last executing test programs:

27.852366221s ago: executing program 4 (id=2872):
r0 = syz_open_dev$media(&(0x7f0000000000), 0x400, 0x600800)
ioctl$MEDIA_IOC_DEVICE_INFO(r0, 0xc1007c00, &(0x7f0000000040))
r1 = socket(0x23, 0x4, 0x2)
link(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00')
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x3f7, 0x400, 0x70bd27, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", "", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=0x4)
pwritev2(r1, &(0x7f0000000440)=[{&(0x7f0000000340)="bb2cf9e89dc032c2146dc7b29ad69f98a5d96b24cee72b2b00cbcb530d47f956d6271357b995f3cb3d4e6918ae152043d125ca952cb21affa1ff06fdfacdc7dc151fb440da", 0x45}, {&(0x7f00000003c0)="02a9eb88da793bc1f380b860da5378f09df5d9464effa955aa14d06f33721acf02bd2509848711755b439cc9e55011b67dd689062b2c756b4aa1c31ffc5fb019ad7ad9086f690a792c3cb27d7a69684917a1411096e2bab3b77cf86f75aac2af3718d9e082617a589f6db9ea5101ef91b3633d", 0x73}], 0x2, 0x7, 0x41, 0x8)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000500)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DEAUTHENTICATE(r1, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10044000}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x34, r2, 0x2, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7, 0x25}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x24008090}, 0x811)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000640), r1)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r4, &(0x7f0000000740)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x54, r5, 0x800, 0x7, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x14e}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x4}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1f}}, @BATADV_ATTR_ORIG_ADDRESS={0xa}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000012}, 0x8d0)
sendmsg$NL80211_CMD_START_NAN(r4, &(0x7f0000000840)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x2c, r2, 0x10, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x24000800)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000880), 0x200202, 0x0)
write$ppp(r6, &(0x7f00000008c0)="4211094ce0abb1c6445403a7c58df75241d3c6596b099eb50ee1c55f1b2ed0d0cf50449292e2af4b5269e01f27d550ea87ea0b59fbd5c267a3c4636618d3cd368890b0b98407fc5402d3ea34f6c401a1aebce62821334fbab833a221239fcf3c95754111d0783df5251881dafb5ec52f1af12852500341c94010223b1fc8e08fb956765709ce0e831bc77fe40966dbf85acc65eb8b5a5e6ae5d5ea6a9308042ee5c2838dd321e7525801ee9d7bec4dad9266962a2d951130", 0xb8)
r7 = semget(0x2, 0x3, 0x717)
semop(r7, &(0x7f0000000980)=[{0x3, 0x8, 0x2800}, {0x2, 0x9, 0x800}, {0x3, 0x1, 0x2000}, {0x1, 0x8}, {0x1, 0x6, 0x800}, {0x2, 0xe}, {0x0, 0xfff9, 0x67661e2ba35ffdfb}], 0x7)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000009c0)={{0x1, 0x1, 0x18, <r8=>r0, {0x9}}, './file0\x00'})
ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000a00)={0xb, @vbi={0x1, 0x5e27, 0x4, 0x39555659, [0xfffffff9, 0x8], [0x2, 0x1], 0x1}})
ioctl$KVM_SET_XCRS(r8, 0x4188aea7, &(0x7f0000000b00)={0xf, 0x2, [{0x3}, {0x7ff, 0x0, 0x3}, {0x7, 0x0, 0x4}, {0x0, 0x0, 0x2}, {0x7f, 0x0, 0x3ff}, {0x7, 0x0, 0x1}, {0x3, 0x0, 0xffff}, {0x5f67, 0x0, 0x4}, {0x4, 0x0, 0x8}, {0x786e5b0f, 0x0, 0x8f}, {0x3}, {0x5, 0x0, 0x1}, {0x0, 0x0, 0xe200}, {0x4, 0x0, 0x7fffffffffffffff}, {0x2, 0x0, 0x6}, {0x2, 0x0, 0xffffffffffffffd4}]})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000d00), r1)
getpeername$packet(r8, &(0x7f0000000d40)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000d80)=0x14)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000010c0)={r8, 0xe0, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000dc0)=[0x0, 0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000e00)=[0x0, 0x0, 0x0], &(0x7f0000000e40)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x98, &(0x7f0000000e80)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000f00), &(0x7f0000000f40), 0x8, 0x69, 0x8, 0x8, &(0x7f0000000f80)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000001100)={'vcan0\x00', <r13=>0x0})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r8, 0x89f3, &(0x7f00000011c0)={'ip6_vti0\x00', &(0x7f0000001140)={'ip6_vti0\x00', <r14=>0x0, 0x4, 0x7, 0x8, 0x0, 0x48, @remote, @private2, 0x40, 0x80, 0x2, 0x10}})
getsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000001200)={@loopback, <r15=>0x0}, &(0x7f0000001240)=0x14)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000001280)={<r16=>0x0, @local, @empty}, &(0x7f00000012c0)=0xc)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r9, &(0x7f0000001540)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000001500)={&(0x7f00000013c0)={0x110, r10, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r16}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x4000000}, 0x80)

27.581546861s ago: executing program 4 (id=2875):
mmap$IORING_OFF_SQ_RING(&(0x7f000040d000/0x4000)=nil, 0x4000, 0xd, 0x11, 0xffffffffffffffff, 0x0)
socket(0x5, 0x800, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
recvmsg(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r6=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r4, 0xc01c64a3, &(0x7f0000000280)={0x3, r6, 0x1, 0xffff, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r5, 0xc02464bb, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864d1, &(0x7f0000000440)={r9, 0x0, 0x0, 0x0, 0x0, [], [0x10]})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, &(0x7f0000000040)={r6, r9, 0x9, 0x7, 0x1})
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000300)={0x0, 0x0, 0x0})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000000)={'bridge_slave_0\x00', 0x1})

24.939240128s ago: executing program 4 (id=2884):
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000001140)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x173b2a7e, @mcast2, 0x19}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000800000000000000040000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5121b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a0100000000000000e28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c251112e2a59ea0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe91bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6c597eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e64103602000000db47d7990d5a007faccb2f86660079f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab2127cd472a2e4a7f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d8418351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="8857c5fc68d9c508a3cc02b3d0eb01", 0xf}], 0x1}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)="a027bd", 0x3}, {&(0x7f0000000100)="209c44a323599e4dbf012bd6ee4f9ba73b3c43d989eede8d69fd53a4353076e49cd2327fa4a49d96b1d12ac6b4e8e1cd5f094fabb44475dd0e96d48a6c4c9003233f2cd11ede0f9a04a0d385e1ae6f529cf0f50c", 0x54}, {&(0x7f0000000180)="5f05649d28ad06298bb9b7b1e55ccc9d8dd6044891ea7e6b0ef4b6d59407eb3e9f6b61a35ee8c27e4e8303b6334b8f9bee027d60da79ee1b08b26fca18e4af", 0x3f}, {&(0x7f0000000200)="43719ee54baa7e0481349e2b03f1403cc0e131a2a2188235cf950b0aece54dfc17689944d039aaea9ee7", 0x2a}, {&(0x7f0000000300)="82a923505922044e5185", 0xa}, {&(0x7f0000000340)="49e1c71268e1e649530a4388d688", 0xe}], 0x6}}, {{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000500)="9ab87c4c982c6e294a", 0x9}], 0x1}}], 0x4, 0x28048005)

24.518379157s ago: executing program 4 (id=2886):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10)
bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
connect$inet(0xffffffffffffffff, &(0x7f0000000440)={0x2, 0x4e24, @remote}, 0x10)
socket$inet_sctp(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x2c020400)
timerfd_gettime(0xffffffffffffffff, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x1fffffc, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
ioctl$TIOCMGET(0xffffffffffffffff, 0x541e, &(0x7f0000000040))
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
epoll_create(0x101)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000015c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_START_P2P_DEVICE(r4, &(0x7f0000001680)={0x0, 0x0, &(0x7f0000001640)={&(0x7f0000000480)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010025bd7000fcdbdf255900000008000300", @ANYRES32=r6, @ANYBLOB="9990c123a0725628a82b3982976ad6b8b4ff55eb29bb7acc4da1cd33779626335c93e88a15b476e8f6836426126d78b23815e2586a444b6940373831478380868846f88b025ba7332a7b947d3bd79eb10901f93fd81621ab059db590ae3c1ec2a87bb613e3607188b5439aeaea489be2944ad2b60f512cd4be760d784574309605fe0bed881f7233c35314ed5e41f5c19c3f998a54053099139b7588f2d9988c47248d344e748f3f126fb8b720d513ccd4b49ad7b9a7bf5cb1b8e15a8775bfcbe25003d01e1a7f8ad5c65dafe06b852a4ccbd59f0e45ef6fc42d8a52953e8c272dfb4a1e52190a174fc4d9ec5c454ec66c6a92bb9ba988e49af0f50fe3911c6adb340d3c37a3551d0cdb8a7576dd07864eba46"], 0x1c}, 0x1, 0x0, 0x0, 0x20000800}, 0x4008000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
socket$inet(0x2, 0x2, 0x0)

21.180680402s ago: executing program 4 (id=2892):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x85}, 0x20000822) (fail_nth: 4)

20.542561737s ago: executing program 4 (id=2895):
mmap$IORING_OFF_SQ_RING(&(0x7f000040d000/0x4000)=nil, 0x4000, 0xd, 0x11, 0xffffffffffffffff, 0x0)
socket(0x5, 0x800, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
recvmsg(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r6=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r4, 0xc01c64a3, &(0x7f0000000280)={0x3, r6, 0x1, 0xffff, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r5, 0xc02464bb, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000180)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864d1, &(0x7f0000000440)={r9, 0x0, 0x0, 0x0, 0x0, [], [0x10]})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(0xffffffffffffffff, 0xc01864b0, &(0x7f0000000040)={r6, r9, 0x9, 0x7, 0x1})
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000300)={0x0, 0x0, 0x0})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000000)={'bridge_slave_0\x00', 0x1})

16.699250428s ago: executing program 0 (id=2905):
r0 = syz_open_dev$usbfs(&(0x7f0000000140), 0x76, 0x1701)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
execve(0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r3 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r3, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000400)='ex\x0f\xac\xd1\xeb\xf4\xd8&w\xef\x9f`T3%\xfa\xbf\xef\xeb\x8e1w\xfd')
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x4f3, 0x74d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0xba, 0x7}}}}}]}}]}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="01a0000001500400"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x5, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0x503, 0x12000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x188c0}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}]}, 0x4c}}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_setup(0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newsa={0x18c, 0x10, 0x633, 0x0, 0x0, {{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@loopback, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffd}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xa}, [@srcaddr={0x14, 0xd, @in=@loopback}, @algo_auth_trunc={0x85, 0x14, {{'rmd160\x00'}, 0x1c8, 0x0, "e863654b40a7ad42118bc1dd69d07e3b05cf0dbc9a9aac6130f0d060cb0c958c133115ff9cbb79de1007f5583249a62fe4273013ec2c2cca44"}}]}, 0x18c}}, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x44, &(0x7f0000000080)={0x2, 0x3, 0x17, 0x1}, 0x8, 0x20, 0x3, 0x0, 0x4bf, 0x404, 0x0})

15.936633552s ago: executing program 3 (id=2907):
r0 = socket$kcm(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000340)=0x1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0x0, @empty}, 0x80, 0x0}, 0x20000001)
unshare(0x26020480)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prctl$PR_SET_PDEATHSIG(0x1, 0x3b)
syz_usb_connect$uac1(0x0, 0xb4, &(0x7f0000000200)=ANY=[@ANYRES32=0x0], 0x0)

12.759326516s ago: executing program 3 (id=2909):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x34, 0x10, 0x403, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x74, 0x0, 0x0, 0xc00}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e1c, 0x2, @loopback, 0x1}, 0x1c)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4)
setsockopt$inet6_tcp_int(r0, 0x6, 0x12, &(0x7f0000000040)=0xdff, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x9025}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x38}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x85}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_POLICY={0x8, 0x8, 0x1, 0x0, 0x1}]}], {0x14, 0x10}}, 0x74}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
syz_emit_ethernet(0x356, &(0x7f0000000500)={@random="ef45b93faae5", @remote, @void, {@ipv4={0x800, @gre={{0x11, 0x4, 0x0, 0xc, 0x348, 0x67, 0x0, 0x5, 0x2f, 0x0, @multicast1, @multicast1, {[@generic={0x86, 0x10, "17f977c8f07a5b5f08d7dfa32d1f"}, @ra={0x94, 0x4, 0x1}, @end, @rr={0x7, 0x7, 0x57, [@private=0xa010101]}, @timestamp_prespec={0x44, 0x14, 0xd0, 0x3, 0xf, [{@rand_addr=0x64010100, 0xa86}, {@private=0xa010101, 0x2}]}]}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x880b, 0xfffffffffffffd96, 0x3, [], "40419fc281380d4fe394308551ef9f75a30023ed6db3dd83fb742eb884c441b09c0b732fe4e54f33ecfc23417856cb14cf66b763128e743df7e9f545ba986648f61f051026430443c2ec64092fb8e3b0f91d3ecd659f5beebcb0f7ee4c3f5983c7853e044a778d4936cc99b384f3f7387d6c69e9986424b963aaa4aa6edae5a44e409039accbf364f1c782a984a8329c77f702d6318de0b9aa21e119df72c68e372bc1b6d1d7e61348c0e23bc95c98dbf28681287d17e61620ade0eb24e11abdfcb0057b6dde4e4c02ca55edfed34b46f48677b24a"}, {0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x800, [0x8, 0x3, 0x221], "18af93cc433c9f78c7e7556626fcbe526437dc9050912ae1f0487ac98a009ac76c493f880fe724af30e3a132fa01777697c0b77fc8fb72006bf39f668f19731d77159a3846e92b350f9eed55714ebb5937f8848e3a7e0d86d4f93941a8461e4c7060e9b83cf499c1ec18c7336e06360ce002e5debb0c5761592e6ad4e3460632cafa00b39b528f7a2d1c69b9ca3bf86709a4dc8d8f50bfa7bb70c9a8aeaf78e5cdf33fb94366db481388c3d94c885333c3"}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0xaaa, 0xd81e, 0x8001], "d48fa8a88cb495b41a71110155eb7e1f61cd6cf1b4bf41d124872c2cfa82e1d20399f7955f13af114b460dfd01e645c8227e069c3fe814302d2f2ca9e9e08e1803cb6ff31c14c494869a05f4460616a1522bba0fc3bc5d6b4a8002b66d362ccfa6681bfea980c5868ed2e8ffdd1e100d6319f1fdb55a70ec849b26f28a83d0924aab03b35917c5ca28bb6fb9e30fbf4f25977b714ef72ab37cf5d4d857b2979ae4da867b11f201ab3a9986a9206ca962d488135024173303550c72567faf21f631902ff82d07"}, {0x8, 0x88be, 0x3, {{0x3, 0x1, 0x3f, 0x2, 0x1, 0x3, 0x2, 0x3}, 0x1, {0x2}}}, {0x8, 0x22eb, 0x1, {{0x3, 0x2, 0x4, 0x1, 0x0, 0x3, 0x4, 0xa1}, 0x2, {0x5, 0x7, 0x2, 0x7, 0x0, 0x1, 0x2, 0x1}}}, {0x8, 0x6558, 0x0, "178fea7498d93f8dfb9d180576ac47a6b7ca18e5b3331678d7a713abd162a099ae8a5e691675ec1726b7d5f00b5ad49f0c889b1767ef2e2afc9879a0112aaf186a2a01054cc04b0df1af97a0610672e9bf96fcbc7ec1bf7c62c87d860c817c8869996cf2184ea492"}}}}}}, 0x0)

12.206972508s ago: executing program 0 (id=2911):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x10000}, 0x18)
unshare(0x24060400)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x9]}, 0x8)
r1 = signalfd(r0, &(0x7f0000002340), 0x8)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @empty}, 0x1c)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'syztnl1\x00', &(0x7f0000000380)={'ip6gre0\x00', <r4=>0x0, 0x4, 0xf5, 0x5, 0x80000001, 0x6c, @dev={0xfe, 0x80, '\x00', 0x33}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x8000, 0x1, 0x7ff, 0x8}})
r5 = syz_open_dev$sg(&(0x7f00000000c0), 0xfffffffffffffffa, 0x101102)
ioctl$SG_SET_TIMEOUT(r5, 0x2201, &(0x7f0000000140)=0x80000401)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000440)={{{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@loopback, 0x2, 0x0, 0x4e22, 0x0, 0x2, 0x0, 0x0, 0x6, r4}, {0xfffffffffffffffe, 0x400403, 0x0, 0xfffffffffffffffc, 0x0, 0x2, 0x0, 0x9}, {0x200, 0x0, 0x0, 0x7}, 0xfffffff9, 0x0, 0x2, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x4d2, 0x2b}, 0x0, @in=@private=0xa010100, 0x3500, 0x4, 0x2, 0x0, 0x1, 0x9}}, 0xe8)
ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f00000001c0)={0xc, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP(r1, 0x3b85, &(0x7f0000000300)={0x28, 0x0, r6, 0x0, &(0x7f0000000540)="bab78ff61a5b9c3b448ea3d771131b25a8b9bbd72afd01eb406b6367df95a936bbdf0852eabb96505f23f5136e7201e427bae2f34b357e0828e7ce5ee9481c5a376866982fd75f6c031dac472ff48091df22f882502e996b4157a4acc0cf8da641fef230df6990d33206844806b563d3e6fc77253b3e38775db3ae8e544956b4fb3aaf38b308be304182f7c52330e7f6b39fda16ba36a2c1f65ef5d8fb80ef564241ee6a510d12fe686478eac7cf17d43ccdf14195", 0xb5, 0x2})
sendmmsg(r3, &(0x7f0000000480), 0x21, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}, 0x6}, 0x1c)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='veth0_macvtap\x00', 0x10)
r7 = fcntl$dupfd(r2, 0x0, r2)
sendmsg$TIPC_NL_NAME_TABLE_GET(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x4040011)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x14, 0x6, 0x1, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x4085}, 0x40090)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x4084)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r9, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f0000000400)={r9, 0x0, {0x2a00, 0x80010000, 0x0, 0x9, 0xa04, 0x0, 0x0, 0x1b, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}})
setsockopt$inet6_buf(r9, 0x29, 0x14, &(0x7f0000000000)="cb9efc43b7bafa818248eff929c21a2bf74c2824b15b91190dcd29be9fb398920ea17acdfec5233b0f756d9ab6202739083c6172b86bf7287fa2c296d40a766a35c34ceaf1cbc52e5495402a18e53d0554ef246aa5ce0de2a860306aac185584e1e6de57edf6d626ccb91c27cec9f22fe1763910f589f49ac85d57970b27b2c3e669ca9bcbd080547b3e831f907db9e40f6c94defd761cd2ade3caedd9983ccaed30ea6cff5004", 0xa7)

9.580373382s ago: executing program 0 (id=2913):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
close(r3)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae01, 0x1)
r5 = syz_kvm_setup_syzos_vm$x86(r3, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f0000000040)={0x0, 0x399000, 0x8})
r6 = syz_kvm_add_vcpu$x86(r5, &(0x7f0000000140)={0x0, 0x0})
ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f0000000000)={0x4000, 0x100000})
connect$unix(r0, &(0x7f0000000200)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r7, &(0x7f0000006300)={0x2020, 0x0, 0x0, <r8=>0x0, <r9=>0x0, <r10=>0x0}, 0x2020)
syz_fuse_handle_req(r7, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r7, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x78, 0x0, 0x6, {0xfeffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x3966, 0x1, 0x8000, 0x0, r8, r9, 0x3, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r11 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r11, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r11, r7)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180b3400"/15], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000240)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff09", @ANYRES8], 0x0)
sched_setattr(r10, &(0x7f0000000000)={0x38, 0x5, 0x4, 0x6324a335, 0x6, 0x5, 0xc, 0x5, 0x7, 0x7fffffff}, 0x0)

9.384804772s ago: executing program 3 (id=2914):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x10, 0x2, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x2c0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x40)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040))
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_dev$vbi(0x0, 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x2, 0xd59f83, 0x19f2, 0x3f, 0x19ef, 0x3, 0x4, 0x2800, 0x27fd, 0x2, 0xba2, 0x28, 0x38, {0x8, 0xffffffff}, 0xd1, 0x9}})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fb", @ANYRES32=r6, @ANYBLOB], 0x3c}}, 0x0)
socket(0x10, 0x3, 0x0)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00 \x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/27], 0x50)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000240)='system.posix_acl_default\x00', &(0x7f00000006c0)={{}, {}, [{0x2, 0x7}, {0x2, 0x6}, {0x2, 0x1}], {0x4, 0x7}, [{0x8, 0x1}, {0x8, 0x1}, {0x8, 0x5}, {0x8, 0x3}, {}, {0x8, 0x4}], {}, {0x20, 0x3}}, 0x6c, 0x3)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007baaf8ff00000000b5090800000000007baaf0ff00000000bf8700000000000007070000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000046000000c0ff0000bf98000000000000b5080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r9, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000001200)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, 0x8, 0x0, 0x0}}, 0x10)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0))
sendmsg$nl_route(r0, 0x0, 0x0)
syz_open_dev$loop(&(0x7f00000000c0), 0x1054c3b7, 0x40801)

8.410267003s ago: executing program 2 (id=2918):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x8080, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {}]})
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x4b]}, 0x8, 0x0)
io_setup(0x206, &(0x7f0000000000)=<r2=>0x0)
io_submit(r2, 0x3, &(0x7f00000006c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x5a1, r1, &(0x7f00000003c0)="951aa14bd6f68579cac67c83bf8d4500e5cea1bb1596d4ee6645fa16fa7cacb9214070a622a2c57b89075f59b85c7b5b2c41edc9d2cd5a2c95ed1c2cf72425be9c1a2df1b60a309bc3228d7e85b300f0d7a042a40166b9208e9d2e423c32ad8e47adedf5dc425c6bcb031fb2230835d41afc23476eae602bad3246417e5ac757", 0x80}, 0x0, 0x0])
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0)
epoll_create1(0x0)
r3 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x521, 0xfffffffffffffffe}, 0x0, 0x0)

