last executing test programs:

7m53.7155855s ago: executing program 1 (id=3632):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000005e00679a3601ff050000000000000066f4366ec9d4"], 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x4000004)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3000000}}], 0x1, 0x0, 0x0)

7m53.590506949s ago: executing program 1 (id=3633):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async, rerun: 64)
setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000040)="52e54c59c85d03489fd156f794dc1c0eeb54686533a095ff0382b7c80ee06ebc5292d27c65a2f6fffce1f7402ce670e09e669a1e2324ccab18b0f69c3fc0f8f61f63f2320dc590ca4866b9cb81a8db4017800df51af60372636dc86e1aadae0005985a64eceb43bd39433ec60bf3799e0be3550c498cf8e62b65e409361abc", 0x7f) (rerun: 64)
ioctl$NILFS_IOCTL_GET_SUSTAT(r1, 0x80306e85, &(0x7f00000000c0))
r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0d05604, &(0x7f0000000340)={0x2, @win={{0x6, 0xbe, 0x70c, 0x8}, 0x0, 0x5, &(0x7f0000000200)={{0x7, 0x5, 0x7, 0x7fffffff}, &(0x7f00000001c0)={{0x3, 0x4, 0x0, 0x93}, &(0x7f0000000180)={{0x5, 0x2, 0x9, 0x80000}, &(0x7f0000000140)={{0x1000, 0x7, 0xbbc, 0xfff}}}}}, 0x3, &(0x7f0000000240)="6aefef6bb367c8cdcf5c3168017c5de479b4b23a6bb63ae205356e8d754486c985ca5d4a6058751254f2255f2a657c3a4bf7599622703c16544ed18c1c2d45bf8745cd60977fb7ef198b7b6e4dda0efaa3abf2d083de33ecc0ad966f1a823c8fcf6153629eeaf74c36b1366bfbe24618a5186fc1e818193532788199406a191b0a80336c4807f6aa4ec608a3c715af40eb838118b9f4b4020a477e5dec77bf4c85a03b7ad0c861bb3b25be8fae0a6d66b95ee65f353fe9bd73d87af2a2bf470e0e", 0x3}}) (async, rerun: 32)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @map_fd={0x18, 0x1, 0x1, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}]}, &(0x7f0000000500)='syzkaller\x00', 0x5, 0x8f, &(0x7f0000000540)=""/143, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000600)={0x0, 0xb, 0x2, 0xffff79a6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000640)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x1], 0x0, 0x10, 0x3}, 0x94) (rerun: 32)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000740)=@generic={&(0x7f0000000440)='./file0\x00', r3}, 0x18) (async)
preadv2(r1, &(0x7f0000000b40)=[{&(0x7f0000000780)=""/204, 0xcc}, {&(0x7f0000000880)=""/162, 0xa2}, {&(0x7f0000000940)=""/103, 0x67}, {&(0x7f00000009c0)=""/23, 0x17}, {&(0x7f0000000a00)=""/31, 0x1f}, {&(0x7f0000000a40)=""/195, 0xc3}], 0x6, 0xfffffffb, 0x2, 0x2) (async)
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000000bc0)) (async)
ioctl$OCFS2_IOC_MOVE_EXT(r0, 0x40406f06, &(0x7f0000000c00)={0x7, 0xb, 0x7, 0xe1a, 0x5})
r4 = getgid() (async)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000d00)={{0x1, 0x1, 0x18, <r5=>r1, {<r6=>0xee00, 0xee00}}, './file1\x00'})
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000d40)=<r7=>0x0) (async)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000d80)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0, <r9=>0x0}}, {{@in=@remote}, 0x0, @in6=@ipv4={""/10, ""/2, @remote}}}, &(0x7f0000000e80)=0xe8)
mount$fuseblk(&(0x7f0000000c40), &(0x7f0000000c80)='./file0\x00', &(0x7f0000000cc0), 0x1800048, &(0x7f0000000ec0)={{}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x2}}, {@max_read={'max_read', 0x3d, 0x7}}, {@blksize={'blksize', 0x3d, 0x1800}}, {@max_read={'max_read', 0x3d, 0x101}}, {@default_permissions}, {@max_read={'max_read', 0x3d, 0x8}}, {@max_read={'max_read', 0x3d, 0xffffffffffffffff}}, {@default_permissions}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@fowner_eq={'fowner', 0x3d, r6}}, {@euid_eq={'euid', 0x3d, r7}}, {@subj_role={'subj_role', 0x3d, ',^]}(!()>$]\''}}, {@fowner_gt={'fowner>', r9}}, {@appraise_type}, {@uid_gt}, {@flag='async'}]}}) (async, rerun: 64)
getsockopt$inet_sctp6_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f00000010c0)={<r10=>0x0, 0x3}, &(0x7f0000001100)=0x8) (rerun: 64)
getsockopt$inet_sctp_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000001140)={r10, 0x4}, &(0x7f0000001180)=0x8) (async, rerun: 32)
setsockopt$sock_int(r5, 0x1, 0x20, &(0x7f00000011c0)=0x6, 0x4) (async, rerun: 32)
ioctl$USBDEVFS_WAIT_FOR_RESUME(r5, 0x5523)
timer_settime(0x0, 0x0, &(0x7f0000001200), &(0x7f0000001240)) (async)
bind$alg(r5, &(0x7f0000001280)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58)
r11 = syz_open_dev$loop(&(0x7f0000001300), 0xbb, 0x80082)
ioctl$BLKTRACETEARDOWN(r11, 0x1276, 0x0) (async)
ioctl$AUTOFS_DEV_IOCTL_READY(r5, 0xc0189376, &(0x7f0000001340)={{0x1, 0x1, 0x18, <r12=>r1, {0x3}}, './file0\x00'})
bind$packet(r12, &(0x7f0000001380)={0x11, 0x3, r8, 0x1, 0x2, 0x6, @remote}, 0x14) (async)
signalfd4(r1, &(0x7f00000013c0)={[0x3cf02129]}, 0x8, 0x80000) (async)
r13 = openat$autofs(0xffffffffffffff9c, &(0x7f0000001400), 0x301200, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r13, 0xc018937c, &(0x7f0000001440)={{0x1, 0x1, 0x18, r11, {0x4}}, './file0\x00'}) (async)
ioctl$FE_DISEQC_RESET_OVERLOAD(r12, 0x6f3e, 0x0) (async)
fcntl$setownex(r11, 0xf, &(0x7f0000001480)={0x2})

7m53.371832254s ago: executing program 1 (id=3635):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010001fff000000008100000000000000", @ANYRES32=0x0, @ANYRES32=r2], 0x48}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x40000)

