last executing test programs:

11.881653947s ago: executing program 0 (id=885):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000340), 0x0, 0x0, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000003c0), 0x0)
socket(0x1d, 0x2, 0x6)
pipe(&(0x7f00000002c0))
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x800, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="5c000000b4c5c305cd83618c0b262ecc2740f4d641822d5b3bbfa642e5adfd2851633bc0b65d5ca83cfcdf3d175456f0455f751d94376cca0ab2f90418dc9f98a0d0c8bf1018977feb4c203d0039869f3205eb7878e12be9c64e1b4c966cb5a5a9c673352027303a6c7ad8da8cf18864912a78eb8d30786de4a3d9b790c7f033be4aca38f70727d6f487c626abc8f162dd570d8abbc0a05a72732ec8931868a5ea87f3e7f38a6fc50ffa6765c084667d0fddbc4308c74454beae0a001d792bed193404451a6883c7a308a93b92d25ec13fa64a3303678dc2fed60c231371097d74997094d18d5dc7a1aa63bedca1f378f5", @ANYRES16=r5, @ANYBLOB="0100000000000000010017000000480006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca4198908000100ffffff7f"], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008044}, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0200000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="0008000000000000000000000000000000000000f6cd2c753353eeccf02a316f64dedd8fe68725f455b2da93c17168bad82bfdca1dbeeadb810655bccc5fb230516e90073d2ee21d4308e456935201640e49a22a7a93475fa60bc6102b2a696dcd8d36e74bdb6752c560a89030d241cbc585fc554c1ab97d803846296343ded099fe2e4266907b94e320f9cf53cd5499f25d8830f2", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r7 = syz_io_uring_complete(0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r6, &(0x7f0000000000)="327b6167e946d5bb7915f6d6e9bdd18d2f386f5f963aa18e4874c0753cc0ed1991a8867d6a2a8a3d3566ce1be75de527574539d0dba0dd43f5a801ab0c3d7a8fc6977efba2ff6335926ff10b28568cfea8695a60a6ecfb7e01ebb3c0fcebd7846447bc6da116fdf5d944f322f3d5902c1c1671d0de1a80549d2717d26cf9008e6a3cab4fa8b5bada88cd685e6255d84d13bea179b2f0a50bbd7b7a659e8f3ac2331f7932037a2d6a2628a283", &(0x7f0000000180)=@udp6=r7, 0x1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

11.399366753s ago: executing program 3 (id=887):
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902"], 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x2b00, 0x0)
ppoll(&(0x7f0000000140)=[{r0, 0x4000}], 0x1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x20008040)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_io_uring_setup(0x1104, &(0x7f0000000300)={0x0, 0x0, 0x80, 0x0, 0x8000021e}, 0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(0x0, r6, &(0x7f0000000380)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x7, 0x0, 0x0, 0x200, 0x0, 0x1})
io_uring_enter(r5, 0x47fa, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, r6, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r3, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_usb_connect$uac1(0x0, 0xb1, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x90)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
fallocate(0xffffffffffffffff, 0x0, 0x3, 0x80000003)
ioctl$VT_DISALLOCATE(r7, 0x5608)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)

10.460458738s ago: executing program 2 (id=892):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x8, 0x10000, 0xf051}, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
close(r7)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xfff2, 0xf}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_EMATCHES={0x18, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x10, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x2008c014)
syz_open_dev$video4linux(&(0x7f0000001140), 0x92e4, 0x0)

9.996797603s ago: executing program 0 (id=893):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r2, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xbbf9)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = syz_io_uring_setup(0x837, 0x0, &(0x7f0000000140)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x41, 0x0, 0x0, 0x9, &(0x7f00000000c0)})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$key(0xf, 0x3, 0x2)
fstat(r8, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r9=>0x0})
sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x20, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x4, 0x19, 0x0, 0x0, @binary}, @typed={0x8, 0x9, 0x0, 0x0, @uid=r9}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
r10 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r4, &(0x7f0000000040)={0x10000000})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000003580)=[{&(0x7f00000034c0)="b3", 0x1}], 0x1}}, {{&(0x7f00000002c0)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}], 0x2, 0x0)
socket$inet(0x2, 0x80001, 0x84)
socket$kcm(0x2, 0xa, 0x2)

7.95872713s ago: executing program 3 (id=897):
syz_open_dev$amidi(0x0, 0x2, 0x181)
openat$vicodec0(0xffffffffffffff9c, 0x0, 0x2, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x82, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x0, 0x800, 0x0, 0xb4a, 0x400, 0x8, 0x0, 0x4}, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000240)={0x6})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x44)
sendmsg$NFT_MSG_GETRULE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0)
syz_open_procfs(0x0, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000a80)=@mangle={'mangle\x00', 0x44, 0x6, 0x3d0, 0xb0, 0x1e0, 0x278, 0x1e0, 0x148, 0x338, 0x338, 0x338, 0x338, 0x338, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1, 0x0, 0x0, 'geneve1\x00', 'veth0_to_team\x00', {}, {}, 0x11, 0x2, 0x41}, 0x0, 0x70, 0xb0}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x11, 0x0, 0xfc}}}, {{@ip={@empty, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xb78e19162b0a7f00, 0xffff00, 'pimreg1\x00', '\x00', {}, {0xff}}, 0x0, 0x70, 0x98}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x8, 0xf}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x1}}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'wg2\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x430)
ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000003380))
r5 = eventfd2(0x1, 0x1)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r5, 0xc0c89425, &(0x7f0000000200)={"6b0023d2ff00", 0x0, 0x0, {0x4, 0x9}, {0x4, 0x8}, 0x8, [0x7, 0x0, 0x1, 0x93, 0x534b, 0x5, 0x2, 0xe, 0x7fff, 0x5, 0x1, 0x6, 0x8000000000040001, 0x0, 0x7ff, 0x9]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000002000008"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x8094)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=ANY=[@ANYBLOB="48010000100013070000000000000000fe880000000000000000000000000001ac1e000100"/62, @ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="ac14140c00000000000000000000000000000000330000002001000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023500000200000000000000000000000c00", @ANYBLOB="000000004c001400736861310000001a00"/48], 0x148}}, 0x0)

7.780036157s ago: executing program 1 (id=898):
r0 = msgget$private(0x0, 0x1c0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, r1, 0x0, 0x0, 0x96}, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0xfffffffffffffffc, 0x8001, 0xdec, 0x7})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x8, 0x3}, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
io_setup(0x8, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
setns(0xffffffffffffffff, 0x8020000)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000cc0)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000001d040000000000007f000000000000005504000001ed0a002500000017ff2000dd40000000000000730a00fe000000001f04000000000000e5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800d9b3a69b37caa964e4b7000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325a904514d8e90131bfc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f49e4dcc1b7af0b51b9cafeda067b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb860600911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b30e55ac1275e938706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff0492df6b53002514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa250bc93b233a2291b5b10eebc49b6882f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753446de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000010000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc8de9bac0006b98a8283eee5665f3aede28228e0468db"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x50, 0x4e, 0x0, 0xfdeffffd}, {0x6, 0x5e, 0x80, 0x8}]})

7.08430927s ago: executing program 0 (id=902):
socket(0x1e, 0x4, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket(0x10, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000980)="180000003e000b05d25a806c8c6f94f90224fc6010000500", 0x18}], 0x1}, 0x0)

6.547204056s ago: executing program 2 (id=903):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b80000001800e9990000000002000000e0000001000000000000000000000000e00000010000000000000000000000004e2400000000000002000010"], 0xb8}}, 0x0)

6.18736851s ago: executing program 3 (id=904):
fsmount(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r0, 0x0)
ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x9361, 0xfffffffffffffffb)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r1, &(0x7f0000000580)='1\x00', 0x2)
write$sysctl(r1, &(0x7f00000000c0)='2\x00', 0x2)

5.906934725s ago: executing program 4 (id=905):
r0 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$sock_int(r0, 0x1, 0x1, 0x0, &(0x7f0000000180))

5.86279792s ago: executing program 2 (id=906):
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000000)=@nullb, 0x0, 0x0)

5.77990472s ago: executing program 0 (id=907):
r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x44880, 0x0)
getsockopt$inet_opts(r1, 0x0, 0x9, &(0x7f0000000880)=""/4096, &(0x7f0000000040)=0x1000)
ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)=ANY=[])

5.779286907s ago: executing program 4 (id=908):
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x2010, 0xffffffffffffffff, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffe0000000002, 0xfa0f, 0xffffffff}, 0x0)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, 0x0, 0x80}}], 0x1, 0x4000004)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.net/syz1\x00', 0x200002, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000000000000001"], 0x14}}, 0x0)
read(r3, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000002c0)=@raw={'raw\x00', 0x8, 0x3, 0x230, 0x0, 0x8, 0xfa04, 0x98, 0x6c02, 0x198, 0x194, 0x194, 0x198, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x8fb2bd54e1114dfe, 'sit0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x6, 0x0, 0x32}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x74020000}}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@rand_addr=0x64010102, @broadcast, 0xffffffff, 0xffffffff, 'geneve1\x00', 'veth1_to_hsr\x00', {0xff}, {}, 0x0, 0x3, 0x8}, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@addrtype={{0x30}, {0x5a5, 0xc20, 0x1, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, 0x1, 0x10, [0x18, 0x2f, 0x22, 0x8, 0x1d, 0x18, 0x15, 0x2e, 0x25, 0xd, 0xe, 0x2, 0x1a, 0x2d, 0x39, 0x3f], 0x0, 0x8a, 0xffffffff}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x290)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x22803)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x1b1c07, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0x80d02, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r5, 0x40a85323, &(0x7f0000000000)={{0x80}, 'port0\x00', 0x0, 0x0, 0xbf000000, 0x0, 0x80000001})
dup3(r5, r6, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r7, {0x2, 0x0, @local}, 0x2, 0x0, 0x0, 0x3}}, 0x26)
socket$nl_generic(0x10, 0x3, 0x10)

5.747276948s ago: executing program 1 (id=909):
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x1d8, 0x128, 0x43, 0xa0, 0x128, 0x98, 0x1d8, 0x178, 0x178, 0x1d8, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffff00, 0xffffffff, 'veth0_vlan\x00', 'bond0\x00', {0xff}, {}, 0x0, 0x2}, 0x12a, 0x70, 0x90, 0x0, {0x20, 0x7a010000}}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x3, 0x1, "7a7d0d9452729a5afa3851200a44a3d28da04828d1768c081f126a6bc527"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x238)

5.6171609s ago: executing program 2 (id=910):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000100)=""/66, 0x42}], 0x1, 0x8, 0xd)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000100)={0x0, 0x34524742, 0x500, 0x3c0, 0x0, @discrete={0x1ff, 0xf}})
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000050, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, 0x0, 0x91)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f00000004c0), 0x208e24b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r5 = mmap$IORING_OFF_SQES(&(0x7f0000a0b000/0x4000)=nil, 0x4000, 0x5, 0x10010, r4, 0x10000000)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
r7 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001a00010028bd70000000800002201000000000070010000008000300", @ANYRES32], 0x34}}, 0xea5bc50b619dd77e)
fsconfig$FSCONFIG_SET_BINARY(r7, 0x6, 0x0, 0x0, 0x0)
r9 = fsmount(r7, 0x0, 0x0)
syz_clone3(&(0x7f0000001000)={0x321a08000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r9}}, 0x58)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r9, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000041424002bbd7000ffdbdf2508000100010000000800010002000000080001000200000008000100010010000800210002000000"], 0x38}, 0x1, 0x0, 0x0, 0x40041}, 0x4004000)
syz_io_uring_submit(0x0, r5, &(0x7f0000000200)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r6}})

5.58508269s ago: executing program 0 (id=911):
r0 = msgget$private(0x0, 0x1c0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, r1, 0x0, 0x0, 0x96}, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0xfffffffffffffffc, 0x8001, 0xdec, 0x7})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8800)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x8, 0x3}, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
io_setup(0x8, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0)
setns(0xffffffffffffffff, 0x8020000)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000cc0)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000001d040000000000007f000000000000005504000001ed0a002500000017ff2000dd40000000000000730a00fe000000001f04000000000000e5000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800d9b3a69b37caa964e4b7000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325a904514d8e90131bfc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f49e4dcc1b7af0b51b9cafeda067b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb860600911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b30e55ac1275e938706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff0492df6b53002514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa250bc93b233a2291b5b10eebc49b6882f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753446de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000010000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc8de9bac0006b98a8283eee5665f3aede28228e0468db"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000000)=0x3)
ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x50, 0x4e, 0x0, 0xfdeffffd}, {0x6, 0x5e, 0x80, 0x8}]})

5.581693123s ago: executing program 3 (id=912):
r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000003c0)=""/54, 0x36)
socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$SEG6(0x0, 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x5, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
r4 = openat$cgroup_ro(r3, &(0x7f00000002c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r3, @ANYBLOB="05", @ANYRES16=r3, @ANYRES16=r4], 0x0)
getdents(r2, 0xfffffffffffffffd, 0x58)
r5 = socket$packet(0x11, 0x3, 0x300)
accept4$unix(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f0000000000)="1800006dfe52b52570b4b7e08100ffff0806", 0x12, 0x84, &(0x7f0000000200)={0x11, 0x2, r6, 0x1, 0x0, 0x6, @remote}, 0x14)

5.470701899s ago: executing program 1 (id=913):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x8, 0x10000, 0xf051}, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000080)})
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x100)
llistxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
close(r7)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x4c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xfff2, 0xf}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x1c, 0x2, [@TCA_FLOW_EMATCHES={0x18, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x10, 0x1, 0x0, 0x0, {{0x8, 0x9, 0x40}, [@TCA_EM_IPT_MATCH_DATA={0x4}]}}]}]}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x2008c014)
syz_open_dev$video4linux(&(0x7f0000001140), 0x92e4, 0x0)

3.638293572s ago: executing program 4 (id=914):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r1 = dup(r0)
fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000040), &(0x7f0000000080), 0x2, 0x1)
write$UHID_INPUT(r1, &(0x7f0000002080)={0x8, {"a2e3ad21ed0d09f91b5f090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f09006e090890e0878f0e1ac6e7049b336c959b6c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074b0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3c2b802181acfc90c41bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e74130d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b12d94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14007693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

3.580294988s ago: executing program 3 (id=915):
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
munlockall()
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000100)={0xf020000, 0x300, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90a, 0x8000, '\x00', @ptr=0x20002000}})
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket(0x10, 0x3, 0x0)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000180), 0xe1781, 0x0)
close_range(r1, r2, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001580)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r5, 0x7af, &(0x7f0000000140)={@local, 0x5})
r7 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e7cc6120c4108a81ad7d0102030109021b00010000c005090423000103000000090585"], 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000240)={0x44, &(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r7, 0x0, 0x0)
write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000001640)=@mangle={'mangle\x00', 0x44, 0x6, 0x408, 0x98, 0x0, 0x0, 0x130, 0x1f0, 0x370, 0x370, 0x370, 0x370, 0x370, 0x6, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'veth1_to_batadv\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11, 0x0, 0x69}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@ttl={{0x28}, {0x2, 0xa}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'dvmrp1\x00', {}, {}, 0x6}, 0x0, 0x70, 0xb8}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x1, 0x3, {0x5}}}}, {{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x18}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x98, 0xc8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x3, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x468)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000100001700000000000000000000000000a14000000030a66ce70440000000000006a00b62b730ffe22519ca75ee75fa80f4db5074f622485dea06e483b1fba0100dd715b8712aa576e5750ef4095ca995b34780191257f4719f6049f9231ec58562620bc1a9a28422a32e6e53cd8e334d08aa0088042fd"], 0x3c}}, 0x8000)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r11 = landlock_create_ruleset(&(0x7f00000000c0)={0x4102}, 0x18, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000500), &(0x7f00000035c0)=""/4096, 0x1000, 0x0)
landlock_restrict_self(r11, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYRES64=r2], 0xac}, 0x1, 0x0, 0x0, 0x4040}, 0x81)
open(&(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x418601, 0xc)
fsetxattr$trusted_overlay_nlink(r10, &(0x7f0000000100), &(0x7f00000002c0)={'U-', 0x52}, 0x16, 0x3)
sendmsg$DEVLINK_CMD_RELOAD(r1, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000880)=ANY=[@ANYBLOB="50010000", @ANYRES16=0x0, @ANYBLOB="00012abd7000fddbdf25250000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008c00030000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008a00", @ANYRES32, @ANYBLOB="0e0001006e657464657673696d0000000f0002006e657464657673696d30000008008b00", @ANYRES32=r4, @ANYBLOB="080001007063690011000200303030303a30303a31302e300000000008008c00040000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008c00040000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008a00", @ANYRES32, @ANYBLOB="0e0001006e657464657673696d0000000f8de6d80002006e657464657673696d30000008ae511facc73f2acca70c1671153c49789ac7864d98ed8dbea06be4acc589f14e70db345fca90f253c0679ecec68c40740f681dde3f9dc20ca864981e3f418b7f66371d74e2ebb8cb53aca208effa9e82f611b0cc785b81e1d54c6e1b90a682b4b1baa1e99f1af3c56c00542643715c6ccb4c5ef445def4b83b88c7295f1c6b9642af1e3bdcc90dd76eab575c56848119490d1c2fad58", @ANYRES32=r10, @ANYBLOB="0e0001006e657464657673696d0000000f0002006e657464657673696d30000008008c0001000000"], 0x150}, 0x1, 0x0, 0x0, 0x24000041}, 0x2c040001)

3.367217244s ago: executing program 1 (id=916):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="60000000020601030000000000000a0000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000000500040000000000050005000a000000140007800500150000000000080012"], 0x60}}, 0x0)