7.849717281s ago: executing program 1 (id=2919):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
syz_emit_ethernet(0x2a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0xfb, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)

7.320106605s ago: executing program 1 (id=2920):
r0 = syz_open_dev$usbfs(&(0x7f0000000140), 0x76, 0x1701)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
execve(0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
r3 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r3, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000400)='ex\x0f\xac\xd1\xeb\xf4\xd8&w\xef\x9f`T3%\xfa\xbf\xef\xeb\x8e1w\xfd')
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x4f3, 0x74d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0xba, 0x7}}}}}]}}]}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="01a0000001500400"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040))
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r5, 0x0, 0x5, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0x503, 0x12000000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x188c0}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x10}, @IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}]}, 0x4c}}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
io_setup(0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
sendmsg$nl_xfrm(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newsa={0x18c, 0x10, 0x633, 0x0, 0x0, {{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@loopback, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffd}, {}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xa}, [@srcaddr={0x14, 0xd, @in=@loopback}, @algo_auth_trunc={0x85, 0x14, {{'rmd160\x00'}, 0x1c8, 0x0, "e863654b40a7ad42118bc1dd69d07e3b05cf0dbc9a9aac6130f0d060cb0c958c133115ff9cbb79de1007f5583249a62fe4273013ec2c2cca44"}}]}, 0x18c}}, 0x0)
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x44, &(0x7f0000000080)={0x2, 0x3, 0x17, 0x1}, 0x8, 0x20, 0x3, 0x0, 0x4bf, 0x404, 0x0})

7.130427763s ago: executing program 2 (id=2921):
r0 = syz_io_uring_setup(0x3f, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x2, 0x0, 0xfe)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_getevents(r1, 0x4, 0x4, &(0x7f00000019c0)=[{}, {}, {}, {}], 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
openat$ttynull(0xffffffffffffff9c, 0x0, 0x103902, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x64)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
io_setup(0x222, &(0x7f0000000180))
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000000)=0x1, r4, 0x0, 0x0, 0x1}}, 0x20)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

4.914979954s ago: executing program 0 (id=2922):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x240c01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x2) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r3 = socket(0x1d, 0x2, 0x240)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'wlan1\x00', &(0x7f0000000080)=@ethtool_eeprom={0x43, 0xb, 0x285e, 0x6, "6684704d2cbc"}})
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00'], 0x8) (async)
sendmmsg$inet6(r2, &(0x7f0000000a00)=[{{&(0x7f0000000240)={0xa, 0x4e20, 0xc52, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c, &(0x7f0000000200)=[{&(0x7f00000004c0)="f395", 0x2}], 0x1}}], 0x1, 0x4000841)
listen(r2, 0x2000fff) (async)
accept(r2, 0xfffffffffffffffd, &(0x7f0000000180))
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x400)
r4 = socket(0x3, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})
accept4(r1, &(0x7f0000000380)=@ieee802154, &(0x7f0000000400)=0x80, 0x80000) (async)
newfstatat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', &(0x7f0000000440), 0x800) (async)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0x9c, 0x4)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}})

4.399690245s ago: executing program 3 (id=2923):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000004340)=@newchain={0x24, 0x64, 0x400, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xe, 0xffe0}, {0xf}, {0x1, 0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x40014}, 0x2400c800)
syz_clone3(&(0x7f0000000080)={0x1801480, &(0x7f0000000040)=<r3=>0xffffffffffffffff, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = epoll_create1(0x0)
ppoll(&(0x7f0000000000)=[{r4, 0x8010}], 0x1, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000100)={0x2001})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0f"], 0x48)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x60, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_SET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)={0x34, r7, 0x1, 0xffffffff, 0x0, {0x2f}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000041}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.514252197s ago: executing program 3 (id=2924):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = syz_open_dev$dri(&(0x7f0000001100), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETGAMMA(r5, 0xc02064a5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0})
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="660f388173ab0fc76fb4360fc9bb25cc00007666ba6b41b000f303c70fae6e2fc0c00f0f2367260f01ca660f38817700c4c2459d78ad", 0x36}], 0xa, 0x2f7c343a1feef19c, 0x0, 0x0)
ioctl$KVM_SET_NESTED_STATE(r6, 0x4080aebf, &(0x7f0000005700)={{0x0, 0x0, 0x80, {0x100000, 0x2}}, "cb31455c9e9d288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9d7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97af85a08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf97a8b7b53058b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bf762c94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b99d5376cd928c431fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029ec7c33830a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf87b55ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f3147414eff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf28053732472dc313b5fedfc583fc702a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22470812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa3181b74ec7dae2e42c9caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae3a8aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64eec45208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c0e7faf2ea7d3f5271028fc558a44799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d03ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db632ec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e50100cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab774d1598d9816abc77b0e693880beca5f330c626774ab5cb6967fb0ea8e14efce120947092c3b6f8a22f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6f9338183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77c4bb94543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c6df4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b76de44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd5828b0218ffe40f375d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156ee4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2bb637b7cf79764b6a4b7ffc5d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d4738d5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa710c3e20fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95d3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362eb5bf86fce896dbc2a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641baf9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca433d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33205f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eeae43a354fe51b4c49e8fcda3c322b738ed2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a343133158364a9fe3bb4b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2daed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3a5ae16cb788482760d34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33d0d9ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b5511ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e7e8f67b8be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c08518bdc6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e4b1760f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"})
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7050000000000007910a000000000007d0a0000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r7=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x405, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @erspan={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_FWMARK={0x8}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x48}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r12, 0xc008ae88, &(0x7f00000001c0)={0x1, 0x0, [{0x40000010, 0x0, 0x1}]})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x28, r9, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x5}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x2080}, 0x8010)

3.111327839s ago: executing program 1 (id=2925):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000180)='attr/current\x00')
read$FUSE(r2, &(0x7f0000000640)={0x2020}, 0x2020)
ioctl$USBDEVFS_GET_CAPABILITIES(r1, 0x8004551a, &(0x7f0000000000))
r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_GET_DEVICE_ATTR_vm(r5, 0x4018aee2, &(0x7f0000000180)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f0000000100)={0xfb, 0xffffffff}})
r7 = dup(r6)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000008000092000040"])
r8 = openat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)={0x280000, 0x145, 0x30}, 0x18)
ioctl$VIDIOC_PREPARE_BUF(r3, 0xc058565d, &(0x7f00000002c0)=@userptr={0x0, 0xa, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0xaa, 0x0, 0x0, 0x0, "d39bce7d"}, 0x4, 0x2, {0x0}, 0x0, 0x0, r8})
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10003, @loopback, 0x7}, 0x1c)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0x4401})
writev(r9, &(0x7f0000000280)=[{&(0x7f0000000080)="0bc3ff", 0x22}, {&(0x7f0000000240)='\x00\x00\x00\x00\x00\x00\x00', 0x7}, {&(0x7f00000000c0)="2764ae4f", 0x4}], 0x3)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
writev(r0, &(0x7f0000000540)=[{&(0x7f0000000000)="d9", 0x1}], 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x100000}, 0xc)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x1}], 0x1)

2.932795442s ago: executing program 2 (id=2926):
r0 = socket$netlink(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)={0x38, r2, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xa}]}, 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x2400c890) (fail_nth: 4)

2.414805652s ago: executing program 2 (id=2927):
r0 = openat$random(0xffffffffffffff9c, &(0x7f0000001880), 0x40101, 0x0)
writev(r0, &(0x7f00000019c0)=[{0x0}, {&(0x7f0000001980)="c7", 0x1}], 0x2)
io_setup(0x8, &(0x7f0000002740))
socket$inet6_sctp(0xa, 0x801, 0x84)
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@abs, 0x6e)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtfilter={0x7c, 0x2c, 0xd67, 0x70bd28, 0x25dfdc00, {0x0, 0x0, 0x0, r4, {0x0, 0x7}, {}, {0x1, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x48, 0x2, [@TCA_MATCHALL_ACT={0x44, 0x2, [@m_ife={0x40, 0x1, 0x0, 0x0, {{0x8}, {0x18, 0x2, 0x0, 0x1, [@TCA_IFE_DMAC={0xa, 0x3, @broadcast}, @TCA_IFE_METALST={0x8, 0x6, [@IFE_META_SKBMARK={0x4, 0x1, @void}]}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4040011}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x40000022, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x1, 0x8, 0x4, 0x81}, 0x0)
r5 = syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r6, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010080030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a4000000060a010400000000000000000100000008000b40000000007c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000440001800c00010062697477697365003400028008"], 0x118}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r5, 0x80086601, 0x0)
fsopen(0x0, 0x1)
r8 = fsmount(0xffffffffffffffff, 0x0, 0x0)
r9 = openat$cgroup_pressure(r8, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r9, &(0x7f0000000040)={'some', 0x20, 0x17e, 0x20, 0x100002}, 0x2f)
getsockname$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x2500, 0x0)

2.267033833s ago: executing program 0 (id=2928):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x600, &(0x7f0000000200)={&(0x7f0000000ac0)=@newlink={0x48, 0x10, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4f24c}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x2000000}}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x40)

844.260208ms ago: executing program 3 (id=2929):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001c40)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c80)={{0x14}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000801}, 0x40085)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)=0x71b49247, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6}]}, 0x10)
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x1, 0x40, 0x7}, [@NDA_DST_MAC={0xa, 0x1, @broadcast}]}, 0x28}}, 0x0)
r4 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r5 = openat$binfmt(0xffffffffffffff9c, r4, 0x42, 0x1ff)
mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1)
syz_usb_connect(0x0, 0x3cd, &(0x7f0000000500)={{0x12, 0x1, 0x110, 0xf3, 0x1d, 0x4e, 0x20, 0x424, 0x9905, 0x2edb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3bb, 0x3, 0x10, 0x3, 0xc0, 0xab, [{{0x9, 0x4, 0x2, 0x0, 0x6, 0x89, 0xa, 0xe9, 0x8, [], [{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0xa, 0xc0, 0x7, [@generic={0x58, 0x6, "8bc531c90334835cf0a133e8b1f1f7afe53bd58ab231cbdd6724068b83ed039ce4f90cd9a901c57c7c2f318577d3753aec8377033e8ba773f655164c347bc269c24691a76aeaa9fd5d7596a1e36371eb605818d9c403"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x81, 0x3}]}}, {{0x9, 0x5, 0xd, 0x0, 0x640, 0xfc, 0x4, 0x8}}, {{0x9, 0x5, 0x6, 0x1, 0x200, 0xfa, 0x5, 0xfd}}, {{0x9, 0x5, 0x8, 0x4, 0x40, 0x6, 0x5, 0xfa}}, {{0x9, 0x5, 0xf, 0x4, 0x10, 0x4, 0xfd, 0x8, [@generic={0x7e, 0xc, "a3895fb08b64dd21e5e3b792bf4818febe44f77098635770c6aa1a519f098115de4471c676018a7d2becb5bc132bbe806f847db3c0dd71847b6e27b0a576a44d48fbcf3c1bb9b75a500e9d71ccd2249d95788c8ce07a04d9779c1f5b8a3acf77fd5b5e5c165551424f403c8673cabd147a190c4599115057b3e435b7"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x0, 0x2, 0x2, 0xff, [@generic={0x8e, 0x1, "7dadc7d9a9673b2fd27b7dc010732c33046f9005bee89e94a5f23cf4f894c44c5603a717524b6e20a3cafbf052933b0a136864bdcde26c336731ef0f18e30d1fbb7e5988682b750b3728f11b84effa9df0d8f73ed5e58377c6e1f10a29d67bf630ae102977a8998376049dd740b2e75932f27a7286b27beec2aaff3487f3eaeb3f8d3dc335949a02e7af96bf"}]}}]}}, {{0x9, 0x4, 0xae, 0x7, 0x1, 0x71, 0xce, 0x42, 0xf7, [], [{{0x9, 0x5, 0xd, 0x0, 0x200, 0x5, 0xe, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0xff, 0x101}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x2, 0x5}]}}]}}, {{0x9, 0x4, 0xca, 0x36, 0x5, 0xe, 0x1, 0x0, 0xe, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "043f4357"}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x10001, 0x9, 0x1ee0, 0x7}, [@network_terminal={0x7, 0x24, 0xa, 0x5, 0x3, 0x10, 0x9}, @mbim_extended={0x8, 0x24, 0x1c, 0x8, 0x2, 0xff67}, @mbim={0xc, 0x24, 0x1b, 0x1000, 0x81, 0x7, 0x0, 0xf3, 0x1}, @mbim={0xc, 0x24, 0x1b, 0x9, 0xf1, 0x0, 0x1, 0xe36, 0x9}, @mbim={0xc, 0x24, 0x1b, 0x7ff, 0x8, 0x8, 0x4, 0x391f, 0x7f}]}], [{{0x9, 0x5, 0xb, 0x1, 0x40, 0x0, 0x85, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xe, 0x4}]}}, {{0x9, 0x5, 0x9, 0x0, 0x0, 0xf, 0xf3, 0x3, [@generic={0x38, 0x23, "7d5b45dc9318e946a403b3d0252b0b5036e1b9a9f9249ace91cb2766697e4e98828f8d361e5870d45061d56e488249c80921f95b532b"}]}}, {{0x9, 0x5, 0x80, 0x10, 0x200, 0x69, 0x0, 0x0, [@generic={0x75, 0x4, "c094663844ad17dd9f144b593904d6e81dc8bd37b9f2d3adf5461f23d40c177e6d2533a4e93b286bab3f120c02643da356dab23d4592c32bcd38f9698643e5ba4816e610c5d0b5c43c319e08bf9e54486b02101af0e1cab7d62010d6a62f08d0176a355a9df5050328af1799c162fb283b5693"}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x9, 0xfbff}]}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x2, 0x5, 0x32, [@generic={0x9b, 0xd, "8fdc7ab647f58cea18e34ab703e3f43b38902896ee803fbcd816b8f911d4192f282ad816bc66b5c267cceb09634228dcd11ee5ed55332312c41e33c5b012f0cef69c95f9b1014ddb4b0f818795ae49dc0ead41bbbb500daa45bc6396e017299c4655bb23391b5f8d134ab9e1d568390aae634b7b3e058bab1c9982ff559f68ac048435db62bac4d074b1f055d53f04db241d5a75aa4ae36fc6"}]}}, {{0x9, 0x5, 0xc, 0x1, 0x3ff, 0xf8, 0x0, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x4, 0x6}, @uac_iso={0x7, 0x25, 0x1, 0x87, 0x5, 0x1}]}}]}}]}}]}}, &(0x7f0000000b40)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x250, 0x5, 0x3, 0xa, 0x40, 0x10}, 0x23, &(0x7f0000000280)={0x5, 0xf, 0x23, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x8, 0x2, 0xa, 0x1}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x0, 0x4, 0x6}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xd, 0x1, 0x8a, 0x2}, @ptm_cap={0x3}]}, 0x7, [{0xa, &(0x7f0000000900)=@string={0xa, 0x3, "6a5a7a5f0d72ad2f"}}, {0x4, &(0x7f0000000940)=@lang_id={0x4, 0x3, 0x2469}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x420}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x415}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x44e}}, {0x4, &(0x7f0000000a40)=@lang_id={0x4}}, {0xa3, &(0x7f0000000a80)=@string={0xa3, 0x3, "7367003ecffc80dec807191df651a5c92ffbf0f50e5c58505f2786c2be19b4a4890d2dd0865417112f29aa1a045a67ebc4ac8b2cccfafc82f5c8f791e241658714251ff71c5d47544fc5970de78ddeb0853224586f5f91613266070451931ae70a5b7a6d155f0aedf6a80e9f7be66ec1436c74103a1f365bf0345fde34ff7ae97fd2f74aec3e03d8938d11e21806e98c3b5635d4b385b671ef29ffe015d6d3eacc"}}]})
write$binfmt_elf64(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c4682010503fcffffffffffffff02003e0005000000010500000000000040000000000000004401000000000000000000003e00380065"], 0xbd)
close(r5)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0)
fcntl$notify(r6, 0x402, 0xa)
execveat$binfmt(r6, r4, 0x0, 0x0, 0x1000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x40, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = dup(r9)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000098000040"])
sendmsg$NFT_MSG_GETRULE(r10, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x1d4, 0x7, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_USERDATA={0xa0, 0x7, 0x1, 0x0, "699c9da95464629c58ca7bd481ff6d638a4d5e46c65e95aee5602469e0956354bc5a29b2f655dfe38e40a51790babf5bf3b5e1ceae8cab29932e479bb9703d9cdbefa68fe54460dc9f4ee48b9210037a904e2da1ed9606119f81d42b2a675ac86266af4b089a417b01808b25fb045b0be4d6a2d40efc49f0f95d374f0e1b179ffd56352d161b92e335c220b238e93011d72c983ce0a6279afde851dd"}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x8}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0x3}]}}}, {0x10, 0x1, 0x0, 0x1, @redir={{0xa}, @void}}]}, @NFTA_RULE_EXPRESSIONS={0xc4, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @meta={{0x9}, @void}}, {0x10, 0x1, 0x0, 0x1, @bitwise={{0xc}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x20, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_LAST_MSECS={0xc, 0x2, 0x1, 0x0, 0x7}]}}}, {0x2c, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_INNER_NUM={0x8}, @NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0xaf}, @NFTA_INNER_NUM={0x8}]}}}, {0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xbb}]}}}, {0x14, 0x1, 0x0, 0x1, @notrack={{0xc}, @val={0x4, 0x2, 0x0, 0x1, ["", "", "", "", "", ""]}}}]}]}, 0x1d4}, 0x1, 0x0, 0x0, 0x804}, 0x4c091)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newlink={0x5c, 0x10, 0x401, 0x0, 0x1000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x2800, 0x1}}}}}}, @IFLA_IFNAME={0x14, 0x3, 'team_slave_0\x00'}]}, 0x5c}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

811.330063ms ago: executing program 0 (id=2930):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x8080, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{}, {}]})
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0x4b]}, 0x8, 0x0)
io_setup(0x206, &(0x7f0000000000))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$random(0xffffffffffffff9c, &(0x7f00000007c0), 0x8000, 0x0)
epoll_create1(0x0)
r1 = syz_open_dev$media(&(0x7f00000000c0), 0x103, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x521, 0xfffffffffffffffe}, 0x0, 0x0)

599.316847ms ago: executing program 2 (id=2931):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x8080)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

594.596869ms ago: executing program 1 (id=2932):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x0, 0xa2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140ff"], 0x84}, 0x1, 0x0, 0x0, 0x4040840}, 0x40)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x0, @loopback, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0), 0x0)

258.147479ms ago: executing program 1 (id=2933):
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)={0x28, 0x0, 0x801, 0x70bd29, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}]}, 0x28}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002400)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d2", 0x20d}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdb9742dd8a2f150ab0e8c5fa047c87d310adca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a", 0xf5}, {&(0x7f0000000140)="f610e61ac81cc3edc86f0500194d27a5a443f10dfd1ecda0fd0ed9a444b7fb76afe3a0002f0a5eafcd35", 0x2a}], 0x3, 0x0, 0x0, 0x900}}], 0x1, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000000)=""/102, 0x66}, {&(0x7f0000000280)=""/76, 0x4c}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/92, 0x5c}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, 0x0)

152.300178ms ago: executing program 1 (id=2934):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000529000/0x2000)=nil, 0x2000, 0x16)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
sigaltstack(&(0x7f0000000040)={0x0, 0x80000001, 0xffffffffffffff76}, 0x0)
sigaltstack(0x0, &(0x7f0000000180)={0x0})
ioctl$VIDIOC_QUERYMENU(r0, 0xc040564a, &(0x7f0000000140)={0x0, 0x1, @value=0x100a})