7m52.925818765s ago: executing program 1 (id=3637):
open(&(0x7f0000000140)='./file1\x00', 0x60142, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000200)={0x8, 0x6, 0x0, 0x8, 0x8, 0x0, [{0x3, 0x4, 0x1, '\x00', 0x400}, {0x100000000, 0x6, 0x1, '\x00', 0x1}, {0x8, 0x3, 0x10021, '\x00', 0x406}, {0x9, 0x3922, 0x2, '\x00', 0x109}, {0x2, 0xffffffffffffffff, 0x2f, '\x00', 0x3002}, {0x8, 0x3cb, 0x4, '\x00', 0x2000}, {0x5, 0x4, 0x1, '\x00', 0x81}, {0x8, 0x3, 0x8, '\x00', 0x4000}]})
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x44000, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, 0x0, 0x0)
accept4(r3, 0x0, 0x0, 0x80000)

7m52.05284046s ago: executing program 1 (id=3640):
mmap(&(0x7f0000ee7000/0x1000)=nil, 0x1000, 0x1000002, 0x10, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x8)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
syz_clone3(&(0x7f0000000240)={0x200a00000, 0x0, 0x0, 0x0, {0x2c}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
rmdir(&(0x7f0000000080)='./cgroup/../file0\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x10000)

7m51.812392099s ago: executing program 1 (id=3641):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x408001, 0x0, 0xa, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x440, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000011c0)='net/protocols\x00')
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000001880)=""/4090, 0xffa}], 0x1, 0x1, 0x7)
sendmsg$TIPC_CMD_SET_NETID(r4, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {{}, {}, {0x8, 0x2, 0x4}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, &(0x7f00000000c0))
getsockopt$bt_hci(r2, 0x84, 0x7d, &(0x7f0000000840)=""/4127, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000))
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5393, &(0x7f0000000000))
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x2)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="0000e277491000", @ANYRES16=r7, @ANYBLOB="010000000000000000000700000014000180060005004e2400000800060010000000"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x1040)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r8, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'sit0\x00', 0x4}, 0x18)

7m51.149436902s ago: executing program 32 (id=3641):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x408001, 0x0, 0xa, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x440, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000011c0)='net/protocols\x00')
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000001880)=""/4090, 0xffa}], 0x1, 0x1, 0x7)
sendmsg$TIPC_CMD_SET_NETID(r4, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {{}, {}, {0x8, 0x2, 0x4}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, &(0x7f00000000c0))
getsockopt$bt_hci(r2, 0x84, 0x7d, &(0x7f0000000840)=""/4127, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000))
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5393, &(0x7f0000000000))
r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x2)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000240)=ANY=[@ANYBLOB="0000e277491000", @ANYRES16=r7, @ANYBLOB="010000000000000000000700000014000180060005004e2400000800060010000000"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x1040)
r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r8, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'sit0\x00', 0x4}, 0x18)

9.115539347s ago: executing program 0 (id=5510):
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002c00)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x60000000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x4}, 0x50)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x349b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r3, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f00000003c0)=ANY=[@ANYBLOB="8110b0000000000095000000000000000c0c3893e82b03961e127490255697ae1e3b2ae0d98dfecdae03d52abaf83d9a172b6d8edba58277c50362375b45bb74c189b39d39091467a9a9da3e4a7f48c8c4485d5b9f58e5fbb7d0226e0a795d6fedba8b9dcff679f0dba5984d89bd5e6e819e392db01e829be4788f71b5e6eb3928fd4f9b4f189f86af9fc3f48d11b8148b4535d907d18790d4d76dae0a008e5397b294fbafb7ed058f4955ca71e6094f90b31610ab63b5f6b7a895ff523c6e2100881a1632838dc1b1f238a6f2c856d1e74e5a781eaaa2e8b5ed38001dbcccff0d5dbba3c66e2a48979b81f5d50bbd65c214338026d92a9861a2de347d669a1743695d05444f9d7aa722437495df"], &(0x7f00000002c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x4}, 0x94)
close(r4)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r5 = getpid()
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$sock_int(r6, 0x1, 0x1, &(0x7f0000000380)=0xfffff272, 0x4)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x91}, 0x40400)
sendmsg$IPSET_CMD_DESTROY(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
syz_usbip_server_init(0x4)
sched_getscheduler(r5)
read$char_usb(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000020, 0x0)

8.736000613s ago: executing program 5 (id=5517):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x29, 0x10, 0x2, 0x4, 0xf, @ipv4={'\x00', '\xff\xff', @loopback}, @local, 0x40, 0x8008, 0x0, 0x6}})
syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={0x0, 0x15c}}, 0x10)
open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1001)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f0000001180)=""/124, 0x7c, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/274, 0x112, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))

7.05985143s ago: executing program 0 (id=5519):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x29, 0x10, 0x2, 0x4, 0xf, @ipv4={'\x00', '\xff\xff', @loopback}, @local, 0x40, 0x8008, 0x0, 0x6}})
syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={0x0, 0x15c}}, 0x10)
open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1001)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))

6.549988116s ago: executing program 5 (id=5520):
syz_usbip_server_init(0x2)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002c00)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x60000000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x4}, 0x50)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x349b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f00000003c0)=ANY=[@ANYBLOB="8110b0000000000095000000000000000c0c3893e82b03961e127490255697ae1e3b2ae0d98dfecdae03d52abaf83d9a172b6d8edba58277c50362375b45bb74c189b39d39091467a9a9da3e4a7f48c8c4485d5b9f58e5fbb7d0226e0a795d6fedba8b9dcff679f0dba5984d89bd5e6e819e392db01e829be4788f71b5e6eb3928fd4f9b4f189f86af9fc3f48d11b8148b4535d907d18790d4d76dae0a008e5397b294fbafb7ed058f4955ca71e6094f90b31610ab63b5f6b7a895ff523c6e2100881a1632838dc1b1f238a6f2c856d1e74e5a781eaaa2e8b5ed38001dbcccff0d5dbba3c66e2a48979b81f5d50bbd65c214338026d92a9861a2de347d669a1743695d05444f9d7aa722437495df"], &(0x7f00000002c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x4}, 0x94)
close(r2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
getpid()
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$sock_int(r3, 0x1, 0x1, &(0x7f0000000380)=0xfffff272, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x91}, 0x40400)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
syz_usbip_server_init(0x4)
read$char_usb(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000020, 0x0)

5.680520454s ago: executing program 4 (id=5525):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha256\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x400c010}, 0x8000)
sendmsg$alg(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xff8d, 0x0, 0x0, 0x24008090}, 0x40000)

5.679901353s ago: executing program 4 (id=5526):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x29, 0x10, 0x2, 0x4, 0xf, @ipv4={'\x00', '\xff\xff', @loopback}, @local, 0x40, 0x8008, 0x0, 0x6}})
syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={0x0, 0x15c}}, 0x10)
open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1001)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r2, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f0000001180)=""/124, 0x7c, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/274, 0x112, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000))

