] fuse: Bad value for 'fd'
[  726.277769][T11823] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  726.587256][T11823] usb 5-1: Using ep0 maxpacket: 32
[  726.615161][T11823] usb 5-1: New USB device found, idVendor=046d, idProduct=08b7, bcdDevice=99.db
[  726.627249][T11823] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.668452][T11823] usb 5-1: config 0 descriptor??
[  726.710567][T11823] pwc: Logitech ViewPort AV 100 webcam detected.
[  726.775227][T15910] hub 9-0:1.0: USB hub found
[  726.777563][    C1] ip6_tunnel: ip6gretap0: Local routing loop detected!
[  726.780965][T15910] hub 9-0:1.0: 1 port detected
[  729.022277][T11823] pwc: Failed to set LED on/off time (-71)
[  729.054860][T11823] pwc: send_video_command error -71
[  729.075238][T11823] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  729.099465][T11823] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  729.140411][T11823] usb 5-1: USB disconnect, device number 80
[  729.153659][T15921] netlink: 'syz.1.2359': attribute type 9 has an invalid length.
[  729.171333][T15921] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2359'.
[  729.747351][T11823] usb 5-1: new high-speed USB device number 81 using dummy_hcd
[  730.009808][T11823] usb 5-1: Using ep0 maxpacket: 16
[  730.035401][T11823] usb 5-1: config 8 has an invalid interface number: 39 but max is 0
[  730.055931][T11823] usb 5-1: config 8 has no interface number 0
[  730.063681][T11823] usb 5-1: config 8 interface 39 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 521
[  730.135577][T11823] usb 5-1: config 8 interface 39 has no altsetting 0
[  730.152478][T11823] usb 5-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  730.161930][T11823] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.170333][T11823] usb 5-1: Product: syz
[  730.175594][T11823] usb 5-1: Manufacturer: syz
[  730.180712][T11823] usb 5-1: SerialNumber: syz
[  730.194097][T15923] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  730.488248][T11823] ipheth 5-1:8.39: Unable to find endpoints
[  730.646928][T11823] usb 5-1: USB disconnect, device number 81
[  730.647306][ T5916] raw-gadget.2 gadget.0: failed to queue reset event
[  730.747606][ T5916] raw-gadget.2 gadget.0: failed to queue resume event
[  730.870905][ T5916] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  730.889702][    C1] raw-gadget.2 gadget.0: ignoring, device is not running
[  731.090271][ T5916] raw-gadget.2 gadget.0: failed to queue reset event
[  731.128654][T15948] fuse: Bad value for 'fd'
[  731.227708][ T5916] raw-gadget.2 gadget.0: failed to queue resume event
[  731.298327][ T5916] usb 1-1: device descriptor read/64, error -32
[  731.448072][ T5916] raw-gadget.2 gadget.0: failed to queue suspend event
[  731.457057][ T5916] raw-gadget.2 gadget.0: failed to queue reset event
[  731.548085][ T5916] raw-gadget.2 gadget.0: failed to queue resume event
[  731.619598][ T5916] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  731.639597][    C1] raw-gadget.2 gadget.0: ignoring, device is not running
[  731.646992][ T5916] raw-gadget.2 gadget.0: failed to queue reset event
[  731.717794][ T5916] raw-gadget.2 gadget.0: failed to queue resume event
[  731.797571][ T5916] usb 1-1: device descriptor read/64, error -32
[  731.917977][ T5916] raw-gadget.2 gadget.0: failed to queue suspend event
[  731.932276][ T5916] usb usb1-port1: attempt power cycle
[  731.951522][T15963] FAULT_INJECTION: forcing a failure.
[  731.951522][T15963] name failslab, interval 1, probability 0, space 0, times 0
[  731.964658][T15963] CPU: 1 UID: 0 PID: 15963 Comm: syz.1.2372 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  731.964688][T15963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  731.964700][T15963] Call Trace:
[  731.964709][T15963]  <TASK>
[  731.964718][T15963]  dump_stack_lvl+0x189/0x250
[  731.964745][T15963]  ? __pfx____ratelimit+0x10/0x10
[  731.964768][T15963]  ? __pfx_dump_stack_lvl+0x10/0x10
[  731.964790][T15963]  ? __pfx__printk+0x10/0x10
[  731.964819][T15963]  ? __lock_acquire+0xab9/0xd20
[  731.964853][T15963]  should_fail_ex+0x414/0x560
[  731.964886][T15963]  should_failslab+0xa8/0x100
[  731.964916][T15963]  kmem_cache_alloc_noprof+0x73/0x3c0
[  731.964940][T15963]  ? skb_clone+0x212/0x3a0
[  731.964965][T15963]  ? __pfx_skb_network_protocol+0x10/0x10
[  731.964997][T15963]  skb_clone+0x212/0x3a0
[  731.965023][T15963]  ? dev_queue_xmit_nit+0x25a/0xcc0
[  731.965051][T15963]  dev_queue_xmit_nit+0x416/0xcc0
[  731.965076][T15963]  ? dev_queue_xmit_nit+0x2d/0xcc0
[  731.965115][T15963]  dev_hard_start_xmit+0x1be/0x830
[  731.965163][T15963]  __dev_queue_xmit+0x1b8d/0x3b50
[  731.965204][T15963]  ? __dev_queue_xmit+0x27b/0x3b50
[  731.965259][T15963]  ? __pfx___dev_queue_xmit+0x10/0x10
[  731.965303][T15963]  ? __copy_skb_header+0xa7/0x550
[  731.965331][T15963]  ? __asan_memcpy+0x40/0x70
[  731.965353][T15963]  ? __skb_clone+0x63/0x7a0
[  731.965384][T15963]  ? __skb_clone+0x483/0x7a0
[  731.965419][T15963]  ? skb_clone+0x246/0x3a0
[  731.965450][T15963]  __netlink_deliver_tap+0x5ad/0x850
[  731.965490][T15963]  ? netlink_deliver_tap+0x2e/0x1b0
[  731.965516][T15963]  netlink_deliver_tap+0x19c/0x1b0
[  731.965541][T15963]  netlink_unicast+0x7fa/0x9e0
[  731.965573][T15963]  ? __pfx_netlink_unicast+0x10/0x10
[  731.965597][T15963]  ? netlink_sendmsg+0x642/0xb30
[  731.965618][T15963]  ? skb_put+0x11b/0x210
[  731.965647][T15963]  netlink_sendmsg+0x805/0xb30
[  731.965682][T15963]  ? __pfx_netlink_sendmsg+0x10/0x10
[  731.965710][T15963]  ? aa_sock_msg_perm+0x94/0x160
[  731.965734][T15963]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  731.965753][T15963]  ? __pfx_netlink_sendmsg+0x10/0x10
[  731.965784][T15963]  __sock_sendmsg+0x219/0x270
[  731.965809][T15963]  ____sys_sendmsg+0x505/0x830
[  731.965842][T15963]  ? __pfx_____sys_sendmsg+0x10/0x10
[  731.965880][T15963]  ? import_iovec+0x74/0xa0
[  731.965907][T15963]  ___sys_sendmsg+0x21f/0x2a0
[  731.965937][T15963]  ? __pfx____sys_sendmsg+0x10/0x10
[  731.966005][T15963]  ? __fget_files+0x2a/0x420
[  731.966029][T15963]  ? __fget_files+0x3a0/0x420
[  731.966068][T15963]  __x64_sys_sendmsg+0x19b/0x260