0s ago: executing program 2 (id=2935):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x2, 0x0)
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
close(r1)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x0, 0x3, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af0117030109021200010000000009"], 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f0000000040)={0x8098f908, 0x0, "60055808889f90ac0600000500fdfd9ab67e1db9c9a431078d40f722e600"})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0xf0b, 0x3, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff3, 0x6a9f0eede9332711}, {0x5, 0xffff}, {0xfff3, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44045}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf5", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

kernel console output (not intermixed with test programs):

h: hci0: Opcode 0x0406 failed: -4
[  836.694083][T14876] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  836.986335][T14876] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  837.006483][T14876] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  837.020226][T14876] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  837.039439][T14876] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  837.053264][T14876] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  837.087780][T14876] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  837.095988][   T43] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  837.104026][T14876] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  837.235692][   T43] usb 4-1: device descriptor read/64, error -71
[  837.279245][  T848] usbhid 3-1:1.0: can't add hid device: -71
[  837.331846][T14911] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2672'.
[  837.361848][  T848] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  837.396763][  T848] usb 3-1: USB disconnect, device number 60
[  837.457477][   T43] usb usb4-port1: attempt power cycle
[  837.461026][T14913] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  837.484776][T14913] syzkaller0: entered promiscuous mode
[  837.506149][T14913] syzkaller0: entered allmulticast mode
[  837.627441][T14913] tipc: Resetting bearer <eth:syzkaller0>
[  837.668995][T14912] tipc: Resetting bearer <eth:syzkaller0>
[  837.728512][T14912] tipc: Disabling bearer <eth:syzkaller0>
[  837.815765][   T43] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  837.877509][   T43] usb 4-1: device descriptor read/8, error -71
[  838.146319][   T43] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  838.158672][T14924] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2676'.
[  838.197768][   T43] usb 4-1: device descriptor read/8, error -71
[  838.316797][   T43] usb usb4-port1: unable to enumerate USB device
[  838.366442][T14059] usb 5-1: new full-speed USB device number 69 using dummy_hcd
[  838.555598][T14930] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2678'.
[  838.585609][   T30] audit: type=1326 audit(1757685560.741:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.618825][   T30] audit: type=1326 audit(1757685560.741:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.645789][T14059] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  838.669152][ T5866] Bluetooth: hci0: command 0x0406 tx timeout
[  838.681358][T14059] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  838.727016][   T30] audit: type=1326 audit(1757685560.741:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.750324][ T5866] Bluetooth: hci1: command 0x0406 tx timeout
[  838.756473][   T30] audit: type=1326 audit(1757685560.741:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.779474][   T30] audit: type=1326 audit(1757685560.741:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.802557][   T30] audit: type=1326 audit(1757685560.741:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.826165][T14059] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  838.854795][   T30] audit: type=1326 audit(1757685560.751:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.881491][T14059] usb 5-1: Product: syz
[  838.894051][T14059] usb 5-1: Manufacturer: syz
[  838.895789][   T30] audit: type=1326 audit(1757685560.751:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  838.904743][T14059] usb 5-1: SerialNumber: syz
[  838.960575][   T30] audit: type=1326 audit(1757685560.751:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  839.021282][T14059] usb 5-1: config 0 descriptor??
[  839.056179][ T5866] Bluetooth: hci3: command 0x0406 tx timeout
[  839.062944][ T5866] Bluetooth: hci2: command 0x0406 tx timeout
[  839.093940][   T30] audit: type=1326 audit(1757685560.751:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14927 comm="syz.0.2678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x7ffc0000
[  839.154453][ T5866] Bluetooth: hci4: command 0x0406 tx timeout
[  839.247838][T14059] usb 5-1: bad CDC descriptors
[  839.252676][    C0] vcan0: j1939_tp_rxtimer: 0xffff888056cd7400: rx timeout, send abort
[  839.252895][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888056cd7400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  839.386840][T14059] usb 5-1: unsupported MDLM descriptors
[  839.435441][T14934] FAULT_INJECTION: forcing a failure.
[  839.435441][T14934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  839.443562][T14059] usb 5-1: USB disconnect, device number 69
[  839.625258][T14934] CPU: 0 UID: 0 PID: 14934 Comm: syz.1.2679 Not tainted syzkaller #0 PREEMPT(full) 
[  839.625293][T14934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  839.625306][T14934] Call Trace:
[  839.625315][T14934]  <TASK>
[  839.625325][T14934]  dump_stack_lvl+0x189/0x250
[  839.625356][T14934]  ? __pfx____ratelimit+0x10/0x10
[  839.625380][T14934]  ? __pfx_dump_stack_lvl+0x10/0x10
[  839.625406][T14934]  ? __pfx__printk+0x10/0x10
[  839.625435][T14934]  ? __might_fault+0xb0/0x130
[  839.625476][T14934]  should_fail_ex+0x414/0x560
[  839.625515][T14934]  _copy_from_user+0x2d/0xb0
[  839.625547][T14934]  csum_and_copy_from_iter_full+0x1e1/0x1ed0
[  839.625596][T14934]  ? rcu_is_watching+0x15/0xb0
[  839.625628][T14934]  ? __alloc_frozen_pages_noprof+0x1d6/0x370
[  839.625655][T14934]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  839.625684][T14934]  ? __pfx_csum_and_copy_from_iter_full+0x10/0x10
[  839.625718][T14934]  ? policy_nodemask+0x27c/0x720
[  839.625763][T14934]  ip_generic_getfrag+0x12f/0x2b0
[  839.625800][T14934]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  839.625831][T14934]  ? skb_page_frag_refill+0x199/0x320
[  839.625873][T14934]  __ip6_append_data+0x222d/0x3f30
[  839.625908][T14934]  ? __lock_acquire+0xab9/0xd20
[  839.625964][T14934]  ? __pfx_raw6_getfrag+0x10/0x10
[  839.626011][T14934]  ? __pfx___ip6_append_data+0x10/0x10
[  839.626044][T14934]  ? __pfx_ip6_mtu+0x10/0x10
[  839.626087][T14934]  ip6_append_data+0x1c4/0x380
[  839.626127][T14934]  ? __pfx_raw6_getfrag+0x10/0x10
[  839.626155][T14934]  rawv6_sendmsg+0x127a/0x1820
[  839.626200][T14934]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  839.626233][T14934]  ? __lock_acquire+0xab9/0xd20
[  839.626283][T14934]  ? __pfx_aa_sk_perm+0x10/0x10
[  839.626322][T14934]  ? sock_rps_record_flow+0x19/0x410
[  839.626358][T14934]  ? inet_sendmsg+0x2f4/0x370
[  839.626389][T14934]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  839.626419][T14934]  __sock_sendmsg+0x19c/0x270
[  839.626457][T14934]  sock_write_iter+0x258/0x330
[  839.626494][T14934]  ? __pfx_sock_write_iter+0x10/0x10
[  839.626552][T14934]  do_iter_readv_writev+0x61c/0x8b0
[  839.626603][T14934]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  839.626633][T14934]  ? common_file_perm+0x1b5/0x230
[  839.626661][T14934]  ? bpf_lsm_file_permission+0x9/0x20
[  839.626688][T14934]  ? security_file_permission+0x75/0x290
[  839.626721][T14934]  ? rw_verify_area+0x255/0x4d0
[  839.626755][T14934]  vfs_writev+0x31a/0x960
[  839.626783][T14934]  ? __lock_acquire+0xab9/0xd20
[  839.626819][T14934]  ? __pfx_vfs_writev+0x10/0x10
[  839.626859][T14934]  ? __fget_files+0x2a/0x420
[  839.626884][T14934]  ? __fget_files+0x3a0/0x420
[  839.626903][T14934]  ? __fget_files+0x2a/0x420
[  839.626934][T14934]  do_writev+0x14d/0x2d0
[  839.626959][T14934]  ? __pfx_do_writev+0x10/0x10
[  839.626980][T14934]  ? rcu_is_watching+0x15/0xb0
[  839.627009][T14934]  ? do_syscall_64+0xbe/0x3b0
[  839.627038][T14934]  do_syscall_64+0xfa/0x3b0
[  839.627062][T14934]  ? lockdep_hardirqs_on+0x9c/0x150
[  839.627084][T14934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.627106][T14934]  ? clear_bhb_loop+0x60/0xb0
[  839.627134][T14934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  839.627157][T14934] RIP: 0033:0x7fe982f8eba9
[  839.627178][T14934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  839.627199][T14934] RSP: 002b:00007fe983dca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  839.627224][T14934] RAX: ffffffffffffffda RBX: 00007fe9831d5fa0 RCX: 00007fe982f8eba9
[  839.627241][T14934] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003
[  839.627257][T14934] RBP: 00007fe983dca090 R08: 0000000000000000 R09: 0000000000000000
[  839.627271][T14934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  839.627285][T14934] R13: 00007fe9831d6038 R14: 00007fe9831d5fa0 R15: 00007fe9832ffa28
[  839.627321][T14934]  </TASK>
[  840.002955][    C0] vkms_vblank_simulate: vblank timer overrun
[  840.185966][   T43] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  840.366136][   T43] usb 4-1: Using ep0 maxpacket: 32
[  840.377305][   T43] usb 4-1: config 0 has an invalid interface number: 247 but max is 0
[  840.405767][   T43] usb 4-1: config 0 has no interface number 0
[  840.436688][   T43] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  840.465118][   T43] usb 4-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  840.486232][T14950] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2683'.
[  840.613133][   T43] usb 4-1: Product: syz
[  840.633505][   T43] usb 4-1: Manufacturer: syz
[  840.701077][   T43] usb 4-1: config 0 descriptor??
[  840.744574][ T5866] Bluetooth: hci0: command 0x0406 tx timeout
[  840.815718][ T5866] Bluetooth: hci1: command 0x0406 tx timeout
[  841.085883][T14960] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  841.141576][ T5866] Bluetooth: hci2: command 0x0406 tx timeout
[  841.147868][ T5866] Bluetooth: hci3: command 0x0406 tx timeout
[  841.253757][T14932] Bluetooth: hci4: command 0x0406 tx timeout
[  841.254287][T14960] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  841.800079][T14966] bond0: entered promiscuous mode
[  841.805383][T14966] bond_slave_0: entered promiscuous mode
[  841.814501][T14966] bond_slave_1: entered promiscuous mode
[  841.828200][T14966] batadv0: entered promiscuous mode
[  841.888539][T14966] hsr2: entered allmulticast mode
[  841.895491][T14966] bond0: entered allmulticast mode
[  841.906661][T14966] bond_slave_0: entered allmulticast mode
[  841.920284][T14966] bond_slave_1: entered allmulticast mode
[  841.929978][T14966] batadv0: entered allmulticast mode
[  842.039919][T14966] 8021q: adding VLAN 0 to HW filter on device hsr2
[  842.093007][T14966] bond0: left promiscuous mode
[  842.128890][T14966] bond_slave_0: left promiscuous mode
[  842.218872][   T43] usb 4-1: USB disconnect, device number 79
[  842.299792][T14966] bond_slave_1: left promiscuous mode
[  842.380090][T14966] batadv0: left promiscuous mode
[  843.390724][T14983] input: syz1 as /devices/virtual/input/input25
[  844.516889][T15004] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2699'.
[  844.547316][   T10] usb 4-1: new full-speed USB device number 80 using dummy_hcd
[  844.770499][   T10] usb 4-1: config 4 has an invalid interface number: 231 but max is 0
[  844.771062][T15009] FAULT_INJECTION: forcing a failure.
[  844.771062][T15009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  844.813348][   T10] usb 4-1: config 4 has no interface number 0
[  844.873809][T15009] CPU: 1 UID: 0 PID: 15009 Comm: syz.1.2701 Not tainted syzkaller #0 PREEMPT(full) 
[  844.873841][T15009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  844.873855][T15009] Call Trace:
[  844.873864][T15009]  <TASK>
[  844.873873][T15009]  dump_stack_lvl+0x189/0x250
[  844.873907][T15009]  ? __pfx____ratelimit+0x10/0x10
[  844.873931][T15009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  844.873959][T15009]  ? __pfx__printk+0x10/0x10
[  844.874003][T15009]  should_fail_ex+0x414/0x560
[  844.874042][T15009]  _copy_to_user+0x31/0xb0
[  844.874076][T15009]  simple_read_from_buffer+0xe1/0x170
[  844.874114][T15009]  proc_fail_nth_read+0x1b3/0x220
[  844.874144][T15009]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  844.874173][T15009]  ? rw_verify_area+0x2a6/0x4d0
[  844.874208][T15009]  ? __lock_acquire+0xab9/0xd20
[  844.874240][T15009]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  844.874268][T15009]  vfs_read+0x200/0xa30
[  844.874295][T15009]  ? fdget_pos+0x247/0x320
[  844.874318][T15009]  ? __pfx___mutex_lock+0x10/0x10
[  844.874343][T15009]  ? __pfx_vfs_read+0x10/0x10
[  844.874375][T15009]  ? __fget_files+0x2a/0x420
[  844.874399][T15009]  ? __fget_files+0x3a0/0x420
[  844.874417][T15009]  ? __fget_files+0x2a/0x420
[  844.874447][T15009]  ksys_read+0x145/0x250
[  844.874480][T15009]  ? __pfx_ksys_read+0x10/0x10
[  844.874507][T15009]  ? rcu_is_watching+0x15/0xb0
[  844.874535][T15009]  ? do_syscall_64+0xbe/0x3b0
[  844.874565][T15009]  do_syscall_64+0xfa/0x3b0
[  844.874588][T15009]  ? lockdep_hardirqs_on+0x9c/0x150
[  844.874614][T15009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.874636][T15009]  ? clear_bhb_loop+0x60/0xb0
[  844.874662][T15009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  844.874684][T15009] RIP: 0033:0x7fe982f8d5bc
[  844.874705][T15009] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  844.874726][T15009] RSP: 002b:00007fe983dca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  844.874750][T15009] RAX: ffffffffffffffda RBX: 00007fe9831d5fa0 RCX: 00007fe982f8d5bc
[  844.874767][T15009] RDX: 000000000000000f RSI: 00007fe983dca0a0 RDI: 0000000000000004
[  844.874782][T15009] RBP: 00007fe983dca090 R08: 0000000000000000 R09: 0000000000000000
[  844.874797][T15009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  844.874811][T15009] R13: 00007fe9831d6038 R14: 00007fe9831d5fa0 R15: 00007fe9832ffa28
[  844.874846][T15009]  </TASK>
[  845.328652][   T10] usb 4-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  845.399207][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  845.453158][   T10] usb 4-1: Product: syz
[  845.483995][   T10] usb 4-1: Manufacturer: syz
[  845.510086][   T10] usb 4-1: SerialNumber: syz
[  845.556148][   T10] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  845.953953][   T10] vp7045: USB control message 'in' went wrong.
[  845.969506][   T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  846.002067][   T10] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  846.064755][   T10] usb 4-1: USB disconnect, device number 80
[  846.118791][T15028] FAULT_INJECTION: forcing a failure.
[  846.118791][T15028] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  846.176449][T15028] CPU: 0 UID: 0 PID: 15028 Comm: syz.1.2707 Not tainted syzkaller #0 PREEMPT(full) 
[  846.176481][T15028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  846.176495][T15028] Call Trace:
[  846.176504][T15028]  <TASK>
[  846.176514][T15028]  dump_stack_lvl+0x189/0x250
[  846.176546][T15028]  ? __pfx____ratelimit+0x10/0x10
[  846.176568][T15028]  ? __pfx_dump_stack_lvl+0x10/0x10
[  846.176594][T15028]  ? __pfx__printk+0x10/0x10
[  846.176626][T15028]  ? __might_fault+0xb0/0x130
[  846.176669][T15028]  should_fail_ex+0x414/0x560
[  846.176707][T15028]  _copy_from_iter+0x1de/0x1790
[  846.176742][T15028]  ? rcu_is_watching+0x15/0xb0
[  846.176765][T15028]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  846.176798][T15028]  ? __pfx__copy_from_iter+0x10/0x10
[  846.176826][T15028]  ? __build_skb_around+0x257/0x3e0
[  846.176857][T15028]  ? netlink_sendmsg+0x642/0xb30
[  846.176879][T15028]  ? skb_put+0x11b/0x210
[  846.176908][T15028]  netlink_sendmsg+0x6b2/0xb30
[  846.176943][T15028]  ? __pfx_netlink_sendmsg+0x10/0x10
[  846.176977][T15028]  ? aa_sock_msg_perm+0xf1/0x1d0
[  846.177002][T15028]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  846.177026][T15028]  ? __pfx_netlink_sendmsg+0x10/0x10
[  846.177052][T15028]  __sock_sendmsg+0x21c/0x270
[  846.177095][T15028]  ____sys_sendmsg+0x505/0x830
[  846.177130][T15028]  ? __pfx_____sys_sendmsg+0x10/0x10
[  846.177169][T15028]  ? import_iovec+0x74/0xa0
[  846.177203][T15028]  ___sys_sendmsg+0x21f/0x2a0
[  846.177234][T15028]  ? __pfx____sys_sendmsg+0x10/0x10
[  846.177303][T15028]  ? __fget_files+0x2a/0x420
[  846.177322][T15028]  ? __fget_files+0x3a0/0x420
[  846.177353][T15028]  __x64_sys_sendmsg+0x19b/0x260
[  846.177385][T15028]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  846.177425][T15028]  ? __pfx_ksys_write+0x10/0x10
[  846.177453][T15028]  ? rcu_is_watching+0x15/0xb0
[  846.177480][T15028]  ? do_syscall_64+0xbe/0x3b0
[  846.177509][T15028]  do_syscall_64+0xfa/0x3b0
[  846.177532][T15028]  ? lockdep_hardirqs_on+0x9c/0x150
[  846.177555][T15028]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.177578][T15028]  ? clear_bhb_loop+0x60/0xb0
[  846.177605][T15028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  846.177627][T15028] RIP: 0033:0x7fe982f8eba9
[  846.177647][T15028] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  846.177668][T15028] RSP: 002b:00007fe983dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  846.177691][T15028] RAX: ffffffffffffffda RBX: 00007fe9831d5fa0 RCX: 00007fe982f8eba9
[  846.177709][T15028] RDX: 0000000004000000 RSI: 0000200000000840 RDI: 0000000000000003
[  846.177724][T15028] RBP: 00007fe983dca090 R08: 0000000000000000 R09: 0000000000000000
[  846.177738][T15028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  846.177751][T15028] R13: 00007fe9831d6038 R14: 00007fe9831d5fa0 R15: 00007fe9832ffa28
[  846.177785][T15028]  </TASK>
[  847.075991][ T5990] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  847.276508][ T5990] usb 1-1: Using ep0 maxpacket: 16
[  847.489707][ T5990] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  847.499719][T15033] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  847.507318][T15033] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  847.516627][T15033] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  847.525183][T15033] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  847.532981][T15033] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  847.542311][ T5990] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  847.553592][ T5990] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  847.562331][ T5990] usb 1-1: Product: syz
[  847.592676][ T5990] usb 1-1: Manufacturer: syz
[  847.599731][ T5990] usb 1-1: SerialNumber: syz
[  847.913100][ T5990] usb 1-1: config 0 descriptor??
[  848.308618][T15029] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2706'.
[  848.487253][T15056] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2715'.
[  848.510577][T15057] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2714'.
[  848.553616][T15057] bridge_slave_1: left allmulticast mode
[  848.559974][T15057] bridge_slave_1: left promiscuous mode
[  848.566160][T15057] bridge0: port 2(bridge_slave_1) entered disabled state
[  848.884194][T15057] bridge_slave_0: left allmulticast mode
[  848.890288][T15057] bridge_slave_0: left promiscuous mode
[  848.896479][T15057] bridge0: port 1(bridge_slave_0) entered disabled state
[  849.536071][ T5866] Bluetooth: hci2: command 0x0406 tx timeout
[  849.536645][  T848] usb 1-1: USB disconnect, device number 62
[  849.542436][T14932] Bluetooth: hci1: command 0x0406 tx timeout
[  849.554318][T14932] Bluetooth: hci0: command 0x0406 tx timeout
[  849.560565][T14932] Bluetooth: hci4: command 0x0406 tx timeout
[  849.566990][T14932] Bluetooth: hci3: command 0x0406 tx timeout
[  849.971843][T15069] KVM: debugfs: duplicate directory 15069-10
[  850.890816][T15082] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2722'.
[  851.982974][T15101] FAULT_INJECTION: forcing a failure.
[  851.982974][T15101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  852.028319][T15101] CPU: 0 UID: 0 PID: 15101 Comm: syz.4.2727 Not tainted syzkaller #0 PREEMPT(full) 
[  852.028352][T15101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  852.028366][T15101] Call Trace:
[  852.028376][T15101]  <TASK>
[  852.028387][T15101]  dump_stack_lvl+0x189/0x250
[  852.028419][T15101]  ? __pfx____ratelimit+0x10/0x10
[  852.028443][T15101]  ? __pfx_dump_stack_lvl+0x10/0x10
[  852.028471][T15101]  ? __pfx__printk+0x10/0x10
[  852.028503][T15101]  ? __might_fault+0xb0/0x130
[  852.028546][T15101]  should_fail_ex+0x414/0x560
[  852.028593][T15101]  _copy_from_iter+0x1de/0x1790
[  852.028628][T15101]  ? rcu_is_watching+0x15/0xb0
[  852.028652][T15101]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  852.028685][T15101]  ? __pfx__copy_from_iter+0x10/0x10
[  852.028713][T15101]  ? __build_skb_around+0x257/0x3e0
[  852.028743][T15101]  ? netlink_sendmsg+0x642/0xb30