5.201324033s ago: executing program 5 (id=5528):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', 0x0})
socket$nl_generic(0x10, 0x3, 0x10)
open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1001)
pipe2(&(0x7f0000000040), 0x0)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f0000001180)=""/124, 0x7c, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/274, 0x112, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))

4.867965746s ago: executing program 5 (id=5529):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x408001, 0x0, 0xa, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x440, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000011c0)='net/protocols\x00')
preadv(r4, &(0x7f0000000000)=[{&(0x7f0000001880)=""/4090, 0xffa}], 0x1, 0x1, 0x7)
sendmsg$TIPC_CMD_SET_NETID(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {{}, {}, {0x8, 0x2, 0x4}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4010)
ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, &(0x7f00000000c0))
getsockopt$bt_hci(r2, 0x84, 0x7d, &(0x7f0000000840)=""/4127, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0, &(0x7f0000000000))
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r5, 0x5393, &(0x7f0000000000))
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001840)={0x0}}, 0x0)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x1040)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r7, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'sit0\x00', 0x4}, 0x18)

4.458519388s ago: executing program 3 (id=5530):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x29, 0x10, 0x2, 0x4, 0xf, @ipv4={'\x00', '\xff\xff', @loopback}, @local, 0x40, 0x8008, 0x0, 0x6}})
syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={0x0, 0x15c}}, 0x10)
open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1001)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000001f00)={0x2, 0x0, {&(0x7f0000001180)=""/124, 0x7c, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/274, 0x112, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))

4.287423967s ago: executing program 2 (id=5531):
socket(0x1e, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000003c0)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x0, 0x806, 0x5, 0xffffffff}, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x1, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0xfffffffffffffffc})
open(&(0x7f0000000040)='.\x00', 0x0, 0x6c)
openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x103a42, 0x32)
ftruncate(r2, 0x6000000)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x20048000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x4000000)
recvmsg(r4, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x5411, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
fsopen(&(0x7f0000000040)='ceph\x00', 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00')
read$FUSE(r5, &(0x7f0000004180)={0x2020}, 0x2020)