[  731.966098][T15963]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  731.966136][T15963]  ? __pfx_ksys_write+0x10/0x10
[  731.966156][T15963]  ? rcu_is_watching+0x15/0xb0
[  731.966189][T15963]  ? do_syscall_64+0xbe/0x3b0
[  731.966217][T15963]  do_syscall_64+0xfa/0x3b0
[  731.966246][T15963]  ? lockdep_hardirqs_on+0x9c/0x150
[  731.966267][T15963]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.966287][T15963]  ? clear_bhb_loop+0x60/0xb0
[  731.966312][T15963]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  731.966331][T15963] RIP: 0033:0x7f5f20b8eb69
[  731.966351][T15963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  731.966367][T15963] RSP: 002b:00007f5f219aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  731.966390][T15963] RAX: ffffffffffffffda RBX: 00007f5f20db5fa0 RCX: 00007f5f20b8eb69
[  731.966405][T15963] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  731.966418][T15963] RBP: 00007f5f219aa090 R08: 0000000000000000 R09: 0000000000000000
[  731.966431][T15963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  731.966443][T15963] R13: 0000000000000000 R14: 00007f5f20db5fa0 R15: 00007f5f20edfa28
[  731.966477][T15963]  </TASK>
[  731.972595][T15962] sctp: [Deprecated]: syz.3.2371 (pid 15962) Use of struct sctp_assoc_value in delayed_ack socket option.
[  731.972595][T15962] Use struct sctp_sack_info instead
[  731.979566][ T5916] raw-gadget.2 gadget.0: failed to queue disconnect event
[  732.647342][T11823] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  732.667566][T15972] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2374'.
[  732.690459][ T5916] raw-gadget.2 gadget.0: failed to queue reset event
[  732.760342][T15969] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2370'.
[  732.775468][T15969] input: syz0 as /devices/virtual/input/input44
[  732.817421][T11823] usb 4-1: Using ep0 maxpacket: 16
[  732.827658][T11823] usb 4-1: config 0 interface 0 has no altsetting 0
[  732.837605][T11823] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  732.876991][T11823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.897317][ T5916] raw-gadget.2 gadget.0: failed to queue resume event
[  732.904512][ T5916] raw-gadget.2 gadget.0: failed to queue reset event
[  732.942019][T11823] usb 4-1: Product: syz
[  733.022964][T11823] usb 4-1: Manufacturer: syz
[  733.054436][T11823] usb 4-1: SerialNumber: syz
[  733.075796][T11823] usb 4-1: config 0 descriptor??
[  733.204889][ T5916] raw-gadget.2 gadget.0: failed to queue resume event
[  733.293167][ T5916] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  733.387817][    C1] raw-gadget.2 gadget.0: ignoring, device is not running
[  733.422394][ T5916] usb 1-1: device descriptor read/8, error -32
[  733.449995][T15962] netlink: 208 bytes leftover after parsing attributes in process `syz.3.2371'.
[  733.478424][T11823] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  733.509799][T11823] usb 4-1: Detected FT-X
[  733.514657][T11823] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  733.579379][ T5916] raw-gadget.2 gadget.0: failed to queue suspend event
[  733.603367][T11823] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  733.621714][T11823] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71
[  733.621740][ T5916] raw-gadget.2 gadget.0: failed to queue reset event
[  733.670962][T11823] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  733.738337][T11823] usb 4-1: USB disconnect, device number 87
[  733.767447][ T5916] raw-gadget.2 gadget.0: failed to queue resume event
[  733.803374][T11823] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  733.857543][T11823] ftdi_sio 4-1:0.0: device disconnected
[  733.870998][ T5916] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  733.946851][    C1] raw-gadget.2 gadget.0: ignoring, device is not running
[  733.970220][T15984] fuse: Bad value for 'fd'
[  733.977560][ T5916] usb 1-1: device descriptor read/8, error -32
[  734.151629][T15986] loop6: detected capacity change from 0 to 63
[  734.157353][ T5916] raw-gadget.2 gadget.0: failed to queue suspend event
[  734.164943][ T5916] usb usb1-port1: unable to enumerate USB device
[  734.224879][ T5969] buffer_io_error: 18 callbacks suppressed
[  734.224900][ T5969] Buffer I/O error on dev loop6, logical block 0, async page read
[  734.373386][ T5969] Buffer I/O error on dev loop6, logical block 0, async page read
[  734.378624][ T5969] Buffer I/O error on dev loop6, logical block 0, async page read
[  734.379289][ T5969] Buffer I/O error on dev loop6, logical block 0, async page read
[  734.936338][ T5969] Buffer I/O error on dev loop6, logical block 0, async page read
[  736.287697][ T5846] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  736.449169][ T5846] usb 4-1: Using ep0 maxpacket: 8
[  736.465198][ T5846] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  736.486806][ T5846] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  736.527346][ T5846] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  736.566986][ T5846] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  736.656987][ T5846] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  736.682487][ T5846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.037907][ T5909] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  737.074846][ T5846] usb 4-1: GET_CAPABILITIES returned 0
[  737.104704][ T5846] usbtmc 4-1:16.0: can't read capabilities
[  737.227218][ T5909] usb 3-1: Using ep0 maxpacket: 8
[  737.249671][T16019] usbtmc 4-1:16.0: usbtmc488_ioctl_trigger returned -71
[  737.262783][T16019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  737.273970][ T5909] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13
[  737.307703][T16019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  737.327396][ T5909] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  737.356735][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.380702][ T5909] usb 3-1: Product: syz
[  737.390319][ T5909] usb 3-1: Manufacturer: syz
[  737.413556][ T5909] usb 3-1: SerialNumber: syz
[  737.450824][ T5909] usb 3-1: config 0 descriptor??