[  852.028766][T15101]  ? skb_put+0x11b/0x210
[  852.028795][T15101]  netlink_sendmsg+0x6b2/0xb30
[  852.028831][T15101]  ? __pfx_netlink_sendmsg+0x10/0x10
[  852.028860][T15101]  ? aa_sock_msg_perm+0xf1/0x1d0
[  852.028885][T15101]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  852.028909][T15101]  ? __pfx_netlink_sendmsg+0x10/0x10
[  852.028935][T15101]  __sock_sendmsg+0x21c/0x270
[  852.028973][T15101]  ____sys_sendmsg+0x505/0x830
[  852.029007][T15101]  ? __pfx_____sys_sendmsg+0x10/0x10
[  852.029046][T15101]  ? import_iovec+0x74/0xa0
[  852.029079][T15101]  ___sys_sendmsg+0x21f/0x2a0
[  852.029111][T15101]  ? __pfx____sys_sendmsg+0x10/0x10
[  852.029179][T15101]  ? __fget_files+0x2a/0x420
[  852.029198][T15101]  ? __fget_files+0x3a0/0x420
[  852.029230][T15101]  __x64_sys_sendmsg+0x19b/0x260
[  852.029262][T15101]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  852.029302][T15101]  ? __pfx_ksys_write+0x10/0x10
[  852.029330][T15101]  ? rcu_is_watching+0x15/0xb0
[  852.029358][T15101]  ? do_syscall_64+0xbe/0x3b0
[  852.029387][T15101]  do_syscall_64+0xfa/0x3b0
[  852.029410][T15101]  ? lockdep_hardirqs_on+0x9c/0x150
[  852.029433][T15101]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.029455][T15101]  ? clear_bhb_loop+0x60/0xb0
[  852.029483][T15101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  852.029505][T15101] RIP: 0033:0x7f8f8498eba9
[  852.029525][T15101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  852.029544][T15101] RSP: 002b:00007f8f858d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  852.029573][T15101] RAX: ffffffffffffffda RBX: 00007f8f84bd5fa0 RCX: 00007f8f8498eba9
[  852.029590][T15101] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  852.029605][T15101] RBP: 00007f8f858d1090 R08: 0000000000000000 R09: 0000000000000000
[  852.029619][T15101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  852.029632][T15101] R13: 00007f8f84bd6038 R14: 00007f8f84bd5fa0 R15: 00007f8f84cffa28
[  852.029667][T15101]  </TASK>
[  852.317856][    C0] vkms_vblank_simulate: vblank timer overrun
[  853.166457][ T5990] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  853.365917][ T5990] usb 5-1: Using ep0 maxpacket: 16
[  853.416018][ T5990] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  853.460604][T15113] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2730'.
[  853.497397][ T5990] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  853.560560][ T5990] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  853.710259][ T5990] usb 5-1: Product: syz
[  853.733353][ T5990] usb 5-1: Manufacturer: syz
[  853.738467][ T5990] usb 5-1: SerialNumber: syz
[  853.760466][ T5990] usb 5-1: config 0 descriptor??
[  853.931245][T15117] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2731'.
[  854.028596][T15108] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2728'.
[  854.165834][ T5990] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  854.331061][ T5990] usb 4-1: Using ep0 maxpacket: 16
[  854.352315][ T5990] usb 4-1: config 0 has an invalid interface number: 188 but max is 2
[  854.387757][ T5990] usb 4-1: config 0 has an invalid interface number: 93 but max is 2
[  854.459209][ T5990] usb 4-1: config 0 has an invalid interface number: 131 but max is 2
[  854.496450][ T5990] usb 4-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  854.525315][ T5990] usb 4-1: config 0 has no interface number 0
[  854.536868][T15129] FAULT_INJECTION: forcing a failure.
[  854.536868][T15129] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  854.550693][ T5990] usb 4-1: config 0 has no interface number 1
[  854.558019][ T5990] usb 4-1: config 0 has no interface number 2
[  854.566283][T15129] CPU: 1 UID: 0 PID: 15129 Comm: syz.0.2737 Not tainted syzkaller #0 PREEMPT(full) 
[  854.566313][T15129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  854.566327][T15129] Call Trace:
[  854.566335][T15129]  <TASK>
[  854.566344][T15129]  dump_stack_lvl+0x189/0x250
[  854.566374][T15129]  ? __pfx____ratelimit+0x10/0x10
[  854.566397][T15129]  ? __pfx_dump_stack_lvl+0x10/0x10
[  854.566423][T15129]  ? __pfx__printk+0x10/0x10
[  854.566454][T15129]  ? __might_fault+0xb0/0x130
[  854.566498][T15129]  should_fail_ex+0x414/0x560
[  854.566545][T15129]  _copy_from_iter+0x1de/0x1790
[  854.566581][T15129]  ? rcu_is_watching+0x15/0xb0
[  854.566605][T15129]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  854.566639][T15129]  ? __pfx__copy_from_iter+0x10/0x10
[  854.566668][T15129]  ? __build_skb_around+0x257/0x3e0
[  854.566698][T15129]  ? netlink_sendmsg+0x642/0xb30
[  854.566721][T15129]  ? skb_put+0x11b/0x210
[  854.566756][T15129]  netlink_sendmsg+0x6b2/0xb30
[  854.566791][T15129]  ? __pfx_netlink_sendmsg+0x10/0x10
[  854.566820][T15129]  ? aa_sock_msg_perm+0xf1/0x1d0
[  854.566845][T15129]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  854.566869][T15129]  ? __pfx_netlink_sendmsg+0x10/0x10
[  854.566895][T15129]  __sock_sendmsg+0x21c/0x270
[  854.566933][T15129]  ____sys_sendmsg+0x505/0x830
[  854.566968][T15129]  ? __pfx_____sys_sendmsg+0x10/0x10
[  854.567006][T15129]  ? import_iovec+0x74/0xa0
[  854.567040][T15129]  ___sys_sendmsg+0x21f/0x2a0
[  854.567071][T15129]  ? __pfx____sys_sendmsg+0x10/0x10
[  854.567140][T15129]  ? __fget_files+0x2a/0x420
[  854.567159][T15129]  ? __fget_files+0x3a0/0x420
[  854.567190][T15129]  __x64_sys_sendmsg+0x19b/0x260
[  854.567222][T15129]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  854.567262][T15129]  ? __pfx_ksys_write+0x10/0x10
[  854.567291][T15129]  ? rcu_is_watching+0x15/0xb0
[  854.567319][T15129]  ? do_syscall_64+0xbe/0x3b0
[  854.567348][T15129]  do_syscall_64+0xfa/0x3b0
[  854.567371][T15129]  ? lockdep_hardirqs_on+0x9c/0x150
[  854.567394][T15129]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.567416][T15129]  ? clear_bhb_loop+0x60/0xb0
[  854.567444][T15129]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  854.567466][T15129] RIP: 0033:0x7fdcd758eba9
[  854.567485][T15129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  854.567505][T15129] RSP: 002b:00007fdcd83eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  854.567528][T15129] RAX: ffffffffffffffda RBX: 00007fdcd77d5fa0 RCX: 00007fdcd758eba9
[  854.567551][T15129] RDX: 0000000004000800 RSI: 00002000000000c0 RDI: 0000000000000003
[  854.567566][T15129] RBP: 00007fdcd83eb090 R08: 0000000000000000 R09: 0000000000000000
[  854.567580][T15129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  854.567594][T15129] R13: 00007fdcd77d6038 R14: 00007fdcd77d5fa0 R15: 00007fdcd78ffa28
[  854.567628][T15129]  </TASK>
[  854.572380][ T5990] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  854.906354][ T5990] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  854.917708][ T5990] usb 4-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  854.930135][ T5990] usb 4-1: config 0 interface 188 altsetting 0 has a duplicate endpoint with address 0xE, skipping
[  854.941275][ T5990] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  855.027339][ T5990] usb 4-1: config 0 interface 188 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  855.061778][ T5990] usb 4-1: config 0 interface 93 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  855.087605][ T5990] usb 4-1: config 0 interface 93 altsetting 7 bulk endpoint 0x8 has invalid maxpacket 32
[  855.114229][ T5990] usb 4-1: config 0 interface 93 altsetting 7 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  855.154171][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has a duplicate endpoint with address 0xF, skipping
[  855.195128][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has a duplicate endpoint with address 0xA, skipping
[  855.210385][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has an invalid descriptor for endpoint zero, skipping
[  855.224095][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has a duplicate endpoint with address 0xB, skipping
[  855.235800][ T5990] usb 4-1: config 0 interface 131 altsetting 219 endpoint 0x6 has invalid wMaxPacketSize 0
[  855.246605][ T5990] usb 4-1: config 0 interface 131 altsetting 219 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  855.258381][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has a duplicate endpoint with address 0x9, skipping
[  855.269877][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has an invalid descriptor for endpoint zero, skipping
[  855.283752][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has a duplicate endpoint with address 0x8, skipping
[  855.295595][ T5990] usb 4-1: config 0 interface 131 altsetting 219 endpoint 0x4 has invalid maxpacket 1040, setting to 1024
[  855.316084][ T5990] usb 4-1: config 0 interface 131 altsetting 219 bulk endpoint 0x4 has invalid maxpacket 1024
[  855.327153][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has an invalid descriptor for endpoint zero, skipping
[  855.347491][ T5990] usb 4-1: config 0 interface 131 altsetting 219 has a duplicate endpoint with address 0xA, skipping
[  855.359851][ T5990] usb 4-1: config 0 interface 131 altsetting 219 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  855.433584][ T5990] usb 4-1: config 0 interface 93 has no altsetting 0
[  855.456065][ T5990] usb 4-1: config 0 interface 131 has no altsetting 0
[  855.472410][ T5990] usb 4-1: New USB device found, idVendor=2c7c, idProduct=030e, bcdDevice=f2.9f
[  855.483849][ T5990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.492536][ T5990] usb 4-1: Product: syz
[  855.499720][ T5990] usb 4-1: Manufacturer: syz
[  855.513903][ T5990] usb 4-1: SerialNumber: syz
[  855.539535][ T5990] usb 4-1: config 0 descriptor??
[  855.547868][T15144] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  855.818020][   T10] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[  855.873029][ T5990] option 4-1:0.188: GSM modem (1-port) converter detected
[  856.111077][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  856.121795][   T10] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  856.142099][   T10] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  856.217987][ T5990] usb 4-1: USB disconnect, device number 81
[  856.241623][   T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  856.241780][ T5990] option 4-1:0.188: device disconnected
[  856.413324][  T848] usb 5-1: USB disconnect, device number 70
[  856.422361][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.486828][   T10] usb 2-1: Product: syz
[  856.491086][   T10] usb 2-1: Manufacturer: syz
[  856.508307][   T10] usb 2-1: SerialNumber: syz
[  856.589681][   T10] hub 2-1:1.0: bad descriptor, ignoring hub
[  856.611337][   T10] hub 2-1:1.0: probe with driver hub failed with error -5
[  856.847486][   T10] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 64 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  856.933574][T15160] FAULT_INJECTION: forcing a failure.
[  856.933574][T15160] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  856.951674][T15160] CPU: 1 UID: 0 PID: 15160 Comm: syz.4.2747 Not tainted syzkaller #0 PREEMPT(full) 
[  856.951705][T15160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  856.951719][T15160] Call Trace:
[  856.951728][T15160]  <TASK>
[  856.951738][T15160]  dump_stack_lvl+0x189/0x250
[  856.951770][T15160]  ? __pfx____ratelimit+0x10/0x10
[  856.951794][T15160]  ? __pfx_dump_stack_lvl+0x10/0x10
[  856.951821][T15160]  ? __pfx__printk+0x10/0x10
[  856.951852][T15160]  ? __might_fault+0xb0/0x130
[  856.951895][T15160]  should_fail_ex+0x414/0x560
[  856.951934][T15160]  _copy_from_iter+0x1de/0x1790
[  856.951970][T15160]  ? rcu_is_watching+0x15/0xb0
[  856.951995][T15160]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  856.952027][T15160]  ? __pfx__copy_from_iter+0x10/0x10
[  856.952055][T15160]  ? __build_skb_around+0x257/0x3e0
[  856.952083][T15160]  ? netlink_sendmsg+0x642/0xb30
[  856.952107][T15160]  ? skb_put+0x11b/0x210
[  856.952147][T15160]  netlink_sendmsg+0x6b2/0xb30
[  856.952183][T15160]  ? __pfx_netlink_sendmsg+0x10/0x10
[  856.952212][T15160]  ? aa_sock_msg_perm+0xf1/0x1d0
[  856.952237][T15160]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  856.952263][T15160]  ? __pfx_netlink_sendmsg+0x10/0x10
[  856.952289][T15160]  __sock_sendmsg+0x21c/0x270
[  856.952327][T15160]  ____sys_sendmsg+0x505/0x830
[  856.952363][T15160]  ? __pfx_____sys_sendmsg+0x10/0x10
[  856.952399][T15160]  ? import_iovec+0x74/0xa0
[  856.952434][T15160]  ___sys_sendmsg+0x21f/0x2a0
[  856.952466][T15160]  ? __pfx____sys_sendmsg+0x10/0x10
[  856.952535][T15160]  ? __fget_files+0x2a/0x420
[  856.952554][T15160]  ? __fget_files+0x3a0/0x420
[  856.952586][T15160]  __x64_sys_sendmsg+0x19b/0x260
[  856.952619][T15160]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  856.952659][T15160]  ? __pfx_ksys_write+0x10/0x10
[  856.952686][T15160]  ? rcu_is_watching+0x15/0xb0
[  856.952715][T15160]  ? do_syscall_64+0xbe/0x3b0
[  856.952744][T15160]  do_syscall_64+0xfa/0x3b0
[  856.952767][T15160]  ? lockdep_hardirqs_on+0x9c/0x150
[  856.952790][T15160]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.952813][T15160]  ? clear_bhb_loop+0x60/0xb0
[  856.952841][T15160]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.952863][T15160] RIP: 0033:0x7f8f8498eba9
[  856.952884][T15160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  856.952904][T15160] RSP: 002b:00007f8f858d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  856.952928][T15160] RAX: ffffffffffffffda RBX: 00007f8f84bd5fa0 RCX: 00007f8f8498eba9
[  856.952945][T15160] RDX: 0000000020000014 RSI: 00002000000001c0 RDI: 0000000000000003
[  856.952961][T15160] RBP: 00007f8f858d1090 R08: 0000000000000000 R09: 0000000000000000
[  856.952976][T15160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  856.952990][T15160] R13: 00007f8f84bd6038 R14: 00007f8f84bd5fa0 R15: 00007f8f84cffa28
[  856.953025][T15160]  </TASK>
[  857.102826][   T10] usb 2-1: USB disconnect, device number 64
[  857.389234][T15168] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  857.472181][T15171] FAULT_INJECTION: forcing a failure.
[  857.472181][T15171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  857.553861][T15171] CPU: 1 UID: 0 PID: 15171 Comm: syz.0.2751 Not tainted syzkaller #0 PREEMPT(full) 
[  857.553884][T15171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  857.553895][T15171] Call Trace:
[  857.553901][T15171]  <TASK>
[  857.553909][T15171]  dump_stack_lvl+0x189/0x250
[  857.553933][T15171]  ? __pfx____ratelimit+0x10/0x10
[  857.553950][T15171]  ? __pfx_dump_stack_lvl+0x10/0x10
[  857.553969][T15171]  ? __pfx__printk+0x10/0x10
[  857.553992][T15171]  ? __might_fault+0xb0/0x130
[  857.554023][T15171]  should_fail_ex+0x414/0x560
[  857.554051][T15171]  _copy_from_user+0x2d/0xb0
[  857.554073][T15171]  ___sys_sendmsg+0x158/0x2a0
[  857.554096][T15171]  ? __pfx____sys_sendmsg+0x10/0x10
[  857.554143][T15171]  ? __fget_files+0x2a/0x420
[  857.554156][T15171]  ? __fget_files+0x3a0/0x420
[  857.554178][T15171]  __x64_sys_sendmsg+0x19b/0x260
[  857.554200][T15171]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  857.554228][T15171]  ? __pfx_ksys_write+0x10/0x10
[  857.554248][T15171]  ? rcu_is_watching+0x15/0xb0
[  857.554268][T15171]  ? do_syscall_64+0xbe/0x3b0
[  857.554288][T15171]  do_syscall_64+0xfa/0x3b0
[  857.554305][T15171]  ? lockdep_hardirqs_on+0x9c/0x150
[  857.554321][T15171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.554347][T15171]  ? clear_bhb_loop+0x60/0xb0
[  857.554366][T15171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.554382][T15171] RIP: 0033:0x7fdcd758eba9
[  857.554396][T15171] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  857.554411][T15171] RSP: 002b:00007fdcd83eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  857.554428][T15171] RAX: ffffffffffffffda RBX: 00007fdcd77d5fa0 RCX: 00007fdcd758eba9
[  857.554440][T15171] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  857.554451][T15171] RBP: 00007fdcd83eb090 R08: 0000000000000000 R09: 0000000000000000
[  857.554461][T15171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  857.554471][T15171] R13: 00007fdcd77d6038 R14: 00007fdcd77d5fa0 R15: 00007fdcd78ffa28
[  857.554497][T15171]  </TASK>
[  857.769991][   T10] usblp0: removed
[  857.932454][T15179] netlink: 'syz.0.2755': attribute type 11 has an invalid length.
[  857.956159][T15182] FAULT_INJECTION: forcing a failure.
[  857.956159][T15182] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  857.969433][T15182] CPU: 1 UID: 0 PID: 15182 Comm: syz.3.2757 Not tainted syzkaller #0 PREEMPT(full) 
[  857.969463][T15182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  857.969477][T15182] Call Trace:
[  857.969488][T15182]  <TASK>
[  857.969499][T15182]  dump_stack_lvl+0x189/0x250
[  857.969531][T15182]  ? __pfx____ratelimit+0x10/0x10
[  857.969556][T15182]  ? __pfx_dump_stack_lvl+0x10/0x10
[  857.969582][T15182]  ? __pfx__printk+0x10/0x10
[  857.969626][T15182]  should_fail_ex+0x414/0x560
[  857.969666][T15182]  _copy_to_user+0x31/0xb0
[  857.969700][T15182]  simple_read_from_buffer+0xe1/0x170
[  857.969738][T15182]  proc_fail_nth_read+0x1b3/0x220
[  857.969769][T15182]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  857.969798][T15182]  ? rw_verify_area+0x2a6/0x4d0
[  857.969825][T15182]  ? __lock_acquire+0xab9/0xd20
[  857.969856][T15182]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  857.969884][T15182]  vfs_read+0x200/0xa30
[  857.969912][T15182]  ? fdget_pos+0x247/0x320
[  857.969937][T15182]  ? __pfx___mutex_lock+0x10/0x10
[  857.969963][T15182]  ? __pfx_vfs_read+0x10/0x10
[  857.969993][T15182]  ? __fget_files+0x2a/0x420
[  857.970019][T15182]  ? __fget_files+0x3a0/0x420
[  857.970038][T15182]  ? __fget_files+0x2a/0x420
[  857.970068][T15182]  ksys_read+0x145/0x250
[  857.970096][T15182]  ? __fget_files+0x3a0/0x420
[  857.970118][T15182]  ? __pfx_ksys_read+0x10/0x10
[  857.970153][T15182]  ? do_syscall_64+0xbe/0x3b0
[  857.970182][T15182]  do_syscall_64+0xfa/0x3b0
[  857.970206][T15182]  ? lockdep_hardirqs_on+0x9c/0x150
[  857.970235][T15182]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.970258][T15182]  ? clear_bhb_loop+0x60/0xb0
[  857.970286][T15182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  857.970309][T15182] RIP: 0033:0x7f38bef8d5bc
[  857.970329][T15182] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  857.970350][T15182] RSP: 002b:00007f38bfe64030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  857.970374][T15182] RAX: ffffffffffffffda RBX: 00007f38bf1d5fa0 RCX: 00007f38bef8d5bc
[  857.970391][T15182] RDX: 000000000000000f RSI: 00007f38bfe640a0 RDI: 0000000000000005
[  857.970406][T15182] RBP: 00007f38bfe64090 R08: 0000000000000000 R09: 0000000000000000
[  857.970420][T15182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  857.970433][T15182] R13: 00007f38bf1d6038 R14: 00007f38bf1d5fa0 R15: 00007f38bf2ffa28
[  857.970466][T15182]  </TASK>
[  858.446663][T15185] pim6reg: entered allmulticast mode
[  858.462534][T15191] FAULT_INJECTION: forcing a failure.
[  858.462534][T15191] name failslab, interval 1, probability 0, space 0, times 0
[  858.522369][T15191] CPU: 1 UID: 0 PID: 15191 Comm: syz.3.2758 Not tainted syzkaller #0 PREEMPT(full) 
[  858.522401][T15191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  858.522417][T15191] Call Trace:
[  858.522427][T15191]  <TASK>
[  858.522438][T15191]  dump_stack_lvl+0x189/0x250
[  858.522472][T15191]  ? __pfx____ratelimit+0x10/0x10
[  858.522496][T15191]  ? __pfx_dump_stack_lvl+0x10/0x10
[  858.522529][T15191]  ? __pfx__printk+0x10/0x10
[  858.522567][T15191]  ? __pfx___might_resched+0x10/0x10
[  858.522588][T15191]  ? fs_reclaim_acquire+0x7d/0x100
[  858.522614][T15191]  should_fail_ex+0x414/0x560
[  858.522652][T15191]  ? __pfx_sock_alloc_inode+0x10/0x10
[  858.522686][T15191]  should_failslab+0xa8/0x100
[  858.522722][T15191]  ? __pfx_sock_alloc_inode+0x10/0x10
[  858.522754][T15191]  kmem_cache_alloc_lru_noprof+0x78/0x3d0
[  858.522785][T15191]  ? sock_alloc_inode+0x28/0xc0
[  858.522823][T15191]  ? __pfx_sock_alloc_inode+0x10/0x10
[  858.522856][T15191]  sock_alloc_inode+0x28/0xc0
[  858.522894][T15191]  alloc_inode+0x67/0x1b0
[  858.522929][T15191]  do_accept+0x111/0x680
[  858.522959][T15191]  ? __pfx_do_accept+0x10/0x10
[  858.523014][T15191]  __sys_accept4+0x11c/0x1c0
[  858.523041][T15191]  ? __pfx___sys_accept4+0x10/0x10
[  858.523066][T15191]  ? __pfx_ksys_write+0x10/0x10
[  858.523093][T15191]  ? rcu_is_watching+0x15/0xb0
[  858.523125][T15191]  __x64_sys_accept+0x7d/0x90
[  858.523151][T15191]  do_syscall_64+0xfa/0x3b0
[  858.523176][T15191]  ? lockdep_hardirqs_on+0x9c/0x150
[  858.523198][T15191]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.523221][T15191]  ? clear_bhb_loop+0x60/0xb0
[  858.523249][T15191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  858.523272][T15191] RIP: 0033:0x7f38bef8eba9
[  858.523293][T15191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  858.523313][T15191] RSP: 002b:00007f38bfe64038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  858.523338][T15191] RAX: ffffffffffffffda RBX: 00007f38bf1d5fa0 RCX: 00007f38bef8eba9
[  858.523356][T15191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  858.523370][T15191] RBP: 00007f38bfe64090 R08: 0000000000000000 R09: 0000000000000000