3.702573836s ago: executing program 0 (id=5532):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002140)={0x50, 0x0, r2, {0x7, 0x27, 0x0, 0x4e4414, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe}}, 0x50)
read$FUSE(r0, &(0x7f000000b040)={0x2020, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
syz_fuse_handle_req(r0, &(0x7f0000009040)="c9b6cf40d6a9928c6a8c0fdaba1e7bbd4ee597917b02ec4e8ff3bec8d7d8c08f8813039f40175e54e3d66ec19388ed788cf69c0c5b560f0401f1adb4b1f5198fe0bd7627cb9dc384db5b44495ba6094046fb2c8c7d0af7d67dbc3f5ef4aef8ec6bb01c52b6a10d4f9473987d0809b6a84f2ff8aae19a082abcb68b41c291add3ca2204a38c59e28c7c910aaa5a075676e541b6bb91de3854d2f97d3f80dc56c0705e74624a947f2c21ff936c6ba827742a24fd6d9e10b470ceb73a23fc57f5fa27cf073f2d0235e6fa4d1c29f9d0b6509c890ce0e7c3a2a4dd8b6336f02b9d7cc4c8e37f5f5a57f63aeec3228bd15b6d041eab97bccb14ee1ca6fbf7f7ed2e4dd0a32d41cc41c1031424b94621edcea1bddd40f3ad905202dfba3b912efd3468d2ad42b8a01bcb13b288afdc00b7e5857425d7919651160ec15447a26758f20653e69559f0892efc8f0715d8d79f52a44c79aba8ac58dc726ed721eeab3480eaacc2655d4b8831c9aff049c32709ab7adfb24ae767d45468dc0e42bc34b3568ce95e850eaabbf3a1be4d0f9b3e8781a2a9dc06374fe496a755b48abce67fd56de43816d64e883d9db51489ab8a81d1af3a180b6772d2bdac6313d3c183239d4c0bbbe76173f011f144ba71ac8043107f6533b3ef2f44924039b8587485749647315eb7bfe1e412e94f8cdaa937480fdd23769a69e14ea82d741484c99dd1ddd1edfb4faa51431f15531b61e59d68f9d189b27d0bf925970ac66fc35dbe1e430893cc60b28ca6d8e34931bf02154aee6f1fc58d0c0d8e48eaf8079ded67fdd9f19ebfa85d1ab6ec7f54e1963be353b34a6cb7fa35ddb60a9fc6bd1c6f11bf981b5a1bba81513fe447ff7eb2db0d27f1cfd04353e05f37d6c1bd6eb8219ce799338de3518bfec529373e4acfd644212be283856be064bac0f4926c02c0915816615f1f04d1d5136872029afee663f0bf1b6811c594e1465fba59f5727e5a826e3c60576bc2087f21521ffc90dcca39cbec7c0466c8fb7b1bcea7cffb333d2d16daa269d63f4911d10ed24462b37cdceb7c88e819489e1939e5e3cdcc5a858d09803c98d9e5fd617bc92c0880f072c54608f6ea69edba05b4edcd8d3f5e3c926220a191f2aa0d2f0c9158e298bc2e756ee091a0ac48752e4bb56fac67b02eb2c7b3380244ed66648482d8bc2a29bfc26ade0f4a5665282ea408254fd88e2812a184ee9af9c7769fba1ec380043d5cdf6056f89b4d7f12a441c3013b0fe0d8418fc47c13fbf4fc2b4a89496d4ab9d9826d0e586574e8dd15d4eb8b86ed372e37287fc818df5b6993b650fba844d960e3fd62db0bc7b12ab286d6492388a91ae4da6bdece6e101c13100eaba3b9998706fd4defaa3ed2965ce7fe6062b8c58f20c6b44b01121184ee1dda1cb66b3ababecfc0b7a9a12624e0b826c35d0149335149cfb49fbe68d1dbb7eef96d7956dc573d449847ff4bb7ba0ededd00c904130f1252c3dd4bdcdeccf6f8a83e3abfa14d12c753558022efa0704549b0571e31c4bc9f3e485f8d2d88189b4149569ef83e8feb2ad26c263b0f91f8975c86c8fa9c9457da5ef4a8a94844f824873576f722e32b376ba5f3ed0ea9818d86ddc35ba0e7f322594d9a0fea878af5c03d242bc7b0af89091f088245154391e75ab1b6b2730ccd01c28e9ec99428cc22c2d08ae2829537c34ebd1273327d0d18175698f9fe587e968d19f00ff98555fcfe95d00cb3abae32afcd48f3d4cd7c63c45581203a8a3040363d98bf9426493039fce7bb03493ab6e176cb45e2af461e77fc93d1202fe0bc7b77398c52bbc1c1436439f26cb2e17933a0ae309611e46bebd4d84a939d9b040a08cad90c2eda6ddc933edffc8e562aa64658f99a9ec8a47278edb828b5312a95ca34c0af428aac64d3fa1c4045885891fda7666dfb680da4dc2c02becb8303b76987b6d9be01174df88e41a48a42444caeae5e36118564e57209594285bc2915b222f99f016326430c38c9807994cfa1c3c85aa0f6375c716cd7f27be9b2cef6866d07c8ed00bc101a74219182562467ebbd43d2ba78a4b0eae22c67702f318bc55ccd92f5fd11557335f94ff6f38cfe9fbe31d3fac064dcd7d660d02fbeaa26acf8927c1e3bc71d9ed8ef2e93f0a42813526daa1fad36676734103bcc621a114b098295de578bf8d7df9034fb3ba86ea529bf639cde496b5e48145e4a814f894fb3bf3f41b49d0572dad5988348dad7a064b2d76d9092336cb404934790683b2b3576d3b75534df2c36bc78e05ed250b9aaede772a08bf5972444ecf4e447c062d95e556768e264813369465713834f6e239695b6bfca1b6108a09368688e212b7ba556df50c02486bf1b2196da3d4c0553923fe9b1bb4474d0f569bec1f35dce4be0f5e2408efa69aa66dda6bb1ef43295fe005f4a86840bb608796ce14bcc1134013bf741ad1aa70cc6579edbd42478d3054e1f7bdbd5b1131ded725041270e8a46bcc8bbfe89089f87105939deb2a9f10dd60d059679d4514bfbfc94b333c7dde79576426f07f24ab6a57290b0d723bf3bffa2f66fe191d0dee8b292c8c15eb42245b899ddde3c6afbbf0d7c301dd142878dbca579f387931460c8c37e186f60f8d9209dc98f1a27b84ecefd71de077017261ad6cc3072fe57ec589cd9498946fda8a834e3f02e8a91f7ce6e18e76f936f6f39d354b63dccc706e25b1d8b1a4830c46f249b5e5a40042fea920ed57a2415431f83c238113ee7d152c16f0780c502d5c995168e3f91113af11752f10434b8dc5ef0e46a276c683261aa73877ce96ebd0176977e124c5b93bbb02ef97a6f6a13c15c261f23014f4b13c8f18746727206b245bee70d7b94968141f104f0682a3df4242c6a60fa1b70c227306520b1b9fbd6c916b0edf5e2ce5220fc9ef10ab0a10e1bf259e91eb127d5a31b7633f15130fdb44ce2178a20d5dc3f91688090881c061d75b4b59c3b2b7eb7a3dd1564bfa6c883c217cb76c2a7516dec926add0a1886570531c32b6284b1e80fbde88905f67ea5cea41003325327000a7f7249a99986f19f423843e8dc791df8679a2ed2b024d7d8c79112644a4fbd32bef0cd1f9d55025708135ed34cbf52ce3a0af0f8cd985362ef6fceb6c72f241128b16dad7575558badb3847e051f38d7b5ca638a1f454054659d90b2c046e4f9e2ab127f257ccc92f887b3e0c4fb49d159741fc649638180addf3f23e5265015f6dad9b25cb86d8a33b802e55258749ec050d15d0d7d821f9615c7d8c12ce11c63fb1eb118455c4e2167f66e4eaf9dec0dd2f345a7e2bb369a66b0755003a9c89449393f71acd98afdf6347792251d669ff3c64c50d705a67e543cad95655d6a4cce233acdac5ffc96681772be3c04a1b36f5273815af65ef87c7ad0d51462bf337c2389a8eded875f75eeebe5e5efc26933948e623364d0dbad3402f659a93acaaa21bc8f559dca605aa6732d0eced5a21ee8a6403b1f91722fcbada24a3031d6aa221612a36584d5edc6ba0f64096e9b6eae1555a95945b937457c4c74371f474939d3c3f299f691316497951c646f142adbd6ee49182aec388ce2ca560a1f4b7d8a63e5cd25ba91ebc61175a6955895bcddae7bf1cefccac5c93dd669ab65a2f508adbcfd62ec46027efa396b9f69984d6adcb38fdddb616ec38929fedd97677c3d06060309db5a9cb5fc8919f4310f06bb40f1b76bc197798acbf8d3162257071e034174047006796fac6fbc95c28afd881e1197c20fea8b4be5c5de39a292bd1ff3