[  737.483189][ T5909] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  737.574525][T16048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  737.622832][T16048] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.289880][T16060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  738.332466][T16060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.373904][T16060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  738.388431][T16060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.405850][T16054] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2401'.
[  738.686292][T16071] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2407'.
[  738.872976][ T5974] usb 4-1: USB disconnect, device number 88
[  739.047493][ T5846] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  739.187838][ T5846] usb 2-1: device descriptor read/64, error -71
[  739.327380][ T5974] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  739.403501][T16090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  739.414767][T16090] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  739.447347][ T5846] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  739.497324][ T5974] usb 4-1: Using ep0 maxpacket: 16
[  739.501317][ T5909] gspca_zc3xx: reg_r err -32
[  739.510490][ T5974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  739.524455][ T5974] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  739.538963][ T5974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.547117][ T5974] usb 4-1: Product: syz
[  739.554123][ T5974] usb 4-1: Manufacturer: syz
[  739.561012][ T5974] usb 4-1: SerialNumber: syz
[  739.579863][ T5974] usb 4-1: config 0 descriptor??
[  739.595337][ T5974] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  739.604970][ T5846] usb 2-1: device descriptor read/64, error -71
[  739.612872][ T5974] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  739.720504][ T5846] usb usb2-port1: attempt power cycle
[  739.968945][T16097] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  739.986231][T16097] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  740.209442][ T5846] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[  740.237773][ T5909] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  740.246574][ T5909] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -32
[  740.247903][ T5846] usb 2-1: device descriptor read/8, error -71
[  740.262230][ T5974] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  740.507439][ T5846] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  740.528040][ T5846] usb 2-1: device descriptor read/8, error -71
[  740.640023][ T5846] usb usb2-port1: unable to enumerate USB device
[  740.876898][ T5974] em28xx 4-1:0.0: board has no eeprom
[  740.970213][T16103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  740.987820][T16103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  741.134335][T16109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2420'.
[  741.143617][ T5974] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  741.154740][ T5974] em28xx 4-1:0.0: dvb set to bulk mode.
[  741.161057][ T5846] em28xx 4-1:0.0: Binding DVB extension
[  741.196790][T16109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2420'.
[  741.208262][ T5974] usb 4-1: USB disconnect, device number 89
[  741.237439][ T5974] em28xx 4-1:0.0: Disconnecting em28xx
[  741.274014][ T5846] em28xx 4-1:0.0: Registering input extension
[  741.282363][ T5974] em28xx 4-1:0.0: Closing input extension
[  741.310207][ T5974] em28xx 4-1:0.0: Freeing device
[  741.652648][T16118] binder_alloc: binder_alloc_mmap_handler: 16117 200000ffc000-200001000000 already mapped failed -16
[  741.756301][ T5974] usb 3-1: USB disconnect, device number 96
[  741.817822][T16120] netlink: 'syz.2.2423': attribute type 10 has an invalid length.
[  741.826490][T16120] bridge0: port 3(team0) entered disabled state
[  741.833076][T16120] bridge0: port 1(bridge_slave_0) entered disabled state
[  741.874933][T16120] bridge0: port 3(team0) entered blocking state
[  741.881604][T16120] bridge0: port 3(team0) entered forwarding state
[  741.888520][T16120] bridge0: port 1(bridge_slave_0) entered blocking state
[  741.895730][T16120] bridge0: port 1(bridge_slave_0) entered forwarding state
[  741.916441][ T5917] usb 4-1: new full-speed USB device number 90 using dummy_hcd
[  741.943812][T16120] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  742.075716][T16129] fuse: Unknown parameter '	³0x0000000000000003'
[  742.084897][ T5917] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  742.095600][ T5917] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  742.105920][ T5917] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  742.132687][ T5917] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  742.146132][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.183359][ T5917] usbtmc 4-1:16.0: probe with driver usbtmc failed with error -22
[  742.245568][T16127] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2425'.
[  742.397358][ T5974] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  742.552425][ T5974] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  742.568784][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  742.665476][ T5846] usb 4-1: USB disconnect, device number 90
[  742.695389][ T5974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  742.710535][ T5974] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  742.725654][ T5974] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  742.735489][ T5974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.765782][ T5974] usb 3-1: config 0 descriptor??
[  743.397652][ T5974] plantronics 0003:047F:FFFF.001D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  744.234298][T16146] syz_tun: entered allmulticast mode
[  744.314672][T16144] syz_tun: left allmulticast mode
[  744.427424][T16149] netlink: 'syz.4.2431': attribute type 10 has an invalid length.
[  744.456823][T16149] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2431'.
[  744.477354][ T5974] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  744.495659][T16149] dummy0: entered promiscuous mode
[  744.527267][T16149] dummy0: entered allmulticast mode
[  744.543571][T16149] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check.
[  744.647453][ T5974] usb 4-1: Using ep0 maxpacket: 16
[  744.656519][ T5974] usb 4-1: too many endpoints for config 0 interface 0 altsetting 109: 65, using maximum allowed: 30
[  744.671543][ T5974] usb 4-1: config 0 interface 0 altsetting 109 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  744.685591][ T5974] usb 4-1: config 0 interface 0 altsetting 109 has 1 endpoint descriptor, different from the interface descriptor's value: 65
[  744.699110][ T5846] usb 3-1: reset high-speed USB device number 97 using dummy_hcd
[  744.711267][ T5974] usb 4-1: config 0 interface 0 has no altsetting 0
[  744.724744][ T5974] usb 4-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[  744.755552][T16154] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2433'.