3.297813637s ago: executing program 0 (id=917):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
symlink(0x0, 0x0)
syz_usb_connect(0x0, 0xc06, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_uring_setup(0x1440, &(0x7f0000000280)={0x0, 0xbaeb, 0x400, 0x2, 0x145})
syz_clone(0xc98b0700, 0x0, 0x0, 0x0, 0x0, 0x0)
clock_gettime(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x40808)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
r4 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x624182)
writev(r4, 0x0, 0x0)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
r5 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r7 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000)
ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f0000001280)={r6, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x13, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9603dda1af1ea80000000000000000000000deff00000000000000000000000014a2648f00", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x7fc, 0x1]}})
ioctl$LOOP_CHANGE_FD(r7, 0x4c06, r5)

3.222927972s ago: executing program 4 (id=918):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000980)="180000003e000b05d25a806c8c6f94f90224fc6010000500", 0x18}], 0x1}, 0x0)

3.203885527s ago: executing program 1 (id=919):
r0 = msgget$private(0x0, 0x1c0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
read$FUSE(0xffffffffffffffff, &(0x7f0000000280)={0x2020, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, r1, 0x0, 0x0, 0x96}, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0xfffffffffffffffc, 0x8001, 0xdec, 0x7})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x8, 0x3}, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
ioctl$PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000080)={0x2, &(0x7f00000000c0)=[{0x50, 0x4e, 0x0, 0xfdeffffd}, {0x6, 0x5e, 0x80, 0x8}]})
msgsnd(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="010000b07d000000ce69851b1c566e6f08c568c5bdc0430000"], 0x8, 0x0)

3.021315088s ago: executing program 4 (id=920):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sigaltstack(&(0x7f0000000480)={&(0x7f0000004000)=""/4126, 0x80000001, 0x101e}, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
timer_settime(r4, 0x1, &(0x7f0000000100)={{}, {0x0, 0x989680}}, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xbbf9)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = syz_io_uring_setup(0x837, &(0x7f0000000540)={0x0, 0x2b94, 0x80, 0x7, 0x3cf}, &(0x7f0000000140)=<r7=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, 0x0, 0x0)
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$key(0xf, 0x3, 0x2)
fstat(r9, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r10=>0x0})
sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x20, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x4, 0x19, 0x0, 0x0, @binary}, @typed={0x8, 0x9, 0x0, 0x0, @uid=r10}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
epoll_create1(0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{&(0x7f0000000000)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, &(0x7f0000003580)=[{&(0x7f00000034c0)="b3", 0x1}], 0x1}}, {{&(0x7f00000002c0)={0x2, 0x0, @private=0xa010102}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000100)="a7", 0x1}], 0x1}}], 0x2, 0x0)
r11 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x40241, 0x0)
socket$kcm(0x2, 0xa, 0x2)

2.216259124s ago: executing program 1 (id=921):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xd0, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@dev={0xfe, 0x80, '\x00', 0x16}, 0x4e24, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0x4}, {0x0, 0x3, 0x0, 0xffffffffffffffff}}, [@mark={0xc, 0x15, {0x35075d, 0xfffffff6}}, @sec_ctx={0xc, 0x8, {0x8, 0x8, 0x0, 0xff}}]}, 0xd0}}, 0x4004)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000009e0000000000000000000095"], &(0x7f0000000000)='GPL\x00', 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x24, 0x4, 0x8, 0x801, 0x0, 0x0, {0x1}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x48801}, 0x80)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="020100000e000000fcffffff0400000005000600000000000a00000000000000fc01ff80000000000000000000000000000000000000000005000500000000000a0000002efcb098950a0ec00000000000000000000000aa00000000000000000200130001"], 0x70}}, 0x0)
r6 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT], 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="1201500225e0d008ad0406034ed50102030109021b0001040010037ce85a8001ea0c27f209050d000800040ff9"], 0x0)
syz_usb_ep_write(r6, 0x8d, 0xfb, &(0x7f00000001c0)="d0be166e5e8b26a5e6b39aa93e00d43ec7e813e40b8fcad530f5176b71ef3ac478184911afdd2a979d4c5b7fccca3f0c6871b5032e4727642967374587861ca6bd95847cd7fa48e161817931a074a00f2d99471f511f07fc4bd392b89c581899e2ae79abe551ecce24444d0d91595054bea9bb0ce5ca2985043edb126c403549e7c5d36ceba659a4acb46b1361f31359c9f1c4b02f5edbe98e11edb32d0c08ce4e024fcefdee253f92ee9a9acfc0642ca6543d7ee1bab1")
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
close(r3)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_clone(0x5840400, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r3, 0xc008744c, &(0x7f0000000180))
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='sessionid\x00')
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r11, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x5c, r11, 0x1, 0x0, 0x10000, {}, [@TIPC_NLA_NODE={0x48, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$TIPC_NL_PEER_REMOVE(r8, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0xac, r11, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x13}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xf}]}, @TIPC_NLA_SOCK={0x50, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x81}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x107b}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3566}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8001}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x45}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x4}, 0x0)
bind$alg(r0, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(generic-gcm-aesni)\x00'}, 0x58)

1.005927899s ago: executing program 2 (id=922):
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="8000000003080101000000000000000003000009050003003a0000003c000480080002400000000008000240df05007b08000240000007ff0800024000000033"], 0x80}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRES16, @ANYBLOB="050000000000000000", @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x59a09}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xfffffff8}]}, 0x3c}}, 0x0)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

860.220619ms ago: executing program 4 (id=923):
socket$inet6_udp(0xa, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
listxattr(0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x39c68d03}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mmap(&(0x7f00001c6000/0x3000)=nil, 0x3000, 0x7, 0x4010, 0xffffffffffffffff, 0xffffb000)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, 0x0)
r4 = syz_open_dev$vbi(&(0x7f00000002c0), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x2)
preadv(r4, &(0x7f0000000740)=[{&(0x7f0000000340)=""/162, 0xca80}], 0x1, 0x80000001, 0x3f7a)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, 0x0)
ioctl$TUNSETSNDBUF(r3, 0x400454d4, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYRES16=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x2100, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r5, &(0x7f0000000080)={0xa, 0x4e21, 0x337, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x400}, 0x1c)
ioctl$int_in(r5, 0x5452, &(0x7f0000000180)=0xb)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200)=r6, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000003f0007010000000000000000037c0000180037801300030071722834"], 0x2c}}, 0xc0)
socket(0x2b, 0x80801, 0x1)

26.715052ms ago: executing program 2 (id=924):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x8080)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x40, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0x10}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_LABELS_MASK={0x4}, @CTA_LABELS={0x4}]}, 0x40}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000380)={'vcan0\x00', <r3=>0x0})
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r4, &(0x7f0000000080)={0x1d, r3}, 0x18)
sendmsg$can_j1939(r4, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
bind$can_j1939(r4, &(0x7f0000000200)={0x1d, r3, 0x3, {0x3, 0xf0, 0x4}, 0x1}, 0x18)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newtfilter={0x24, 0x11, 0x101, 0x70bd25, 0x100000, {0x0, 0x0, 0x74, r3, {0xa, 0x8}, {0x5, 0xfff3}, {0xfff1, 0x6}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x40}, 0x200400d4)

0s ago: executing program 3 (id=925):
syz_emit_ethernet(0xc6, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb8, 0x0, 0x0, 0xfb, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0xa400, {0x27, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x7, @loopback, @rand_addr=0x640100fe, {[@cipso={0x86, 0x7f, 0xffffffffffffffff, [{0x7, 0xc, "0800b28c590300000052"}, {0x7, 0x9, "020007651442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x2, 0x12, "cfa11cba1afd7348bd7c506df1000000"}, {0x0, 0x10, "8475be675de6a70a05a0dc91e5c6"}, {0x6, 0xa, "0000000000800000"}, {0x7, 0x12, "73bc23f9ffffffa30900a301c8460000"}, {0x0, 0xf, "c8f46976e79ea788f03d9d3205"}]}, @cipso={0x86, 0x6, 0x20}]}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