819d4d4f48162ea1a57930d8f324ce54875d3ad09eea95c4c825765842f9bbb1957fa8188578e86081adfc87502e69c8841218b596d71c4ec49afa60408028012d974051559d924f5f8a59ee195fb01994b8710994d8201ae10f6e88e0e418489c47499b7efd2021f56a6c9fba761beaf79acb6087a496afe7524f2260e14a792cf1a1203d4b0cd8a11d2544293b7657fc393014295fa28e409ab8be0a02695223d17d7caf4f44cf5d0f416130067f28f3fc51c88ad7b53e401e658214abcc8f597f22d662144f878573d0370c874287698784b6ba9abf9b22da2eeb0ce8b817f85e429e799a5edd246d72d77228652b80c4949a85cd5131d851d9f9bda9afa0646de5e477e0fa999562cb46758502c7d63dd3e8b6f88c7ea44f41c4212d633f0160e738c6d36128e9e58c154b08460c899a26276dc1257dc5de18495573693674e40faf1dad49db8ac83baecf92f3aa5c23f639cdcf6e6864c14a8d6a3de95906813fd17f83c406ffd1d2d7bc75737b7b00172448b2ff167b9fa43649db32ab4094652cbb2e18c3bdb527f24049878bb44b82135009f9af22d24ffbee4b5289fa61bd0502f019b2f24a08542db818bffb7c1637b4f4cb9043952f88aa69d9431b8df2e3f9ef6e4a5ba58e79acf082bbd871aa0f0feef71ade8f921bb597ea28548f4116a281ab3542b732c4a8e9973409c75a0c6443d83547d0d314cc7bd62128e3b0db9c03c78b9d78ba714627866230414947523a6a239873f932c2b28c09cbdf182e856bf41598998150cbdd6d54f76c227fb1519f5afb0008e31d6a0b87818d0a2ca0dd6e953a5ba1a347dd927acd36f3fa3a68920eb9c36bce6cef857447aa733e4ffb7014e194993eb1399270b64151ddbb15478c2b762a14d1782608fb24199d9d311281c47726f565b3a3b7be584afb03d87cdc5eb8156772694ab422f59cd7b1e359583a7cc0695b9f64e6416c6b52de230afbc160d2e9384501b40645189434d416c0fbb034e9ffc654d0dee7ee7a878f9e559daac7ee5af769aeac7a92e85b1bc7983803d3bb572befe76184a46b76450feccffa753cc6123cba0686440a5ba81236458831031a4ba4c91d7aab3bb2514208a902face1c12b7dfe25318ab5ca2c1ef9769aa06ba0539f6904f95d3c8440617efc7858d3984f566b3390b9b1a0f2ec3c86dd77a0b82958c4b15278ffaf10e47e613545f4cf67ef7e8b31a6bda35022871840ae1536fb65bb11b932936db7a15642359bb6b157893d19e7918b11d3d3072b78c761c1784afa2214c865fc2aed860dcc17b69cfe9189bcd0767a84cb306a59966e5f96514a7d7182e6aa7204bbd1a84092ba645f86b68813debd5a2290acc93388e5eacc17db51d69604733ea9160a0e77ec5317194654313a9a8a0535c0bc49d0837e2821df92e8ee2f154cbea6b87ffc207aab4ea491e8aa75b90f70136d84ea2f5dfd138371dbdf8fe273956cb7411db6df48ebf56105da42b219b9dad387ca7be9ecd90508c62279a53bc9f7e2a845f9da42d8e85d2653854737948ce228b2d76d1b9fe2e0e456fdff24575939b82a3f6e1a4be6ffcf1c493c17dabbfa0859a87d259ae3931fb6da544589b9b6bb7cc93e078813ac94918942bf113aee5742498d86a70fff31d2a69507739317a9aa9e0289f053dad4eec63cd58e833027f0859fb4ab74e8fc742d03b5b6dca1168d3d47fd95b514a567e6518342d52b3c3bb6438b5aeacb95ff9001d2f5480f6a80a0685b5bda2ceba06925ab5ae0986954c3169e92fedaf3f1681247cb114202c0f728296a51396063fc64aad05662bf05a626b90f656b47069ca668bb96208c287e8f793d77d4fb1f1cc14e73406005e11a2c1c46ca7448be534c97738487527d79e284d7a0ae275bd4361ecf4a352e6dc8b8c8c8e132a3edb7d645f4943445f523fb28bbf857218a117f1288afec49f9def9aabc2381b38a315d5c927aeb96fa1ad3eb13b0151dd570f6734f004467171d2cdd609d1d09d115c9b42e1da3472ada98d3e1da90a8f373a98133fa708f5a62c75b5eb1b643c48de72143ffc8761ccffd7f3336b69faa277d364cdf2d4f2bc428bda8b76e4748d5ae02d9850ac6f2ed0ddcb874c25d210163d4da10c0d6cc5218a3558deee5519c94032158bca02fe1c1b8184fdf417e863352b224b7b06267486296ebd4100ad5f1108c78a7056979f5ad6f97794a0460bf371584d9b962034aa7449f4e6b0f925b7a648d4ed7f2442135629b0baee3385882682fde57e5eb9204647a898c566120e4b577ba215ed863f76d5ad9ed19a6b7465952292e7543110eac3dc436a16c85047f3ff10a00c917d5902d296c063c4b173775f2b612e407bce02c8647877abcc07b21b89a60e16ff5c5cdc3708f285d6e411036661e97f628c6c2bef7a6e297f0ea7db2aaceb87d13425e80c28cf095b1dd4e08122e89f58862c6466d79fe7d06e0038a9a1869cba0d1554bffc08b94bf3dc7ec4d108073a4dcb7a6a503b608e777f1ca6b64deec19072052cdab8e7222966170bd35cfa66d3d013c537e723bfa2f634b34edba64ee27ab814bf66c5943e5b7b4d2cbad0550982b2d68ea0633a48f24ef5a59da6e9671717afed4253db66afce693ab08e2b4343d9efd1705802393ba22af5f0e04fc559ddafd78bb1c013b2826cfd77591736cd8a1e079c00f72dc89ee419cf4cc5e867138e35372bb0854df45d2142ce56ea01465d7cf42d3beabbed8602ff568df5d8e53d22bbd897c0aa050165319ba28d6f861a128556e420275562b8a19c0a2112df4490925f52090c6c7ac79b8533936d4020af3ea5d383cc8e4f23cf275194887d42bde7061bc17246a91b735472c4dee6f2d159a4fb2cce10f0727a964658f6d60aa18bd474ce1e88114ce3c2a3acabd74175b82afc6126ed79d8d333ed993e3a0d67afba888c94cb266f906681d9595f2ca21946f32d8f07eb7cfc979cdd56a885e6a5deb1dc54ffbbbac728db4145056cc9b78386f1f17ad16856cc10b04038f0d835a5842584b6a9516a770abd839ade5d379db9889d22d9049dd13010ad612a64128f724f7a643505b8ca50bddc4ec4875beed2f8593b7382645625809bbc3591027d53bde8a16be5bb209cd49e71aaa435c923ef3c4d1aefec7111773b0d58b47efabc7a43b93cb7eab287cefe554a5b59e2a746081d0d875919df356504008374ef184be2f7ef7e644bf5535dedf5b969b30dcedcfbecb83173b0cea015efe45630880c303472daf1dc22b384e65078cb0ae21baa4834fcd4b4f7c995b700117e1448d041a7106277302fabf3a512ad4e802988c43e6cad0b4b74962e195b355b653acfab53d9f38337e46758c0f8c147333d30f8fbb508a889b84d4672e025b0d9adec09fd4e2d62bda0e0c40570d8fcf5487a59380584f7b85a8576985a4423cbdb1503ea4f93d4f3dbb2c384efcac84dd8649e6f09d2ac37e1d8268c3c07db365581c7c3752410909968598b8ea5ea05b68e6013965cc60be6f6b24e493655f5ddd572a84a924803a7df025914f4b57527841928d30c03b09aeee28c8b81860968f53a663f4f56b004e07cc380f5b0b0dad43869faeed5f240ce389a0fb0920073b8d3de611e54d4011f55ba28743a3b51af6293ed1376fcfe3592c877e2d81d14ee882410cf8207476409b5673eb65297155e91cbe089c8c043964063f9b469419bce6e59e0017e0f527d20eab5d9579208df9cc65389ca8fdb3d62618395bb0274b8094799cb4c36632488e79950ac3bd3d982d521614f56df1bd16c1f928481dd4580a796eb7892b3e4a33b748b16f96b1def674c2b70d0315b486a94a979292d635a2ad1fa877927de9355f38a612747fb982bccf12040d9a14a63c34b6f2b3b450a6401d4d0c96a9090ab80d30f7e7af84bade864791455402cbd278427c5a1e84e2e2286c4bf773da614e6705802c130ade8a3a67b309f9db1558372046ec276a34fb50f72c7df40e33f447ab5f0af05eece4e8f654b3c2dad6ea76ef6b694