[  744.761878][ T5974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.837618][ T5974] usb 4-1: config 0 descriptor??
[  745.251510][T16160] netlink: 'syz.4.2434': attribute type 5 has an invalid length.
[  745.533824][T16147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  745.557554][T16161] netlink: 208 bytes leftover after parsing attributes in process `syz.1.2435'.
[  745.574623][T16147] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  745.625532][ T5974] usbhid 4-1:0.0: can't add hid device: -71
[  745.631757][ T5974] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  745.640939][   T24] usb 5-1: new high-speed USB device number 82 using dummy_hcd
[  745.691028][ T5974] usb 4-1: USB disconnect, device number 91
[  745.814001][   T24] usb 5-1: Using ep0 maxpacket: 8
[  745.835903][   T24] usb 5-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  745.877970][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.886014][   T24] usb 5-1: Product: syz
[  745.917447][ T5987] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  745.933307][   T24] usb 5-1: Manufacturer: syz
[  745.953552][   T24] usb 5-1: SerialNumber: syz
[  745.974512][   T24] usb 5-1: config 0 descriptor??
[  745.989093][   T24] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  746.097253][ T5987] usb 2-1: Using ep0 maxpacket: 16
[  746.191974][ T5987] usb 2-1: config 1 has an invalid descriptor of length 140, skipping remainder of the config
[  746.229330][ T5987] usb 2-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  746.262473][ T5987] usb 2-1: config 1 interface 0 has no altsetting 0
[  746.335669][ T5987] usb 2-1: string descriptor 0 read error: -22
[  746.343470][ T5987] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  746.365344][ T5987] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.379001][T16171] openvswitch: netlink: Multiple metadata blocks provided
[  746.387554][T16168] binder_alloc: binder_alloc_mmap_handler: 16167 200000ffc000-200001000000 already mapped failed -16
[  746.619537][   T30] audit: type=1326 audit(1753992318.470:2823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59c818eb69 code=0x7ffc0000
[  746.664229][   T30] audit: type=1326 audit(1753992318.470:2824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f59c818eb69 code=0x7ffc0000
[  746.689605][   T30] audit: type=1326 audit(1753992318.470:2825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59c818eb69 code=0x7ffc0000
[  746.712042][    C0] vkms_vblank_simulate: vblank timer overrun
[  746.741829][T16176] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  746.749449][ T2098] usb 3-1: USB disconnect, device number 97
[  746.760206][T16176] usb usb1: usbfs: process 16176 (syz.3.2441) did not claim interface 0 before use
[  746.774843][    T9] raw-gadget.2 gadget.0: failed to queue reset event
[  746.785503][   T30] audit: type=1326 audit(1753992318.470:2826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f59c818e76b code=0x7ffc0000
[  746.818841][   T30] audit: type=1326 audit(1753992318.470:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f59c818e76b code=0x7ffc0000
[  746.844548][   T30] audit: type=1326 audit(1753992318.470:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f59c81c1425 code=0x7ffc0000
[  746.870889][    T9] raw-gadget.2 gadget.0: failed to queue resume event
[  746.882800][   T30] audit: type=1326 audit(1753992318.670:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f59c818eb69 code=0x7ffc0000
[  746.932711][   T30] audit: type=1326 audit(1753992318.670:2830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f59c818e76b code=0x7ffc0000
[  746.967524][    T9] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  746.985774][    C0] raw-gadget.2 gadget.0: ignoring, device is not running
[  746.994591][   T30] audit: type=1326 audit(1753992318.670:2831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f59c818e76b code=0x7ffc0000
[  747.017461][    T9] raw-gadget.2 gadget.0: failed to queue reset event
[  747.037800][ T2098] usb 3-1: new full-speed USB device number 98 using dummy_hcd
[  747.096255][   T30] audit: type=1326 audit(1753992318.670:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16159 comm="syz.4.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f59c81c1425 code=0x7ffc0000
[  747.127662][    T9] raw-gadget.2 gadget.0: failed to queue resume event
[  747.207460][    T9] usb 1-1: device descriptor read/64, error -32
[  747.252676][ T2098] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  747.272930][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  747.280402][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  747.299743][ T2098] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  747.311035][ T2098] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  747.332277][    T9] raw-gadget.2 gadget.0: failed to queue suspend event
[  747.340241][    T9] raw-gadget.2 gadget.0: failed to queue reset event
[  747.347526][ T2098] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  747.357616][ T2098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.383960][ T2098] usbtmc 3-1:16.0: probe with driver usbtmc failed with error -22
[  747.417452][    T9] raw-gadget.2 gadget.0: failed to queue resume event
[  747.435105][T16184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  747.449529][T16184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  747.465984][T16184] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  747.481696][T16184] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  747.495345][    T9] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  747.504320][    C0] raw-gadget.2 gadget.0: ignoring, device is not running
[  747.511757][    T9] raw-gadget.2 gadget.0: failed to queue reset event
[  747.588883][    T9] raw-gadget.2 gadget.0: failed to queue resume event
[  747.651524][    T9] usb 1-1: device descriptor read/64, error -32
[  747.744070][ T2098] usb 3-1: USB disconnect, device number 98
[  747.777673][    T9] raw-gadget.2 gadget.0: failed to queue suspend event
[  747.784974][    T9] usb usb1-port1: attempt power cycle
[  747.790500][    T9] raw-gadget.2 gadget.0: failed to queue disconnect event
[  747.801890][    T9] raw-gadget.2 gadget.0: failed to queue reset event
[  747.878296][    T9] raw-gadget.2 gadget.0: failed to queue resume event
[  747.885891][    T9] raw-gadget.2 gadget.0: failed to queue reset event
[  748.097930][    T9] raw-gadget.2 gadget.0: failed to queue resume event
[  748.158011][    T9] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  748.200060][    C0] raw-gadget.2 gadget.0: ignoring, device is not running
[  748.208182][    T9] usb 1-1: device descriptor read/8, error -32
[  748.261216][   T24] gspca_sonixj: reg_w1 err -71
[  748.287607][   T24] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  748.294498][   T24] usb 5-1: USB disconnect, device number 82
[  748.317743][    T9] raw-gadget.2 gadget.0: failed to queue suspend event
[  748.346087][    T9] raw-gadget.2 gadget.0: failed to queue reset event
[  748.424354][    T9] raw-gadget.2 gadget.0: failed to queue resume event
[  748.456823][ T5846] usb 2-1: USB disconnect, device number 89
[  748.517048][T16192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  748.527770][    T9] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[  748.556824][T16192] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  748.570981][    C0] raw-gadget.2 gadget.0: ignoring, device is not running
[  748.582008][    T9] usb 1-1: device descriptor read/8, error -32
[  748.694903][T16198] macvlan1: entered promiscuous mode
[  748.704118][    T9] raw-gadget.2 gadget.0: failed to queue suspend event
[  748.723918][T16198] macvlan1: left promiscuous mode
[  748.732213][    T9] usb usb1-port1: unable to enumerate USB device
[  749.307365][ T5909] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  750.007404][ T5909] usb 4-1: Using ep0 maxpacket: 32
[  750.014168][ T5909] usb 4-1: config 0 interface 0 has no altsetting 0
[  750.026182][ T5909] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  750.059954][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.072880][ T5909] usb 4-1: Product: syz
[  750.077074][ T5909] usb 4-1: Manufacturer: syz
[  750.089662][ T5909] usb 4-1: SerialNumber: syz
[  750.197727][T16213] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  750.331383][ T5909] usb 4-1: config 0 descriptor??