[ T7615]  ? __build_skb_around+0x22d/0x3c0
[  224.871316][ T7615]  ? netlink_sendmsg+0x642/0xb30
[  224.871340][ T7615]  ? skb_put+0x11b/0x210
[  224.871368][ T7615]  netlink_sendmsg+0x6b2/0xb30
[  224.871403][ T7615]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.871433][ T7615]  ? aa_sock_msg_perm+0xf1/0x1b0
[  224.871456][ T7615]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  224.871474][ T7615]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.871501][ T7615]  __sock_sendmsg+0x21c/0x270
[  224.871526][ T7615]  ____sys_sendmsg+0x505/0x820
[  224.871566][ T7615]  ? __pfx_____sys_sendmsg+0x10/0x10
[  224.871601][ T7615]  ? import_iovec+0x74/0xa0
[  224.871622][ T7615]  ___sys_sendmsg+0x21f/0x2a0
[  224.871651][ T7615]  ? __pfx____sys_sendmsg+0x10/0x10
[  224.871684][ T7615]  ? rcu_read_lock_any_held+0xb3/0x120
[  224.871730][ T7615]  ? __fget_files+0x2a/0x420
[  224.871749][ T7615]  ? __fget_files+0x3a0/0x420
[  224.871779][ T7615]  __x64_sys_sendmsg+0x19b/0x260
[  224.871808][ T7615]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  224.871844][ T7615]  ? __pfx_ksys_write+0x10/0x10
[  224.871874][ T7615]  ? do_syscall_64+0xbe/0xf80
[  224.871894][ T7615]  do_syscall_64+0xfa/0xf80
[  224.871908][ T7615]  ? lockdep_hardirqs_on+0x98/0x140
[  224.871934][ T7615]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.871951][ T7615]  ? clear_bhb_loop+0x60/0xb0
[  224.871973][ T7615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.871990][ T7615] RIP: 0033:0x7f31f278f749
[  224.872013][ T7615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  224.872029][ T7615] RSP: 002b:00007f31f36a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  224.872050][ T7615] RAX: ffffffffffffffda RBX: 00007f31f29e5fa0 RCX: 00007f31f278f749
[  224.872064][ T7615] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000005
[  224.872076][ T7615] RBP: 00007f31f36a4090 R08: 0000000000000000 R09: 0000000000000000
[  224.872087][ T7615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  224.872099][ T7615] R13: 00007f31f29e6038 R14: 00007f31f29e5fa0 R15: 00007f31f2b0fa28
[  224.872129][ T7615]  </TASK>
[  225.293206][ T7619] CPU: 1 UID: 0 PID: 7619 Comm: syz.2.435 Not tainted syzkaller #0 PREEMPT(full) 
[  225.293235][ T7619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  225.293247][ T7619] Call Trace:
[  225.293255][ T7619]  <TASK>
[  225.293264][ T7619]  dump_stack_lvl+0x189/0x250
[  225.293290][ T7619]  ? __pfx____ratelimit+0x10/0x10
[  225.293320][ T7619]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.293340][ T7619]  ? __pfx__printk+0x10/0x10
[  225.293370][ T7619]  ? __pfx___might_resched+0x10/0x10
[  225.293389][ T7619]  ? fs_reclaim_acquire+0x7d/0x100
[  225.293414][ T7619]  should_fail_ex+0x414/0x560
[  225.293453][ T7619]  should_failslab+0xa8/0x100
[  225.293477][ T7619]  __kmalloc_cache_noprof+0x6f/0x6e0
[  225.293505][ T7619]  ? tomoyo_find_next_domain+0xdc/0x1aa0
[  225.293542][ T7619]  tomoyo_find_next_domain+0xdc/0x1aa0
[  225.293588][ T7619]  ? tomoyo_bprm_check_security+0xf0/0x180
[  225.293614][ T7619]  ? __pfx_tomoyo_find_next_domain+0x10/0x10
[  225.293654][ T7619]  ? tomoyo_bprm_check_security+0xf0/0x180
[  225.293680][ T7619]  tomoyo_bprm_check_security+0x11c/0x180
[  225.293710][ T7619]  security_bprm_check+0x89/0x270
[  225.293734][ T7619]  bprm_execve+0x8ee/0x1440
[  225.293781][ T7619]  ? __pfx_bprm_execve+0x10/0x10
[  225.293810][ T7619]  ? copy_string_kernel+0x25f/0x2a0
[  225.293843][ T7619]  do_execveat_common+0x510/0x6a0
[  225.293884][ T7619]  __x64_sys_execve+0x94/0xb0
[  225.293914][ T7619]  do_syscall_64+0xfa/0xf80
[  225.293930][ T7619]  ? lockdep_hardirqs_on+0x98/0x140
[  225.293957][ T7619]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.293977][ T7619]  ? clear_bhb_loop+0x60/0xb0
[  225.294000][ T7619]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.294018][ T7619] RIP: 0033:0x7fec9e78f749
[  225.294037][ T7619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.294053][ T7619] RSP: 002b:00007fec9f657038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b
[  225.294076][ T7619] RAX: ffffffffffffffda RBX: 00007fec9e9e5fa0 RCX: 00007fec9e78f749
[  225.294089][ T7619] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[  225.294102][ T7619] RBP: 00007fec9f657090 R08: 0000000000000000 R09: 0000000000000000
[  225.294113][ T7619] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  225.294126][ T7619] R13: 00007fec9e9e6038 R14: 00007fec9e9e5fa0 R15: 00007fec9eb0fa28
[  225.294161][ T7619]  </TASK>
[  225.302522][ T7625] loop8: detected capacity change from 0 to 12
[  225.529567][ T6092] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  225.615590][ T7633] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  225.638412][ T7633] netlink: 16 bytes leftover after parsing attributes in process `syz.1.438'.
[  225.732174][ T6517] Dev loop8: unable to read RDB block 12
[  225.742422][ T6517]  loop8: unable to read partition table
[  225.751700][ T6517] loop8: partition table beyond EOD, truncated
[  225.766139][ T7625] Dev loop8: unable to read RDB block 12
[  225.789580][ T6092] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  225.808211][ T7625]  loop8: unable to read partition table
[  225.808198][ T6092] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  225.808240][ T6092] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  225.819591][  T982] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  225.843112][ T6092] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  225.845027][ T7625] loop8: partition table beyond EOD, truncated
[  225.866482][ T6092] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  225.876377][ T6092] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.876396][ T7625] loop_reread_partitions: partition scan of loop8 (þ被xü^>à– �) failed (rc=-5)
[  225.917538][ T6092] usb 1-1: config 0 descriptor??
[  226.009495][  T982] usb 3-1: Using ep0 maxpacket: 8
[  226.022840][  T982] usb 3-1: config index 0 descriptor too short (expected 30, got 18)
[  226.034267][  T982] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  226.046201][  T982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.072502][  T982] usb 3-1: Product: syz
[  226.100926][  T982] usb 3-1: Manufacturer: syz
[  226.110581][  T982] usb 3-1: SerialNumber: syz
[  226.147467][  T982] usb 3-1: config 0 descriptor??
[  226.157436][  T982] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  226.166183][  T982] usb 3-1: setting power ON
[  226.189319][  T982] dvb-usb: bulk message failed: -22 (2/0)
[  226.203588][  T982] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  226.226136][  T982] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  226.256074][  T982] usb 3-1: media controller created
[  226.350467][  T982] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  226.375997][ T6092] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  226.418868][ T7631] dvb-usb: bulk message failed: -22 (3/0)
[  226.470827][ T7631] dvb-usb: bulk message failed: -22 (4/0)
[  226.476641][ T7631] cxusb: i2c read failed
[  226.528161][  T982] usb 3-1: selecting invalid altsetting 6
[  226.538294][  T982] usb 3-1: digital interface selection failed (-22)
[  226.551316][ T7641] dvb-usb: bulk message failed: -22 (3/0)
[  226.567779][  T982] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  226.576695][ T7641] dvb-usb: bulk message failed: -22 (4/0)
[  226.583146][ T7631] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  226.590978][ T7641] cxusb: i2c read failed
[  226.595674][ T7631] batman_adv: batadv0: Removing interface: batadv_slave_0
[  226.603323][  T982] usb 3-1: setting power OFF
[  226.608102][  T982] dvb-usb: bulk message failed: -22 (2/0)
[  226.619739][  T982] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  226.629162][  T982] (NULL device *): no alternate interface
[  226.629575][   T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  226.661586][ T7631] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  226.682327][ T7631] batman_adv: batadv0: Removing interface: batadv_slave_1
[  226.708716][ T7621] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  226.744926][ T7631] bond0: (slave batadv0): Releasing backup interface
[  226.810042][   T24] usb 4-1: Using ep0 maxpacket: 8
[  226.822915][   T24] usb 4-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  226.833655][   T24] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  226.854593][   T24] usb 4-1: Product: syz
[  226.872357][   T24] usb 4-1: Manufacturer: syz
[  226.882693][   T24] usb 4-1: SerialNumber: syz
[  226.904887][   T24] usb 4-1: config 0 descriptor??
[  226.994189][  T982] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  227.019295][  T982] usb 3-1: USB disconnect, device number 25
[  227.154333][ T7643] netlink: 68 bytes leftover after parsing attributes in process `syz.1.442'.
[  227.309656][ T7646] netlink: 830 bytes leftover after parsing attributes in process `syz.4.443'.
[  227.427118][ T7651] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  227.440228][ T7651] syzkaller0: entered promiscuous mode
[  227.446073][ T7651] syzkaller0: entered allmulticast mode
[  227.457495][ T7651] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  227.479162][ T7651] tipc: Resetting bearer <eth:syzkaller0>
[  227.487412][ T7649] tipc: Resetting bearer <eth:syzkaller0>
[  227.502080][ T7649] tipc: Disabling bearer <eth:syzkaller0>
[  227.658914][ T7655] netlink: 112 bytes leftover after parsing attributes in process `syz.1.446'.
[  227.710394][ T6092] usb 1-1: reset high-speed USB device number 18 using dummy_hcd
[  227.885298][ T6092] usb 1-1: device descriptor read/64, error -32
[  228.221000][ T6092] usb 1-1: reset high-speed USB device number 18 using dummy_hcd
[  228.339602][  T982] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  228.369679][ T6092] usb 1-1: device descriptor read/64, error -32
[  228.426084][ T7671] xt_TPROXY: Can be used only with -p tcp or -p udp
[  228.435003][ T7671] netlink: 88 bytes leftover after parsing attributes in process `syz.4.451'.
[  228.524866][  T982] usb 2-1: config 0 has an invalid interface number: 255 but max is 0
[  228.533675][  T982] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255
[  228.546828][  T982] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  228.557815][  T982] usb 2-1: config 0 has no interface number 0
[  228.577537][  T982] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 72, using maximum allowed: 30
[  228.647326][ T6092] usb 1-1: reset high-speed USB device number 18 using dummy_hcd
[  228.681247][ T6092] usb 1-1: device descriptor read/8, error -71
[  228.745128][  T982] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 72
[  228.792717][  T982] usb 2-1: config 0 interface 255 has no altsetting 0
[  228.818876][  T982] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  228.846492][  T982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.890478][  T982] usb 2-1: config 0 descriptor??
[  228.916429][  T982] usb-storage 2-1:0.255: USB Mass Storage device detected
[  228.943840][  T982] usb-storage 2-1:0.255: Quirks match for vid 1908 pid 1315: 20000
[  228.994768][ T7677] netlink: zone id is out of range
[  229.605826][ T5887] usb 1-1: USB disconnect, device number 18
[  229.636607][  T982] usb 2-1: USB disconnect, device number 22
[  230.022298][   T24] usb 4-1: USB disconnect, device number 22
[  230.319260][ T7688] netlink: 16 bytes leftover after parsing attributes in process `syz.2.453'.
[  230.497535][ T6517] udevd[6517]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  231.569717][  T982] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  231.791214][  T982] usb 2-1: Using ep0 maxpacket: 32
[  231.990008][  T982] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  232.012821][  T982] usb 2-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[  232.097238][  T982] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.176966][  T982] usb 2-1: Product: syz
[  232.195076][  T982] usb 2-1: Manufacturer: syz
[  232.226631][  T982] usb 2-1: SerialNumber: syz
[  232.248618][  T982] usb 2-1: config 0 descriptor??
[  232.270972][  T982] gspca_main: sunplus-2.14.0 probing 08ca:2060
[  232.466322][  T982] gspca_sunplus: reg_r err -32
[  232.919565][ T5958] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  233.099916][ T5958] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  233.128419][ T5958] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  233.153050][ T5958] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  233.175675][ T5958] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  233.214176][ T5958] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  233.364178][ T5958] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.380908][ T7731] xt_TPROXY: Can be used only with -p tcp or -p udp
[  233.401870][ T5920] IPVS: starting estimator thread 0...
[  233.418000][ T5958] usb 1-1: config 0 descriptor??
[  233.423593][ T7732] IPVS: nq: SCTP 172.20.20.187:0 - no destination available
[  233.474718][ T7731] netlink: 88 bytes leftover after parsing attributes in process `syz.1.466'.
[  233.509875][ T7733] IPVS: using max 28 ests per chain, 67200 per kthread
[  233.579725][  T982] sunplus 2-1:0.0: probe with driver sunplus failed with error -32
[  233.590499][  T982] usb 2-1: USB disconnect, device number 23
[  233.868068][ T5958] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  234.157367][ T7738] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  234.844012][ T7749] netlink: 'syz.2.469': attribute type 10 has an invalid length.
[  234.966941][ T7750] netlink: 'syz.3.470': attribute type 10 has an invalid length.
[  235.269751][   T24] usb 1-1: reset high-speed USB device number 19 using dummy_hcd
[  235.420362][   T24] usb 1-1: device descriptor read/64, error -32
[  235.826094][   T24] usb 1-1: reset high-speed USB device number 19 using dummy_hcd
[  236.009805][   T24] usb 1-1: device descriptor read/64, error -32
[  236.910980][ T5887] usb 1-1: USB disconnect, device number 19
[  238.194701][ T6420] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  238.381368][ T6420] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  238.389775][ T6420] usb 1-1: config 0 has no interface number 0
[  238.403888][ T6420] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  238.422312][ T7793] xt_TPROXY: Can be used only with -p tcp or -p udp
[  238.431154][ T7793] netlink: 88 bytes leftover after parsing attributes in process `syz.4.482'.
[  238.764545][ T6420] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  238.917209][ T6420] usb 1-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  238.975478][ T6420] usb 1-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  238.999051][ T6420] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.031055][ T6420] usb 1-1: config 0 descriptor??
[  239.214620][ T7805] netlink: 'syz.2.486': attribute type 10 has an invalid length.
[  239.471561][ T6420] input: HID 28bd:0042 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:28BD:0042.000A/input/input18
[  239.612337][ T6420] uclogic 0003:28BD:0042.000A: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.0-1/input1
[  239.653156][ T6420] usb 1-1: USB disconnect, device number 20
[  240.073841][ T7808] fido_id[7808]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  240.367405][ T7821] netlink: 16 bytes leftover after parsing attributes in process `syz.4.490'.
[  241.749782][ T5887] usb 3-1: new low-speed USB device number 26 using dummy_hcd
[  241.904918][ T5887] usb 3-1: config 0 has an invalid interface number: 168 but max is 0
[  241.915313][ T5887] usb 3-1: config 0 has no interface number 0
[  241.929698][ T5887] usb 3-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=dd.b8
[  242.027090][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.179738][ T5887] usb 3-1: config 0 descriptor??
[  242.206592][ T5887] lan78xx 3-1:0.168 (unnamed net_device) (uninitialized): USB bus speed not supported
[  242.271676][ T7855] netlink: 'syz.1.500': attribute type 10 has an invalid length.
[  242.291821][ T5887] lan78xx 3-1:0.168: probe with driver lan78xx failed with error -5
[  242.365114][ T7856] netlink: 'syz.1.500': attribute type 10 has an invalid length.
[  242.415591][ T5887] usb 3-1: USB disconnect, device number 26
[  242.543945][ T7855] team0: Port device netdevsim0 added
[  242.611180][ T7856] team0: Port device netdevsim0 removed
[  242.635641][ T7856] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  242.646291][ T7856] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  242.660439][ T7856] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  242.896146][ T7859] tipc: Enabled bearer <udp:syz0>, priority 10
[  243.316212][ T7868] netlink: 28 bytes leftover after parsing attributes in process `syz.0.505'.
[  243.345575][ T7868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.505'.
[  243.369923][ T7868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.505'.
[  243.426518][ T7868] netlink: 12 bytes leftover after parsing attributes in process `syz.0.505'.
[  243.460656][ T7866] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  243.481515][ T7866] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  243.531019][ T7866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.504'.
[  244.027851][ T7895] netlink: 16 bytes leftover after parsing attributes in process `syz.1.509'.
[  244.039757][ T5958] tipc: Node number set to 4102493392
[  244.299830][ T5958] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  244.610839][ T5958] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  244.676648][ T5958] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  244.851995][ T5958] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  244.892725][ T5958] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  244.906171][ T5958] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  244.983147][ T5958] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  244.994960][ T5958] usb 1-1: config 0 descriptor??
[  245.050128][   T24] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  245.190469][   T24] usb 5-1: device descriptor read/64, error -71
[  245.423879][ T5958] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  245.452537][   T24] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  245.679822][   T24] usb 5-1: device descriptor read/64, error -71
[  245.722813][ T7911] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  245.792579][   T24] usb usb5-port1: attempt power cycle
[  246.199853][   T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  246.253211][   T24] usb 5-1: device descriptor read/8, error -71
[  246.622547][ T7919] netlink: 20 bytes leftover after parsing attributes in process `syz.1.518'.
[  246.699962][   T24] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  246.720677][   T24] usb 5-1: device descriptor read/8, error -71
[  246.749530][ T5958] usb 1-1: reset high-speed USB device number 21 using dummy_hcd
[  246.850997][   T24] usb usb5-port1: unable to enumerate USB device
[  246.949784][ T5958] usb 1-1: device descriptor read/64, error -32
[  247.147248][ T7925] netlink: zone id is out of range
[  247.227280][ T5958] usb 1-1: reset high-speed USB device number 21 using dummy_hcd
[  247.442265][ T5958] usb 1-1: device descriptor read/64, error -32
[  247.624804][ T7933] netlink: 'syz.3.521': attribute type 10 has an invalid length.
[  247.724098][ T7936] openvswitch: netlink: Key 26 has unexpected len 0 expected 16
[  247.782193][ T7937] netlink: 830 bytes leftover after parsing attributes in process `syz.2.522'.
[  248.523188][ T7751] usb 1-1: USB disconnect, device number 21
[  251.295895][ T7974] netlink: 16 bytes leftover after parsing attributes in process `syz.0.531'.
[  251.479731][ T7751] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  251.800196][ T7751] usb 2-1: device descriptor read/64, error -71