699f4ad8c6fdcbfd8bdc23d0c580631d0c95ac6ae9613dad680939db2ecf9e7a0d4d0f2f2b7f1c1d308cfaccacc2381e97bb278a53b14daf686c0541e56264c33d5176b830ac7d13c28edb2d8e77d7acbced061c4ec315cb1a259966ad997c7c7beae44d4d1b6955842d7fbba0bb0c461bb22db3e15f0fc1cd3fd997dac5e6a4bff6e2eb8310d828f15309b2c8feaa21281963d35ab2d5c099beb806cd384d304449c58d89910105df11225fb893e984734a8e5cba2e553f03ebd5ce4cae24826547df81db3f2bd7d930f785755c8b6311f221da59679ce50479adef1cc5dac984a5d2f9343fe4892b2b5640892892cfd50d0015c1f568792d8919943a578b62585081175237444d9542a2241c967bcfbc3dab4e8961ecad89165eaada2d759e844be5021aed42b971e9ffea8c08a3d6e4073ce4226b4e54b83f3d8ccd207a0cfcf9da7b5e55d1a26a90e03f7c3611c6562b65edb42fe110dc3970b44aa36660d1cdbc882495271f80816350b945aedb0d46ca6d160d5f0096e8263325e257dbb574932e32f1b28ce2b7f5b3ee6ccec64085496bb513ec168b53d79e6ecb72622a70b22e1f9116fa48815709b2080b27b31a6b26dde0701cd74c31b4e33a702f051ae07ad54ce23ae33e6060e5451a4171cc930af2ab70862044c5a0ff9e8aeebd3cc41c62d38e7b79596d3851430dd661b071c319751985d48eeea2afb463d7d9390ed4e68a60f90ad80aeca4b8d283ae0538e590668c857a526a264be238641eeb5f321248d829539efccf03dcefa54c6def8b7d4a8cdf6bc76d71eefaca1a7a33bd4b56e94b8e38f784b742bdd080faca4769e1aa91ff50d9374f3632cb7b66a0042beb802c6cedff0a3634aec072f57d38a6ea61439029ba5d921f57bfbc281d75f5ec322b8f8c90b4d3f65d00ef97dcffe7e07fa01af8e7f8da15532f0c18b73d7a183327aea46680651645782f4f318c00f2355c301fe2e805a22f8586119768b8424735f5495607d170f0818be232cec1d9e40daf79bcd63a26cbead93753b7171bcad462da2af68e9ea9c0b207200f1fcf3793283931603a719e745120273efb541a7af896f6eea7359939d7226896c8023cc963e4e0a7579bc83a37cb8d871324bb3e66b671d8df83d645495740c5b99aaf2edda3018e1895dda6744b1e6623cb62d4b80ac208f69a81caa0277a497e41bf637817518cbe0fcd2028d07be199a126f82641f2fd54e6b20287b912ee8d8dd72db5824ca9e464a94d45beda7f52932d1bb57a28a4e99ac32ea4c3650197613a87e4cec91d82f37069fde871575d3cb2220aaad9277511271a86377da5f2a9f94303e7151acb087ca549fd0cb9b1961954ddb28333a24b510b92cddc057ec5a147ccdd708a2db3c8cb3600756100b38b71f0676f6fc5a7f5912b5e81bf6d2b07e15fb5b1c96459110ceb22ba4f2fb0e531dcaa913a13437cc6276c8b4e1bdbc5365144c7abd2e2a6c93ef102e26b14e576ada244408d9db50aab045f9879bf95425eaa7b11d77e0dc503851c5c278c282aa736103adf5ca2b30724bde27f98e4e7a947f964b7abfe58a3da354e3008a2b86d50223d3077e151ce2e086172002eab7279ac1948361e172073184401d5650181547f1bacc1534f9ab2ad66fd9d200d867de79a92e465dda8d781b15881acc9bfdc53815f3fc3f064c830db3908cdb173e3e1295ea7dca280273ca99073d5663003f14c4f7ac9ef9bc735b2a413daaa7d97101553f90a0d33b043d1f2b0f131d35c9244808bb4b76213ff5c418053a569d760498518d701aae39cfbd7a052b586c53617dfaad1415c1cafbb41640d1650be9297dd42c803d8bfd443916310bb80a74c991cc26331ab70c0c4bc4f2295f069787f6759878e42ffbc76b34493f71d88a109b0813ebfcd24953b2b5f1f5164d9974bab7ed1f4d42f62b8379912dd7e9f35a19951e4d57b0c70fe516cd2059c4ef879d9f9b1191d5bb51b852d3e9462e4528b9c1f7c676e6039d1deb00442a482e297b08a67c79bb818d0316072d8174885de3413ae0505232100f217e424e0106811902d60ecc0e0aaca7c5f00f4f365e1360f10aa645b9215c93668a08be97cacd6b0f9c80ead76478846d12e8f24a53bfab01628afd199b2db332d38d5009d7a1437f0f5b2a0d36b5c98f3a35e5043ffd55bac325d3927888fa5d0e3569d9be002205b501b3e68d661515bb9eac9d4f234e22e4e5bd0b4c4530933aadd99f132794ce48e9a3220d2c17748c012fc5fd93d265cebb3edc3be29a1ba26f2adcf510663c28d29e28774c4ec1190fbfbf614aa8e2745f8605f7d7e94fdd06322454a08833f1a22c77deedb1337e380a8e18f85168e045d1e7cf32fda1a709d3eddf62909a9e580ed8abd605e07dbab79b5bcc2f4533e6fec589b976816471b1f11ac3c89336c52e03b72520995d05275024e9988727f2e1ac9421ccaaa0b736e9f7f296c2d27cbd774d7179f9c6921df68985998034862c15adc452666deb40c0c40cedf16f4d187524a0a5cdff6f7b2531eda54fbe15a7ad1aea46466a51642326c5d7d374fb38475d119027a3714598fe7307de94bece2741b7a742b053682dae9452eed3b820b1386b604fa647e392b35b205019cf1ad317d1441cbee2aea5ca95e56fd5e959689bf96c9f470acb8e4e630b13403e9459242b629fa28e1ba8eacf1ed572b1db735a20ee1a5b8500b6edf66cbe671c5938741ab2b36ccd4e92160f6df9e1d465cdaf3a7746e128e26e0e7a7aa4869b2a482c6e9bf7e58408411016740c547129e4f11d2317af3c5bb55b2468e6d08e75e5039c3bfdc9b6da06e7c27933a8c9d8ad0e4c74a093e6d57c02b1b49e995962c1046b5c8a3df0ea4c20049e300cbe41bd92a0ea5993ef6fd92ea74e28e1cfaf4a8533c224104d6081b64ae08b4e7a23a259b2b03655b987c23687c6e279bab469a3e0881a30620910566982945f8f86229fd614ca2bb2adcbdd49a5c579c0d1bbdefb9e33cd0641bb43f6ca3fab33dc4188e1508e4293e6de932040b895a97bc1f196467ad4a0d4899e6078c014f42521cf39411e2e4f1b5adc26f1f3bb2fcd27b89ac418c8251423de82c4b5980a4e66649b9f3ec48c833c35f8653ca510a0a1b049561e64a6938714c3a1946b3fa5079533698bb8f8f85bea8711ccda5cf01de150b055d3586a890d0654d2b4cfba25c434e2ff492b69798aa197dffbfe2bba77d4b4eea35c42e698221e971a4bca34e59c46084f48f2170b83db6719324ecb55e07a9cf74a84ee0fc3567fa5cd2f3937ad956b4ed2187e2026b7d4166d50fd9c937fb4dd5aa96f2731f1db1dda4eac4e589295ffe9b72a7b9533f6e23c82b57c8361c8cb3b15128235f65c84b99d93383b7398e936884542d0e73bdf37cadfb6c70da47af3c5a3cde0d8e381cdf9ec1a39d2fc963f0d8ee31b76d9668c0171967cb9ef2f15d5bbdbd1058328da7a60bbc7d77efed2de74a2ed5637a8a84e1163325dd22b584b15fe894c9b1ce89d24619a344a8987f6d21b7de7ccf6fad223134e1c389a8e6baa375dd142baf4a8852e984eb6c281cf86e2457a7f85782c7764564af26d331d3ddf4850d24742ef449cd5e32f5957d2ee10e05e7d3312215e4d36ac5c8c4bae3340f074f88a20e18b270b3baf05de1b0363f4c6f2ab9386d6034e8567e4828ad256cd250448c70147c318a621697be402c1e8365d2798084f968a8897242ff6756c2937e4d1300", 0x2000, &(0x7f0000006b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000002700)={0x90, 0x0, 0x45, {0x6, 0x0, 0x0, 0xfa0, 0xffffffff, 0x0, {0x8000, 0x0, 0x0, 0x0, 0x22, 0xf7fe, 0x3, 0x0, 0xfffffff7, 0x4000, 0x1, r4, 0x0, 0x0, 0xfffff8af}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
open_by_handle_at(r1, &(0x7f00000021c0)=ANY=[@ANYBLOB="1c000000810000000300000006"], 0xfeffffff)