[  750.972239][ T5909] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  751.158492][T16227] FAULT_INJECTION: forcing a failure.
[  751.158492][T16227] name failslab, interval 1, probability 0, space 0, times 0
[  751.171991][T16227] CPU: 0 UID: 0 PID: 16227 Comm: syz.4.2458 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  751.172021][T16227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  751.172042][T16227] Call Trace:
[  751.172052][T16227]  <TASK>
[  751.172061][T16227]  dump_stack_lvl+0x189/0x250
[  751.172088][T16227]  ? __pfx____ratelimit+0x10/0x10
[  751.172113][T16227]  ? __pfx_dump_stack_lvl+0x10/0x10
[  751.172134][T16227]  ? __pfx__printk+0x10/0x10
[  751.172162][T16227]  ? __pfx___might_resched+0x10/0x10
[  751.172189][T16227]  ? fs_reclaim_acquire+0x7d/0x100
[  751.172222][T16227]  should_fail_ex+0x414/0x560
[  751.172254][T16227]  should_failslab+0xa8/0x100
[  751.172284][T16227]  __kmalloc_noprof+0xcb/0x4f0
[  751.172307][T16227]  ? tomoyo_encode+0x28b/0x550
[  751.172334][T16227]  tomoyo_encode+0x28b/0x550
[  751.172363][T16227]  tomoyo_realpath_from_path+0x58d/0x5d0
[  751.172399][T16227]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  751.172429][T16227]  tomoyo_path_number_perm+0x1e8/0x5a0
[  751.172461][T16227]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  751.172509][T16227]  ? __lock_acquire+0xab9/0xd20
[  751.172557][T16227]  ? __fget_files+0x2a/0x420
[  751.172586][T16227]  ? __fget_files+0x2a/0x420
[  751.172608][T16227]  ? __fget_files+0x3a0/0x420
[  751.172630][T16227]  ? __fget_files+0x2a/0x420
[  751.172660][T16227]  security_file_ioctl+0xcb/0x2d0
[  751.172691][T16227]  __se_sys_ioctl+0x47/0x170
[  751.172715][T16227]  do_syscall_64+0xfa/0x3b0
[  751.172737][T16227]  ? lockdep_hardirqs_on+0x9c/0x150
[  751.172757][T16227]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.172776][T16227]  ? clear_bhb_loop+0x60/0xb0
[  751.172798][T16227]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  751.172815][T16227] RIP: 0033:0x7f59c818eb69
[  751.172833][T16227] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  751.172850][T16227] RSP: 002b:00007f59c9044038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  751.172872][T16227] RAX: ffffffffffffffda RBX: 00007f59c83b5fa0 RCX: 00007f59c818eb69
[  751.172886][T16227] RDX: 0000200000000380 RSI: 00000000c03864bc RDI: 0000000000000003
[  751.172899][T16227] RBP: 00007f59c9044090 R08: 0000000000000000 R09: 0000000000000000
[  751.172911][T16227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  751.172923][T16227] R13: 0000000000000000 R14: 00007f59c83b5fa0 R15: 00007f59c84dfa28
[  751.172956][T16227]  </TASK>
[  751.173080][T16227] ERROR: Out of memory at tomoyo_realpath_from_path.
[  751.362684][    C0] vkms_vblank_simulate: vblank timer overrun
[  751.420063][ T5909] gs_usb 4-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  751.469954][ T5909] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -22
[  751.642928][ T5909] usb 4-1: USB disconnect, device number 92
[  751.927521][T16229] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2459'.
[  751.945079][T16240] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2463'.
[  751.956287][T16240] bond0: invalid ARP target 0.0.0.0 specified for addition
[  751.963777][T16240] bond0: option arp_ip_target: invalid value (0)
[  752.472029][T16247] FAULT_INJECTION: forcing a failure.