[  252.309499][ T7751] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  252.539621][ T7751] usb 2-1: device descriptor read/64, error -71
[  252.678262][ T7751] usb usb2-port1: attempt power cycle
[  253.040279][ T7751] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  253.091804][ T7751] usb 2-1: device descriptor read/8, error -71
[  253.349510][ T7751] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  253.425930][ T7751] usb 2-1: device descriptor read/8, error -71
[  253.573379][ T7751] usb usb2-port1: unable to enumerate USB device
[  253.868394][ T8013] netlink: 16 bytes leftover after parsing attributes in process `syz.4.544'.
[  254.223083][ T8017] netlink: 830 bytes leftover after parsing attributes in process `syz.1.546'.
[  255.446778][ T7751] IPVS: starting estimator thread 0...
[  255.453111][ T8028] IPVS: wlc: FWM 3 0x00000003 - no destination available
[  255.469454][    C0] IPVS: wlc: FWM 3 0x00000003 - no destination available
[  255.549692][ T8029] IPVS: using max 25 ests per chain, 60000 per kthread
[  255.815842][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  255.824034][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  256.452018][ T8038] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  256.461684][ T8038] batman_adv: batadv0: Removing interface: batadv_slave_0
[  256.516537][ T8046] netlink: 'syz.3.550': attribute type 10 has an invalid length.
[  256.558199][ T8038] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  256.567731][ T8038] batman_adv: batadv0: Removing interface: batadv_slave_1
[  257.410441][ T8038] bond0: (slave batadv0): Releasing backup interface
[  259.689543][ T6420] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  259.859804][ T6420] usb 2-1: Using ep0 maxpacket: 16
[  259.890634][ T6420] usb 2-1: config 0 has no interfaces?
[  260.182314][ T6420] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  260.199946][ T6420] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  260.208654][ T6420] usb 2-1: Manufacturer: syz
[  260.266866][ T6420] usb 2-1: config 0 descriptor??
[  261.729665][ T5995] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  261.912437][ T8088] FAULT_INJECTION: forcing a failure.
[  261.912437][ T8088] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  261.949494][ T5995] usb 1-1: device descriptor read/64, error -71
[  261.979192][ T8088] CPU: 1 UID: 0 PID: 8088 Comm: syz.4.564 Not tainted syzkaller #0 PREEMPT(full) 
[  261.979213][ T8088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  261.979224][ T8088] Call Trace:
[  261.979233][ T8088]  <TASK>
[  261.979239][ T8088]  dump_stack_lvl+0x189/0x250
[  261.979260][ T8088]  ? __pfx____ratelimit+0x10/0x10
[  261.979281][ T8088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  261.979294][ T8088]  ? __pfx__printk+0x10/0x10
[  261.979310][ T8088]  ? __might_fault+0xb0/0x130
[  261.979333][ T8088]  should_fail_ex+0x414/0x560
[  261.979355][ T8088]  _copy_to_iter+0x1de/0x1790
[  261.979400][ T8088]  ? __pfx__copy_to_iter+0x10/0x10
[  261.979432][ T8088]  ? chacha_block_generic+0x53/0xc80
[  261.979465][ T8088]  get_random_bytes_user+0x1a0/0x380
[  261.979498][ T8088]  ? __pfx_get_random_bytes_user+0x10/0x10
[  261.979529][ T8088]  ? __pfx_vfs_write+0x10/0x10
[  261.979553][ T8088]  ? import_ubuf+0xfb/0x1d0
[  261.979566][ T8088]  __x64_sys_getrandom+0x16d/0x260
[  261.979585][ T8088]  ? __pfx___x64_sys_getrandom+0x10/0x10
[  261.979599][ T8088]  ? ksys_write+0x22a/0x250
[  261.979617][ T8088]  ? __pfx_ksys_write+0x10/0x10
[  261.979635][ T8088]  ? do_syscall_64+0xbe/0xf80
[  261.979648][ T8088]  do_syscall_64+0xfa/0xf80
[  261.979658][ T8088]  ? lockdep_hardirqs_on+0x98/0x140
[  261.979675][ T8088]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.979686][ T8088]  ? clear_bhb_loop+0x60/0xb0
[  261.979701][ T8088]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.979712][ T8088] RIP: 0033:0x7f31f278f749
[  261.979724][ T8088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.979735][ T8088] RSP: 002b:00007f31f36a4038 EFLAGS: 00000246 ORIG_RAX: 000000000000013e
[  261.979750][ T8088] RAX: ffffffffffffffda RBX: 00007f31f29e5fa0 RCX: 00007f31f278f749
[  261.979759][ T8088] RDX: 0000000000000002 RSI: fffffffffffffe2a RDI: 0000200000000040
[  261.979767][ T8088] RBP: 00007f31f36a4090 R08: 0000000000000000 R09: 0000000000000000
[  261.979775][ T8088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  261.979782][ T8088] R13: 00007f31f29e6038 R14: 00007f31f29e5fa0 R15: 00007f31f2b0fa28
[  261.979801][ T8088]  </TASK>
[  262.189750][ T5995] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  262.635521][ T5995] usb 1-1: device descriptor read/64, error -71
[  262.768236][ T5995] usb usb1-port1: attempt power cycle
[  263.129568][ T5995] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  263.163288][ T5995] usb 1-1: device descriptor read/8, error -71
[  263.470371][ T7751] usb 2-1: USB disconnect, device number 28
[  263.509559][ T5995] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  263.558828][ T8103] netlink: 'syz.2.567': attribute type 10 has an invalid length.
[  263.622498][ T5995] usb 1-1: device descriptor read/8, error -71
[  263.765357][ T5995] usb usb1-port1: unable to enumerate USB device
[  264.446936][ T8109] netlink: 8 bytes leftover after parsing attributes in process `syz.0.571'.
[  264.472786][ T8109] netlink: 28 bytes leftover after parsing attributes in process `syz.0.571'.
[  264.479484][ T5995] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  264.482515][ T8109] netlink: 28 bytes leftover after parsing attributes in process `syz.0.571'.
[  264.554060][ T8109] bridge0: entered promiscuous mode
[  264.584711][ T8109] ip6gretap0: entered promiscuous mode
[  264.605652][ T8109] debugfs: 'hsr1' already exists in 'hsr'
[  264.620801][ T8109] Cannot create hsr debugfs directory
[  264.679857][ T5995] usb 4-1: Using ep0 maxpacket: 8
[  264.688111][ T5995] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  264.708894][ T5995] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  264.727990][ T5995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.764873][ T5995] usb 4-1: Product: syz
[  264.779307][ T5995] usb 4-1: Manufacturer: syz
[  264.812155][ T5995] usb 4-1: SerialNumber: syz
[  264.825067][ T5995] usb 4-1: config 0 descriptor??
[  264.833002][ T5995] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  264.861369][ T5995] usb 4-1: setting power ON
[  264.870591][ T5995] dvb-usb: bulk message failed: -22 (2/0)
[  264.909298][ T5995] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  264.920223][ T5995] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  265.057431][ T5995] usb 4-1: media controller created
[  265.063149][ T8107] dvb-usb: bulk message failed: -22 (3/0)
[  265.073017][ T8107] dvb-usb: bulk message failed: -22 (4/0)
[  265.079875][ T8107] cxusb: i2c read failed
[  265.220804][ T8125] syzkaller0: entered promiscuous mode
[  265.278701][ T5995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  265.288407][ T8125] syzkaller0: entered allmulticast mode
[  265.346244][ T8107] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  265.357867][ T8107] batman_adv: batadv0: Removing interface: batadv_slave_0
[  265.378575][ T8107] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  265.396850][ T8107] batman_adv: batadv0: Removing interface: batadv_slave_1
[  265.441741][ T5995] usb 4-1: selecting invalid altsetting 6
[  265.472089][ T5995] usb 4-1: digital interface selection failed (-22)
[  265.870239][ T8107] bond0: (slave batadv0): Releasing backup interface
[  265.888201][ T5995] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  265.908803][ T5995] usb 4-1: setting power OFF
[  265.923943][ T5995] dvb-usb: bulk message failed: -22 (2/0)
[  265.930084][ T5995] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  265.939867][ T5995] (NULL device *): no alternate interface
[  266.139501][ T5995] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  266.176819][ T5995] usb 4-1: USB disconnect, device number 23
[  266.785833][ T8147] netlink: 'syz.4.578': attribute type 10 has an invalid length.
[  266.803271][ T8151] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  266.975671][ T8151] syzkaller0: entered promiscuous mode
[  267.032196][ T8151] syzkaller0: entered allmulticast mode
[  267.051240][ T8155] binder_alloc: 8154: pid 8154 spamming oneway? 1 buffers allocated for a total size of 4096
[  267.116829][ T8157] binder_alloc: 8154: pid 8154 spamming oneway? 2 buffers allocated for a total size of 5120
[  267.130321][ T8151] tipc: Resetting bearer <eth:syzkaller0>
[  267.322662][ T8150] tipc: Resetting bearer <eth:syzkaller0>
[  267.461638][ T8150] tipc: Disabling bearer <eth:syzkaller0>
[  269.157056][ T8176] netlink: 830 bytes leftover after parsing attributes in process `syz.4.587'.
[  269.870243][ T8189] FAULT_INJECTION: forcing a failure.
[  269.870243][ T8189] name failslab, interval 1, probability 0, space 0, times 0
[  269.885693][ T8189] CPU: 0 UID: 0 PID: 8189 Comm: syz.3.589 Not tainted syzkaller #0 PREEMPT(full) 
[  269.885722][ T8189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  269.885735][ T8189] Call Trace:
[  269.885743][ T8189]  <TASK>
[  269.885752][ T8189]  dump_stack_lvl+0x189/0x250
[  269.885781][ T8189]  ? __pfx____ratelimit+0x10/0x10
[  269.885811][ T8189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  269.885833][ T8189]  ? __pfx__printk+0x10/0x10
[  269.885867][ T8189]  ? __pfx___might_resched+0x10/0x10
[  269.885893][ T8189]  should_fail_ex+0x414/0x560
[  269.885925][ T8189]  should_failslab+0xa8/0x100
[  269.885950][ T8189]  __kmalloc_noprof+0xcb/0x7e0
[  269.885977][ T8189]  ? copy_splice_read+0x143/0xa50
[  269.886007][ T8189]  copy_splice_read+0x143/0xa50
[  269.886029][ T8189]  ? __pfx_pipe_to_null+0x10/0x10
[  269.886066][ T8189]  ? pipe_unlock+0x56/0x80
[  269.886095][ T8189]  ? splice_from_pipe+0x108/0x160
[  269.886118][ T8189]  ? __pfx_pipe_to_null+0x10/0x10
[  269.886143][ T8189]  ? __pfx_copy_splice_read+0x10/0x10
[  269.886179][ T8189]  ? file_end_write+0xd8/0x250
[  269.886204][ T8189]  ? direct_splice_actor+0x10c/0x160
[  269.886230][ T8189]  ? __pfx_copy_splice_read+0x10/0x10
[  269.886250][ T8189]  splice_direct_to_actor+0x4a9/0xcc0
[  269.886296][ T8189]  ? __pfx_direct_splice_actor+0x10/0x10
[  269.886318][ T8189]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  269.886354][ T8189]  do_splice_direct+0x181/0x270
[  269.886382][ T8189]  ? __pfx_do_splice_direct+0x10/0x10
[  269.886402][ T8189]  ? common_file_perm+0x1b5/0x220
[  269.886428][ T8189]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  269.886462][ T8189]  ? bpf_lsm_file_permission+0x9/0x20
[  269.886484][ T8189]  ? security_file_permission+0x75/0x290
[  269.886517][ T8189]  ? rw_verify_area+0x255/0x4d0
[  269.886549][ T8189]  do_sendfile+0x4da/0x7e0
[  269.886583][ T8189]  ? __pfx_do_sendfile+0x10/0x10
[  269.886622][ T8189]  __se_sys_sendfile64+0x13e/0x190
[  269.886648][ T8189]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  269.886675][ T8189]  ? do_syscall_64+0xbe/0xf80
[  269.886699][ T8189]  do_syscall_64+0xfa/0xf80
[  269.886716][ T8189]  ? lockdep_hardirqs_on+0x98/0x140
[  269.886746][ T8189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.886767][ T8189]  ? clear_bhb_loop+0x60/0xb0
[  269.886792][ T8189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.886812][ T8189] RIP: 0033:0x7f15bab8f749
[  269.886832][ T8189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.886850][ T8189] RSP: 002b:00007f15bba59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  269.886873][ T8189] RAX: ffffffffffffffda RBX: 00007f15bade6180 RCX: 00007f15bab8f749
[  269.886888][ T8189] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000005
[  269.886900][ T8189] RBP: 00007f15bba59090 R08: 0000000000000000 R09: 0000000000000000
[  269.886913][ T8189] R10: 000000040000f63c R11: 0000000000000246 R12: 0000000000000002
[  269.886926][ T8189] R13: 00007f15bade6218 R14: 00007f15bade6180 R15: 00007f15baf0fa28
[  269.886961][ T8189]  </TASK>
[  270.185218][    C0] vkms_vblank_simulate: vblank timer overrun
[  271.512296][ T8201] xt_TPROXY: Can be used only with -p tcp or -p udp
[  271.601292][ T8198] netlink: 88 bytes leftover after parsing attributes in process `syz.2.591'.
[  272.020168][ T8206] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  272.567298][ T8215] netlink: 16 bytes leftover after parsing attributes in process `syz.1.595'.
[  273.249145][ T8224] netlink: 'syz.0.597': attribute type 10 has an invalid length.
[  273.418248][ T8224] 8021q: adding VLAN 0 to HW filter on device batadv0
[  273.566590][ T8224] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  273.887248][ T8237] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  273.908789][ T8236] netlink: 'syz.0.602': attribute type 29 has an invalid length.
[  273.974507][ T8239] netlink: 'syz.0.602': attribute type 29 has an invalid length.
[  275.440409][ T8253] syzkaller0: entered promiscuous mode
[  275.494245][ T8253] syzkaller0: entered allmulticast mode
[  275.949563][ T5887] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  276.582681][ T8265] xt_TPROXY: Can be used only with -p tcp or -p udp
[  276.593867][ T8265] netlink: 88 bytes leftover after parsing attributes in process `syz.2.610'.
[  276.696899][ T5887] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  276.714541][ T5887] usb 1-1: config 0 has no interface number 0
[  276.740662][ T5887] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  276.751116][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.955362][ T5887] usb 1-1: config 0 descriptor??
[  277.018790][ T5887] usb 1-1: selecting invalid altsetting 1
[  277.043982][ T5887] dvb_ttusb_budget: ttusb_init_controller: error
[  277.082570][ T5887] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  277.105343][ T8275] netlink: 'syz.1.612': attribute type 10 has an invalid length.
[  277.432781][ T5887] DVB: Unable to find symbol cx22700_attach()
[  277.706076][ T5887] DVB: Unable to find symbol tda10046_attach()
[  277.716047][ T5887] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  277.946480][ T5887] usb 1-1: USB disconnect, device number 26
[  278.543172][ T8299] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  278.554235][ T8299] FAULT_INJECTION: forcing a failure.
[  278.554235][ T8299] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  278.567801][ T8299] CPU: 1 UID: 0 PID: 8299 Comm: syz.0.617 Not tainted syzkaller #0 PREEMPT(full) 
[  278.567829][ T8299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  278.567841][ T8299] Call Trace:
[  278.567849][ T8299]  <TASK>
[  278.567858][ T8299]  dump_stack_lvl+0x189/0x250
[  278.567887][ T8299]  ? __pfx____ratelimit+0x10/0x10
[  278.567916][ T8299]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.567938][ T8299]  ? __pfx__printk+0x10/0x10
[  278.567965][ T8299]  ? __might_fault+0xb0/0x130
[  278.568005][ T8299]  should_fail_ex+0x414/0x560
[  278.568044][ T8299]  _copy_from_user+0x2d/0xb0
[  278.568067][ T8299]  ___sys_sendmsg+0x158/0x2a0
[  278.568100][ T8299]  ? __pfx____sys_sendmsg+0x10/0x10
[  278.568135][ T8299]  ? rcu_is_watching+0x15/0xb0
[  278.568189][ T8299]  ? __fget_files+0x2a/0x420
[  278.568210][ T8299]  ? __fget_files+0x3a0/0x420
[  278.568244][ T8299]  __x64_sys_sendmsg+0x19b/0x260
[  278.568271][ T8299]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  278.568304][ T8299]  ? __pfx_ksys_write+0x10/0x10
[  278.568331][ T8299]  ? do_syscall_64+0xbe/0xf80
[  278.568348][ T8299]  do_syscall_64+0xfa/0xf80
[  278.568363][ T8299]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.568378][ T8299]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  278.568392][ T8299]  ? clear_bhb_loop+0x60/0xb0
[  278.568411][ T8299]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.568426][ T8299] RIP: 0033:0x7f4f9b98f749
[  278.568441][ T8299] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.568456][ T8299] RSP: 002b:00007f4f99bd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  278.568475][ T8299] RAX: ffffffffffffffda RBX: 00007f4f9bbe6180 RCX: 00007f4f9b98f749
[  278.568486][ T8299] RDX: 0000000000040080 RSI: 0000200000000000 RDI: 0000000000000005
[  278.568497][ T8299] RBP: 00007f4f99bd5090 R08: 0000000000000000 R09: 0000000000000000
[  278.568506][ T8299] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.568516][ T8299] R13: 00007f4f9bbe6218 R14: 00007f4f9bbe6180 R15: 00007f4f9bd0fa28
[  278.568542][ T8299]  </TASK>
[  279.103597][ T8304] capability: warning: `syz.3.620' uses 32-bit capabilities (legacy support in use)
[  279.675777][ T8312] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  280.385011][ T8324] xt_TPROXY: Can be used only with -p tcp or -p udp
[  280.399973][ T8324] netlink: 88 bytes leftover after parsing attributes in process `syz.2.625'.
[  281.575229][ T8330] netlink: zone id is out of range
[  281.992153][ T5887] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  282.166434][ T8338] netlink: 'syz.4.630': attribute type 10 has an invalid length.
[  282.193922][ T5887] usb 1-1: Using ep0 maxpacket: 16
[  282.202202][ T5887] usb 1-1: too many endpoints for config 0 interface 0 altsetting 109: 65, using maximum allowed: 30
[  282.215277][ T5887] usb 1-1: config 0 interface 0 altsetting 109 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  282.226687][ T5887] usb 1-1: config 0 interface 0 altsetting 109 has 1 endpoint descriptor, different from the interface descriptor's value: 65
[  282.241204][ T5887] usb 1-1: config 0 interface 0 has no altsetting 0
[  282.247960][ T5887] usb 1-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00
[  282.257478][ T5887] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.275130][ T5887] usb 1-1: config 0 descriptor??
[  283.042700][ T5887] waltop 0003:172F:0500.000C: unknown main item tag 0x0
[  283.168319][ T5887] waltop 0003:172F:0500.000C: unknown main item tag 0x0
[  283.179890][ T5887] waltop 0003:172F:0500.000C: unknown main item tag 0x0
[  283.186864][ T5887] waltop 0003:172F:0500.000C: unknown main item tag 0x0
[  283.199750][ T5887] waltop 0003:172F:0500.000C: unknown main item tag 0x0
[  283.211402][ T5887] waltop 0003:172F:0500.000C: hidraw0: USB HID v0.05 Device [HID 172f:0500] on usb-dummy_hcd.0-1/input0
[  283.242612][ T5887] usb 1-1: USB disconnect, device number 27
[  283.321117][ T8345] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  283.347227][ T8345] syzkaller0: entered promiscuous mode
[  283.354601][ T8341] netlink: zone id is out of range
[  283.368291][ T8345] syzkaller0: entered allmulticast mode
[  283.382418][ T8346] fido_id[8346]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  283.411933][ T8343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.632'.
[  283.432987][ T8345] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  283.451134][ T8345] tipc: Resetting bearer <eth:syzkaller0>
[  283.519744][ T8344] tipc: Resetting bearer <eth:syzkaller0>
[  283.536449][ T8349] netlink: 4 bytes leftover after parsing attributes in process `syz.2.634'.
[  283.570357][ T8344] tipc: Disabling bearer <eth:syzkaller0>
[  283.854085][ T8353] netlink: 830 bytes leftover after parsing attributes in process `syz.2.636'.
[  283.865109][ T8356] FAULT_INJECTION: forcing a failure.
[  283.865109][ T8356] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  283.938960][ T8356] CPU: 1 UID: 0 PID: 8356 Comm: syz.1.635 Not tainted syzkaller #0 PREEMPT(full) 
[  283.938989][ T8356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  283.939000][ T8356] Call Trace:
[  283.939009][ T8356]  <TASK>
[  283.939017][ T8356]  dump_stack_lvl+0x189/0x250
[  283.939044][ T8356]  ? __pfx____ratelimit+0x10/0x10
[  283.939072][ T8356]  ? __pfx_dump_stack_lvl+0x10/0x10
[  283.939092][ T8356]  ? __pfx__printk+0x10/0x10