[  858.523385][T15191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  858.523399][T15191] R13: 00007f38bf1d6038 R14: 00007f38bf1d5fa0 R15: 00007f38bf2ffa28
[  858.523434][T15191]  </TASK>
[  859.429898][T15205] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2763'.
[  860.146469][T15208] netlink: 136 bytes leftover after parsing attributes in process `syz.3.2761'.
[  860.160283][T15212] FAULT_INJECTION: forcing a failure.
[  860.160283][T15212] name failslab, interval 1, probability 0, space 0, times 0
[  860.206663][T15212] CPU: 1 UID: 0 PID: 15212 Comm: syz.1.2764 Not tainted syzkaller #0 PREEMPT(full) 
[  860.206694][T15212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  860.206709][T15212] Call Trace:
[  860.206718][T15212]  <TASK>
[  860.206728][T15212]  dump_stack_lvl+0x189/0x250
[  860.206760][T15212]  ? __pfx____ratelimit+0x10/0x10
[  860.206783][T15212]  ? __pfx_dump_stack_lvl+0x10/0x10
[  860.206810][T15212]  ? __pfx__printk+0x10/0x10
[  860.206857][T15212]  ? __pfx___might_resched+0x10/0x10
[  860.206884][T15212]  should_fail_ex+0x414/0x560
[  860.206924][T15212]  should_failslab+0xa8/0x100
[  860.206959][T15212]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  860.206991][T15212]  ? __alloc_skb+0x112/0x2d0
[  860.207021][T15212]  __alloc_skb+0x112/0x2d0
[  860.207050][T15212]  netlink_sendmsg+0x5c6/0xb30
[  860.207086][T15212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  860.207115][T15212]  ? aa_sock_msg_perm+0xf1/0x1d0
[  860.207140][T15212]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  860.207165][T15212]  ? __pfx_netlink_sendmsg+0x10/0x10
[  860.207190][T15212]  __sock_sendmsg+0x21c/0x270
[  860.207227][T15212]  ____sys_sendmsg+0x505/0x830
[  860.207262][T15212]  ? __pfx_____sys_sendmsg+0x10/0x10
[  860.207301][T15212]  ? import_iovec+0x74/0xa0
[  860.207335][T15212]  ___sys_sendmsg+0x21f/0x2a0
[  860.207367][T15212]  ? __pfx____sys_sendmsg+0x10/0x10
[  860.207434][T15212]  ? __fget_files+0x2a/0x420
[  860.207453][T15212]  ? __fget_files+0x3a0/0x420
[  860.207484][T15212]  __x64_sys_sendmsg+0x19b/0x260
[  860.207517][T15212]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  860.207557][T15212]  ? __pfx_ksys_write+0x10/0x10
[  860.207585][T15212]  ? rcu_is_watching+0x15/0xb0
[  860.207614][T15212]  ? do_syscall_64+0xbe/0x3b0
[  860.207643][T15212]  do_syscall_64+0xfa/0x3b0
[  860.207666][T15212]  ? lockdep_hardirqs_on+0x9c/0x150
[  860.207689][T15212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.207711][T15212]  ? clear_bhb_loop+0x60/0xb0
[  860.207738][T15212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  860.207760][T15212] RIP: 0033:0x7fe982f8eba9
[  860.207780][T15212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  860.207801][T15212] RSP: 002b:00007fe983dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  860.207825][T15212] RAX: ffffffffffffffda RBX: 00007fe9831d5fa0 RCX: 00007fe982f8eba9
[  860.207849][T15212] RDX: 0000000000000004 RSI: 0000200000000240 RDI: 0000000000000004
[  860.207864][T15212] RBP: 00007fe983dca090 R08: 0000000000000000 R09: 0000000000000000
[  860.207878][T15212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  860.207893][T15212] R13: 00007fe9831d6038 R14: 00007fe9831d5fa0 R15: 00007fe9832ffa28
[  860.207927][T15212]  </TASK>
[  860.995314][T15223] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  861.024148][T15223] syzkaller0: entered promiscuous mode
[  861.050428][T15223] syzkaller0: entered allmulticast mode
[  861.122793][T15229] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2771'.
[  861.156134][T15222] tipc: Resetting bearer <eth:syzkaller0>
[  861.231043][T15222] tipc: Disabling bearer <eth:syzkaller0>
[  861.446076][ T5949] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  861.601929][T15241] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2775'.
[  861.615265][T15241] tc_dump_action: action bad kind
[  861.739450][ T5949] usb 3-1: unable to get BOS descriptor or descriptor too short
[  861.749923][ T5949] usb 3-1: config 6 has an invalid interface number: 158 but max is 0
[  861.758709][ T5949] usb 3-1: config 6 has no interface number 0
[  861.764870][ T5949] usb 3-1: config 6 interface 158 has no altsetting 0
[  861.794805][ T5949] usb 3-1: New USB device found, idVendor=0bda, idProduct=0140, bcdDevice=da.29
[  861.810278][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  861.859135][ T5949] usb 3-1: Product: syz
[  861.863362][ T5949] usb 3-1: Manufacturer: syz
[  861.909740][ T5949] usb 3-1: SerialNumber: syz
[  862.278823][T15237] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  862.496194][ T5952] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  862.564634][T15259] FAULT_INJECTION: forcing a failure.
[  862.564634][T15259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  862.583968][ T5990] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  862.670986][T15259] CPU: 0 UID: 0 PID: 15259 Comm: syz.0.2779 Not tainted syzkaller #0 PREEMPT(full) 
[  862.671018][T15259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  862.671033][T15259] Call Trace:
[  862.671042][T15259]  <TASK>
[  862.671053][T15259]  dump_stack_lvl+0x189/0x250
[  862.671086][T15259]  ? __pfx____ratelimit+0x10/0x10
[  862.671113][T15259]  ? __pfx_dump_stack_lvl+0x10/0x10
[  862.671140][T15259]  ? __pfx__printk+0x10/0x10
[  862.671183][T15259]  should_fail_ex+0x414/0x560
[  862.671223][T15259]  _copy_to_user+0x31/0xb0
[  862.671255][T15259]  simple_read_from_buffer+0xe1/0x170
[  862.671293][T15259]  proc_fail_nth_read+0x1b3/0x220
[  862.671322][T15259]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  862.671351][T15259]  ? rw_verify_area+0x2a6/0x4d0
[  862.671377][T15259]  ? __lock_acquire+0xab9/0xd20
[  862.671408][T15259]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  862.671434][T15259]  vfs_read+0x200/0xa30
[  862.671461][T15259]  ? fdget_pos+0x247/0x320
[  862.671486][T15259]  ? __pfx___mutex_lock+0x10/0x10
[  862.671512][T15259]  ? __pfx_vfs_read+0x10/0x10
[  862.671542][T15259]  ? __fget_files+0x2a/0x420
[  862.671566][T15259]  ? __fget_files+0x3a0/0x420
[  862.671584][T15259]  ? __fget_files+0x2a/0x420
[  862.671613][T15259]  ksys_read+0x145/0x250
[  862.671651][T15259]  ? __pfx_ksys_read+0x10/0x10
[  862.671677][T15259]  ? rcu_is_watching+0x15/0xb0
[  862.671705][T15259]  ? do_syscall_64+0xbe/0x3b0
[  862.671734][T15259]  do_syscall_64+0xfa/0x3b0
[  862.671757][T15259]  ? lockdep_hardirqs_on+0x9c/0x150
[  862.671779][T15259]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  862.671800][T15259]  ? clear_bhb_loop+0x60/0xb0
[  862.671827][T15259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  862.671849][T15259] RIP: 0033:0x7fdcd758d5bc
[  862.671868][T15259] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  862.671887][T15259] RSP: 002b:00007fdcd83eb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  862.671910][T15259] RAX: ffffffffffffffda RBX: 00007fdcd77d5fa0 RCX: 00007fdcd758d5bc
[  862.671926][T15259] RDX: 000000000000000f RSI: 00007fdcd83eb0a0 RDI: 0000000000000004
[  862.671941][T15259] RBP: 00007fdcd83eb090 R08: 0000000000000000 R09: 0000000000000000
[  862.671955][T15259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  862.671968][T15259] R13: 00007fdcd77d6038 R14: 00007fdcd77d5fa0 R15: 00007fdcd78ffa28
[  862.672002][T15259]  </TASK>
[  862.920744][ T5990] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  862.930945][ T5990] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  862.941550][ T5990] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  862.957726][ T5990] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  863.228964][ T5990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.287446][ T5990] usb 4-1: Product: syz
[  863.297074][ T5952] usb 2-1: Using ep0 maxpacket: 8
[  863.310402][ T5952] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  863.321787][ T5952] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 57300, setting to 1024
[  863.321800][ T5990] usb 4-1: Manufacturer: syz
[  863.321827][ T5990] usb 4-1: SerialNumber: syz
[  863.344741][ T5952] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  863.355924][ T5952] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  863.387163][ T5990] hub 4-1:1.0: bad descriptor, ignoring hub
[  863.398361][ T5990] hub 4-1:1.0: probe with driver hub failed with error -5
[  863.527958][ T5952] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  863.537966][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.549900][ T5952] usb 2-1: Product: syz
[  863.554212][ T5952] usb 2-1: Manufacturer: syz
[  863.560429][ T5952] usb 2-1: SerialNumber: syz
[  863.574029][T15251] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  863.586465][T15251] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  864.061304][ T5990] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 82 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  864.078972][T15255] usb usb8: usbfs: interface 0 claimed by hub while 'syz.1.2776' resets device
[  864.095645][ T5952] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71
[  864.110641][ T5952] usbtest 2-1:1.0: Linux user mode ISO test driver
[  864.117549][ T5952] usbtest 2-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  864.150912][ T5952] usb 2-1: USB disconnect, device number 65
[  864.195277][ T5990] usb 4-1: USB disconnect, device number 82
[  864.247249][ T5990] usblp0: removed
[  864.895518][T15273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2784'.
[  865.698198][T15273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2784'.
[  865.786756][ T5949] rtsx_usb 3-1:6.158: probe with driver rtsx_usb failed with error -71
[  865.899974][ T5949] usb 3-1: USB disconnect, device number 61
[  866.129099][T15285] FAULT_INJECTION: forcing a failure.
[  866.129099][T15285] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  866.301708][T15285] CPU: 1 UID: 0 PID: 15285 Comm: syz.4.2787 Not tainted syzkaller #0 PREEMPT(full) 
[  866.301741][T15285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  866.301756][T15285] Call Trace:
[  866.301766][T15285]  <TASK>
[  866.301777][T15285]  dump_stack_lvl+0x189/0x250
[  866.301811][T15285]  ? __pfx____ratelimit+0x10/0x10
[  866.301835][T15285]  ? __pfx_dump_stack_lvl+0x10/0x10
[  866.301863][T15285]  ? __pfx__printk+0x10/0x10
[  866.301895][T15285]  ? __might_fault+0xb0/0x130
[  866.301938][T15285]  should_fail_ex+0x414/0x560
[  866.301978][T15285]  _copy_from_iter+0x1de/0x1790
[  866.302013][T15285]  ? rcu_is_watching+0x15/0xb0
[  866.302038][T15285]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  866.302070][T15285]  ? __pfx__copy_from_iter+0x10/0x10
[  866.302098][T15285]  ? __build_skb_around+0x257/0x3e0
[  866.302127][T15285]  ? netlink_sendmsg+0x642/0xb30
[  866.302150][T15285]  ? skb_put+0x11b/0x210
[  866.302179][T15285]  netlink_sendmsg+0x6b2/0xb30
[  866.302214][T15285]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.302243][T15285]  ? aa_sock_msg_perm+0xf1/0x1d0
[  866.302268][T15285]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  866.302292][T15285]  ? __pfx_netlink_sendmsg+0x10/0x10
[  866.302328][T15285]  __sock_sendmsg+0x21c/0x270
[  866.302366][T15285]  ____sys_sendmsg+0x505/0x830
[  866.302401][T15285]  ? __pfx_____sys_sendmsg+0x10/0x10
[  866.302440][T15285]  ? import_iovec+0x74/0xa0
[  866.302473][T15285]  ___sys_sendmsg+0x21f/0x2a0
[  866.302505][T15285]  ? __pfx____sys_sendmsg+0x10/0x10
[  866.302572][T15285]  ? __fget_files+0x2a/0x420
[  866.302592][T15285]  ? __fget_files+0x3a0/0x420
[  866.302623][T15285]  __x64_sys_sendmsg+0x19b/0x260
[  866.302655][T15285]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  866.302695][T15285]  ? __pfx_ksys_write+0x10/0x10
[  866.302723][T15285]  ? rcu_is_watching+0x15/0xb0
[  866.302751][T15285]  ? do_syscall_64+0xbe/0x3b0
[  866.302781][T15285]  do_syscall_64+0xfa/0x3b0
[  866.302803][T15285]  ? lockdep_hardirqs_on+0x9c/0x150
[  866.302826][T15285]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.302848][T15285]  ? clear_bhb_loop+0x60/0xb0
[  866.302875][T15285]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  866.302897][T15285] RIP: 0033:0x7f8f8498eba9
[  866.302917][T15285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  866.302936][T15285] RSP: 002b:00007f8f858d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  866.302960][T15285] RAX: ffffffffffffffda RBX: 00007f8f84bd5fa0 RCX: 00007f8f8498eba9
[  866.302977][T15285] RDX: 0000000000008004 RSI: 0000200000000040 RDI: 0000000000000004
[  866.302992][T15285] RBP: 00007f8f858d1090 R08: 0000000000000000 R09: 0000000000000000
[  866.303007][T15285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  866.303021][T15285] R13: 00007f8f84bd6038 R14: 00007f8f84bd5fa0 R15: 00007f8f84cffa28
[  866.303056][T15285]  </TASK>
[  866.936002][T14059] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  867.106119][ T5990] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  867.205763][T14059] usb 3-1: Using ep0 maxpacket: 32
[  867.229023][T14059] usb 3-1: config 0 interface 0 has no altsetting 0
[  867.242685][T14059] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  867.252144][T14059] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  867.267791][ T5990] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  867.274283][T14059] usb 3-1: config 0 descriptor??
[  867.345162][ T5990] usb 5-1: config 1 interface 0 has no altsetting 0
[  867.368546][ T5990] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c0b, bcdDevice= 0.40
[  867.394172][ T5990] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  867.473284][ T5990] usb 5-1: Product: Я
[  867.501089][ T5990] usb 5-1: Manufacturer: 《
[  867.554082][ T5990] usb 5-1: SerialNumber: ꓖ佅逅뼬覲₤﫼쮋脅鼎쬇꯭䨷桎蜗�戴녦촶摢䨕䀓転蓙蛄츓욞嫀ꤔ�낚᪳�奥季╓⳥긕྇䛱䂫䉃
[  868.358618][T15303] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  868.476445][ T5990] usbhid 5-1:1.0: can't add hid device: -71
[  868.483952][ T5990] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  868.540966][ T5990] usb 5-1: USB disconnect, device number 71
[  868.646038][ T5949] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  868.827787][ T5949] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  868.854983][ T5949] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  868.893246][ T5949] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  868.965032][ T5949] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  868.990404][ T5949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.017319][ T5949] usb 1-1: Product: syz
[  869.025121][ T5949] usb 1-1: Manufacturer: syz
[  869.035976][ T5949] usb 1-1: SerialNumber: syz
[  869.058322][ T5949] hub 1-1:1.0: bad descriptor, ignoring hub
[  869.074789][ T5949] hub 1-1:1.0: probe with driver hub failed with error -5
[  869.204151][T15316] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2796'.
[  869.224055][T15316] openvswitch: netlink: nsh attr 8224 is out of range max 3
[  869.239419][T15316] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  869.271636][ T5949] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 63 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  869.416869][T15314] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  869.683650][ T5949] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  869.725680][ T5990] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  869.758449][T14059] usbhid 3-1:0.0: can't add hid device: -71
[  869.777519][T14059] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  869.831941][T14059] usb 3-1: USB disconnect, device number 62
[  869.868995][ T5949] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  869.901958][ T5949] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  869.918388][ T5990] usb 2-1: Using ep0 maxpacket: 8
[  869.923606][ T5949] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  869.981623][ T5990] usb 2-1: unable to get BOS descriptor or descriptor too short
[  869.992079][ T5949] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  870.009260][ T5990] usb 2-1: config 4 interface 0 has no altsetting 0
[  870.014113][ T5949] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.033083][ T5990] usb 2-1: string descriptor 0 read error: -22
[  870.051409][ T5990] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  870.055966][ T5949] usb 4-1: Product: syz
[  870.092418][ T5949] usb 4-1: Manufacturer: syz
[  870.099133][T15331] ptrace attach of "./syz-executor exec"[5879] was attempted by "./syz-executor exec"[15331]
[  870.165713][ T5949] usb 4-1: SerialNumber: syz
[  870.166359][ T5990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  870.232687][ T5949] hub 4-1:1.0: bad descriptor, ignoring hub
[  870.310485][ T5949] hub 4-1:1.0: probe with driver hub failed with error -5
[  870.353204][ T5990] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  870.375142][  T848] usb 1-1: USB disconnect, device number 63
[  870.411400][ T5990] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  870.423558][ T5949] usblp 4-1:1.0: usblp1: USB Unidirectional printer dev 83 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  870.431368][  T848] usblp0: removed
[  870.442052][T15334] FAULT_INJECTION: forcing a failure.
[  870.442052][T15334] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  870.497827][T15334] CPU: 0 UID: 0 PID: 15334 Comm: syz.4.2803 Not tainted syzkaller #0 PREEMPT(full) 
[  870.497859][T15334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  870.497873][T15334] Call Trace:
[  870.497882][T15334]  <TASK>
[  870.497892][T15334]  dump_stack_lvl+0x189/0x250
[  870.497924][T15334]  ? __pfx____ratelimit+0x10/0x10
[  870.497947][T15334]  ? __pfx_dump_stack_lvl+0x10/0x10
[  870.497973][T15334]  ? __pfx__printk+0x10/0x10
[  870.498003][T15334]  ? __might_fault+0xb0/0x130
[  870.498044][T15334]  should_fail_ex+0x414/0x560
[  870.498083][T15334]  _copy_from_user+0x2d/0xb0
[  870.498112][T15334]  ___sys_sendmsg+0x158/0x2a0
[  870.498143][T15334]  ? __pfx____sys_sendmsg+0x10/0x10
[  870.498219][T15334]  ? __fget_files+0x2a/0x420
[  870.498238][T15334]  ? __fget_files+0x3a0/0x420
[  870.498269][T15334]  __x64_sys_sendmsg+0x19b/0x260
[  870.498301][T15334]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  870.498340][T15334]  ? __pfx_ksys_write+0x10/0x10
[  870.498367][T15334]  ? rcu_is_watching+0x15/0xb0
[  870.498397][T15334]  ? do_syscall_64+0xbe/0x3b0
[  870.498426][T15334]  do_syscall_64+0xfa/0x3b0
[  870.498449][T15334]  ? lockdep_hardirqs_on+0x9c/0x150
[  870.498472][T15334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.498495][T15334]  ? clear_bhb_loop+0x60/0xb0
[  870.498522][T15334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  870.498543][T15334] RIP: 0033:0x7f8f8498eba9
[  870.498563][T15334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  870.498581][T15334] RSP: 002b:00007f8f858d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  870.498606][T15334] RAX: ffffffffffffffda RBX: 00007f8f84bd5fa0 RCX: 00007f8f8498eba9
[  870.498621][T15334] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  870.498634][T15334] RBP: 00007f8f858d1090 R08: 0000000000000000 R09: 0000000000000000
[  870.498648][T15334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  870.498661][T15334] R13: 00007f8f84bd6038 R14: 00007f8f84bd5fa0 R15: 00007f8f84cffa28
[  870.498694][T15334]  </TASK>
[  870.499292][ T5990] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  870.699116][T15323] usb 2-1: dvb_usb_au6610: wlen=0, aborting
[  870.723217][ T5990] usb 2-1: media controller created
[  870.893795][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  870.893816][   T30] audit: type=1326 audit(1757685593.091:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15322 comm="syz.1.2799" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe982f8eba9 code=0x0
[  870.923752][ T5949] usb 4-1: USB disconnect, device number 83
[  870.938849][ T5949] usblp1: removed
[  870.941380][ T5990] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  871.123378][ T5990] zl10353_read_register: readreg error (reg=127, ret==0)
[  871.286894][ T5990] usb 2-1: USB disconnect, device number 66
[  871.708947][ T5990] usb 2-1: new high-speed USB device number 67 using dummy_hcd
[  871.850088][   T30] audit: type=1326 audit(1757685594.051:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15342 comm="syz.0.2805" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdcd758eba9 code=0x0
[  871.886981][ T5990] usb 2-1: Using ep0 maxpacket: 32
[  871.894706][ T5990] usb 2-1: config 0 has an invalid interface number: 106 but max is 0
[  871.904245][ T5990] usb 2-1: config 0 has no interface number 0
[  871.911371][ T5990] usb 2-1: config 0 interface 106 has no altsetting 0
[  871.937921][ T5990] usb 2-1: New USB device found, idVendor=0421, idProduct=6901, bcdDevice=2d.1d
[  871.965972][ T5990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  872.089970][ T5990] usb 2-1: Product: syz
[  872.128373][ T5990] usb 2-1: Manufacturer: syz
[  872.170096][ T5990] usb 2-1: SerialNumber: syz
[  872.200513][ T5990] usb 2-1: config 0 descriptor??
[  872.231895][ T5990] cdc_phonet 2-1:0.106: probe with driver cdc_phonet failed with error -22
[  873.314710][T15363] FAULT_INJECTION: forcing a failure.