[  752.472029][T16247] name failslab, interval 1, probability 0, space 0, times 0
[  752.485295][T16247] CPU: 0 UID: 0 PID: 16247 Comm: syz.3.2465 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  752.485323][T16247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  752.485335][T16247] Call Trace:
[  752.485343][T16247]  <TASK>
[  752.485352][T16247]  dump_stack_lvl+0x189/0x250
[  752.485378][T16247]  ? __pfx____ratelimit+0x10/0x10
[  752.485400][T16247]  ? __pfx_dump_stack_lvl+0x10/0x10
[  752.485420][T16247]  ? __pfx__printk+0x10/0x10
[  752.485460][T16247]  should_fail_ex+0x414/0x560
[  752.485490][T16247]  should_failslab+0xa8/0x100
[  752.485519][T16247]  kmem_cache_alloc_noprof+0x73/0x3c0
[  752.485543][T16247]  ? radix_tree_node_alloc+0x7e/0x3a0
[  752.485568][T16247]  radix_tree_node_alloc+0x7e/0x3a0
[  752.485596][T16247]  idr_get_free+0x2b3/0xa70
[  752.485631][T16247]  idr_alloc_u32+0x159/0x2d0
[  752.485660][T16247]  ? __pfx_idr_alloc_u32+0x10/0x10
[  752.485685][T16247]  ? do_raw_spin_lock+0x121/0x290
[  752.485717][T16247]  idr_alloc_cyclic+0x9b/0x1b0
[  752.485742][T16247]  bpf_map_alloc_id+0x40/0xe0
[  752.485766][T16247]  map_create+0xf11/0x1310
[  752.485794][T16247]  ? security_bpf+0x7e/0x300
[  752.485817][T16247]  __sys_bpf+0x60f/0x870
[  752.485842][T16247]  ? __pfx___sys_bpf+0x10/0x10
[  752.485880][T16247]  ? ksys_write+0x22a/0x250
[  752.485907][T16247]  ? __pfx_ksys_write+0x10/0x10
[  752.485938][T16247]  __x64_sys_bpf+0x7c/0x90
[  752.485960][T16247]  do_syscall_64+0xfa/0x3b0
[  752.485991][T16247]  ? lockdep_hardirqs_on+0x9c/0x150
[  752.486014][T16247]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.486034][T16247]  ? clear_bhb_loop+0x60/0xb0
[  752.486057][T16247]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  752.486074][T16247] RIP: 0033:0x7f662b18eb69
[  752.486091][T16247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  752.486106][T16247] RSP: 002b:00007f662c049038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  752.486129][T16247] RAX: ffffffffffffffda RBX: 00007f662b3b5fa0 RCX: 00007f662b18eb69
[  752.486143][T16247] RDX: 0000000000000050 RSI: 00002000000004c0 RDI: 0000000000000000
[  752.486156][T16247] RBP: 00007f662c049090 R08: 0000000000000000 R09: 0000000000000000
[  752.486169][T16247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  752.486181][T16247] R13: 0000000000000001 R14: 00007f662b3b5fa0 R15: 00007f662b4dfa28
[  752.486212][T16247]  </TASK>
[  752.721969][    C0] vkms_vblank_simulate: vblank timer overrun
[  753.403161][T16272] vlan2: entered allmulticast mode
[  753.413254][T16272] geneve1: entered allmulticast mode
[  753.497320][ T5846] usb 3-1: new full-speed USB device number 99 using dummy_hcd
[  753.527530][    T9] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  753.734907][    T9] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  753.786316][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  753.802470][ T5846] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  753.818493][    T9] usb 2-1: Product: syz
[  753.854978][ T5846] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  753.878309][    T9] usb 2-1: Manufacturer: syz
[  753.883075][    T9] usb 2-1: SerialNumber: syz
[  753.926082][ T5846] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  753.935454][T16276] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2476'.
[  753.966480][    T9] usb 2-1: config 0 descriptor??
[  753.985457][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.016806][    T9] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  754.055683][T16288] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2480'.
[  754.117811][ T5846] usb 3-1: config 0 descriptor??
[  754.211351][ T5846] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  754.265184][ T5846] dvb-usb: bulk message failed: -22 (3/0)
[  754.281696][ T5846] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  754.311348][ T5846] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  754.332949][ T5846] usb 3-1: media controller created
[  754.340732][ T5846] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  754.366117][ T5846] dvb-usb: bulk message failed: -22 (6/0)
[  754.378863][ T5846] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  754.403318][T16295] netlink: 'syz.2.2470': attribute type 6 has an invalid length.
[  754.526977][    T9] gspca_sunplus: reg_w_riv err -71
[  754.541001][ T5846] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input48
[  754.557045][    T9] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  754.612425][ T5846] dvb-usb: schedule remote query interval to 150 msecs.
[  754.636460][    T9] usb 2-1: USB disconnect, device number 90
[  754.654899][ T5846] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  754.812386][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  754.818692][ T5846] dvb-usb: error while querying for an remote control event.
[  754.997459][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  755.113534][ T5846] dvb-usb: error while querying for an remote control event.
[  755.355731][T16306] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2484'.
[  755.365361][    T9] usb 5-1: new high-speed USB device number 83 using dummy_hcd
[  755.383488][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  755.389557][ T5846] dvb-usb: error while querying for an remote control event.
[  755.422016][T16306] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2484'.
[  755.463231][    C0] vkms_vblank_simulate: vblank timer overrun
[  755.557385][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  755.563520][ T5846] dvb-usb: error while querying for an remote control event.
[  755.571150][    T9] usb 5-1: Using ep0 maxpacket: 8
[  755.588675][    T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  755.598724][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  755.660918][    T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  755.691348][    T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  755.746402][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  755.757361][ T5846] dvb-usb: error while querying for an remote control event.
[  755.767317][    T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  755.815141][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.967413][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  755.975295][ T5846] dvb-usb: error while querying for an remote control event.
[  756.157331][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  756.163363][ T5846] dvb-usb: error while querying for an remote control event.
[  756.382206][T16317] overlayfs: missing 'lowerdir'
[  756.487839][    T9] usb 5-1: GET_CAPABILITIES returned 0
[  756.522297][    T9] usbtmc 5-1:16.0: can't read capabilities
[  756.607303][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  756.617938][ T5846] dvb-usb: error while querying for an remote control event.
[  756.797493][ T5846] dvb-usb: bulk message failed: -22 (1/0)
[  756.807221][ T5846] dvb-usb: error while querying for an remote control event.
[  756.850701][ T5846] usb 3-1: USB disconnect, device number 99
[  756.963781][T16321] netlink: 'syz.3.2487': attribute type 12 has an invalid length.