3.701803406s ago: executing program 3 (id=5533):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$isdn(0x22, 0x3, 0x26)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x20, 0xffffffff}, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x15)
ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
r3 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x68241)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000100)={0x53, 0x8000000000000000, 0x6, 0x1c, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000300)="47c10c000000", 0x0, 0x80000001, 0x0, 0xffffffffffffffff, 0x0})
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r2, 0x5501)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r4 = socket(0x28, 0x1, 0x0)
recvmsg$kcm(r4, &(0x7f0000000780)={&(0x7f0000000180)=@hci, 0x80, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000380)=""/149, 0x95}, {&(0x7f0000000440)=""/184, 0xb8}, {&(0x7f0000000500)=""/243, 0xf3}, {&(0x7f0000000600)=""/210, 0xd2}], 0x5}, 0x2001)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

3.70119671s ago: executing program 4 (id=5534):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

3.506325492s ago: executing program 0 (id=5535):
socket$packet(0x11, 0x2, 0x300)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x9, 0x4, 0x4, 0xfffa}, 0x1d, [0x1, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x7, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x2, 0x9, 0x5, 0x2, 0x40000, 0x6, 0x6, 0x0, 0x2ab, 0x4, 0x7, 0x4, 0x3c5b, 0x7, 0xb, 0x9, 0x1, 0x1f461e2c, 0x7, 0xe661, 0x7fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x800242, 0xffffffff, 0xe, 0x0, 0x71, 0x2, 0x10001, 0x532, 0x1, 0x5, 0x6, 0x8f, 0x8000006, 0x6, 0x3, 0x80092a3, 0x4, 0x1, 0x20000000, 0x82, 0x0, 0x7, 0x6, 0x9, 0x6, 0x1, 0x40], [0x10000007, 0x401, 0x80000007, 0x6, 0x10, 0x4, 0x129432e6, 0xcb, 0xf9, 0x2a28, 0x2bf, 0x5, 0xffe, 0x3, 0x334000, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x1, 0xfffffffd, 0xfffffffe, 0x6, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0xfff, 0x4, 0xffff, 0x5, 0x8000, 0xffff, 0xbcf5, 0x1, 0x2, 0x2, 0x9, 0x4, 0x8009, 0x8, 0x9, 0x1006, 0xb, 0xa, 0x1, 0x9, 0x9, 0x10000006, 0x7f, 0x9, 0x1, 0x3, 0x9, 0xffffffff, 0x10007, 0x3, 0x9, 0x48c93690, 0x42, 0xc400], [0x6, 0x6, 0x80000001, 0x2, 0x102, 0x100, 0x10008d0, 0x9, 0x5, 0x7ff7, 0x0, 0x1, 0xb, 0x4, 0x5, 0x1005, 0x0, 0x4, 0x6, 0x2, 0x86, 0x40001, 0xc, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x800, 0x8, 0x5, 0x8001, 0x7, 0x38, 0x800103, 0x200, 0x80, 0x4, 0xcc52, 0x950bfaf, 0x1000, 0xfffffff6, 0x7, 0x53cf697b, 0xfffffff9, 0x6, 0xb8d, 0xbf, 0x10002, 0x403, 0x13, 0x3, 0x0, 0x1, 0xfffffff0, 0x10, 0x400006, 0x19, 0x120000, 0x3, 0x6, 0xaaee, 0xfffffffd, 0xff], [0x9, 0xbb33, 0x3, 0xb, 0x5, 0x1, 0x6, 0x5, 0x0, 0x3, 0x80ce7, 0x1ff, 0x3, 0x9, 0x5, 0x1003, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xe623, 0x8000000, 0x2, 0x7fff, 0x2, 0x14c, 0x60a5, 0x1, 0x4, 0xffffffff, 0x80000000, 0x7, 0x8, 0x10, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x95ff, 0x4, 0x2, 0xffff, 0xa, 0x1, 0x1007d, 0x26, 0x55a4, 0x30b1d693, 0x5a2b, 0xc, 0x7, 0x9, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x8, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)=0xc)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000580)=0x10)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

3.505540513s ago: executing program 4 (id=5536):
syz_usb_connect(0x0, 0x2f, &(0x7f00000008c0)={{0x12, 0x1, 0x310, 0x78, 0x74, 0x8a, 0x8, 0x499, 0x5008, 0x1d48, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1d, 0x1, 0x10, 0x4, 0x40, 0x81, "", [{{0x9, 0x4, 0x8, 0x7f, 0x1, 0x5f, 0xe, 0xcf, 0x3, [@generic={0x2, 0xc}], [{{0x9, 0x5, 0xa, 0x18, 0x400, 0x0, 0x6, 0xd1}}]}}]}}]}}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0})