[  283.939119][ T8356]  ? __might_fault+0xb0/0x130
[  283.939160][ T8356]  should_fail_ex+0x414/0x560
[  283.939191][ T8356]  _copy_from_iter+0x1de/0x1790
[  283.939238][ T8356]  ? rcu_is_watching+0x15/0xb0
[  283.939268][ T8356]  ? __pfx__copy_from_iter+0x10/0x10
[  283.939298][ T8356]  ? __build_skb_around+0x22d/0x3c0
[  283.939331][ T8356]  ? netlink_sendmsg+0x642/0xb30
[  283.939364][ T8356]  ? skb_put+0x11b/0x210
[  283.939393][ T8356]  netlink_sendmsg+0x6b2/0xb30
[  283.939431][ T8356]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.939462][ T8356]  ? aa_sock_msg_perm+0xf1/0x1b0
[  283.939489][ T8356]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  283.939511][ T8356]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.939541][ T8356]  __sock_sendmsg+0x21c/0x270
[  283.939568][ T8356]  ____sys_sendmsg+0x505/0x820
[  283.939605][ T8356]  ? __pfx_____sys_sendmsg+0x10/0x10
[  283.939645][ T8356]  ? import_iovec+0x74/0xa0
[  283.939671][ T8356]  ___sys_sendmsg+0x21f/0x2a0
[  283.939703][ T8356]  ? __pfx____sys_sendmsg+0x10/0x10
[  283.939741][ T8356]  ? rcu_read_lock_any_held+0xb3/0x120
[  283.939794][ T8356]  ? __fget_files+0x2a/0x420
[  283.939816][ T8356]  ? __fget_files+0x3a0/0x420
[  283.939851][ T8356]  __x64_sys_sendmsg+0x19b/0x260
[  283.939883][ T8356]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  283.939920][ T8356]  ? __pfx_ksys_write+0x10/0x10
[  283.939954][ T8356]  ? do_syscall_64+0xbe/0xf80
[  283.939976][ T8356]  do_syscall_64+0xfa/0xf80
[  283.939993][ T8356]  ? lockdep_hardirqs_on+0x98/0x140
[  283.940019][ T8356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.940039][ T8356]  ? clear_bhb_loop+0x60/0xb0
[  283.940061][ T8356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.940079][ T8356] RIP: 0033:0x7f9e04d8f749
[  283.940097][ T8356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.940114][ T8356] RSP: 002b:00007f9e05bac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  283.940136][ T8356] RAX: ffffffffffffffda RBX: 00007f9e04fe6090 RCX: 00007f9e04d8f749
[  283.940152][ T8356] RDX: 0000000004000000 RSI: 0000200000001200 RDI: 0000000000000003
[  283.940165][ T8356] RBP: 00007f9e05bac090 R08: 0000000000000000 R09: 0000000000000000
[  283.940177][ T8356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.940189][ T8356] R13: 00007f9e04fe6128 R14: 00007f9e04fe6090 R15: 00007f9e0510fa28
[  283.940247][ T8356]  </TASK>
[  285.800664][ T8372] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  285.989583][ T6420] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  286.132708][ T8385] xt_TPROXY: Can be used only with -p tcp or -p udp
[  286.149465][ T8385] netlink: 88 bytes leftover after parsing attributes in process `syz.0.642'.
[  286.230791][ T6420] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  286.276948][ T8386] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  286.288580][ T6420] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  286.298767][ T6420] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.327042][ T6420] usb 4-1: config 0 descriptor??
[  286.393882][ T6420] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  287.316189][ T8391] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  287.415244][ T8390] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  287.428610][ T8390] syzkaller0: entered promiscuous mode
[  287.499900][ T8390] syzkaller0: entered allmulticast mode
[  287.509573][ T8392] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  287.551401][ T8389] tipc: Resetting bearer <eth:syzkaller0>
[  287.587057][ T8389] tipc: Disabling bearer <eth:syzkaller0>
[  288.078123][ T8398] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  288.086178][ T8398] syzkaller0: entered promiscuous mode
[  288.092736][ T8398] syzkaller0: entered allmulticast mode
[  288.118289][ T8398] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  288.151430][ T8397] tipc: Resetting bearer <eth:syzkaller0>
[  288.209529][ T6420] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  288.244322][ T8397] tipc: Disabling bearer <eth:syzkaller0>
[  288.259570][ T5995] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  288.369627][ T6420] usb 3-1: Using ep0 maxpacket: 32
[  288.378560][ T6420] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  288.388176][ T6420] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.399240][ T6420] usb 3-1: config 0 descriptor??
[  288.411106][ T6420] gspca_main: sunplus-2.14.0 probing 041e:400b
[  288.412760][ T5995] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  288.434009][ T5995] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  288.443699][ T5995] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.453813][ T5995] usb 1-1: Product: syz
[  288.458232][ T5995] usb 1-1: Manufacturer: syz
[  288.463291][ T5995] usb 1-1: SerialNumber: syz
[  288.473551][ T5995] usb 1-1: config 0 descriptor??
[  288.579460][ T7751] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  288.739504][ T7751] usb 5-1: Using ep0 maxpacket: 16
[  288.747082][ T7751] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.758242][ T7751] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  288.771794][ T7751] usb 5-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00
[  288.785928][ T7751] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.798284][ T7751] usb 5-1: config 0 descriptor??
[  288.814902][ T6420] gspca_sunplus: reg_w_riv err -71
[  288.825629][ T6420] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  288.840438][ T6420] usb 3-1: USB disconnect, device number 27
[  288.960320][ T5906] usb 4-1: USB disconnect, device number 24
[  289.048069][ T8403] ip6tnl1: entered allmulticast mode
[  289.163127][ T8409] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  289.348657][ T7751] hid-multitouch 0003:0457:07DA.000D: hidraw0: USB HID v0.00 Device [HID 0457:07da] on usb-dummy_hcd.4-1/input0
[  289.563189][ T8400] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  289.617040][ T7751] usb 5-1: USB disconnect, device number 30
[  289.643921][ T8418] netlink: 'syz.1.651': attribute type 10 has an invalid length.
[  289.659692][ T5995] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  289.865082][ T5995] usb 4-1: config 0 has an invalid interface number: 113 but max is 0
[  289.879410][ T5995] usb 4-1: config 0 has no interface number 0
[  289.889544][ T5995] usb 4-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  289.948954][ T5995] usb 4-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  290.005744][ T5995] usb 4-1: config 0 interface 113 has no altsetting 0
[  290.045727][ T5995] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  290.056309][ T5995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.065624][ T5995] usb 4-1: Product: syz
[  290.070379][ T5995] usb 4-1: Manufacturer: syz
[  290.125328][ T5995] usb 4-1: SerialNumber: syz
[  290.245127][ T5995] usb 4-1: config 0 descriptor??
[  290.354763][    C0] usb 4-1: NFC: Urb failure (status -71)
[  290.368134][ T5995] usb 4-1: NFC: Unable to get FW version
[  290.388356][ T5995] pn533_usb 4-1:0.113: probe with driver pn533_usb failed with error -90
[  291.303293][ T5887] usb 1-1: USB disconnect, device number 28
[  291.532949][ T5995] IPVS: starting estimator thread 0...
[  291.539115][ T8428] IPVS: sh: FWM 3 0x00000003 - no destination available
[  291.629619][ T8430] IPVS: using max 30 ests per chain, 72000 per kthread
[  292.013504][ T8439] netlink: 16 bytes leftover after parsing attributes in process `syz.4.655'.
[  292.229629][ T5995] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  292.278926][ T5990] usb 4-1: USB disconnect, device number 25
[  292.456602][ T5995] usb 1-1: config 0 has an invalid interface number: 44 but max is 1
[  292.468340][ T5995] usb 1-1: config 0 has an invalid interface number: 92 but max is 1
[  292.527381][ T5995] usb 1-1: config 0 has no interface number 0
[  292.591703][ T5995] usb 1-1: config 0 has no interface number 1
[  292.889622][ T5995] usb 1-1: config 0 interface 44 has no altsetting 0
[  293.219503][ T5995] usb 1-1: config 0 interface 92 has no altsetting 0
[  293.273881][ T5995] usb 1-1: New USB device found, idVendor=1b3d, idProduct=01ab, bcdDevice=85.24
[  293.296482][ T5995] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.314908][ T5995] usb 1-1: Product: syz
[  293.346805][ T5995] usb 1-1: Manufacturer: syz
[  293.359500][ T5995] usb 1-1: SerialNumber: syz
[  293.390654][ T5995] usb 1-1: config 0 descriptor??
[  293.432673][ T5995] usb 1-1: Interface #92 referenced by multiple IADs
[  294.253655][ T8454] netlink: 8 bytes leftover after parsing attributes in process `syz.2.660'.
[  294.266282][ T8454] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.275020][ T8454] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.499508][ T6420] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  294.659520][ T6420] usb 5-1: Using ep0 maxpacket: 8
[  294.673555][ T5995] ftdi_sio 1-1:0.44: FTDI USB Serial Device converter detected
[  294.686026][ T6420] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[  294.716688][ T6420] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  294.722864][ T5995] ftdi_sio ttyUSB0: unknown device type: 0x8524
[  294.726561][ T6420] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.791815][ T6420] usb 5-1: Product: syz
[  294.804930][ T6420] usb 5-1: Manufacturer: syz
[  294.811933][ T5995] ftdi_sio 1-1:0.92: FTDI USB Serial Device converter detected
[  294.829505][ T6420] usb 5-1: SerialNumber: syz
[  294.853314][ T5995] ftdi_sio ttyUSB1: unknown device type: 0x8524
[  294.853455][ T6420] usb 5-1: config 0 descriptor??
[  294.887846][ T6420] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  294.916657][ T5995] usb 1-1: USB disconnect, device number 29
[  294.919599][ T6420] usb 5-1: setting power ON
[  294.949667][ T6420] dvb-usb: bulk message failed: -22 (2/0)
[  294.970220][ T5995] ftdi_sio 1-1:0.44: device disconnected
[  294.994359][ T5995] ftdi_sio 1-1:0.92: device disconnected
[  295.009038][ T6420] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  295.080123][ T6420] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  295.090077][ T8459] dvb-usb: bulk message failed: -22 (4/0)
[  295.095818][ T8459] cxusb: i2c read failed
[  295.118721][ T6420] usb 5-1: media controller created
[  295.227741][ T6420] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  295.255903][ T6420] usb 5-1: selecting invalid altsetting 6
[  295.266366][ T6420] usb 5-1: digital interface selection failed (-22)
[  295.294844][ T6420] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  295.453327][ T6420] usb 5-1: setting power OFF
[  295.493139][ T6420] dvb-usb: bulk message failed: -22 (2/0)
[  295.543382][ T6420] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  295.573720][ T6420] (NULL device *): no alternate interface
[  295.748089][ T6420] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  295.878159][ T6420] usb 5-1: USB disconnect, device number 31
[  295.889553][ T5995] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  296.159917][ T5995] usb 1-1: Using ep0 maxpacket: 16
[  296.240791][ T5995] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.335854][ T5995] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.351051][ T5995] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  296.498863][ T5995] usb 1-1: config 0 interface 0 has no altsetting 0
[  296.534841][ T5995] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  296.544701][ T5995] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.580688][ T5995] usb 1-1: config 0 descriptor??
[  297.363850][ T6420] usb 1-1: USB disconnect, device number 30
[  297.492705][ T8489] xt_TPROXY: Can be used only with -p tcp or -p udp
[  297.519103][ T8489] netlink: 88 bytes leftover after parsing attributes in process `syz.3.668'.
[  297.943984][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  297.944006][   T30] audit: type=1326 audit(1764702274.005:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.061954][   T30] audit: type=1326 audit(1764702274.005:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.084950][   T30] audit: type=1326 audit(1764702274.035:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.134395][   T30] audit: type=1326 audit(1764702274.035:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.243458][   T30] audit: type=1326 audit(1764702274.035:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.372665][   T30] audit: type=1326 audit(1764702274.035:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.545626][   T30] audit: type=1326 audit(1764702274.055:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=263 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.627509][ T8510] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[  298.691092][ T8508] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  298.775545][   T30] audit: type=1326 audit(1764702274.225:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  298.937009][   T30] audit: type=1326 audit(1764702274.225:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8492 comm="syz.4.670" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31f278f749 code=0x7ffc0000
[  300.970063][ T8540] FAULT_INJECTION: forcing a failure.
[  300.970063][ T8540] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  301.060659][ T8540] CPU: 1 UID: 0 PID: 8540 Comm: syz.2.683 Not tainted syzkaller #0 PREEMPT(full) 
[  301.060688][ T8540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  301.060700][ T8540] Call Trace:
[  301.060709][ T8540]  <TASK>
[  301.060718][ T8540]  dump_stack_lvl+0x189/0x250
[  301.060746][ T8540]  ? __pfx____ratelimit+0x10/0x10
[  301.060776][ T8540]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.060796][ T8540]  ? __pfx__printk+0x10/0x10
[  301.060823][ T8540]  ? __might_fault+0xb0/0x130
[  301.060863][ T8540]  should_fail_ex+0x414/0x560
[  301.060893][ T8540]  _copy_from_user+0x2d/0xb0
[  301.060912][ T8540]  sctp_setsockopt+0x19f/0x1200
[  301.060934][ T8540]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  301.060962][ T8540]  do_sock_setsockopt+0x17c/0x1b0
[  301.060996][ T8540]  __x64_sys_setsockopt+0x13f/0x1b0
[  301.061032][ T8540]  do_syscall_64+0xfa/0xf80
[  301.061049][ T8540]  ? lockdep_hardirqs_on+0x98/0x140
[  301.061078][ T8540]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.061096][ T8540]  ? clear_bhb_loop+0x60/0xb0
[  301.061122][ T8540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.061142][ T8540] RIP: 0033:0x7fec9e78f749
[  301.061169][ T8540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.061187][ T8540] RSP: 002b:00007fec9f657038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  301.061211][ T8540] RAX: ffffffffffffffda RBX: 00007fec9e9e5fa0 RCX: 00007fec9e78f749
[  301.061226][ T8540] RDX: 0000000000000075 RSI: 0000000000000084 RDI: 0000000000000003
[  301.061238][ T8540] RBP: 00007fec9f657090 R08: 0000000000000008 R09: 0000000000000000
[  301.061251][ T8540] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  301.061264][ T8540] R13: 00007fec9e9e6038 R14: 00007fec9e9e5fa0 R15: 00007fec9eb0fa28
[  301.061297][ T8540]  </TASK>
[  301.567799][ T8547] FAULT_INJECTION: forcing a failure.
[  301.567799][ T8547] name failslab, interval 1, probability 0, space 0, times 0
[  301.625498][ T8552] netlink: 'syz.0.682': attribute type 10 has an invalid length.
[  301.681459][ T5990] IPVS: starting estimator thread 0...
[  301.723990][ T8547] CPU: 1 UID: 0 PID: 8547 Comm: syz.1.685 Not tainted syzkaller #0 PREEMPT(full) 
[  301.724022][ T8547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  301.724035][ T8547] Call Trace:
[  301.724044][ T8547]  <TASK>
[  301.724053][ T8547]  dump_stack_lvl+0x189/0x250
[  301.724082][ T8547]  ? __pfx____ratelimit+0x10/0x10
[  301.724112][ T8547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  301.724134][ T8547]  ? __pfx__printk+0x10/0x10
[  301.724168][ T8547]  ? __pfx___might_resched+0x10/0x10
[  301.724195][ T8547]  ? fs_reclaim_acquire+0x7d/0x100
[  301.724222][ T8547]  should_fail_ex+0x414/0x560
[  301.724253][ T8547]  should_failslab+0xa8/0x100
[  301.724277][ T8547]  kmem_cache_alloc_node_noprof+0x77/0x700
[  301.724305][ T8547]  ? __alloc_skb+0x112/0x2d0
[  301.724340][ T8547]  __alloc_skb+0x112/0x2d0
[  301.724371][ T8547]  alloc_skb_with_frags+0xca/0x890
[  301.724400][ T8547]  ? __lock_acquire+0x6b6/0x2cf0
[  301.724440][ T8547]  sock_alloc_send_pskb+0x84d/0x980
[  301.724474][ T8547]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  301.724488][ T8547]  ? sock_def_readable+0xae/0x530
[  301.724504][ T8547]  ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20
[  301.724520][ T8547]  unix_dgram_sendmsg+0x461/0x1850
[  301.724550][ T8547]  ? __lock_acquire+0x6b6/0x2cf0
[  301.724566][ T8547]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  301.724580][ T8547]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  301.724602][ T8547]  ? unix_seqpacket_sendmsg+0x111/0x1e0
[  301.724617][ T8547]  ? __pfx_unix_seqpacket_sendmsg+0x10/0x10
[  301.724633][ T8547]  __sock_sendmsg+0x21c/0x270
[  301.724648][ T8547]  ____sys_sendmsg+0x52d/0x820
[  301.724669][ T8547]  ? __pfx_____sys_sendmsg+0x10/0x10
[  301.724692][ T8547]  ? import_iovec+0x74/0xa0
[  301.724706][ T8547]  ___sys_sendmsg+0x21f/0x2a0
[  301.724725][ T8547]  ? __pfx____sys_sendmsg+0x10/0x10
[  301.724740][ T8547]  ? __lock_acquire+0x6b6/0x2cf0
[  301.724784][ T8547]  ? __might_fault+0xb0/0x130
[  301.724802][ T8547]  __sys_sendmmsg+0x227/0x430
[  301.724823][ T8547]  ? __pfx___sys_sendmmsg+0x10/0x10
[  301.724846][ T8547]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  301.724869][ T8547]  ? ksys_write+0x22a/0x250
[  301.724888][ T8547]  ? __pfx_ksys_write+0x10/0x10
[  301.724907][ T8547]  __x64_sys_sendmmsg+0xa0/0xc0
[  301.724926][ T8547]  do_syscall_64+0xfa/0xf80
[  301.724939][ T8547]  ? lockdep_hardirqs_on+0x98/0x140
[  301.724956][ T8547]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.724967][ T8547]  ? clear_bhb_loop+0x60/0xb0
[  301.724982][ T8547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.724993][ T8547] RIP: 0033:0x7f9e04d8f749
[  301.725010][ T8547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.725021][ T8547] RSP: 002b:00007f9e05bcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  301.725036][ T8547] RAX: ffffffffffffffda RBX: 00007f9e04fe5fa0 RCX: 00007f9e04d8f749
[  301.725045][ T8547] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000003
[  301.725054][ T8547] RBP: 00007f9e05bcd090 R08: 0000000000000000 R09: 0000000000000000
[  301.725061][ T8547] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000002
[  301.725069][ T8547] R13: 00007f9e04fe6038 R14: 00007f9e04fe5fa0 R15: 00007f9e0510fa28
[  301.725089][ T8547]  </TASK>
[  302.111613][ T8556] netlink: 76 bytes leftover after parsing attributes in process `syz.4.688'.
[  302.429541][ T8554] IPVS: using max 25 ests per chain, 60000 per kthread
[  302.456973][ T8561] netlink: 'syz.1.690': attribute type 7 has an invalid length.
[  302.761594][ T8568] netlink: 32 bytes leftover after parsing attributes in process `syz.4.692'.
[  302.809643][  T985] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  303.087240][  T985] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  303.098526][  T985] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  303.130050][ T5887] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  303.140048][  T985] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  303.164744][  T985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.196134][  T985] usb 3-1: config 0 descriptor??
[  303.215295][  T985] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  303.279484][ T5887] usb 2-1: device descriptor read/64, error -71
[  303.589762][ T5887] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  303.749508][ T5887] usb 2-1: device descriptor read/64, error -71