[  756.985117][ T5846] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  757.687785][ T5909] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  757.837335][ T5909] usb 4-1: device descriptor read/64, error -71
[  757.965470][ T5917] usb 5-1: USB disconnect, device number 83
[  758.107554][ T5909] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  758.257253][ T5909] usb 4-1: device descriptor read/64, error -71
[  758.409893][ T5909] usb usb4-port1: attempt power cycle
[  758.749333][T16357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  758.760838][T16357] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  758.775227][T16357] binder: 16350:16357 ioctl c0306201 2000000003c0 returned -14
[  758.885414][ T5909] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  759.469050][ T5909] usb 4-1: device descriptor read/8, error -71
[  759.707363][ T5909] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  759.716208][T16362] fuse: Unknown parameter '0xffffffffffffffff0x0000000000000004'
[  759.738187][ T5909] usb 4-1: device descriptor read/8, error -71
[  759.846761][   T30] kauditd_printk_skb: 60 callbacks suppressed
[  759.846777][   T30] audit: type=1326 audit(1753992331.690:2893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.2496" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f20b8eb69 code=0x0
[  759.878517][ T5909] usb usb4-port1: unable to enumerate USB device
[  760.586656][T16373] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2505'.
[  760.601440][T16373] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2505'.
[  761.038047][ T5846] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  761.262661][ T5846] usb 3-1: config 0 has an invalid interface number: 204 but max is 0
[  761.272059][ T5846] usb 3-1: config 0 has no interface number 0
[  761.282411][ T5846] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d
[  761.292443][ T5846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.304884][ T5846] usb 3-1: Product: syz
[  761.333400][ T5846] usb 3-1: Manufacturer: syz
[  761.372324][T16381] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2507'.
[  761.439278][ T5846] usb 3-1: SerialNumber: syz
[  761.463176][ T5846] usb 3-1: config 0 descriptor??
[  761.500887][ T5846] ems_usb 3-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[  761.522678][ T5846] ems_usb 3-1:0.204: probe with driver ems_usb failed with error -22
[  761.810167][   T43] usb 3-1: USB disconnect, device number 100
[  762.684863][T16407] fuse: Unknown parameter '0xffffffffffffffff0x0000000000000004'
[  764.057411][T16421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  764.113305][T16421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  764.434651][T16428] netlink: 'syz.0.2520': attribute type 29 has an invalid length.
[  764.510492][T16428] netlink: 'syz.0.2520': attribute type 29 has an invalid length.
[  764.546939][T16428] netlink: 'syz.0.2520': attribute type 29 has an invalid length.
[  764.587508][ T5909] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  764.737545][ T5909] usb 3-1: Using ep0 maxpacket: 32
[  764.746967][ T5909] usb 3-1: config 0 has an invalid interface number: 167 but max is 0
[  764.763018][ T5909] usb 3-1: config 0 has no interface number 0
[  764.772219][ T5909] usb 3-1: config 0 interface 167 altsetting 1 bulk endpoint 0xA has invalid maxpacket 1024
[  764.804987][ T5909] usb 3-1: config 0 interface 167 altsetting 1 bulk endpoint 0x6 has invalid maxpacket 32
[  764.851418][ T5909] usb 3-1: config 0 interface 167 has no altsetting 0
[  764.873112][ T5909] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=20.63
[  764.885077][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.909541][ T5909] usb 3-1: Product: syz
[  764.916919][ T5909] usb 3-1: Manufacturer: syz
[  764.934151][ T5909] usb 3-1: SerialNumber: syz
[  764.958026][ T5909] usb 3-1: config 0 descriptor??
[  764.971313][T16426] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  764.979340][T16426] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  765.292223][ T5909] usbtest 3-1:0.167: couldn't get endpoints, -22
[  765.308340][ T5909] usbtest 3-1:0.167: probe with driver usbtest failed with error -22
[  765.433244][ T5909] usb 3-1: USB disconnect, device number 101
[  765.565979][T16396] delete_channel: no stack
[  765.834719][   T12] ------------[ cut here ]------------
[  765.840731][   T12] RTNL: assertion failed at ./include/net/netdev_lock.h (72)
[  766.138559][   T12] WARNING: CPU: 1 PID: 12 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350
[  766.149055][   T12] Modules linked in:
[  766.153403][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  766.165105][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  766.175485][   T12] Workqueue: bond0 bond_mii_monitor
[  766.182060][   T12] RIP: 0010:__linkwatch_sync_dev+0x303/0x350
[  766.188132][   T12] Code: 7c fe ff ff e8 4e 60 5c f8 c6 05 16 4e 27 06 01 90 48 c7 c7 e0 25 92 8c 48 c7 c6 96 34 9c 8d ba 48 00 00 00 e8 7e 07 20 f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff
[  766.208503][   T12] RSP: 0018:ffffc90000117670 EFLAGS: 00010246
[  766.214601][   T12] RAX: 16d366f6bc7ca700 RBX: ffff88802b140000 RCX: ffff88801ce9da00
[  766.222732][   T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  766.230777][   T12] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  766.238941][   T12] R10: dffffc0000000000 R11: fffffbfff1bfa1d4 R12: 1ffff1100562805d
[  766.246924][   T12] R13: dffffc0000000000 R14: ffffffff8c1cc4c8 R15: 0000000000000000
[  766.254951][   T12] FS:  0000000000000000(0000) GS:ffff888125d79000(0000) knlGS:0000000000000000
[  766.263946][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  766.270773][   T12] CR2: 00005555608c5808 CR3: 000000005fbd2000 CR4: 00000000003526f0
[  766.278822][   T12] DR0: 0000000000000000 DR1: 0000000000000097 DR2: 0000000000000000