[  873.314710][T15363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  873.351984][T15363] CPU: 1 UID: 0 PID: 15363 Comm: syz.4.2811 Not tainted syzkaller #0 PREEMPT(full) 
[  873.352016][T15363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  873.352031][T15363] Call Trace:
[  873.352040][T15363]  <TASK>
[  873.352051][T15363]  dump_stack_lvl+0x189/0x250
[  873.352083][T15363]  ? __pfx____ratelimit+0x10/0x10
[  873.352110][T15363]  ? __pfx_dump_stack_lvl+0x10/0x10
[  873.352137][T15363]  ? __pfx__printk+0x10/0x10
[  873.352169][T15363]  ? __might_fault+0xb0/0x130
[  873.352212][T15363]  should_fail_ex+0x414/0x560
[  873.352251][T15363]  _copy_from_iter+0x1de/0x1790
[  873.352286][T15363]  ? rcu_is_watching+0x15/0xb0
[  873.352310][T15363]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  873.352342][T15363]  ? __pfx__copy_from_iter+0x10/0x10
[  873.352371][T15363]  ? __build_skb_around+0x257/0x3e0
[  873.352401][T15363]  ? netlink_sendmsg+0x642/0xb30
[  873.352420][T15363]  ? skb_put+0x11b/0x210
[  873.352445][T15363]  netlink_sendmsg+0x6b2/0xb30
[  873.352478][T15363]  ? __pfx_netlink_sendmsg+0x10/0x10
[  873.352504][T15363]  ? aa_sock_msg_perm+0xf1/0x1d0
[  873.352528][T15363]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  873.352551][T15363]  ? __pfx_netlink_sendmsg+0x10/0x10
[  873.352576][T15363]  __sock_sendmsg+0x21c/0x270
[  873.352615][T15363]  ____sys_sendmsg+0x505/0x830
[  873.352650][T15363]  ? __pfx_____sys_sendmsg+0x10/0x10
[  873.352689][T15363]  ? import_iovec+0x74/0xa0
[  873.352723][T15363]  ___sys_sendmsg+0x21f/0x2a0
[  873.352755][T15363]  ? __pfx____sys_sendmsg+0x10/0x10
[  873.352823][T15363]  ? __fget_files+0x2a/0x420
[  873.352844][T15363]  ? __fget_files+0x3a0/0x420
[  873.352876][T15363]  __x64_sys_sendmsg+0x19b/0x260
[  873.352908][T15363]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  873.352956][T15363]  ? __pfx_ksys_write+0x10/0x10
[  873.352986][T15363]  ? rcu_is_watching+0x15/0xb0
[  873.353015][T15363]  ? do_syscall_64+0xbe/0x3b0
[  873.353045][T15363]  do_syscall_64+0xfa/0x3b0
[  873.353069][T15363]  ? lockdep_hardirqs_on+0x9c/0x150
[  873.353093][T15363]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.353116][T15363]  ? clear_bhb_loop+0x60/0xb0
[  873.353143][T15363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  873.353166][T15363] RIP: 0033:0x7f8f8498eba9
[  873.353187][T15363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  873.353206][T15363] RSP: 002b:00007f8f858d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  873.353231][T15363] RAX: ffffffffffffffda RBX: 00007f8f84bd5fa0 RCX: 00007f8f8498eba9
[  873.353249][T15363] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  873.353264][T15363] RBP: 00007f8f858d1090 R08: 0000000000000000 R09: 0000000000000000
[  873.353278][T15363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  873.353292][T15363] R13: 00007f8f84bd6038 R14: 00007f8f84bd5fa0 R15: 00007f8f84cffa28
[  873.353327][T15363]  </TASK>
[  873.636731][    C1] vkms_vblank_simulate: vblank timer overrun
[  873.695354][ T5990] usb 2-1: USB disconnect, device number 67
[  874.368373][T15375] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  874.407000][T15375] syzkaller0: entered promiscuous mode
[  874.422952][T15375] syzkaller0: entered allmulticast mode
[  874.480528][T15375] tipc: Resetting bearer <eth:syzkaller0>
[  874.573427][T15371] tipc: Resetting bearer <eth:syzkaller0>
[  874.667601][T15371] tipc: Disabling bearer <eth:syzkaller0>
[  874.819220][T15382] fuse: Invalid uid '00000000000000000003'
[  875.246150][T15392] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2821'.
[  875.461250][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  875.467914][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  876.745702][ T5949] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  876.835164][T15408] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  876.891343][T15408] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  876.931363][T15408] kvm: requested 13409 ns i8254 timer period limited to 200000 ns
[  876.939690][ T5949] usb 3-1: Using ep0 maxpacket: 8
[  876.948793][ T5949] usb 3-1: unable to get BOS descriptor or descriptor too short
[  876.967499][ T5949] usb 3-1: config 4 interface 0 has no altsetting 0
[  876.998082][ T5949] usb 3-1: string descriptor 0 read error: -22
[  877.004420][ T5949] usb 3-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  877.047573][T15408] kvm: requested 53638 ns i8254 timer period limited to 200000 ns
[  877.065809][T15408] kvm: requested 41904 ns i8254 timer period limited to 200000 ns
[  877.085823][ T5949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  877.118795][T15408] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  877.159768][ T5949] usb 3-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  877.259794][ T5949] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  877.320918][ T5949] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  877.358365][T15405] usb 3-1: dvb_usb_au6610: wlen=0, aborting
[  877.395353][T15415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2827'.
[  877.419659][   T30] audit: type=1326 audit(1757685599.591:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15404 comm="syz.2.2825" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f53c558eba9 code=0x0
[  877.445808][ T5949] usb 3-1: media controller created
[  877.451895][T15418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  877.484450][T15418] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  877.541851][T15415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2827'.
[  877.565797][T15415] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2827'.
[  877.700766][ T5949] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  877.797550][ T5949] zl10353_read_register: readreg error (reg=127, ret==0)
[  877.835942][   T43] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  877.941729][ T5949] usb 3-1: USB disconnect, device number 63
[  877.998087][   T43] usb 1-1: Using ep0 maxpacket: 8
[  878.008091][T15426] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  878.010414][   T43] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  878.018942][T15426] syzkaller0: entered promiscuous mode
[  878.031366][T15426] syzkaller0: entered allmulticast mode
[  878.051242][   T43] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  878.074081][T15426] tipc: Resetting bearer <eth:syzkaller0>
[  878.077183][   T43] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  878.099983][   T43] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  878.110494][T15425] tipc: Resetting bearer <eth:syzkaller0>
[  878.133046][   T43] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  878.160905][   T43] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  878.186448][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.247094][T15425] tipc: Disabling bearer <eth:syzkaller0>
[  878.376254][T15434] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2833'.
[  878.442843][   T43] usb 1-1: usb_control_msg returned -32
[  878.448864][   T43] usbtmc 1-1:16.0: can't read capabilities
[  878.579016][ T5990] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  878.737815][ T5990] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config
[  878.752342][ T5990] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  879.403429][ T5990] usb 2-1: New USB device found, idVendor=11ff, idProduct=3331, bcdDevice= 0.00
[  879.451494][ T5990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  879.498985][ T5990] usb 2-1: config 0 descriptor??
[  879.572160][ T5990] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  880.055823][T10511] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  880.275823][T10511] usb 3-1: Using ep0 maxpacket: 16
[  880.483898][T15450] FAULT_INJECTION: forcing a failure.
[  880.483898][T15450] name failslab, interval 1, probability 0, space 0, times 0
[  880.510746][T15447] usb usb8: check_ctrlrecip: process 15447 (syz.2.2837) requesting ep 01 but needs 81
[  880.521091][T15447] usb usb8: usbfs: process 15447 (syz.2.2837) did not claim interface 0 before use
[  880.565918][T15450] CPU: 0 UID: 0 PID: 15450 Comm: syz.3.2838 Not tainted syzkaller #0 PREEMPT(full) 
[  880.565950][T15450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  880.565964][T15450] Call Trace:
[  880.565973][T15450]  <TASK>
[  880.565984][T15450]  dump_stack_lvl+0x189/0x250
[  880.566009][T15450]  ? __pfx____ratelimit+0x10/0x10
[  880.566026][T15450]  ? __pfx_dump_stack_lvl+0x10/0x10
[  880.566062][T15450]  ? __pfx__printk+0x10/0x10
[  880.566100][T15450]  ? __pfx___might_resched+0x10/0x10
[  880.566125][T15450]  should_fail_ex+0x414/0x560
[  880.566158][T15450]  should_failslab+0xa8/0x100
[  880.566184][T15450]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  880.566215][T15450]  ? __alloc_skb+0x112/0x2d0
[  880.566246][T15450]  __alloc_skb+0x112/0x2d0
[  880.566274][T15450]  netlink_sendmsg+0x5c6/0xb30
[  880.566306][T15450]  ? __pfx_netlink_sendmsg+0x10/0x10
[  880.566326][T15450]  ? aa_sock_msg_perm+0xf1/0x1d0
[  880.566344][T15450]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  880.566370][T15450]  ? __pfx_netlink_sendmsg+0x10/0x10
[  880.566396][T15450]  __sock_sendmsg+0x21c/0x270
[  880.566431][T15450]  ____sys_sendmsg+0x505/0x830
[  880.566462][T15450]  ? __pfx_____sys_sendmsg+0x10/0x10
[  880.566488][T15450]  ? import_iovec+0x74/0xa0
[  880.566521][T15450]  ___sys_sendmsg+0x21f/0x2a0
[  880.566552][T15450]  ? __pfx____sys_sendmsg+0x10/0x10
[  880.566612][T15450]  ? __fget_files+0x2a/0x420
[  880.566626][T15450]  ? __fget_files+0x3a0/0x420
[  880.566648][T15450]  __x64_sys_sendmsg+0x19b/0x260
[  880.566679][T15450]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  880.566722][T15450]  ? __pfx_ksys_write+0x10/0x10
[  880.566750][T15450]  ? rcu_is_watching+0x15/0xb0
[  880.566771][T15450]  ? do_syscall_64+0xbe/0x3b0
[  880.566791][T15450]  do_syscall_64+0xfa/0x3b0
[  880.566808][T15450]  ? lockdep_hardirqs_on+0x9c/0x150
[  880.566832][T15450]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  880.566855][T15450]  ? clear_bhb_loop+0x60/0xb0
[  880.566881][T15450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  880.566903][T15450] RIP: 0033:0x7f38bef8eba9
[  880.566919][T15450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  880.566933][T15450] RSP: 002b:00007f38bfe64038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  880.566950][T15450] RAX: ffffffffffffffda RBX: 00007f38bf1d5fa0 RCX: 00007f38bef8eba9
[  880.566962][T15450] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003
[  880.566978][T15450] RBP: 00007f38bfe64090 R08: 0000000000000000 R09: 0000000000000000
[  880.566993][T15450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  880.567007][T15450] R13: 00007f38bf1d6038 R14: 00007f38bf1d5fa0 R15: 00007f38bf2ffa28
[  880.567039][T15450]  </TASK>
[  880.575019][ T5990] usb 1-1: USB disconnect, device number 64
[  880.798862][    C1] vkms_vblank_simulate: vblank timer overrun
[  881.324640][T15460] program syz.3.2841 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  881.660310][T15462] vlan2: entered promiscuous mode
[  881.896314][    C1] sd 0:0:1:0: [sda] tag#2951 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  881.906909][    C1] sd 0:0:1:0: [sda] tag#2951 CDB: Write(6) 0a 00 00 00 00 00
[  882.342972][ T5949] usb 2-1: USB disconnect, device number 68
[  882.496011][ T5990] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  882.718798][T15474] program syz.0.2843 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  882.751426][T15475] FAULT_INJECTION: forcing a failure.
[  882.751426][T15475] name failslab, interval 1, probability 0, space 0, times 0
[  882.766048][ T5990] usb 4-1: Using ep0 maxpacket: 16
[  882.802282][ T5990] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  882.818264][ T5990] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  882.840854][ T5990] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  882.855690][ T5990] usb 4-1: config 0 interface 0 has no altsetting 0
[  882.863141][T15475] CPU: 1 UID: 0 PID: 15475 Comm: syz.0.2843 Not tainted syzkaller #0 PREEMPT(full) 
[  882.863173][T15475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  882.863187][T15475] Call Trace:
[  882.863198][T15475]  <TASK>
[  882.863206][T15475]  dump_stack_lvl+0x189/0x250
[  882.863230][T15475]  ? __pfx____ratelimit+0x10/0x10
[  882.863247][T15475]  ? __pfx_dump_stack_lvl+0x10/0x10
[  882.863266][T15475]  ? __pfx__printk+0x10/0x10
[  882.863293][T15475]  ? __pfx___might_resched+0x10/0x10
[  882.863307][T15475]  ? fs_reclaim_acquire+0x7d/0x100
[  882.863326][T15475]  should_fail_ex+0x414/0x560
[  882.863353][T15475]  should_failslab+0xa8/0x100
[  882.863378][T15475]  __kmalloc_noprof+0xcb/0x4f0
[  882.863399][T15475]  ? kfree+0x4d/0x440
[  882.863416][T15475]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  882.863437][T15475]  tomoyo_realpath_from_path+0xe3/0x5d0
[  882.863456][T15475]  ? tomoyo_domain+0xd9/0x130
[  882.863478][T15475]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  882.863501][T15475]  tomoyo_path_number_perm+0x1e8/0x5a0
[  882.863526][T15475]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  882.863562][T15475]  ? __lock_acquire+0xab9/0xd20
[  882.863601][T15475]  ? __fget_files+0x2a/0x420
[  882.863617][T15475]  ? __fget_files+0x2a/0x420
[  882.863630][T15475]  ? __fget_files+0x3a0/0x420
[  882.863642][T15475]  ? __fget_files+0x2a/0x420
[  882.863659][T15475]  security_file_ioctl+0xcb/0x2d0
[  882.863684][T15475]  __se_sys_ioctl+0x47/0x170
[  882.863705][T15475]  do_syscall_64+0xfa/0x3b0
[  882.863722][T15475]  ? lockdep_hardirqs_on+0x9c/0x150
[  882.863737][T15475]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  882.863753][T15475]  ? clear_bhb_loop+0x60/0xb0
[  882.863774][T15475]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  882.863790][T15475] RIP: 0033:0x7fdcd758eba9
[  882.863804][T15475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  882.863818][T15475] RSP: 002b:00007fdcd83ca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  882.863835][T15475] RAX: ffffffffffffffda RBX: 00007fdcd77d6090 RCX: 00007fdcd758eba9
[  882.863847][T15475] RDX: 0000200000000040 RSI: 0000000000002285 RDI: 0000000000000005
[  882.863858][T15475] RBP: 00007fdcd83ca090 R08: 0000000000000000 R09: 0000000000000000
[  882.863868][T15475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  882.863877][T15475] R13: 00007fdcd77d6128 R14: 00007fdcd77d6090 R15: 00007fdcd78ffa28
[  882.863901][T15475]  </TASK>
[  882.863971][T15475] ERROR: Out of memory at tomoyo_realpath_from_path.
[  883.147713][ T5990] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  883.157994][ T5990] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  883.166981][ T5990] usb 4-1: Product: syz
[  883.171453][ T5990] usb 4-1: Manufacturer: syz
[  883.176155][ T5990] usb 4-1: SerialNumber: syz
[  883.187193][ T5990] usb 4-1: config 0 descriptor??
[  883.205922][    C1] sd 0:0:1:0: [sda] tag#2957 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  883.216660][    C1] sd 0:0:1:0: [sda] tag#2957 CDB: Write(6) 0a 00 00 00 00 00
[  883.641901][ T5990] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input27
[  883.710035][ T5219] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  883.737836][T10511] usb 3-1: unable to get BOS descriptor or descriptor too short
[  883.749126][T15478] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  883.769947][T10511] usb 3-1: unable to read config index 0 descriptor/start: -71
[  883.780879][ T5219] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  883.791101][T15478] syzkaller0: entered promiscuous mode
[  883.820051][T10511] usb 3-1: can't read configurations, error -71
[  883.825963][T15478] syzkaller0: entered allmulticast mode
[  883.845242][T15480] netlink: 132 bytes leftover after parsing attributes in process `syz.4.2846'.
[  883.889250][T15468] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  883.937198][T15478] tipc: Resetting bearer <eth:syzkaller0>
[  883.976842][T15483] FAULT_INJECTION: forcing a failure.
[  883.976842][T15483] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  884.011040][T15484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  884.021886][ T5219] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  884.030616][T15484] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  884.032587][T15483] CPU: 0 UID: 0 PID: 15483 Comm: syz.2.2847 Not tainted syzkaller #0 PREEMPT(full) 
[  884.032622][T15483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  884.032639][T15483] Call Trace:
[  884.032649][T15483]  <TASK>
[  884.032660][T15483]  dump_stack_lvl+0x189/0x250
[  884.032698][T15483]  ? __pfx____ratelimit+0x10/0x10
[  884.032725][T15483]  ? __pfx_dump_stack_lvl+0x10/0x10
[  884.032763][T15483]  ? __pfx__printk+0x10/0x10
[  884.032799][T15483]  ? __might_fault+0xb0/0x130
[  884.032847][T15483]  should_fail_ex+0x414/0x560
[  884.032892][T15483]  _copy_from_user+0x2d/0xb0
[  884.032927][T15483]  ___sys_sendmsg+0x158/0x2a0
[  884.032964][T15483]  ? __pfx____sys_sendmsg+0x10/0x10
[  884.033037][T15483]  ? __fget_files+0x2a/0x420
[  884.033059][T15483]  ? __fget_files+0x3a0/0x420
[  884.033093][T15483]  __sys_sendmmsg+0x227/0x430
[  884.033132][T15483]  ? __pfx___sys_sendmmsg+0x10/0x10
[  884.033161][T15483]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  884.033221][T15483]  ? ksys_write+0x22a/0x250
[  884.033258][T15483]  ? __pfx_ksys_write+0x10/0x10
[  884.033288][T15483]  ? rcu_is_watching+0x15/0xb0
[  884.033321][T15483]  __x64_sys_sendmmsg+0xa0/0xc0
[  884.033356][T15483]  do_syscall_64+0xfa/0x3b0
[  884.033383][T15483]  ? lockdep_hardirqs_on+0x9c/0x150
[  884.033407][T15483]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  884.033433][T15483]  ? clear_bhb_loop+0x60/0xb0
[  884.033462][T15483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  884.033487][T15483] RIP: 0033:0x7f53c558eba9
[  884.033508][T15483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  884.033531][T15483] RSP: 002b:00007f53c64f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  884.033558][T15483] RAX: ffffffffffffffda RBX: 00007f53c57d5fa0 RCX: 00007f53c558eba9
[  884.033577][T15483] RDX: 0000000000000003 RSI: 0000200000001140 RDI: 0000000000000003
[  884.033592][T15483] RBP: 00007f53c64f5090 R08: 0000000000000000 R09: 0000000000000000
[  884.033608][T15483] R10: 0000000028048005 R11: 0000000000000246 R12: 0000000000000001
[  884.033626][T15483] R13: 00007f53c57d6038 R14: 00007f53c57d5fa0 R15: 00007f53c58ffa28
[  884.033664][T15483]  </TASK>
[  884.174630][ T5952] usb 4-1: USB disconnect, device number 84
[  884.286713][T15477] tipc: Resetting bearer <eth:syzkaller0>
[  884.477078][T15477] tipc: Disabling bearer <eth:syzkaller0>
[  884.498946][ T5912] synaptics_usb 4-1:0.0: synusb_open - usb_submit_urb failed, error: -19
[  885.485955][T15501] openvswitch: netlink: Key type 1552 is out of range max 32
[  885.568165][T15501] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  885.644298][T15506] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2852'.
[  885.784633][T15508] FAULT_INJECTION: forcing a failure.
[  885.784633][T15508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  885.862561][T15508] CPU: 1 UID: 0 PID: 15508 Comm: syz.1.2854 Not tainted syzkaller #0 PREEMPT(full) 
[  885.862601][T15508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  885.862617][T15508] Call Trace:
[  885.862627][T15508]  <TASK>
[  885.862638][T15508]  dump_stack_lvl+0x189/0x250
[  885.862671][T15508]  ? __pfx____ratelimit+0x10/0x10
[  885.862695][T15508]  ? __pfx_dump_stack_lvl+0x10/0x10
[  885.862723][T15508]  ? __pfx__printk+0x10/0x10
[  885.862754][T15508]  ? __might_fault+0xb0/0x130
[  885.862796][T15508]  should_fail_ex+0x414/0x560
[  885.862836][T15508]  _copy_from_iter+0x1de/0x1790
[  885.862871][T15508]  ? rcu_is_watching+0x15/0xb0
[  885.862895][T15508]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  885.862929][T15508]  ? __pfx__copy_from_iter+0x10/0x10
[  885.862957][T15508]  ? __build_skb_around+0x257/0x3e0
[  885.862987][T15508]  ? netlink_sendmsg+0x642/0xb30
[  885.863009][T15508]  ? skb_put+0x11b/0x210
[  885.863038][T15508]  netlink_sendmsg+0x6b2/0xb30
[  885.863072][T15508]  ? __pfx_netlink_sendmsg+0x10/0x10
[  885.863100][T15508]  ? aa_sock_msg_perm+0xf1/0x1d0
[  885.863125][T15508]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  885.863150][T15508]  ? __pfx_netlink_sendmsg+0x10/0x10
[  885.863176][T15508]  __sock_sendmsg+0x21c/0x270
[  885.863215][T15508]  ____sys_sendmsg+0x505/0x830
[  885.863250][T15508]  ? __pfx_____sys_sendmsg+0x10/0x10
[  885.863289][T15508]  ? import_iovec+0x74/0xa0
[  885.863323][T15508]  ___sys_sendmsg+0x21f/0x2a0
[  885.863355][T15508]  ? __pfx____sys_sendmsg+0x10/0x10
[  885.863423][T15508]  ? __fget_files+0x2a/0x420
[  885.863442][T15508]  ? __fget_files+0x3a0/0x420
[  885.863473][T15508]  __x64_sys_sendmsg+0x19b/0x260
[  885.863505][T15508]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  885.863544][T15508]  ? __pfx_ksys_write+0x10/0x10
[  885.863587][T15508]  ? do_syscall_64+0xbe/0x3b0
[  885.863621][T15508]  do_syscall_64+0xfa/0x3b0