[  303.860249][ T5887] usb usb2-port1: attempt power cycle
[  304.131314][ T8584] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  304.351369][ T5887] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  304.382508][ T5887] usb 2-1: device descriptor read/8, error -71
[  304.514344][ T8591] netlink: 8 bytes leftover after parsing attributes in process `syz.4.698'.
[  304.649521][ T5887] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  304.702900][ T5887] usb 2-1: device descriptor read/8, error -71
[  304.821134][ T5887] usb usb2-port1: unable to enumerate USB device
[  305.458462][ T7751] usb 3-1: USB disconnect, device number 28
[  305.904064][ T8615] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  305.912261][ T8615] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  305.925472][ T8615] tipc: Resetting bearer <eth:syzkaller0>
[  305.960316][ T8614] tipc: Disabling bearer <eth:syzkaller0>
[  306.359546][ T8617] netlink: 'syz.2.709': attribute type 1 has an invalid length.
[  307.018957][ T8621] 8021q: adding VLAN 0 to HW filter on device bond2
[  307.045438][ T8630] netlink: 'syz.1.711': attribute type 10 has an invalid length.
[  307.048638][ T8621] bond1: (slave bond2): making interface the new active one
[  307.087048][ T8621] bond1: (slave bond2): Enslaving as an active interface with an up link
[  307.256413][ T8617] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[  307.854591][ T5920] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  308.080676][ T8646] netlink: 16 bytes leftover after parsing attributes in process `syz.4.715'.
[  308.101960][ T5920] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  308.107423][ T8647] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  308.120519][ T8647] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.138573][ T5920] usb 2-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[  308.148676][ T8647] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  308.157117][ T8647] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.175916][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.210880][ T5920] usb 2-1: Product: syz
[  308.218417][ T5920] usb 2-1: Manufacturer: syz
[  308.226908][ T8647] bond0: (slave batadv0): Releasing backup interface
[  309.060677][ T5920] usb 2-1: SerialNumber: syz
[  309.080684][ T5920] usb 2-1: config 0 descriptor??
[  309.145239][ T5920] usbtouchscreen 2-1:0.0: probe with driver usbtouchscreen failed with error -32
[  309.314195][ T8634] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  309.352793][ T8634] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  309.481750][ T8634] netlink: 4 bytes leftover after parsing attributes in process `syz.1.714'.
[  309.512560][ T8634] netlink: 12 bytes leftover after parsing attributes in process `syz.1.714'.
[  309.563503][ T8634] netlink: 3 bytes leftover after parsing attributes in process `syz.1.714'.
[  309.619480][ T5920] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  309.622888][ T8634] sctp: [Deprecated]: syz.1.714 (pid 8634) Use of int in max_burst socket option deprecated.
[  309.622888][ T8634] Use struct sctp_assoc_value instead
[  309.694746][ T8634] sctp: [Deprecated]: syz.1.714 (pid 8634) Use of int in max_burst socket option.
[  309.694746][ T8634] Use struct sctp_assoc_value instead
[  309.759524][ T5920] usb 3-1: device descriptor read/64, error -71
[  309.767696][  T985] usb 2-1: USB disconnect, device number 33
[  310.007091][ T5920] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  310.166472][ T8671] netlink: 16 bytes leftover after parsing attributes in process `syz.3.723'.
[  310.175639][ T5920] usb 3-1: device descriptor read/64, error -71
[  310.294603][ T5920] usb usb3-port1: attempt power cycle
[  310.426606][ T8676] netlink: 'syz.4.722': attribute type 10 has an invalid length.
[  310.691050][ T5920] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  310.729158][ T5920] usb 3-1: device descriptor read/8, error -71
[  311.021243][ T5920] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  311.057757][ T5920] usb 3-1: device descriptor read/8, error -71
[  311.199856][ T5920] usb usb3-port1: unable to enumerate USB device
[  311.697018][ T8690] netlink: 12 bytes leftover after parsing attributes in process `syz.4.729'.
[  311.721710][ T8690] netlink: 12 bytes leftover after parsing attributes in process `syz.4.729'.
[  311.731325][ T1111] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  311.741228][ T1111] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  311.750344][ T1111] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  311.761468][ T8691] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  311.768788][ T1111] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  312.256377][ T8695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.730'.
[  312.273024][ T8695] netlink: 48 bytes leftover after parsing attributes in process `syz.2.730'.
[  312.299757][ T8695] vlan2: entered allmulticast mode
[  312.321507][ T8695] veth1_macvtap: entered allmulticast mode
[  312.364581][ T8695] tipc: Started in network mode
[  312.369717][ T8695] tipc: Node identity 7a63c0271c39, cluster identity 4711
[  312.377092][ T8695] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  312.386741][ T8695] syzkaller0: entered promiscuous mode
[  312.393505][ T8695] syzkaller0: entered allmulticast mode
[  312.434042][ T8695] tipc: Resetting bearer <eth:syzkaller0>
[  312.562688][ T8694] tipc: Resetting bearer <eth:syzkaller0>
[  312.704206][ T8704] netlink: 16 bytes leftover after parsing attributes in process `syz.1.731'.
[  312.732646][ T8694] tipc: Disabling bearer <eth:syzkaller0>
[  315.199172][ T8743] netlink: 'syz.3.739': attribute type 10 has an invalid length.
[  316.505887][ T8762] binder: 8761:8762 ioctl c0306201 0 returned -14
[  316.608999][ T8767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.718358][ T8767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.840893][ T5920] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  317.327756][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  317.336002][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  317.602891][ T5920] usb 5-1: device descriptor read/64, error -71
[  317.890070][ T5920] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  318.170848][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  318.435698][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  318.459018][ T5920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  318.563599][ T5920] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  318.596924][ T5920] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  318.606392][ T5920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.630552][ T5920] usb 5-1: config 0 descriptor??
[  318.769909][ T6420] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  318.933784][ T6420] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  318.957182][ T6420] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  318.993429][ T6420] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  319.057564][ T8785] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  319.113460][ T6420] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  319.180146][ T6420] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  319.209078][ T6420] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.238483][ T6420] usb 4-1: config 0 descriptor??
[  320.140130][ T8801] netlink: zone id is out of range
[  320.408370][ T8790] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  320.711693][ T5920] usbhid 5-1:0.0: can't add hid device: -71
[  320.735812][ T5920] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  320.779293][ T5920] usb 5-1: USB disconnect, device number 33
[  321.050947][ T8813] xt_TPROXY: Can be used only with -p tcp or -p udp
[  321.065010][ T8813] netlink: 88 bytes leftover after parsing attributes in process `syz.0.758'.
[  322.754066][ T6420] usbhid 4-1:0.0: can't add hid device: -71
[  322.776136][ T6420] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  322.856015][ T6420] usb 4-1: USB disconnect, device number 26
[  322.936220][ T8840] netlink: 8 bytes leftover after parsing attributes in process `syz.3.768'.
[  322.967025][ T8840] FAULT_INJECTION: forcing a failure.
[  322.967025][ T8840] name failslab, interval 1, probability 0, space 0, times 0
[  322.989236][ T8840] CPU: 1 UID: 0 PID: 8840 Comm: syz.3.768 Not tainted syzkaller #0 PREEMPT(full) 
[  322.989267][ T8840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  322.989279][ T8840] Call Trace:
[  322.989288][ T8840]  <TASK>
[  322.989297][ T8840]  dump_stack_lvl+0x189/0x250
[  322.989326][ T8840]  ? __pfx____ratelimit+0x10/0x10
[  322.989362][ T8840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.989384][ T8840]  ? __pfx__printk+0x10/0x10
[  322.989413][ T8840]  ? __pfx___might_resched+0x10/0x10
[  322.989434][ T8840]  ? fs_reclaim_acquire+0x7d/0x100
[  322.989459][ T8840]  should_fail_ex+0x414/0x560
[  322.989490][ T8840]  should_failslab+0xa8/0x100
[  322.989513][ T8840]  __kmalloc_noprof+0xcb/0x7e0
[  322.989540][ T8840]  ? fib_create_info+0x171d/0x31f0
[  322.989568][ T8840]  fib_create_info+0x171d/0x31f0
[  322.989619][ T8840]  fib_table_insert+0xc6/0x1b50
[  322.989663][ T8840]  ? l3mdev_fib_table+0x18/0x160
[  322.989699][ T8840]  fib_magic+0x2c4/0x390
[  322.989734][ T8840]  ? __pfx_fib_magic+0x10/0x10
[  322.989758][ T8840]  ? queue_work_on+0x1ed/0x270
[  322.989798][ T8840]  ? lockdep_rtnl_is_held+0x26/0x40
[  322.989846][ T8840]  fib_add_ifaddr+0x144/0x5f0
[  322.989883][ T8840]  fib_inetaddr_event+0x12e/0x190
[  322.989916][ T8840]  notifier_call_chain+0x19d/0x3a0
[  322.989948][ T8840]  blocking_notifier_call_chain+0x6a/0x90
[  322.989975][ T8840]  __inet_insert_ifa+0x9ee/0xbb0
[  322.990019][ T8840]  ? __pfx___inet_insert_ifa+0x10/0x10
[  322.990062][ T8840]  inet_rtm_newaddr+0xf3a/0x18b0
[  322.990099][ T8840]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  322.990147][ T8840]  ? __pfx_inet_rtm_newaddr+0x10/0x10
[  322.990172][ T8840]  rtnetlink_rcv_msg+0x7cf/0xb70
[  322.990204][ T8840]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  322.990229][ T8840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  322.990264][ T8840]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  322.990302][ T8840]  netlink_rcv_skb+0x208/0x470
[  322.990329][ T8840]  ? rcu_is_watching+0x15/0xb0
[  322.990351][ T8840]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  322.990379][ T8840]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  322.990422][ T8840]  ? netlink_deliver_tap+0x2e/0x1b0
[  322.990460][ T8840]  netlink_unicast+0x82f/0x9e0
[  322.990497][ T8840]  ? __pfx_netlink_unicast+0x10/0x10
[  322.990525][ T8840]  ? netlink_sendmsg+0x642/0xb30
[  322.990551][ T8840]  ? skb_put+0x11b/0x210
[  322.990582][ T8840]  netlink_sendmsg+0x805/0xb30
[  322.990619][ T8840]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.990651][ T8840]  ? aa_sock_msg_perm+0xf1/0x1b0
[  322.990676][ T8840]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  322.990696][ T8840]  ? __pfx_netlink_sendmsg+0x10/0x10
[  322.990727][ T8840]  __sock_sendmsg+0x21c/0x270
[  322.990753][ T8840]  ____sys_sendmsg+0x505/0x820
[  322.990790][ T8840]  ? __pfx_____sys_sendmsg+0x10/0x10
[  322.990838][ T8840]  ? import_iovec+0x74/0xa0
[  322.990864][ T8840]  ___sys_sendmsg+0x21f/0x2a0
[  322.990897][ T8840]  ? __pfx____sys_sendmsg+0x10/0x10
[  322.990933][ T8840]  ? rcu_read_lock_any_held+0xb3/0x120
[  322.990988][ T8840]  ? __fget_files+0x2a/0x420
[  322.991011][ T8840]  ? __fget_files+0x3a0/0x420
[  322.991046][ T8840]  __x64_sys_sendmsg+0x19b/0x260
[  322.991078][ T8840]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  322.991120][ T8840]  ? __pfx_ksys_write+0x10/0x10
[  322.991153][ T8840]  ? do_syscall_64+0xbe/0xf80
[  322.991176][ T8840]  do_syscall_64+0xfa/0xf80
[  322.991192][ T8840]  ? lockdep_hardirqs_on+0x98/0x140
[  322.991221][ T8840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.991239][ T8840]  ? clear_bhb_loop+0x60/0xb0
[  322.991264][ T8840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.991283][ T8840] RIP: 0033:0x7f15bab8f749
[  322.991302][ T8840] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.991320][ T8840] RSP: 002b:00007f15bba9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  322.991343][ T8840] RAX: ffffffffffffffda RBX: 00007f15bade5fa0 RCX: 00007f15bab8f749
[  322.991357][ T8840] RDX: 0000000020008084 RSI: 0000200000000200 RDI: 0000000000000004
[  322.991370][ T8840] RBP: 00007f15bba9b090 R08: 0000000000000000 R09: 0000000000000000
[  322.991382][ T8840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  322.991394][ T8840] R13: 00007f15bade6038 R14: 00007f15bade5fa0 R15: 00007f15baf0fa28
[  322.991429][ T8840]  </TASK>
[  323.539498][ T5887] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  323.754393][ T5887] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  323.765125][ T5887] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  323.774394][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.784261][ T5887] usb 3-1: config 0 descriptor??
[  323.877857][ T5995] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  323.890368][ T5887] hdpvr 3-1:0.0: Could not find bulk-in endpoint
[  323.896814][ T5887] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -12
[  324.439510][ T5995] usb 5-1: Using ep0 maxpacket: 16
[  324.973793][ T5995] usb 5-1: config 3 has an invalid interface number: 156 but max is 0
[  324.998701][ T5995] usb 5-1: config 3 has no interface number 0
[  325.015289][ T5995] usb 5-1: config 3 interface 156 has no altsetting 0
[  325.086251][ T5995] usb 5-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=f1.d8
[  325.118866][ T5995] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.127462][ T5995] usb 5-1: Product: syz
[  325.137864][ T5995] usb 5-1: Manufacturer: syz
[  325.142770][ T5995] usb 5-1: SerialNumber: syz
[  325.433999][ T8847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.460209][ T8847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.713361][ T8868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.744118][ T8868] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.762565][ T8868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.783328][ T8868] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  326.089549][  T985] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  326.239742][  T985] usb 2-1: Using ep0 maxpacket: 8
[  326.248110][  T985] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  326.257683][  T985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.281550][  T985] pvrusb2: Hardware description: Terratec Grabster AV400
[  326.292733][  T985] pvrusb2: **********
[  326.297250][  T985] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  326.313311][  T985] pvrusb2: Important functionality might not be entirely working.
[  326.326652][  T985] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  326.345919][  T985] pvrusb2: **********
[  326.484969][ T2348] pvrusb2: Invalid write control endpoint
[  326.696551][  T985] usb 2-1: USB disconnect, device number 34
[  326.774343][ T2348] pvrusb2: Invalid write control endpoint
[  326.780554][ T2348] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  326.790774][ T2348] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  326.798830][ T2348] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  326.828993][ T2348] pvrusb2: Device being rendered inoperable
[  326.860206][ T2348] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  326.886584][ T5995] gl620a 5-1:3.156: probe with driver gl620a failed with error -22
[  326.898019][ T2348] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  326.929850][ T2348] pvrusb2: Attached sub-driver cx25840
[  326.945517][ T5995] usb 5-1: USB disconnect, device number 34
[  326.969505][ T2348] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  327.009567][ T2348] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  327.110763][ T5887] usb 3-1: USB disconnect, device number 33
[  327.397906][ T8896] xt_TPROXY: Can be used only with -p tcp or -p udp
[  327.415824][ T8896] netlink: 88 bytes leftover after parsing attributes in process `syz.0.780'.
[  327.672190][  T985] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  327.849499][  T985] usb 4-1: Using ep0 maxpacket: 32
[  327.875713][  T985] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[  327.890835][  T985] usb 4-1: config 0 has no interface number 0
[  327.905012][  T985] usb 4-1: config 0 interface 128 has no altsetting 0
[  327.923508][  T985] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=a5.bc
[  327.936183][  T985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.960683][  T985] usb 4-1: Product: syz
[  327.976672][  T985] usb 4-1: Manufacturer: syz
[  327.987623][  T985] usb 4-1: SerialNumber: syz
[  328.015256][  T985] usb 4-1: config 0 descriptor??
[  328.031043][  T985] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  328.050075][  T985] usb 4-1: setting power ON
[  328.061217][  T985] dvb-usb: bulk message failed: -22 (2/0)
[  328.084370][  T985] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  328.105992][  T985] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  328.130049][  T985] usb 4-1: media controller created
[  328.140199][ T8906] xt_recent: Unsupported userspace flags (000000de)
[  328.172103][ T8891] syz.2.781: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  328.203426][  T985] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  328.219486][ T8891] CPU: 1 UID: 0 PID: 8891 Comm: syz.2.781 Not tainted syzkaller #0 PREEMPT(full) 
[  328.219520][ T8891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  328.219533][ T8891] Call Trace:
[  328.219542][ T8891]  <TASK>
[  328.219551][ T8891]  dump_stack_lvl+0x189/0x250
[  328.219579][ T8891]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  328.219610][ T8891]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.219632][ T8891]  ? __pfx__printk+0x10/0x10
[  328.219659][ T8891]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  328.219688][ T8891]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  328.219724][ T8891]  warn_alloc+0x214/0x310
[  328.219752][ T8891]  ? __pfx_warn_alloc+0x10/0x10
[  328.219782][ T8891]  ? __get_vm_area_node+0x28f/0x300
[  328.219813][ T8891]  ? translate_table+0x198/0x2000
[  328.219850][ T8891]  __vmalloc_node_range_noprof+0x690/0x12d0
[  328.219913][ T8891]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  328.219941][ T8891]  ? translate_table+0x198/0x2000
[  328.219967][ T8891]  ? rcu_is_watching+0x15/0xb0
[  328.219990][ T8891]  ? translate_table+0x198/0x2000
[  328.220011][ T8891]  __kvmalloc_node_noprof+0x674/0x900
[  328.220029][ T8891]  ? translate_table+0x198/0x2000
[  328.220050][ T8891]  ? do_ipt_set_ctl+0x881/0xcd0
[  328.220069][ T8891]  ? nf_setsockopt+0x26f/0x290
[  328.220090][ T8891]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  328.220118][ T8891]  ? do_syscall_64+0xfa/0xf80
[  328.220145][ T8891]  translate_table+0x198/0x2000
[  328.220191][ T8891]  ? __pfx_translate_table+0x10/0x10
[  328.220216][ T8891]  ? __might_fault+0xb0/0x130
[  328.220266][ T8891]  ? _copy_from_user+0x94/0xb0
[  328.220294][ T8891]  do_ipt_set_ctl+0x967/0xcd0
[  328.220320][ T8891]  ? rcu_is_watching+0x15/0xb0
[  328.220342][ T8891]  ? trace_contention_end+0x39/0x100
[  328.220367][ T8891]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  328.220414][ T8891]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  328.220447][ T8891]  ? __pfx_aa_sk_perm+0x10/0x10
[  328.220477][ T8891]  nf_setsockopt+0x26f/0x290
[  328.220502][ T8891]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  328.220532][ T8891]  do_sock_setsockopt+0x17c/0x1b0
[  328.220567][ T8891]  __x64_sys_setsockopt+0x13f/0x1b0
[  328.220603][ T8891]  do_syscall_64+0xfa/0xf80