[  766.286799][   T12] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  766.294788][   T12] Call Trace:
[  766.298359][   T12]  <TASK>
[  766.301312][   T12]  ? ethtool_op_get_link+0xd/0x70
[  766.306339][   T12]  ethtool_op_get_link+0x15/0x70
[  766.311341][   T12]  bond_check_dev_link+0x444/0x6c0
[  766.316455][   T12]  ? __pfx_bond_check_dev_link+0x10/0x10
[  766.322183][   T12]  ? netdev_lower_get_next_private_rcu+0x9f/0x100
[  766.328804][   T12]  bond_mii_monitor+0x428/0x2e00
[  766.333749][   T12]  ? bond_mii_monitor+0x153/0x2e00
[  766.338932][   T12]  ? __lock_acquire+0xab9/0xd20
[  766.343798][   T12]  ? __pfx_bond_mii_monitor+0x10/0x10
[  766.349196][   T12]  ? register_lock_class+0x51/0x320
[  766.354397][   T12]  ? __lock_acquire+0xab9/0xd20
[  766.359415][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  766.365138][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  766.370391][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  766.376113][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  766.381855][   T12]  process_scheduled_works+0xade/0x17b0
[  766.387578][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  766.393570][   T12]  worker_thread+0x8a0/0xda0
[  766.398213][   T12]  kthread+0x711/0x8a0
[  766.402283][   T12]  ? __pfx_worker_thread+0x10/0x10
[  766.407428][   T12]  ? __pfx_kthread+0x10/0x10
[  766.412017][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  766.417433][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  766.422634][   T12]  ? __pfx_kthread+0x10/0x10
[  766.427287][   T12]  ret_from_fork+0x3f9/0x770
[  766.431912][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  766.437030][   T12]  ? __switch_to_asm+0x39/0x70
[  766.441820][   T12]  ? __switch_to_asm+0x33/0x70
[  766.446584][   T12]  ? __pfx_kthread+0x10/0x10
[  766.451340][   T12]  ret_from_fork_asm+0x1a/0x30
[  766.456115][   T12]  </TASK>
[  766.459151][   T12] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  766.466426][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-syzkaller-08685-g260f6f4fda93 #0 PREEMPT(full) 
[  766.478064][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  766.488128][   T12] Workqueue: bond0 bond_mii_monitor
[  766.493346][   T12] Call Trace:
[  766.496633][   T12]  <TASK>
[  766.499564][   T12]  dump_stack_lvl+0x99/0x250
[  766.504160][   T12]  ? __asan_memcpy+0x40/0x70
[  766.508752][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  766.513950][   T12]  ? __pfx__printk+0x10/0x10
[  766.518563][   T12]  vpanic+0x27a/0x730
[  766.522633][   T12]  ? __pfx__printk+0x10/0x10
[  766.527254][   T12]  ? __pfx_vpanic+0x10/0x10
[  766.531784][   T12]  ? is_bpf_text_address+0x292/0x2b0
[  766.537085][   T12]  panic+0xb9/0xc0
[  766.540818][   T12]  ? __pfx_panic+0x10/0x10
[  766.545254][   T12]  __warn+0x31b/0x4b0
[  766.549236][   T12]  ? __linkwatch_sync_dev+0x303/0x350
[  766.554629][   T12]  ? __linkwatch_sync_dev+0x303/0x350
[  766.560005][   T12]  report_bug+0x2be/0x4f0
[  766.564336][   T12]  ? __linkwatch_sync_dev+0x303/0x350
[  766.569708][   T12]  ? __linkwatch_sync_dev+0x303/0x350
[  766.575075][   T12]  ? __linkwatch_sync_dev+0x305/0x350
[  766.580469][   T12]  handle_bug+0x84/0x160
[  766.584706][   T12]  exc_invalid_op+0x1a/0x50
[  766.589207][   T12]  asm_exc_invalid_op+0x1a/0x20
[  766.594048][   T12] RIP: 0010:__linkwatch_sync_dev+0x303/0x350
[  766.600115][   T12] Code: 7c fe ff ff e8 4e 60 5c f8 c6 05 16 4e 27 06 01 90 48 c7 c7 e0 25 92 8c 48 c7 c6 96 34 9c 8d ba 48 00 00 00 e8 7e 07 20 f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff
[  766.619730][   T12] RSP: 0018:ffffc90000117670 EFLAGS: 00010246
[  766.625826][   T12] RAX: 16d366f6bc7ca700 RBX: ffff88802b140000 RCX: ffff88801ce9da00
[  766.633793][   T12] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[  766.641763][   T12] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004
[  766.649744][   T12] R10: dffffc0000000000 R11: fffffbfff1bfa1d4 R12: 1ffff1100562805d
[  766.657714][   T12] R13: dffffc0000000000 R14: ffffffff8c1cc4c8 R15: 0000000000000000
[  766.665701][   T12]  ? ethtool_op_get_link+0xd/0x70
[  766.670741][   T12]  ethtool_op_get_link+0x15/0x70
[  766.675685][   T12]  bond_check_dev_link+0x444/0x6c0
[  766.680800][   T12]  ? __pfx_bond_check_dev_link+0x10/0x10
[  766.686539][   T12]  ? netdev_lower_get_next_private_rcu+0x9f/0x100
[  766.692979][   T12]  bond_mii_monitor+0x428/0x2e00
[  766.697923][   T12]  ? bond_mii_monitor+0x153/0x2e00
[  766.703032][   T12]  ? __lock_acquire+0xab9/0xd20
[  766.707887][   T12]  ? __pfx_bond_mii_monitor+0x10/0x10
[  766.713254][   T12]  ? register_lock_class+0x51/0x320
[  766.718508][   T12]  ? __lock_acquire+0xab9/0xd20
[  766.723361][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  766.729081][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  766.734283][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  766.740112][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  766.745854][   T12]  process_scheduled_works+0xade/0x17b0
[  766.751422][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  766.757415][   T12]  worker_thread+0x8a0/0xda0
[  766.762544][   T12]  kthread+0x711/0x8a0
[  766.766616][   T12]  ? __pfx_worker_thread+0x10/0x10
[  766.771741][   T12]  ? __pfx_kthread+0x10/0x10
[  766.776326][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  766.781545][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  766.786760][   T12]  ? __pfx_kthread+0x10/0x10
[  766.791345][   T12]  ret_from_fork+0x3f9/0x770
[  766.795958][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  766.801075][   T12]  ? __switch_to_asm+0x39/0x70
[  766.805834][   T12]  ? __switch_to_asm+0x33/0x70
[  766.810677][   T12]  ? __pfx_kthread+0x10/0x10
[  766.815279][   T12]  ret_from_fork_asm+0x1a/0x30
[  766.820066][   T12]  </TASK>
[  766.823382][   T12] Kernel Offset: disabled
[  766.827732][   T12] Rebooting in 86400 seconds..