[  885.863645][T15508]  ? lockdep_hardirqs_on+0x9c/0x150
[  885.863667][T15508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.863689][T15508]  ? clear_bhb_loop+0x60/0xb0
[  885.863716][T15508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  885.863738][T15508] RIP: 0033:0x7fe982f8eba9
[  885.863758][T15508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  885.863777][T15508] RSP: 002b:00007fe983dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  885.863801][T15508] RAX: ffffffffffffffda RBX: 00007fe9831d5fa0 RCX: 00007fe982f8eba9
[  885.863817][T15508] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  885.863831][T15508] RBP: 00007fe983dca090 R08: 0000000000000000 R09: 0000000000000000
[  885.863845][T15508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  885.863858][T15508] R13: 00007fe9831d6038 R14: 00007fe9831d5fa0 R15: 00007fe9832ffa28
[  885.863892][T15508]  </TASK>
[  886.141229][    C1] vkms_vblank_simulate: vblank timer overrun
[  886.551985][T15510] FAULT_INJECTION: forcing a failure.
[  886.551985][T15510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  886.575751][T15510] CPU: 1 UID: 0 PID: 15510 Comm: syz.4.2855 Not tainted syzkaller #0 PREEMPT(full) 
[  886.575782][T15510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  886.575794][T15510] Call Trace:
[  886.575803][T15510]  <TASK>
[  886.575812][T15510]  dump_stack_lvl+0x189/0x250
[  886.575844][T15510]  ? __pfx____ratelimit+0x10/0x10
[  886.575867][T15510]  ? __pfx_dump_stack_lvl+0x10/0x10
[  886.575891][T15510]  ? __pfx__printk+0x10/0x10
[  886.575922][T15510]  ? __might_fault+0xb0/0x130
[  886.575965][T15510]  should_fail_ex+0x414/0x560
[  886.576004][T15510]  _copy_from_iter+0x1de/0x1790
[  886.576039][T15510]  ? rcu_is_watching+0x15/0xb0
[  886.576064][T15510]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  886.576097][T15510]  ? __pfx__copy_from_iter+0x10/0x10
[  886.576126][T15510]  ? __build_skb_around+0x257/0x3e0
[  886.576156][T15510]  ? netlink_sendmsg+0x642/0xb30
[  886.576179][T15510]  ? skb_put+0x11b/0x210
[  886.576209][T15510]  netlink_sendmsg+0x6b2/0xb30
[  886.576244][T15510]  ? __pfx_netlink_sendmsg+0x10/0x10
[  886.576272][T15510]  ? aa_sock_msg_perm+0xf1/0x1d0
[  886.576297][T15510]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  886.576322][T15510]  ? __pfx_netlink_sendmsg+0x10/0x10
[  886.576348][T15510]  __sock_sendmsg+0x21c/0x270
[  886.576386][T15510]  ____sys_sendmsg+0x505/0x830
[  886.576421][T15510]  ? __pfx_____sys_sendmsg+0x10/0x10
[  886.576459][T15510]  ? import_iovec+0x74/0xa0
[  886.576489][T15510]  ___sys_sendmsg+0x21f/0x2a0
[  886.576525][T15510]  ? __pfx____sys_sendmsg+0x10/0x10
[  886.576591][T15510]  ? __fget_files+0x2a/0x420
[  886.576610][T15510]  ? __fget_files+0x3a0/0x420
[  886.576641][T15510]  __x64_sys_sendmsg+0x19b/0x260
[  886.576674][T15510]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  886.576714][T15510]  ? __pfx_ksys_write+0x10/0x10
[  886.576749][T15510]  ? rcu_is_watching+0x15/0xb0
[  886.576777][T15510]  ? do_syscall_64+0xbe/0x3b0
[  886.576807][T15510]  do_syscall_64+0xfa/0x3b0
[  886.576830][T15510]  ? lockdep_hardirqs_on+0x9c/0x150
[  886.576853][T15510]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.576876][T15510]  ? clear_bhb_loop+0x60/0xb0
[  886.576903][T15510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.576925][T15510] RIP: 0033:0x7f8f8498eba9
[  886.576946][T15510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  886.576966][T15510] RSP: 002b:00007f8f858d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  886.576990][T15510] RAX: ffffffffffffffda RBX: 00007f8f84bd5fa0 RCX: 00007f8f8498eba9
[  886.577008][T15510] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000005
[  886.577023][T15510] RBP: 00007f8f858d1090 R08: 0000000000000000 R09: 0000000000000000
[  886.577037][T15510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  886.577051][T15510] R13: 00007f8f84bd6038 R14: 00007f8f84bd5fa0 R15: 00007f8f84cffa28
[  886.577086][T15510]  </TASK>
[  886.866940][    C1] vkms_vblank_simulate: vblank timer overrun
[  887.565709][ T5949] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  887.727229][ T5949] usb 5-1: Using ep0 maxpacket: 16
[  887.732999][T15523] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2858'.
[  887.764957][T15519] usb usb8: check_ctrlrecip: process 15519 (syz.4.2857) requesting ep 01 but needs 81
[  887.789860][T15519] usb usb8: usbfs: process 15519 (syz.4.2857) did not claim interface 0 before use
[  888.470199][T15536] FAULT_INJECTION: forcing a failure.
[  888.470199][T15536] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  888.665920][T15536] CPU: 0 UID: 0 PID: 15536 Comm: syz.3.2863 Not tainted syzkaller #0 PREEMPT(full) 
[  888.665944][T15536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  888.665957][T15536] Call Trace:
[  888.665965][T15536]  <TASK>
[  888.665972][T15536]  dump_stack_lvl+0x189/0x250
[  888.665996][T15536]  ? __pfx____ratelimit+0x10/0x10
[  888.666014][T15536]  ? __pfx_dump_stack_lvl+0x10/0x10
[  888.666033][T15536]  ? __pfx__printk+0x10/0x10
[  888.666064][T15536]  should_fail_ex+0x414/0x560
[  888.666093][T15536]  _copy_to_user+0x31/0xb0
[  888.666116][T15536]  simple_read_from_buffer+0xe1/0x170
[  888.666144][T15536]  proc_fail_nth_read+0x1b3/0x220
[  888.666165][T15536]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  888.666185][T15536]  ? rw_verify_area+0x2a6/0x4d0
[  888.666204][T15536]  ? __lock_acquire+0xab9/0xd20
[  888.666226][T15536]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  888.666246][T15536]  vfs_read+0x200/0xa30
[  888.666275][T15536]  ? fdget_pos+0x247/0x320
[  888.666293][T15536]  ? __pfx___mutex_lock+0x10/0x10
[  888.666312][T15536]  ? __pfx_vfs_read+0x10/0x10
[  888.666334][T15536]  ? __fget_files+0x2a/0x420
[  888.666351][T15536]  ? __fget_files+0x3a0/0x420
[  888.666363][T15536]  ? __fget_files+0x2a/0x420
[  888.666384][T15536]  ksys_read+0x145/0x250
[  888.666407][T15536]  ? __pfx_ksys_read+0x10/0x10
[  888.666427][T15536]  ? rcu_is_watching+0x15/0xb0
[  888.666446][T15536]  ? do_syscall_64+0xbe/0x3b0
[  888.666467][T15536]  do_syscall_64+0xfa/0x3b0
[  888.666483][T15536]  ? lockdep_hardirqs_on+0x9c/0x150
[  888.666499][T15536]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.666517][T15536]  ? clear_bhb_loop+0x60/0xb0
[  888.666538][T15536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  888.666554][T15536] RIP: 0033:0x7f38bef8d5bc
[  888.666569][T15536] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  888.666584][T15536] RSP: 002b:00007f38bfe64030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  888.666601][T15536] RAX: ffffffffffffffda RBX: 00007f38bf1d5fa0 RCX: 00007f38bef8d5bc
[  888.666613][T15536] RDX: 000000000000000f RSI: 00007f38bfe640a0 RDI: 0000000000000005
[  888.666624][T15536] RBP: 00007f38bfe64090 R08: 0000000000000000 R09: 0000000000000000
[  888.666634][T15536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  888.666644][T15536] R13: 00007f38bf1d6038 R14: 00007f38bf1d5fa0 R15: 00007f38bf2ffa28
[  888.666668][T15536]  </TASK>
[  889.606120][ T5990] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  889.785930][ T5990] usb 1-1: Using ep0 maxpacket: 8
[  889.793319][ T5990] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  889.812653][ T5990] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  889.837482][ T5990] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6
[  889.864265][ T5990] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10
[  889.895883][ T5990] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024
[  889.927862][ T5990] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  889.967182][ T5990] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.029296][ T5990] hub 1-1:1.0: bad descriptor, ignoring hub
[  890.035275][ T5990] hub 1-1:1.0: probe with driver hub failed with error -5
[  890.126005][ T5949] usb 5-1: unable to get BOS descriptor or descriptor too short
[  890.134132][ T5990] cdc_wdm 1-1:1.0: skipping garbage
[  890.146859][ T5949] usb 5-1: unable to read config index 0 descriptor/start: -71
[  890.154836][ T5949] usb 5-1: can't read configurations, error -71
[  890.195597][ T5990] cdc_wdm 1-1:1.0: skipping garbage
[  890.201420][ T5990] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  890.212591][T15541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  890.253639][T15541] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  890.320209][ T5990] usb 1-1: USB disconnect, device number 65
[  891.730654][T15584] FAULT_INJECTION: forcing a failure.
[  891.730654][T15584] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  891.765944][T15584] CPU: 1 UID: 0 PID: 15584 Comm: syz.0.2878 Not tainted syzkaller #0 PREEMPT(full) 
[  891.765975][T15584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  891.765990][T15584] Call Trace:
[  891.765999][T15584]  <TASK>
[  891.766009][T15584]  dump_stack_lvl+0x189/0x250
[  891.766039][T15584]  ? __pfx____ratelimit+0x10/0x10
[  891.766061][T15584]  ? __pfx_dump_stack_lvl+0x10/0x10
[  891.766086][T15584]  ? __pfx__printk+0x10/0x10
[  891.766115][T15584]  ? __might_fault+0xb0/0x130
[  891.766154][T15584]  should_fail_ex+0x414/0x560
[  891.766189][T15584]  _copy_from_user+0x2d/0xb0
[  891.766218][T15584]  ___sys_recvmsg+0x12e/0x510
[  891.766268][T15584]  ? __pfx____sys_recvmsg+0x10/0x10
[  891.766324][T15584]  ? __might_fault+0xb0/0x130
[  891.766357][T15584]  do_recvmmsg+0x307/0x770
[  891.766392][T15584]  ? __pfx_do_recvmmsg+0x10/0x10
[  891.766430][T15584]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  891.766469][T15584]  __x64_sys_recvmmsg+0x190/0x240
[  891.766501][T15584]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  891.766525][T15584]  ? rcu_is_watching+0x15/0xb0
[  891.766552][T15584]  ? do_syscall_64+0xbe/0x3b0
[  891.766583][T15584]  do_syscall_64+0xfa/0x3b0
[  891.766606][T15584]  ? lockdep_hardirqs_on+0x9c/0x150
[  891.766629][T15584]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.766652][T15584]  ? clear_bhb_loop+0x60/0xb0
[  891.766680][T15584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  891.766702][T15584] RIP: 0033:0x7fdcd758eba9
[  891.766723][T15584] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  891.766744][T15584] RSP: 002b:00007fdcd83eb038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  891.766768][T15584] RAX: ffffffffffffffda RBX: 00007fdcd77d5fa0 RCX: 00007fdcd758eba9
[  891.766785][T15584] RDX: 0400000000000284 RSI: 0000200000000040 RDI: 0000000000000003
[  891.766801][T15584] RBP: 00007fdcd83eb090 R08: 0000000000000000 R09: 0000000000000000
[  891.766815][T15584] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  891.766829][T15584] R13: 00007fdcd77d6038 R14: 00007fdcd77d5fa0 R15: 00007fdcd78ffa28
[  891.766864][T15584]  </TASK>
[  891.987934][    C1] vkms_vblank_simulate: vblank timer overrun
[  892.536057][ T5949] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  892.706751][ T5949] usb 1-1: Using ep0 maxpacket: 16
[  892.717791][ T5949] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  892.817295][ T5949] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  892.849486][ T5949] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  892.875610][ T5949] usb 1-1: Product: syz
[  892.881963][ T5949] usb 1-1: Manufacturer: syz
[  892.901311][ T5949] usb 1-1: SerialNumber: syz
[  892.924420][ T5949] usb 1-1: config 0 descriptor??
[  893.232650][T15597] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2880'.
[  893.598786][   T43] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  894.185689][   T43] usb 3-1: Using ep0 maxpacket: 16
[  894.524732][T15606] usb usb8: check_ctrlrecip: process 15606 (syz.2.2883) requesting ep 01 but needs 81
[  894.535882][T15606] usb usb8: usbfs: process 15606 (syz.2.2883) did not claim interface 0 before use
[  895.935758][    C0] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured!
[  896.578533][ T5870] usb 1-1: USB disconnect, device number 66
[  897.027494][T15640] FAULT_INJECTION: forcing a failure.
[  897.027494][T15640] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  897.115934][T15640] CPU: 1 UID: 0 PID: 15640 Comm: syz.4.2892 Not tainted syzkaller #0 PREEMPT(full) 
[  897.115967][T15640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  897.115985][T15640] Call Trace:
[  897.115995][T15640]  <TASK>
[  897.116005][T15640]  dump_stack_lvl+0x189/0x250
[  897.116039][T15640]  ? __pfx____ratelimit+0x10/0x10
[  897.116063][T15640]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.116091][T15640]  ? __pfx__printk+0x10/0x10
[  897.116123][T15640]  ? __might_fault+0xb0/0x130
[  897.116166][T15640]  should_fail_ex+0x414/0x560
[  897.116206][T15640]  _copy_from_iter+0x1de/0x1790
[  897.116241][T15640]  ? rcu_is_watching+0x15/0xb0
[  897.116266][T15640]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  897.116300][T15640]  ? __pfx__copy_from_iter+0x10/0x10
[  897.116328][T15640]  ? __build_skb_around+0x257/0x3e0
[  897.116358][T15640]  ? netlink_sendmsg+0x642/0xb30
[  897.116381][T15640]  ? skb_put+0x11b/0x210
[  897.116410][T15640]  netlink_sendmsg+0x6b2/0xb30
[  897.116446][T15640]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.116475][T15640]  ? aa_sock_msg_perm+0xf1/0x1d0
[  897.116500][T15640]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  897.116525][T15640]  ? __pfx_netlink_sendmsg+0x10/0x10
[  897.116551][T15640]  __sock_sendmsg+0x21c/0x270
[  897.116590][T15640]  ____sys_sendmsg+0x505/0x830
[  897.116626][T15640]  ? __pfx_____sys_sendmsg+0x10/0x10
[  897.116664][T15640]  ? import_iovec+0x74/0xa0
[  897.116698][T15640]  ___sys_sendmsg+0x21f/0x2a0
[  897.116729][T15640]  ? __pfx____sys_sendmsg+0x10/0x10
[  897.116797][T15640]  ? __fget_files+0x2a/0x420
[  897.116816][T15640]  ? __fget_files+0x3a0/0x420
[  897.116857][T15640]  __x64_sys_sendmsg+0x19b/0x260
[  897.116889][T15640]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  897.116929][T15640]  ? __pfx_ksys_write+0x10/0x10
[  897.116958][T15640]  ? rcu_is_watching+0x15/0xb0
[  897.116986][T15640]  ? do_syscall_64+0xbe/0x3b0
[  897.117015][T15640]  do_syscall_64+0xfa/0x3b0
[  897.117039][T15640]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.117061][T15640]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.117083][T15640]  ? clear_bhb_loop+0x60/0xb0
[  897.117111][T15640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.117133][T15640] RIP: 0033:0x7f8f8498eba9
[  897.117153][T15640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  897.117173][T15640] RSP: 002b:00007f8f858d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  897.117198][T15640] RAX: ffffffffffffffda RBX: 00007f8f84bd5fa0 RCX: 00007f8f8498eba9
[  897.117216][T15640] RDX: 0000000020000822 RSI: 0000200000000300 RDI: 0000000000000003
[  897.117231][T15640] RBP: 00007f8f858d1090 R08: 0000000000000000 R09: 0000000000000000
[  897.117246][T15640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  897.117260][T15640] R13: 00007f8f84bd6038 R14: 00007f8f84bd5fa0 R15: 00007f8f84cffa28
[  897.117294][T15640]  </TASK>
[  897.506244][   T43] usb 3-1: unable to get BOS descriptor or descriptor too short
[  897.514896][   T43] usb 3-1: unable to read config index 0 descriptor/start: -71
[  897.522615][   T43] usb 3-1: can't read configurations, error -71
[  897.845672][T15646] FAULT_INJECTION: forcing a failure.
[  897.845672][T15646] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  897.925744][T15646] CPU: 0 UID: 0 PID: 15646 Comm: syz.2.2894 Not tainted syzkaller #0 PREEMPT(full) 
[  897.925776][T15646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  897.925791][T15646] Call Trace:
[  897.925799][T15646]  <TASK>
[  897.925809][T15646]  dump_stack_lvl+0x189/0x250
[  897.925842][T15646]  ? __pfx____ratelimit+0x10/0x10
[  897.925866][T15646]  ? __pfx_dump_stack_lvl+0x10/0x10
[  897.925893][T15646]  ? __pfx__printk+0x10/0x10
[  897.925938][T15646]  should_fail_ex+0x414/0x560
[  897.925978][T15646]  _copy_to_user+0x31/0xb0
[  897.926010][T15646]  simple_read_from_buffer+0xe1/0x170
[  897.926049][T15646]  proc_fail_nth_read+0x1b3/0x220
[  897.926078][T15646]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  897.926106][T15646]  ? rw_verify_area+0x2a6/0x4d0
[  897.926132][T15646]  ? __lock_acquire+0xab9/0xd20
[  897.926163][T15646]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  897.926189][T15646]  vfs_read+0x200/0xa30
[  897.926217][T15646]  ? fdget_pos+0x247/0x320
[  897.926240][T15646]  ? __pfx___mutex_lock+0x10/0x10
[  897.926266][T15646]  ? __pfx_vfs_read+0x10/0x10
[  897.926296][T15646]  ? __fget_files+0x2a/0x420
[  897.926318][T15646]  ? __fget_files+0x3a0/0x420
[  897.926336][T15646]  ? __fget_files+0x2a/0x420
[  897.926364][T15646]  ksys_read+0x145/0x250
[  897.926395][T15646]  ? __pfx_ksys_read+0x10/0x10
[  897.926422][T15646]  ? rcu_is_watching+0x15/0xb0
[  897.926451][T15646]  ? do_syscall_64+0xbe/0x3b0
[  897.926479][T15646]  do_syscall_64+0xfa/0x3b0
[  897.926502][T15646]  ? lockdep_hardirqs_on+0x9c/0x150
[  897.926597][T15646]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.926630][T15646]  ? clear_bhb_loop+0x60/0xb0
[  897.926656][T15646]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  897.926678][T15646] RIP: 0033:0x7f53c558d5bc
[  897.926697][T15646] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  897.926716][T15646] RSP: 002b:00007f53c64f5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  897.926738][T15646] RAX: ffffffffffffffda RBX: 00007f53c57d5fa0 RCX: 00007f53c558d5bc
[  897.926756][T15646] RDX: 000000000000000f RSI: 00007f53c64f50a0 RDI: 0000000000000004
[  897.926775][T15646] RBP: 00007f53c64f5090 R08: 0000000000000000 R09: 0000000000000000
[  897.926789][T15646] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  897.926803][T15646] R13: 00007f53c57d6038 R14: 00007f53c57d5fa0 R15: 00007f53c58ffa28
[  897.926839][T15646]  </TASK>
[  899.198822][ T5990] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  899.482614][ T5990] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  899.494073][ T5990] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 12335, setting to 1024
[  899.515667][ T5990] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  899.545698][ T5990] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  899.576155][ T5990] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  899.619830][T15661] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  899.641438][ T5990] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  899.709664][ T5957] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  899.895625][ T5957] usb 3-1: Using ep0 maxpacket: 16
[  899.924463][ T5957] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  899.961502][ T5957] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  899.971278][ T5957] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  899.983504][ T5957] usb 3-1: Product: syz
[  899.988039][ T5957] usb 3-1: Manufacturer: syz
[  899.992775][ T5957] usb 3-1: SerialNumber: syz
[  900.055484][ T5957] usb 3-1: config 0 descriptor??
[  900.293448][T15670] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2901'.
[  901.016800][ T5867] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  901.034265][ T5867] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  901.055084][ T5867] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  901.073170][ T5867] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  901.085581][ T5867] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  901.167644][ T5878] syz_tun (unregistering): left allmulticast mode
[  901.204466][T15681] FAULT_INJECTION: forcing a failure.
[  901.204466][T15681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  901.263425][T15681] CPU: 0 UID: 0 PID: 15681 Comm: syz.1.2904 Not tainted syzkaller #0 PREEMPT(full) 
[  901.263460][T15681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  901.263475][T15681] Call Trace:
[  901.263484][T15681]  <TASK>
[  901.263495][T15681]  dump_stack_lvl+0x189/0x250
[  901.263528][T15681]  ? __pfx____ratelimit+0x10/0x10
[  901.263552][T15681]  ? __pfx_dump_stack_lvl+0x10/0x10
[  901.263578][T15681]  ? __pfx__printk+0x10/0x10
[  901.263608][T15681]  ? __might_fault+0xb0/0x130
[  901.263652][T15681]  should_fail_ex+0x414/0x560
[  901.263692][T15681]  _copy_from_iter+0x1de/0x1790
[  901.263727][T15681]  ? rcu_is_watching+0x15/0xb0
[  901.263751][T15681]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  901.263785][T15681]  ? __pfx__copy_from_iter+0x10/0x10
[  901.263813][T15681]  ? __build_skb_around+0x257/0x3e0
[  901.263843][T15681]  ? netlink_sendmsg+0x642/0xb30
[  901.263865][T15681]  ? skb_put+0x11b/0x210
[  901.263895][T15681]  netlink_sendmsg+0x6b2/0xb30
[  901.263929][T15681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  901.263959][T15681]  ? aa_sock_msg_perm+0xf1/0x1d0
[  901.263985][T15681]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  901.264009][T15681]  ? __pfx_netlink_sendmsg+0x10/0x10
[  901.264035][T15681]  __sock_sendmsg+0x21c/0x270
[  901.264074][T15681]  ____sys_sendmsg+0x505/0x830
[  901.264110][T15681]  ? __pfx_____sys_sendmsg+0x10/0x10
[  901.264148][T15681]  ? import_iovec+0x74/0xa0
[  901.264182][T15681]  ___sys_sendmsg+0x21f/0x2a0
[  901.264221][T15681]  ? __pfx____sys_sendmsg+0x10/0x10