[  328.220620][ T8891]  ? lockdep_hardirqs_on+0x98/0x140
[  328.220651][ T8891]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.220671][ T8891]  ? clear_bhb_loop+0x60/0xb0
[  328.220696][ T8891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.220715][ T8891] RIP: 0033:0x7fec9e78f749
[  328.220736][ T8891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.220754][ T8891] RSP: 002b:00007fec9f657038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  328.220778][ T8891] RAX: ffffffffffffffda RBX: 00007fec9e9e5fa0 RCX: 00007fec9e78f749
[  328.220794][ T8891] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  328.220807][ T8891] RBP: 00007fec9e813f91 R08: 0000000000000428 R09: 0000000000000000
[  328.220821][ T8891] R10: 0000200000000700 R11: 0000000000000246 R12: 0000000000000000
[  328.220888][ T8891] R13: 00007fec9e9e6038 R14: 00007fec9e9e5fa0 R15: 00007fec9eb0fa28
[  328.220924][ T8891]  </TASK>
[  328.220933][ T8891] Mem-Info:
[  328.578312][  T985] usb 4-1: digital interface selection failed (-22)
[  328.604729][  T985] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  328.620181][  T985] usb 4-1: setting power OFF
[  328.633391][  T985] dvb-usb: bulk message failed: -22 (2/0)
[  328.639180][  T985] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  328.671611][  T985] (NULL device *): no alternate interface
[  328.731215][ T8891] active_anon:7093 inactive_anon:0 isolated_anon:0
[  328.731215][ T8891]  active_file:3609 inactive_file:40004 isolated_file:0
[  328.731215][ T8891]  unevictable:768 dirty:219 writeback:0
[  328.731215][ T8891]  slab_reclaimable:6457 slab_unreclaimable:100047
[  328.731215][ T8891]  mapped:32623 shmem:1357 pagetables:1320
[  328.731215][ T8891]  sec_pagetables:0 bounce:0
[  328.731215][ T8891]  kernel_misc_reclaimable:0
[  328.731215][ T8891]  free:1311157 free_pcp:16880 free_cma:0
[  328.757560][  T985] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  328.786602][    C0] vkms_vblank_simulate: vblank timer overrun
[  328.846548][  T985] usb 4-1: USB disconnect, device number 27
[  328.876662][ T8891] Node 0 active_anon:29072kB inactive_anon:0kB active_file:14436kB inactive_file:159812kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130492kB dirty:876kB writeback:0kB shmem:3892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12936kB pagetables:5224kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  328.979488][ T8891] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  329.009544][    C0] vkms_vblank_simulate: vblank timer overrun
[  329.102628][ T8891] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  329.157132][ T8891] lowmem_reserve[]: 0 2504 2504 2504 2504
[  329.163527][ T8891] Node 0 DMA32 free:1340824kB boost:0kB min:34308kB low:42884kB high:51460kB reserved_highatomic:0KB free_highatomic:0KB active_anon:25292kB inactive_anon:0kB active_file:14436kB inactive_file:159816kB unevictable:1536kB writepending:884kB zspages:0kB present:3129332kB managed:2564720kB mlocked:0kB bounce:0kB free_pcp:52480kB local_pcp:28156kB free_cma:0kB
[  329.588118][ T8891] lowmem_reserve[]: 0 0 0 0 0
[  329.603565][ T8891] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  329.699498][ T8891] lowmem_reserve[]: 0 0 0 0 0
[  329.709852][ T8891] Node 1 Normal free:3887376kB boost:0kB min:55592kB low:69488kB high:83384kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:20896kB local_pcp:10144kB free_cma:0kB
[  329.809582][ T8891] lowmem_reserve[]: 0 0 0 0 0
[  329.831982][ T8891] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  329.871755][ T8918] kvm: MONITOR instruction emulated as NOP!
[  329.894231][ T8891] Node 0 DMA32: 2*4kB (UM) 40*8kB (ME) 194*16kB (UME) 161*32kB (ME) 103*64kB (ME) 48*128kB (ME) 24*256kB (ME) 5*512kB (UME) 1*1024kB (E) 2*2048kB (ME) 318*4096kB (M) = 1337672kB
[  329.925958][ T8891] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  329.946963][ T8891] Node 1 Normal: 174*4kB (UE) 33*8kB (UME) 41*16kB (UME) 68*32kB (UME) 21*64kB (UME) 6*128kB (UME) 4*256kB (UME) 5*512kB (UME) 1*1024kB (M) 1*2048kB (E) 946*4096kB (M) = 3887376kB
[  329.983832][ T8891] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  330.003899][ T8891] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  330.016116][ T8891] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  330.027412][ T8891] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  330.038854][ T8891] 44966 total pagecache pages
[  330.067868][ T8891] 0 pages in swap cache
[  330.072642][ T8891] Free swap  = 124996kB
[  330.077067][ T8891] Total swap = 124996kB
[  330.083709][ T8891] 2097051 pages RAM
[  330.091374][ T8891] 0 pages HighMem/MovableOnly
[  330.099227][ T8891] 424229 pages reserved
[  330.108661][ T8891] 0 pages cma reserved
[  330.376819][ T8932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  330.405448][ T8932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  331.534401][ T6420] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  331.700944][ T6420] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  331.753694][ T6420] usb 4-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19
[  331.772994][ T6420] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.799470][ T6420] usb 4-1: Product: syz
[  331.819517][ T6420] usb 4-1: Manufacturer: syz
[  331.864909][ T6420] usb 4-1: SerialNumber: syz
[  331.962558][ T6420] usb 4-1: config 0 descriptor??
[  332.008772][ T6420] usbtouchscreen 4-1:0.0: probe with driver usbtouchscreen failed with error -32
[  332.241340][ T8946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.270088][ T8946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.305509][ T8946] netlink: 4 bytes leftover after parsing attributes in process `syz.3.796'.
[  332.315528][ T8946] netlink: 12 bytes leftover after parsing attributes in process `syz.3.796'.
[  332.494648][ T8946] sctp: [Deprecated]: syz.3.796 (pid 8946) Use of int in max_burst socket option deprecated.
[  332.494648][ T8946] Use struct sctp_assoc_value instead
[  332.547319][ T6420] usb 4-1: USB disconnect, device number 28
[  334.521588][ T8993] openvswitch: netlink: VXLAN extension 30 out of range max 1
[  334.590258][ T8993] netlink: 'syz.2.808': attribute type 12 has an invalid length.
[  335.146516][ T9008] netlink: 'syz.3.812': attribute type 10 has an invalid length.
[  335.463861][ T9014] xt_TPROXY: Can be used only with -p tcp or -p udp
[  335.481432][ T9014] netlink: 88 bytes leftover after parsing attributes in process `syz.0.814'.
[  335.813810][ T9022] netlink: 16 bytes leftover after parsing attributes in process `syz.4.816'.
[  336.151500][ T9027] netlink: 16 bytes leftover after parsing attributes in process `syz.1.818'.
[  336.674718][ T9029] FAULT_INJECTION: forcing a failure.
[  336.674718][ T9029] name failslab, interval 1, probability 0, space 0, times 0
[  336.687690][ T9029] CPU: 1 UID: 0 PID: 9029 Comm: syz.1.819 Not tainted syzkaller #0 PREEMPT(full) 
[  336.687708][ T9029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  336.687715][ T9029] Call Trace:
[  336.687721][ T9029]  <TASK>
[  336.687726][ T9029]  dump_stack_lvl+0x189/0x250
[  336.687745][ T9029]  ? __pfx____ratelimit+0x10/0x10
[  336.687763][ T9029]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.687776][ T9029]  ? __pfx__printk+0x10/0x10
[  336.687796][ T9029]  ? __io_read+0x14f8/0x1500
[  336.687811][ T9029]  should_fail_ex+0x414/0x560
[  336.687830][ T9029]  should_failslab+0xa8/0x100
[  336.687845][ T9029]  __kmalloc_noprof+0xcb/0x7e0
[  336.687862][ T9029]  ? io_cache_alloc_new+0x40/0x100
[  336.687883][ T9029]  io_cache_alloc_new+0x40/0x100
[  336.687900][ T9029]  io_arm_apoll+0x474/0x8f0
[  336.687919][ T9029]  ? __pfx_io_arm_apoll+0x10/0x10
[  336.687935][ T9029]  ? __io_issue_sqe+0x1f9/0x4b0
[  336.687948][ T9029]  ? io_file_get_normal+0x176/0x2d0
[  336.687961][ T9029]  ? io_arm_poll_handler+0x207/0x2a0
[  336.687979][ T9029]  io_queue_async+0x175/0x240
[  336.687996][ T9029]  io_submit_sqes+0xe68/0x1e40
[  336.688027][ T9029]  __se_sys_io_uring_enter+0x2df/0x2b00
[  336.688052][ T9029]  ? ksys_write+0x1cb/0x250
[  336.688078][ T9029]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  336.688090][ T9029]  ? __mutex_unlock_slowpath+0x1a1/0x730
[  336.688103][ T9029]  ? __pfx_vfs_write+0x10/0x10
[  336.688121][ T9029]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  336.688135][ T9029]  ? __fget_files+0x3a0/0x420
[  336.688153][ T9029]  ? fput+0xa0/0xd0
[  336.688167][ T9029]  ? ksys_write+0x22a/0x250
[  336.688184][ T9029]  ? __pfx_ksys_write+0x10/0x10
[  336.688203][ T9029]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  336.688219][ T9029]  do_syscall_64+0xfa/0xf80
[  336.688229][ T9029]  ? lockdep_hardirqs_on+0x98/0x140
[  336.688246][ T9029]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.688258][ T9029]  ? clear_bhb_loop+0x60/0xb0
[  336.688272][ T9029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.688283][ T9029] RIP: 0033:0x7f9e04d8f749
[  336.688295][ T9029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  336.688306][ T9029] RSP: 002b:00007f9e05bcd038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  336.688320][ T9029] RAX: ffffffffffffffda RBX: 00007f9e04fe5fa0 RCX: 00007f9e04d8f749
[  336.688329][ T9029] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000004
[  336.688337][ T9029] RBP: 00007f9e05bcd090 R08: 0000000000000000 R09: 0000000000000000
[  336.688344][ T9029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  336.688352][ T9029] R13: 00007f9e04fe6038 R14: 00007f9e04fe5fa0 R15: 00007f9e0510fa28
[  336.688372][ T9029]  </TASK>
[  337.979710][ T5990] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  338.201374][ T5990] usb 2-1: device descriptor read/64, error -71
[  338.833592][ T5990] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  339.502824][ T5990] usb 2-1: device descriptor read/64, error -71
[  339.619873][ T5990] usb usb2-port1: attempt power cycle
[  340.409472][ T5990] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  341.797675][ T5995] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  341.855163][ T9070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.827'.
[  341.994423][ T5995] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  342.019527][ T5995] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  342.220596][ T5995] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  342.262445][ T5995] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  342.306859][ T5990] usb 2-1: device descriptor read/8, error -71
[  342.445988][ T5995] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  342.495968][ T5995] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.549527][ T5995] usb 3-1: config 0 descriptor??
[  343.124703][ T9062] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  344.041768][ T9097] FAULT_INJECTION: forcing a failure.
[  344.041768][ T9097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  344.133697][ T9097] CPU: 1 UID: 0 PID: 9097 Comm: syz.0.834 Not tainted syzkaller #0 PREEMPT(full) 
[  344.133728][ T9097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  344.133750][ T9097] Call Trace:
[  344.133758][ T9097]  <TASK>
[  344.133768][ T9097]  dump_stack_lvl+0x189/0x250
[  344.133795][ T9097]  ? __pfx____ratelimit+0x10/0x10
[  344.133825][ T9097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  344.133845][ T9097]  ? __pfx__printk+0x10/0x10
[  344.133871][ T9097]  ? __might_fault+0xb0/0x130
[  344.133915][ T9097]  should_fail_ex+0x414/0x560
[  344.133947][ T9097]  _copy_from_user+0x2d/0xb0
[  344.133970][ T9097]  kstrtouint_from_user+0xc4/0x170
[  344.134000][ T9097]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  344.134048][ T9097]  proc_fail_nth_write+0x88/0x200
[  344.134079][ T9097]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  344.134115][ T9097]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  344.134147][ T9097]  vfs_write+0x27e/0xb30
[  344.134186][ T9097]  ? __pfx_vfs_write+0x10/0x10
[  344.134217][ T9097]  ? __fget_files+0x2a/0x420
[  344.134246][ T9097]  ? __fget_files+0x3a0/0x420
[  344.134265][ T9097]  ? __fget_files+0x2a/0x420
[  344.134297][ T9097]  ksys_write+0x145/0x250
[  344.134330][ T9097]  ? __pfx_ksys_write+0x10/0x10
[  344.134362][ T9097]  ? do_syscall_64+0xbe/0xf80
[  344.134386][ T9097]  do_syscall_64+0xfa/0xf80
[  344.134403][ T9097]  ? lockdep_hardirqs_on+0x98/0x140
[  344.134431][ T9097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.134450][ T9097]  ? clear_bhb_loop+0x60/0xb0
[  344.134474][ T9097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.134494][ T9097] RIP: 0033:0x7f4f9b98e1ff
[  344.134513][ T9097] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  344.134530][ T9097] RSP: 002b:00007f4f9c75a030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  344.134554][ T9097] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4f9b98e1ff
[  344.134568][ T9097] RDX: 0000000000000001 RSI: 00007f4f9c75a0a0 RDI: 0000000000000004
[  344.134581][ T9097] RBP: 00007f4f9c75a090 R08: 0000000000000000 R09: 0000000000000000
[  344.134593][ T9097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  344.134604][ T9097] R13: 00007f4f9bbe6038 R14: 00007f4f9bbe5fa0 R15: 00007f4f9bd0fa28
[  344.134640][ T9097]  </TASK>
[  344.921533][ T5887] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  345.325584][ T5995] usbhid 3-1:0.0: can't add hid device: -71
[  345.340293][ T5995] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  345.450395][ T5995] usb 3-1: USB disconnect, device number 34
[  346.489613][ T5887] usb 2-1: device descriptor read/64, error -71
[  346.799540][ T5887] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  346.909657][ T6420] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  346.939580][ T5887] usb 2-1: device descriptor read/64, error -71
[  347.047887][ T9130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.841'.
[  347.059851][ T5887] usb usb2-port1: attempt power cycle
[  347.124057][ T6420] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  347.178191][ T6420] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  347.206650][ T6420] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  347.299201][ T6420] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  347.329879][ T6420] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  347.369029][ T6420] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.401953][ T6420] usb 5-1: config 0 descriptor??
[  347.489837][ T5887] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  347.513877][ T5887] usb 2-1: device descriptor read/8, error -71
[  347.769473][ T5887] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  347.791093][ T5887] usb 2-1: device descriptor read/8, error -71
[  347.851149][ T9114] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  347.938324][ T5887] usb usb2-port1: unable to enumerate USB device
[  349.582651][ T6420] usbhid 5-1:0.0: can't add hid device: -71
[  349.589187][ T6420] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  349.631028][ T6420] usb 5-1: USB disconnect, device number 36
[  349.771058][ T9151] bond0: (slave bond_slave_1): Releasing backup interface
[  350.719587][ T5920] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  350.869476][ T5920] usb 2-1: Using ep0 maxpacket: 8
[  350.896849][ T5920] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  350.921887][ T5920] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  350.939400][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.947526][ T5920] usb 2-1: Product: syz
[  350.955324][ T5920] usb 2-1: Manufacturer: syz
[  350.964114][ T5920] usb 2-1: SerialNumber: syz
[  350.983311][ T5920] usb 2-1: config 0 descriptor??
[  350.998186][ T5920] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  351.015011][ T5920] usb 2-1: setting power ON
[  351.025035][ T5920] dvb-usb: bulk message failed: -22 (2/0)
[  351.057476][ T5920] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  351.079951][ T5920] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  351.088601][ T5920] usb 2-1: media controller created
[  351.128576][ T5920] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  351.222334][ T5920] usb 2-1: selecting invalid altsetting 6
[  351.273664][ T5920] usb 2-1: digital interface selection failed (-22)
[  351.286881][ T5920] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  351.301416][ T5920] usb 2-1: setting power OFF
[  351.306060][ T5920] dvb-usb: bulk message failed: -22 (2/0)
[  351.313799][ T5920] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  351.326356][ T5920] (NULL device *): no alternate interface
[  351.405721][ T5920] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  351.440123][ T5920] usb 2-1: USB disconnect, device number 43
[  351.959674][ T5887] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  352.099657][ T5887] usb 4-1: device descriptor read/64, error -71
[  352.339465][ T5887] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  352.490965][ T5887] usb 4-1: device descriptor read/64, error -71
[  352.600846][ T5887] usb usb4-port1: attempt power cycle
[  352.949487][ T5887] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  352.980479][ T5887] usb 4-1: device descriptor read/8, error -71
[  353.182382][   T30] audit: type=1326 audit(1764702329.245:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.204500][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.213606][   T30] audit: type=1326 audit(1764702329.275:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f9e04d8de97 code=0x7ffc0000
[  353.235792][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.244630][ T5887] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  353.270119][   T30] audit: type=1326 audit(1764702329.275:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.323201][ T5887] usb 4-1: device descriptor read/8, error -71
[  353.378240][   T30] audit: type=1326 audit(1764702329.275:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.400408][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.459898][ T5887] usb usb4-port1: unable to enumerate USB device
[  353.531469][   T30] audit: type=1326 audit(1764702329.275:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.553596][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.637285][   T30] audit: type=1326 audit(1764702329.275:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=4 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.726607][   T30] audit: type=1326 audit(1764702329.275:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.779693][   T30] audit: type=1326 audit(1764702329.275:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.802718][    C0] vkms_vblank_simulate: vblank timer overrun
[  353.809748][   T30] audit: type=1326 audit(1764702329.275:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  353.840271][   T30] audit: type=1326 audit(1764702329.275:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9190 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9e04d8f749 code=0x7ffc0000
[  354.112506][ T5958] hid-generic 0000:0003:0001.000F: unknown main item tag 0x0
[  354.133477][ T5958] hid-generic 0000:0003:0001.000F: unknown main item tag 0x0
[  354.217988][ T5958] hid-generic 0000:0003:0001.000F: hidraw0: <UNKNOWN> HID v0.03 Device [syz0] on syz1
[  354.236197][ T9211] program syz.0.867 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  354.469838][ T5920] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  354.637734][ T5920] usb 2-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51
[  354.647120][ T5920] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.672572][ T5920] usb 2-1: Product: syz
[  354.699193][ T5920] usb 2-1: Manufacturer: syz
[  354.725467][ T5920] usb 2-1: SerialNumber: syz
[  354.747883][ T9215] fido_id[9215]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  354.791025][ T5920] usb 2-1: config 0 descriptor??