[  901.264289][T15681]  ? __fget_files+0x2a/0x420
[  901.264309][T15681]  ? __fget_files+0x3a0/0x420
[  901.264346][T15681]  __x64_sys_sendmsg+0x19b/0x260
[  901.264378][T15681]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  901.264419][T15681]  ? __pfx_ksys_write+0x10/0x10
[  901.264447][T15681]  ? rcu_is_watching+0x15/0xb0
[  901.264475][T15681]  ? do_syscall_64+0xbe/0x3b0
[  901.264505][T15681]  do_syscall_64+0xfa/0x3b0
[  901.264529][T15681]  ? lockdep_hardirqs_on+0x9c/0x150
[  901.264553][T15681]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.264576][T15681]  ? clear_bhb_loop+0x60/0xb0
[  901.264603][T15681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  901.264626][T15681] RIP: 0033:0x7fe982f8eba9
[  901.264647][T15681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  901.264667][T15681] RSP: 002b:00007fe983dca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  901.264691][T15681] RAX: ffffffffffffffda RBX: 00007fe9831d5fa0 RCX: 00007fe982f8eba9
[  901.264709][T15681] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000004
[  901.264724][T15681] RBP: 00007fe983dca090 R08: 0000000000000000 R09: 0000000000000000
[  901.264739][T15681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  901.264752][T15681] R13: 00007fe9831d6038 R14: 00007fe9831d5fa0 R15: 00007fe9832ffa28
[  901.264787][T15681]  </TASK>
[  901.546207][    C0] vkms_vblank_simulate: vblank timer overrun
[  901.996729][ T5990] usb 4-1: USB disconnect, device number 85
[  902.020984][ T8520] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.237091][ T8520] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.365687][ T5949] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  902.483651][ T8520] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.557709][ T5949] usb 1-1: Using ep0 maxpacket: 16
[  902.588697][T15687] usb usb8: check_ctrlrecip: process 15687 (syz.0.2905) requesting ep 01 but needs 81
[  902.599247][T15687] usb usb8: usbfs: process 15687 (syz.0.2905) did not claim interface 0 before use
[  902.665979][ T5990] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  902.698359][ T8520] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  902.751975][T15682] chnl_net:caif_netlink_parms(): no params data found
[  902.825763][ T5990] usb 4-1: device descriptor read/64, error -71
[  902.833133][ T5870] usb 3-1: USB disconnect, device number 68
[  903.095649][ T5990] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  903.135889][ T5866] Bluetooth: hci4: command tx timeout
[  903.289658][ T5990] usb 4-1: device descriptor read/64, error -71
[  903.609281][ T5990] usb usb4-port1: attempt power cycle
[  904.016244][ T5990] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  904.058497][T15682] bridge0: port 1(bridge_slave_0) entered blocking state
[  904.068228][ T5990] usb 4-1: device descriptor read/8, error -71
[  904.086111][T15682] bridge0: port 1(bridge_slave_0) entered disabled state
[  904.134880][T15682] bridge_slave_0: entered allmulticast mode
[  904.175437][T15682] bridge_slave_0: entered promiscuous mode
[  904.243714][T15682] bridge0: port 2(bridge_slave_1) entered blocking state
[  904.259391][T15682] bridge0: port 2(bridge_slave_1) entered disabled state
[  904.276153][T15682] bridge_slave_1: entered allmulticast mode
[  904.302628][T15682] bridge_slave_1: entered promiscuous mode
[  904.345782][ T5990] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  904.736850][ T5990] usb 4-1: device descriptor read/8, error -71
[  904.783566][ T8520] bridge_slave_1: left allmulticast mode
[  904.804163][ T8520] bridge_slave_1: left promiscuous mode
[  904.836960][ T8520] bridge0: port 2(bridge_slave_1) entered disabled state
[  904.856291][ T5990] usb usb4-port1: unable to enumerate USB device
[  904.979565][ T8520] bridge_slave_0: left allmulticast mode
[  904.985362][ T8520] bridge_slave_0: left promiscuous mode
[  905.034189][ T8520] bridge0: port 1(bridge_slave_0) entered disabled state
[  905.215779][ T5866] Bluetooth: hci4: command tx timeout
[  905.774403][ T5949] usb 1-1: unable to get BOS descriptor or descriptor too short
[  905.823120][ T5949] usb 1-1: unable to read config index 0 descriptor/start: -71
[  905.843792][ T5949] usb 1-1: can't read configurations, error -71
[  906.231673][T15727] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  906.246936][T15727] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2910'.
[  906.305199][T15731] loop3: detected capacity change from 0 to 5
[  906.315502][T15731] Dev loop3: unable to read RDB block 5
[  906.322314][T15731]  loop3: unable to read partition table
[  906.350426][T15730] libceph: resolve '4' (ret=-3): failed
[  906.378256][T15731] loop3: partition table beyond EOD, truncated
[  906.406017][T15731] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  906.437933][T15730] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  906.865775][ T5957] usb 2-1: new low-speed USB device number 69 using dummy_hcd
[  906.938813][ T8520] dvmrp8 (unregistering): left allmulticast mode
[  906.973012][ T8520] bond2 (unregistering): (slave geneve3): Releasing active interface
[  907.029734][ T8520] team0: Port device geneve0 removed
[  907.057004][ T5957] usb 2-1: Invalid ep0 maxpacket: 64
[  907.186032][ T5957] usb 2-1: new low-speed USB device number 70 using dummy_hcd
[  907.295756][ T5866] Bluetooth: hci4: command tx timeout
[  907.352445][ T5957] usb 2-1: Invalid ep0 maxpacket: 64
[  907.358518][ T5957] usb usb2-port1: attempt power cycle
[  907.718415][ T5957] usb 2-1: new low-speed USB device number 71 using dummy_hcd
[  907.759266][ T5957] usb 2-1: Invalid ep0 maxpacket: 64
[  907.830987][ T8520] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  907.843342][ T8520] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  907.855092][ T8520] bond0 (unregistering): Released all slaves
[  907.895836][ T5957] usb 2-1: new low-speed USB device number 72 using dummy_hcd
[  907.941088][ T5957] usb 2-1: Invalid ep0 maxpacket: 64
[  907.947384][ T5957] usb usb2-port1: unable to enumerate USB device
[  908.064840][ T8520] bond1 (unregistering): Released all slaves
[  908.265893][ T8520] bond2 (unregistering): Released all slaves
[  908.285408][ T8520] bond3 (unregistering): Released all slaves
[  908.331708][T15682] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  908.355717][T15682] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  908.670433][T15682] team0: Port device team_slave_0 added
[  908.717439][T15682] team0: Port device team_slave_1 added
[  908.829841][T15682] batman_adv: batadv0: Adding interface: batadv_slave_0
[  908.838189][T15682] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  908.887462][T15682] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  908.994223][T15682] batman_adv: batadv0: Adding interface: batadv_slave_1
[  909.001632][T15682] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  909.052668][T15751] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2914'.
[  909.071319][T15682] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  909.378783][ T5866] Bluetooth: hci4: command tx timeout
[  909.496078][ T5957] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  909.668211][ T5957] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  909.794235][ T5957] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  909.913083][T15682] hsr_slave_0: entered promiscuous mode
[  909.981565][ T5957] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  910.001710][T15682] hsr_slave_1: entered promiscuous mode
[  910.037213][T15682] debugfs: 'hsr0' already exists in 'hsr'
[  910.060187][ T5957] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  910.077209][T15682] Cannot create hsr debugfs directory
[  910.086190][ T5957] usb 1-1: SerialNumber: syz
[  910.579463][ T8520] tipc: Left network mode
[  911.345806][ T5870] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  911.625693][ T5870] usb 2-1: Using ep0 maxpacket: 16
[  911.954242][T15782] usb usb8: check_ctrlrecip: process 15782 (syz.1.2920) requesting ep 01 but needs 81
[  912.016417][T15782] usb usb8: usbfs: process 15782 (syz.1.2920) did not claim interface 0 before use
[  912.681624][ T5957] usb 1-1: 0:2 : does not exist
[  912.784349][ T5957] usb 1-1: USB disconnect, device number 69
[  912.909761][ T8198] udevd[8198]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  913.152976][ T8520] hsr_slave_0: left promiscuous mode
[  913.208083][ T8520] hsr_slave_1: left promiscuous mode
[  913.693429][ T8520] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  913.757813][ T8520] batman_adv: batadv0: Removing interface: batadv_slave_0
[  913.817819][ T8520] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  913.865058][ T8520] batman_adv: batadv0: Removing interface: batadv_slave_1
[  914.176291][ T8520] veth1_macvtap: left promiscuous mode
[  914.182919][ T8520] veth0_macvtap: left promiscuous mode
[  914.226894][ T8520] veth1_vlan: left promiscuous mode
[  914.268992][ T8520] veth0_vlan: left promiscuous mode
[  914.889663][ T5870] usb 2-1: unable to get BOS descriptor or descriptor too short
[  914.919631][ T5870] usb 2-1: unable to read config index 0 descriptor/start: -71
[  914.944094][ T5870] usb 2-1: can't read configurations, error -71
[  914.959334][ T8520] pim6reg (unregistering): left allmulticast mode
[  915.187988][T15807] FAULT_INJECTION: forcing a failure.
[  915.187988][T15807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  915.257019][T15807] CPU: 0 UID: 0 PID: 15807 Comm: syz.2.2926 Not tainted syzkaller #0 PREEMPT(full) 
[  915.257058][T15807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  915.257073][T15807] Call Trace:
[  915.257084][T15807]  <TASK>
[  915.257095][T15807]  dump_stack_lvl+0x189/0x250
[  915.257129][T15807]  ? __pfx____ratelimit+0x10/0x10
[  915.257153][T15807]  ? __pfx_dump_stack_lvl+0x10/0x10
[  915.257180][T15807]  ? __pfx__printk+0x10/0x10
[  915.257212][T15807]  ? __might_fault+0xb0/0x130
[  915.257257][T15807]  should_fail_ex+0x414/0x560
[  915.257297][T15807]  _copy_from_iter+0x1de/0x1790
[  915.257332][T15807]  ? rcu_is_watching+0x15/0xb0
[  915.257356][T15807]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  915.257389][T15807]  ? __pfx__copy_from_iter+0x10/0x10
[  915.257417][T15807]  ? __build_skb_around+0x257/0x3e0
[  915.257447][T15807]  ? netlink_sendmsg+0x642/0xb30
[  915.257470][T15807]  ? skb_put+0x11b/0x210
[  915.257499][T15807]  netlink_sendmsg+0x6b2/0xb30
[  915.257534][T15807]  ? __pfx_netlink_sendmsg+0x10/0x10
[  915.257563][T15807]  ? aa_sock_msg_perm+0xf1/0x1d0
[  915.257587][T15807]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  915.257612][T15807]  ? __pfx_netlink_sendmsg+0x10/0x10
[  915.257637][T15807]  __sock_sendmsg+0x21c/0x270
[  915.257675][T15807]  ____sys_sendmsg+0x505/0x830
[  915.257709][T15807]  ? __pfx_____sys_sendmsg+0x10/0x10
[  915.257748][T15807]  ? import_iovec+0x74/0xa0
[  915.257780][T15807]  ___sys_sendmsg+0x21f/0x2a0
[  915.257811][T15807]  ? __pfx____sys_sendmsg+0x10/0x10
[  915.257880][T15807]  ? __fget_files+0x2a/0x420
[  915.257910][T15807]  ? __fget_files+0x3a0/0x420
[  915.257941][T15807]  __x64_sys_sendmsg+0x19b/0x260
[  915.257973][T15807]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  915.258013][T15807]  ? __pfx_ksys_write+0x10/0x10
[  915.258041][T15807]  ? rcu_is_watching+0x15/0xb0
[  915.258069][T15807]  ? do_syscall_64+0xbe/0x3b0
[  915.258098][T15807]  do_syscall_64+0xfa/0x3b0
[  915.258121][T15807]  ? lockdep_hardirqs_on+0x9c/0x150
[  915.258143][T15807]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.258165][T15807]  ? clear_bhb_loop+0x60/0xb0
[  915.258193][T15807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  915.258215][T15807] RIP: 0033:0x7f53c558eba9
[  915.258235][T15807] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  915.258255][T15807] RSP: 002b:00007f53c64f5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  915.258279][T15807] RAX: ffffffffffffffda RBX: 00007f53c57d5fa0 RCX: 00007f53c558eba9
[  915.258296][T15807] RDX: 000000002400c890 RSI: 00002000000004c0 RDI: 0000000000000003
[  915.258311][T15807] RBP: 00007f53c64f5090 R08: 0000000000000000 R09: 0000000000000000
[  915.258325][T15807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  915.258339][T15807] R13: 00007f53c57d6038 R14: 00007f53c57d5fa0 R15: 00007f53c58ffa28
[  915.258373][T15807]  </TASK>
[  915.870402][T15814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2927'.
[  916.260818][ T8520] team0 (unregistering): Port device team_slave_1 removed
[  916.325256][ T8520] team0 (unregistering): Port device team_slave_0 removed
[  917.541079][T15826] syzkaller0: entered promiscuous mode
[  917.574230][T15826] syzkaller0: entered allmulticast mode
[  917.647220][ T5870] usb 4-1: new high-speed USB device number 90 using dummy_hcd
[  917.855302][ T5870] usb 4-1: Using ep0 maxpacket: 32
[  917.877603][ T5870] usb 4-1: config 16 contains an unexpected descriptor of type 0x1, skipping
[  917.905625][ T5870] usb 4-1: config 16 has an invalid interface number: 174 but max is 2
[  917.937478][ T5870] usb 4-1: config 16 has an invalid interface number: 202 but max is 2
[  917.946312][ T5870] usb 4-1: config 16 has an invalid interface number: 192 but max is 2
[  917.981083][ T5870] usb 4-1: config 16 has 4 interfaces, different from the descriptor's value: 3
[  918.014157][ T5870] usb 4-1: config 16 has no interface number 0
[  918.029030][ T5870] usb 4-1: config 16 has no interface number 1
[  918.066805][ T5870] usb 4-1: config 16 has no interface number 3
[  918.073152][ T5870] usb 4-1: config 16 interface 2 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1023
[  918.120425][ T5870] usb 4-1: config 16 interface 2 altsetting 0 endpoint 0xD has invalid maxpacket 1600, setting to 64
[  918.128296][T15682] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  918.147199][ T8520] ------------[ cut here ]------------
[  918.152789][ T8520] WARNING: CPU: 1 PID: 8520 at net/xfrm/xfrm_state.c:3303 xfrm_state_fini+0x26d/0x2f0
[  918.155606][ T5870] usb 4-1: config 16 interface 2 altsetting 0 endpoint 0x6 has an invalid bInterval 250, changing to 7
[  918.162509][ T8520] Modules linked in:
[  918.178508][ T8520] CPU: 1 UID: 0 PID: 8520 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(full) 
[  918.188221][ T8520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  918.198764][ T8520] Workqueue: netns cleanup_net
[  918.203585][ T8520] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[  918.209765][ T8520] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3b 77 00 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b9 31 e1 f7 e8 84 04 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 76 04 9d f7 90 0f 0b 90 e9 60 fe ff ff
[  918.217681][ T5870] usb 4-1: config 16 interface 2 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  918.229942][ T8520] RSP: 0018:ffffc9001b727898 EFLAGS: 00010293
[  918.230105][ T8520] RAX: ffffffff8a22ba7c RBX: ffff888032eaa440 RCX: ffff88802b4bda00
[  918.230126][ T8520] RDX: 0000000000000000 RSI: ffffffff8dba91be RDI: ffff88802b4bda00
[  918.230144][ T8520] RBP: ffffc9001b7279b0 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
[  918.230164][ T8520] R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: ffffffff8f632d40
[  918.230183][ T8520] R13: 1ffff920036e4f40 R14: ffff888032eab8c0 R15: dffffc0000000000
[  918.230202][ T8520] FS:  0000000000000000(0000) GS:ffff888125d15000(0000) knlGS:0000000000000000
[  918.289432][ T5870] usb 4-1: config 16 interface 174 altsetting 7 has a duplicate endpoint with address 0xD, skipping
[  918.296654][ T8520] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  918.296687][ T8520] CR2: 00007f778e7035c0 CR3: 000000007bb02000 CR4: 00000000003526f0
[  918.296710][ T8520] Call Trace:
[  918.296728][ T8520]  <TASK>
[  918.296745][ T8520]  xfrm_net_exit+0x2d/0x70
[  918.296775][ T8520]  ops_undo_list+0x49a/0x990
[  918.296811][ T8520]  ? __pfx_ops_undo_list+0x10/0x10
[  918.296839][ T8520]  ? preempt_schedule_thunk+0x16/0x30
[  918.296886][ T8520]  cleanup_net+0x4c5/0x800
[  918.296917][ T8520]  ? __pfx_cleanup_net+0x10/0x10
[  918.296945][ T8520]  ? _raw_spin_unlock_irq+0x23/0x50
[  918.296979][ T8520]  ? process_scheduled_works+0x9ef/0x17b0
[  918.297002][ T8520]  ? process_scheduled_works+0x9ef/0x17b0
[  918.297028][ T8520]  process_scheduled_works+0xae1/0x17b0
[  918.382122][ T8520]  ? __pfx_process_scheduled_works+0x10/0x10
[  918.385915][ T5870] usb 4-1: config 16 interface 202 altsetting 54 endpoint 0xB has an invalid bInterval 0, changing to 7
[  918.388708][ T8520]  worker_thread+0x8a0/0xda0
[  918.404510][ T8520]  kthread+0x70e/0x8a0
[  918.409156][ T8520]  ? __pfx_worker_thread+0x10/0x10
[  918.414327][ T8520]  ? __pfx_kthread+0x10/0x10
[  918.419611][ T8520]  ? _raw_spin_unlock_irq+0x23/0x50
[  918.423191][ T5870] usb 4-1: config 16 interface 202 altsetting 54 endpoint 0x9 has invalid wMaxPacketSize 0
[  918.424911][ T8520]  ? lockdep_hardirqs_on+0x9c/0x150
[  918.440630][ T8520]  ? __pfx_kthread+0x10/0x10
[  918.445294][ T8520]  ret_from_fork+0x436/0x7d0
[  918.450046][ T8520]  ? __pfx_ret_from_fork+0x10/0x10
[  918.453599][ T5870] usb 4-1: config 16 interface 202 altsetting 54 has an invalid descriptor for endpoint zero, skipping
[  918.455211][ T8520]  ? __switch_to_asm+0x39/0x70
[  918.471117][ T8520]  ? __switch_to_asm+0x33/0x70
[  918.475975][ T8520]  ? __pfx_kthread+0x10/0x10
[  918.480622][ T8520]  ret_from_fork_asm+0x1a/0x30
[  918.485481][ T8520]  </TASK>
[  918.488637][ T8520] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  918.496062][ T8520] CPU: 1 UID: 0 PID: 8520 Comm: kworker/u8:12 Not tainted syzkaller #0 PREEMPT(full) 
[  918.505664][ T8520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  918.515773][ T8520] Workqueue: netns cleanup_net
[  918.520605][ T8520] Call Trace:
[  918.523932][ T8520]  <TASK>
[  918.526915][ T8520]  dump_stack_lvl+0x99/0x250
[  918.531568][ T8520]  ? __asan_memcpy+0x40/0x70
[  918.536218][ T8520]  ? __pfx_dump_stack_lvl+0x10/0x10
[  918.541559][ T8520]  ? __pfx__printk+0x10/0x10
[  918.546235][ T8520]  vpanic+0x281/0x750
[  918.550360][ T8520]  ? __pfx__printk+0x10/0x10
[  918.555050][ T8520]  ? __pfx_vpanic+0x10/0x10
[  918.559605][ T8520]  ? is_bpf_text_address+0x292/0x2b0
[  918.564971][ T8520]  panic+0xb9/0xc0
[  918.568748][ T8520]  ? __pfx_panic+0x10/0x10
[  918.573259][ T8520]  __warn+0x31b/0x4b0
[  918.577287][ T8520]  ? xfrm_state_fini+0x26d/0x2f0
[  918.582289][ T8520]  ? xfrm_state_fini+0x26d/0x2f0
[  918.587289][ T8520]  report_bug+0x2be/0x4f0
[  918.591671][ T8520]  ? xfrm_state_fini+0x26d/0x2f0
[  918.596675][ T8520]  ? xfrm_state_fini+0x26d/0x2f0
[  918.601663][ T8520]  ? xfrm_state_fini+0x26f/0x2f0
[  918.606636][ T8520]  handle_bug+0x84/0x160
[  918.610899][ T8520]  exc_invalid_op+0x1a/0x50
[  918.615422][ T8520]  asm_exc_invalid_op+0x1a/0x20
[  918.620281][ T8520] RIP: 0010:xfrm_state_fini+0x26d/0x2f0
[  918.625846][ T8520] Code: c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3b 77 00 f8 48 8b 3b 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b9 31 e1 f7 e8 84 04 9d f7 90 <0f> 0b 90 e9 fd fd ff ff e8 76 04 9d f7 90 0f 0b 90 e9 60 fe ff ff
[  918.645471][ T8520] RSP: 0018:ffffc9001b727898 EFLAGS: 00010293
[  918.651562][ T8520] RAX: ffffffff8a22ba7c RBX: ffff888032eaa440 RCX: ffff88802b4bda00
[  918.659549][ T8520] RDX: 0000000000000000 RSI: ffffffff8dba91be RDI: ffff88802b4bda00
[  918.667547][ T8520] RBP: ffffc9001b7279b0 R08: ffffffff8fa3a637 R09: 1ffffffff1f474c6
[  918.675539][ T8520] R10: dffffc0000000000 R11: fffffbfff1f474c7 R12: ffffffff8f632d40
[  918.683702][ T8520] R13: 1ffff920036e4f40 R14: ffff888032eab8c0 R15: dffffc0000000000
[  918.691712][ T8520]  ? xfrm_state_fini+0x26c/0x2f0
[  918.696818][ T8520]  ? xfrm_state_fini+0x26c/0x2f0
[  918.701863][ T8520]  xfrm_net_exit+0x2d/0x70
[  918.706290][ T8520]  ops_undo_list+0x49a/0x990
[  918.710902][ T8520]  ? __pfx_ops_undo_list+0x10/0x10
[  918.716034][ T8520]  ? preempt_schedule_thunk+0x16/0x30
[  918.721437][ T8520]  cleanup_net+0x4c5/0x800
[  918.725878][ T8520]  ? __pfx_cleanup_net+0x10/0x10
[  918.730834][ T8520]  ? _raw_spin_unlock_irq+0x23/0x50
[  918.736067][ T8520]  ? process_scheduled_works+0x9ef/0x17b0
[  918.741798][ T8520]  ? process_scheduled_works+0x9ef/0x17b0
[  918.747570][ T8520]  process_scheduled_works+0xae1/0x17b0
[  918.753196][ T8520]  ? __pfx_process_scheduled_works+0x10/0x10
[  918.759213][ T8520]  worker_thread+0x8a0/0xda0
[  918.763857][ T8520]  kthread+0x70e/0x8a0
[  918.767972][ T8520]  ? __pfx_worker_thread+0x10/0x10
[  918.773204][ T8520]  ? __pfx_kthread+0x10/0x10
[  918.777931][ T8520]  ? _raw_spin_unlock_irq+0x23/0x50
[  918.783164][ T8520]  ? lockdep_hardirqs_on+0x9c/0x150
[  918.788749][ T8520]  ? __pfx_kthread+0x10/0x10
[  918.793414][ T8520]  ret_from_fork+0x436/0x7d0
[  918.798147][ T8520]  ? __pfx_ret_from_fork+0x10/0x10
[  918.803301][ T8520]  ? __switch_to_asm+0x39/0x70
[  918.808201][ T8520]  ? __switch_to_asm+0x33/0x70
[  918.813028][ T8520]  ? __pfx_kthread+0x10/0x10
[  918.817758][ T8520]  ret_from_fork_asm+0x1a/0x30
[  918.822580][ T8520]  </TASK>
[  918.825979][ T8520] Kernel Offset: disabled
[  918.830321][ T8520] Rebooting in 86400 seconds..