[  354.826942][ T5920] rndis_host 2-1:0.0: More than one union descriptor, skipping ...
[  354.846216][ T5920] usb 2-1: bad CDC descriptors
[  354.861981][ T5920] cdc_acm 2-1:0.0: More than one union descriptor, skipping ...
[  355.123143][ T9222] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  355.171448][ T9222] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  355.190478][ T9222] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  355.219717][ T9222] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  355.720108][ T9222] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  355.732338][ T9222] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  355.848032][ T9222] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  355.871578][ T9222] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  355.941948][ T9222] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  356.121779][ T9222] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  357.090506][   T24] usb 2-1: USB disconnect, device number 44
[  357.172674][ T5852] Bluetooth: hci0: command 0x0406 tx timeout
[  357.249613][ T5852] Bluetooth: hci2: command 0x0406 tx timeout
[  357.575357][   T24] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  357.708856][ T9257] netlink: 'syz.3.878': attribute type 10 has an invalid length.
[  357.727476][ T9257] netlink: 2 bytes leftover after parsing attributes in process `syz.3.878'.
[  357.748707][ T9257] team0: Device dummy0 is up. Set it down before adding it as a team port
[  357.759657][   T24] usb 2-1: Using ep0 maxpacket: 32
[  357.774980][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  357.809563][ T5852] Bluetooth: hci1: command 0x0406 tx timeout
[  357.839514][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  357.870311][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  357.882255][   T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  357.891886][ T5852] Bluetooth: hci3: command 0x0406 tx timeout
[  357.898671][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.943207][   T24] usb 2-1: config 0 descriptor??
[  357.948900][ T9248] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  357.970066][ T5852] Bluetooth: hci4: command 0x0406 tx timeout
[  357.981347][   T24] hub 2-1:0.0: USB hub found
[  358.166163][ T9248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.190421][ T9248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.205581][   T24] hub 2-1:0.0: 2 ports detected
[  358.238751][ T9264] FAULT_INJECTION: forcing a failure.
[  358.238751][ T9264] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  358.278236][ T9264] CPU: 0 UID: 0 PID: 9264 Comm: syz.2.881 Not tainted syzkaller #0 PREEMPT(full) 
[  358.278267][ T9264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  358.278280][ T9264] Call Trace:
[  358.278288][ T9264]  <TASK>
[  358.278298][ T9264]  dump_stack_lvl+0x189/0x250
[  358.278327][ T9264]  ? __pfx____ratelimit+0x10/0x10
[  358.278356][ T9264]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.278378][ T9264]  ? __pfx__printk+0x10/0x10
[  358.278420][ T9264]  should_fail_ex+0x414/0x560
[  358.278452][ T9264]  _copy_to_user+0x31/0xb0
[  358.278475][ T9264]  simple_read_from_buffer+0xe1/0x170
[  358.278503][ T9264]  proc_fail_nth_read+0x1b3/0x220
[  358.278537][ T9264]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  358.278572][ T9264]  ? rw_verify_area+0x2a6/0x4d0
[  358.278600][ T9264]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  358.278631][ T9264]  vfs_read+0x200/0xa30
[  358.278659][ T9264]  ? fdget_pos+0x247/0x320
[  358.278686][ T9264]  ? __pfx___mutex_lock+0x10/0x10
[  358.278708][ T9264]  ? __pfx_vfs_read+0x10/0x10
[  358.278738][ T9264]  ? __fget_files+0x2a/0x420
[  358.278764][ T9264]  ? __fget_files+0x3a0/0x420
[  358.278785][ T9264]  ? __fget_files+0x2a/0x420
[  358.278818][ T9264]  ksys_read+0x145/0x250
[  358.278851][ T9264]  ? __pfx_ksys_read+0x10/0x10
[  358.278883][ T9264]  ? do_syscall_64+0xbe/0xf80
[  358.278905][ T9264]  do_syscall_64+0xfa/0xf80
[  358.278921][ T9264]  ? lockdep_hardirqs_on+0x98/0x140
[  358.278949][ T9264]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.278977][ T9264]  ? clear_bhb_loop+0x60/0xb0
[  358.279003][ T9264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.279022][ T9264] RIP: 0033:0x7fec9e78e15c
[  358.279040][ T9264] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  358.279057][ T9264] RSP: 002b:00007fec9f657030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  358.279080][ T9264] RAX: ffffffffffffffda RBX: 00007fec9e9e5fa0 RCX: 00007fec9e78e15c
[  358.279095][ T9264] RDX: 000000000000000f RSI: 00007fec9f6570a0 RDI: 0000000000000005
[  358.279109][ T9264] RBP: 00007fec9f657090 R08: 0000000000000000 R09: 0000000000000000
[  358.279121][ T9264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  358.279133][ T9264] R13: 00007fec9e9e6038 R14: 00007fec9e9e5fa0 R15: 00007fec9eb0fa28
[  358.279170][ T9264]  </TASK>
[  358.507245][    C0] vkms_vblank_simulate: vblank timer overrun
[  358.620466][ T9265] tipc: New replicast peer: 255.255.255.255
[  358.621420][ T9265] tipc: Enabled bearer <udp:syz2>, priority 0
[  358.719620][   T24] hub 2-1:0.0: hub_hub_status failed (err = -71)
[  358.749480][ T5920] usb 5-1: new low-speed USB device number 37 using dummy_hcd
[  358.771359][   T24] hub 2-1:0.0: config failed, can't get hub status (err -71)
[  358.785736][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  358.785753][   T30] audit: type=1326 audit(1764702334.845:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  358.803494][   T24] usbhid 2-1:0.0: can't add hid device: -71
[  358.823419][   T30] audit: type=1326 audit(1764702334.885:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  358.854574][ T9271] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  358.863514][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  358.879522][ T5920] usb 5-1: device descriptor read/64, error -71
[  358.889628][ T9271] audit: out of memory in audit_log_start
[  358.920201][   T24] usb 2-1: USB disconnect, device number 45
[  358.920639][   T30] audit: type=1326 audit(1764702334.885:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  358.974159][   T30] audit: type=1326 audit(1764702334.885:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  358.997880][   T30] audit: type=1326 audit(1764702334.915:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  359.020123][    C0] vkms_vblank_simulate: vblank timer overrun
[  359.074495][ T9276] tipc: Started in network mode
[  359.079619][ T9276] tipc: Node identity ac1414aa, cluster identity 4711
[  359.087779][ T9276] tipc: Enabled bearer <udp:syz2>, priority 0
[  359.119665][ T5920] usb 5-1: new low-speed USB device number 38 using dummy_hcd
[  359.177575][   T30] audit: type=1326 audit(1764702334.915:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  359.199805][    C0] vkms_vblank_simulate: vblank timer overrun
[  359.211872][   T30] audit: type=1326 audit(1764702334.915:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  359.234338][    C0] vkms_vblank_simulate: vblank timer overrun
[  359.245410][   T30] audit: type=1326 audit(1764702334.915:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9270 comm="syz.2.883" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec9e78f749 code=0x7ffc0000
[  359.267757][    C0] vkms_vblank_simulate: vblank timer overrun
[  359.274022][ T5852] Bluetooth: hci0: command 0x0406 tx timeout
[  359.280706][ T5920] usb 5-1: device descriptor read/64, error -71
[  359.330140][ T5852] Bluetooth: hci2: command 0x0406 tx timeout
[  359.399996][ T5920] usb usb5-port1: attempt power cycle
[  359.465559][ T5958] IPVS: starting estimator thread 0...
[  359.560559][ T9284] IPVS: using max 26 ests per chain, 62400 per kthread
[  359.644285][   T24] tipc: Node number set to 1396974555
[  359.685004][ T5887] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  359.739484][ T5920] usb 5-1: new low-speed USB device number 39 using dummy_hcd
[  359.804503][ T5920] usb 5-1: device descriptor read/8, error -71
[  359.831539][ T9288] FAULT_INJECTION: forcing a failure.
[  359.831539][ T9288] name failslab, interval 1, probability 0, space 0, times 0
[  359.844579][ T9288] CPU: 0 UID: 0 PID: 9288 Comm: syz.1.890 Not tainted syzkaller #0 PREEMPT(full) 
[  359.844597][ T9288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  359.844605][ T9288] Call Trace:
[  359.844611][ T9288]  <TASK>
[  359.844616][ T9288]  dump_stack_lvl+0x189/0x250
[  359.844634][ T9288]  ? __pfx____ratelimit+0x10/0x10
[  359.844652][ T9288]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.844664][ T9288]  ? __pfx__printk+0x10/0x10
[  359.844689][ T9288]  should_fail_ex+0x414/0x560
[  359.844709][ T9288]  should_failslab+0xa8/0x100
[  359.844723][ T9288]  __kmalloc_cache_noprof+0x6f/0x6e0
[  359.844747][ T9288]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  359.844764][ T9288]  ? sctp_add_bind_addr+0x8c/0x370
[  359.844784][ T9288]  sctp_add_bind_addr+0x8c/0x370
[  359.844802][ T9288]  sctp_copy_local_addr_list+0x30b/0x4e0
[  359.844822][ T9288]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[  359.844838][ T9288]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  359.844856][ T9288]  ? sctp_v6_is_any+0x64/0x80
[  359.844873][ T9288]  ? sctp_copy_one_addr+0x93/0x360
[  359.844892][ T9288]  sctp_bind_addr_copy+0xb3/0x3c0
[  359.844908][ T9288]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  359.844925][ T9288]  sctp_connect_new_asoc+0x2e0/0x690
[  359.844939][ T9288]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  359.844955][ T9288]  ? sctp_get_af_specific+0x29/0x80
[  359.844970][ T9288]  ? sctp_inet6_send_verify+0x80/0x300
[  359.844985][ T9288]  ? sctp_endpoint_lookup_assoc+0xd1/0x260
[  359.844999][ T9288]  __sctp_connect+0x5ba/0xd50
[  359.845019][ T9288]  ? __pfx___sctp_connect+0x10/0x10
[  359.845037][ T9288]  sctp_inet_connect+0x12e/0x1e0
[  359.845056][ T9288]  __sys_connect+0x316/0x440
[  359.845072][ T9288]  ? __fget_files+0x3a0/0x420
[  359.845086][ T9288]  ? __pfx___sys_connect+0x10/0x10
[  359.845109][ T9288]  ? __pfx_ksys_write+0x10/0x10
[  359.845130][ T9288]  __x64_sys_connect+0x7a/0x90
[  359.845146][ T9288]  do_syscall_64+0xfa/0xf80
[  359.845157][ T9288]  ? lockdep_hardirqs_on+0x98/0x140
[  359.845174][ T9288]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.845186][ T9288]  ? clear_bhb_loop+0x60/0xb0
[  359.845200][ T9288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.845212][ T9288] RIP: 0033:0x7f9e04d8f749
[  359.845223][ T9288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.845234][ T9288] RSP: 002b:00007f9e05bcd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  359.845249][ T9288] RAX: ffffffffffffffda RBX: 00007f9e04fe5fa0 RCX: 00007f9e04d8f749
[  359.845257][ T9288] RDX: 000000000000001c RSI: 0000200000000000 RDI: 0000000000000003
[  359.845265][ T9288] RBP: 00007f9e05bcd090 R08: 0000000000000000 R09: 0000000000000000
[  359.845272][ T9288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  359.845280][ T9288] R13: 00007f9e04fe6038 R14: 00007f9e04fe5fa0 R15: 00007f9e0510fa28
[  359.845300][ T9288]  </TASK>
[  360.130603][    C0] vkms_vblank_simulate: vblank timer overrun
[  360.186766][ T5958] tipc: Node number set to 2886997162
[  360.199849][ T5849] Bluetooth: hci3: command 0x0406 tx timeout
[  360.207630][ T5852] Bluetooth: hci1: command 0x0406 tx timeout
[  360.209448][ T5853] Bluetooth: hci4: command 0x0406 tx timeout
[  360.307665][ T5887] usb 4-1: config 0 has no interfaces?
[  360.322533][ T5887] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  360.329488][ T5920] usb 5-1: new low-speed USB device number 40 using dummy_hcd
[  360.358505][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.370347][ T5920] usb 5-1: device descriptor read/8, error -71
[  360.411730][ T5887] usb 4-1: Product: syz
[  360.416209][ T5887] usb 4-1: Manufacturer: syz
[  360.428791][ T5887] usb 4-1: SerialNumber: syz
[  360.459596][ T5887] usb 4-1: config 0 descriptor??
[  360.480370][ T5920] usb usb5-port1: unable to enumerate USB device
[  362.631464][ T5887] usb 4-1: USB disconnect, device number 33
[  362.737464][ T9310] vxcan1: entered promiscuous mode
[  363.100778][ T9322] xt_TPROXY: Can be used only with -p tcp or -p udp
[  363.123726][ T9322] netlink: 88 bytes leftover after parsing attributes in process `syz.3.897'.
[  365.036129][ T9344] program syz.0.907 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  365.447215][ T9358] xt_TCPMSS: Only works on TCP SYN packets
[  365.830371][ T5906] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  366.146733][ T5906] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  366.169975][ T5906] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  366.200710][ T5906] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  366.210574][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  366.218652][ T5906] usb 4-1: SerialNumber: syz
[  366.341518][ T9369] netlink: 16 bytes leftover after parsing attributes in process `syz.2.910'.
[  366.591958][ T5906] usb 4-1: 0:2 : does not exist
[  366.603222][ T5906] usb 4-1: unit 5: unexpected type 0x0a
[  366.707790][ T5906] usb 4-1: USB disconnect, device number 34
[  366.855472][ T8892] udevd[8892]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  367.679671][ T5906] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  367.939645][ T5906] usb 4-1: Using ep0 maxpacket: 32
[  368.045350][ T5906] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  368.061366][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.209544][ T5906] usb 4-1: Product: syz
[  368.215235][ T5906] usb 4-1: Manufacturer: syz
[  368.230836][ T5906] usb 4-1: SerialNumber: syz
[  368.237499][ T5906] usb 4-1: config 0 descriptor??
[  368.601191][ T5906] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: version d4.15 found at bus 004 address 035
[  368.807969][ T9375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  368.956128][ T9375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  369.009746][ T5906] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  369.170826][ T5906] usb 2-1: Using ep0 maxpacket: 8
[  369.182521][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  369.196200][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  369.216410][ T5906] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  369.244650][ T5906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  369.277123][ T5906] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  369.297859][ T5906] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  369.319568][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.368097][ T5906] usb 2-1: config 0 descriptor??
[  369.379824][ T9393] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  369.389803][ T9395] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  369.401704][ T9395] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING
[  369.609182][ T9393] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  369.647972][ T9393] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  369.683573][ T5849] Bluetooth: hci5: unexpected event 0x12 length: 1 < 8
[  369.694203][ T5849] Bluetooth: hci5: Malformed Event: 0x02
[  369.700300][ T5849] Bluetooth: hci5: unexpected event 0x04 length: 15 > 10
[  369.700499][ T5849] Bluetooth: hci5: connection err: -111
[  370.141191][ T9393] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  370.419703][ T5853] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  370.426075][ T5990] usb 2-1: USB disconnect, device number 46
[  370.707414][ T5920] usb 4-1: USB disconnect, device number 35
[  370.805093][ T9410] netlink: 4 bytes leftover after parsing attributes in process `syz.2.924'.
[  371.022167][  T138] 
[  371.024567][  T138] ============================================
[  371.030791][  T138] WARNING: possible recursive locking detected
[  371.036928][  T138] syzkaller #0 Not tainted
[  371.041330][  T138] --------------------------------------------
[  371.047492][  T138] kworker/u8:6/138 is trying to acquire lock:
[  371.053643][  T138] ffffe8ffffd785c0 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x707/0xb80
[  371.062866][  T138] 
[  371.062866][  T138] but task is already holding lock:
[  371.070232][  T138] ffffe8ffffd78c58 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x590/0xb80
[  371.079464][  T138] 
[  371.079464][  T138] other info that might help us debug this:
[  371.087613][  T138]  Possible unsafe locking scenario:
[  371.087613][  T138] 
[  371.095065][  T138]        CPU0
[  371.098348][  T138]        ----
[  371.101639][  T138]   lock(&pd_list->lock);
[  371.105960][  T138]   lock(&pd_list->lock);
[  371.110288][  T138] 
[  371.110288][  T138]  *** DEADLOCK ***
[  371.110288][  T138] 
[  371.118428][  T138]  May be due to missing lock nesting notation
[  371.118428][  T138] 
[  371.126733][  T138] 3 locks held by kworker/u8:6/138:
[  371.131916][  T138]  #0: ffff888146e95948 ((wq_completion)pencrypt_parallel){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x1770
[  371.143835][  T138]  #1: ffffc90002ef7b80 ((work_completion)(&pw->pw_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x1770
[  371.155654][  T138]  #2: ffffe8ffffd78c58 (&pd_list->lock){+...}-{3:3}, at: padata_do_serial+0x590/0xb80
[  371.165303][  T138] 
[  371.165303][  T138] stack backtrace:
[  371.171194][  T138] CPU: 0 UID: 0 PID: 138 Comm: kworker/u8:6 Not tainted syzkaller #0 PREEMPT(full) 
[  371.171213][  T138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  371.171222][  T138] Workqueue: pencrypt_parallel padata_parallel_worker
[  371.171242][  T138] Call Trace:
[  371.171249][  T138]  <TASK>
[  371.171255][  T138]  dump_stack_lvl+0x189/0x250
[  371.171271][  T138]  ? __pfx_dump_stack_lvl+0x10/0x10
[  371.171283][  T138]  ? __pfx__printk+0x10/0x10
[  371.171296][  T138]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  371.171314][  T138]  ? print_lock_name+0xde/0x100
[  371.171329][  T138]  print_deadlock_bug+0x279/0x290
[  371.171343][  T138]  __lock_acquire+0x2540/0x2cf0
[  371.171360][  T138]  ? __queue_work+0xc43/0xf90
[  371.171372][  T138]  ? queue_work_on+0x115/0x270
[  371.171382][  T138]  ? lockdep_hardirqs_on+0x98/0x140
[  371.171400][  T138]  ? padata_do_serial+0x707/0xb80
[  371.171413][  T138]  lock_acquire+0x117/0x340
[  371.171429][  T138]  ? padata_do_serial+0x707/0xb80
[  371.171446][  T138]  _raw_spin_lock+0x2e/0x40
[  371.171460][  T138]  ? padata_do_serial+0x707/0xb80
[  371.171474][  T138]  padata_do_serial+0x707/0xb80
[  371.171491][  T138]  ? padata_parallel_worker+0x44/0x1d0
[  371.171505][  T138]  padata_parallel_worker+0x75/0x1d0
[  371.171519][  T138]  ? process_scheduled_works+0x9ef/0x1770
[  371.171536][  T138]  process_scheduled_works+0xad1/0x1770
[  371.171558][  T138]  ? __pfx_process_scheduled_works+0x10/0x10
[  371.171578][  T138]  worker_thread+0x8a0/0xda0
[  371.171589][  T138]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  371.171607][  T138]  ? __kthread_parkme+0x7b/0x200
[  371.171620][  T138]  kthread+0x711/0x8a0
[  371.171641][  T138]  ? __pfx_worker_thread+0x10/0x10
[  371.171651][  T138]  ? __pfx_kthread+0x10/0x10
[  371.171663][  T138]  ? _raw_spin_unlock_irq+0x23/0x50
[  371.171678][  T138]  ? lockdep_hardirqs_on+0x98/0x140
[  371.171694][  T138]  ? __pfx_kthread+0x10/0x10
[  371.171706][  T138]  ret_from_fork+0x52d/0xa60
[  371.171722][  T138]  ? __pfx_ret_from_fork+0x10/0x10
[  371.171739][  T138]  ? __switch_to_asm+0x39/0x70
[  371.171752][  T138]  ? __switch_to_asm+0x33/0x70
[  371.171764][  T138]  ? __pfx_kthread+0x10/0x10
[  371.171776][  T138]  ret_from_fork_asm+0x1a/0x30
[  371.171793][  T138]  </TASK>
[  371.387278][    C0] vkms_vblank_simulate: vblank timer overrun
[  378.691529][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  378.697826][ T1305] ieee802154 phy1 wpan1: encryption failed: -22