3.09174742s ago: executing program 2 (id=5537):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)={0x30, r2, 0x1, 0x70bd2c, 0x0, {{0x2, 0x0, 0xd00}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x22, 0x26}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x143c}]]}, 0x30}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000)

2.899130387s ago: executing program 2 (id=5538):
syz_usbip_server_init(0x2)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002c00)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x60000000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x4}, 0x50)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x7fff, 0x349b03)
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r1, 0x80085665, &(0x7f00000000c0)={0x3, 0x1ff, 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x2, &(0x7f00000003c0)=ANY=[@ANYBLOB="8110b0000000000095000000000000000c0c3893e82b03961e127490255697ae1e3b2ae0d98dfecdae03d52abaf83d9a172b6d8edba58277c50362375b45bb74c189b39d39091467a9a9da3e4a7f48c8c4485d5b9f58e5fbb7d0226e0a795d6fedba8b9dcff679f0dba5984d89bd5e6e819e392db01e829be4788f71b5e6eb3928fd4f9b4f189f86af9fc3f48d11b8148b4535d907d18790d4d76dae0a008e5397b294fbafb7ed058f4955ca71e6094f90b31610ab63b5f6b7a895ff523c6e2100881a1632838dc1b1f238a6f2c856d1e74e5a781eaaa2e8b5ed38001dbcccff0d5dbba3c66e2a48979b81f5d50bbd65c214338026d92a9861a2de347d669a1743695d05444f9d7aa722437495df"], &(0x7f00000002c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x0, 0x4}, 0x94)
close(r2)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
getpid()
syz_80211_join_ibss(&(0x7f0000000200)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000044c0)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x48000}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$sock_int(r3, 0x1, 0x1, &(0x7f0000000380)=0xfffff272, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x91}, 0x40400)
sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x20000080)
syz_usbip_server_init(0x4)
read$char_usb(r0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40000020, 0x0)

2.59194277s ago: executing program 0 (id=5539):
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x41, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x10, &(0x7f0000019540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYBLOB="bc454cee72f10665cc276d9ce713165dd925158516f7e3749351e4953c60bef49892406dc06400a01334ae13181bf19b60051729a3f84fc159c7a4eda745c05054f3d228333e258a20d36fc2a69a0d2c767d17ee35fa5836a617a6b92d9e1c94c2c735c486815a354c0ea86d4e83205530735466d35e119b8ea8a893ce29bf54fb6d63a4385626bb", @ANYRES16=0x0, @ANYRES8=r0])
read$FUSE(r1, &(0x7f0000006380)={0x2020, 0x0, 0x0, <r2=>0x0}, 0x2020)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0xfffff000)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='pagemap\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x45, &(0x7f0000019240)=ANY=[@ANYBLOB="aaaaaaaaaaaae130aeaaba3086dd606410a6000f79692e50040000000000000000000000ffffffffffffff020000000000000000000000000001023427d5c9a46b9fa141727ea1a9443fe7c2e6fb960d098c1efb60dee29ce3"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x2c020400)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), r7)
sendmsg$WG_CMD_SET_DEVICE(r7, &(0x7f0000019300)={0x0, 0x0, &(0x7f0000019400)={&(0x7f0000019440)=ANY=[@ANYBLOB="d504fc402f560ddbef2c90f5a18edd052a063e4bcfcb1880e64293f56eb1284f4d791f0e4a676f3709168f659e0fbda6da14655d385ddd283b7f2bc580d0659f5fa69de7508ba9d63cd59640799aeaef374c788fa5cf7ccf1cacddeb09ea531f7a57d6ca9d20cfd394c60dc7f2bd901e6e12527d574bea9a7359945b397308fd578a8e2dcfdab4f57e89a464a137e6dc2765f1394db2b767b5065ab7d86571816ae30201855686e3a560f254926c5707b33ae5a9b541d25a99fa96af2201"], 0xec}, 0x1, 0x0, 0x0, 0x404cc85}, 0x8082)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_REG(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000192c0)={&(0x7f0000019340)=ANY=[], 0x14}}, 0x4080004)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x11481040}, 0xc, &(0x7f00000000c0)={&(0x7f0000019200)=ANY=[@ANYRES32=r2, @ANYRES16=r0, @ANYRESDEC=r9, @ANYRESDEC=r2, @ANYRES32=r3], 0x28}, 0x1, 0x0, 0x0, 0x24000015}, 0x4088011)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r10, 0x10e, 0x1, &(0x7f0000000400)=0x19, 0x4)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
pread64(r4, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000)
r11 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r11, &(0x7f0000000580)='1\x00', 0x2)

2.207291286s ago: executing program 5 (id=5540):
r0 = socket(0x10, 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x0, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000140)={0x3, &(0x7f0000000000)=[{0x20, 0x18, 0x4, 0xfffff00c}, {0x40, 0x0, 0x3, 0x5ae9}, {0x6, 0x0, 0x7, 0x2}]}, 0x10)
sendmmsg$inet(r2, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000a80)="2a73ed35", 0x732a}], 0x1}}], 0x400000000000292, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r4 = socket$igmp(0x2, 0x3, 0x2)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x24, &(0x7f0000000000)={0x2, 0x2, 0x0, 0x800003fffffffffd})
write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0)
preadv(r8, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r8, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
setsockopt$MRT_ADD_VIF(r4, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x1, 0x10, 0x40009bb, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f0000000080)={'syztnl2\x00', 0x0, 0x4, 0xfb, 0x53, 0x6, 0x63, @loopback={0x300}, @mcast2={0xff, 0x5}, 0x8, 0x700, 0x5, 0xd01}})
write$binfmt_register(r1, &(0x7f0000000100)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7, 0x3a, '/dev/net/tun\x00', 0x3a, '\'!.*]', 0x3a, './file0', 0x3a, [0x46, 0x4f, 0x4f]}, 0x3c)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)

2.051573962s ago: executing program 5 (id=5541):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000240)=0x5, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r2, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./control\x00', 0xa4000960)
r3 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000580)="1400000016004163d25a80648c2594f91724fc60", 0x14}], 0x1}, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000680)={0x0, 0x4, 0x28}, 0xc)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r4 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000340), &(0x7f0000000000))
ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, &(0x7f0000000240)={0xa, 0x2, 0x2, {0x46, 0x13, 0xfffb, 0xf7168000}})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000000c0)=[{0x0}, {&(0x7f00000003c0)=""/202, 0xca}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}, {&(0x7f0000000340), 0xa002a0}], &(0x7f00000005c0), 0x2}, 0x20)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x288, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f0, 0xffffff7a, 0xffffffff, 0x1f0, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x158, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x80, 0x3, {0x4}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x9, 0x38, 0x1d}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2e8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0xfffe, 0x8, @mcast2, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))

1.999586735s ago: executing program 4 (id=5542):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x29, 0x10, 0x2, 0x4, 0xf, @ipv4={'\x00', '\xff\xff', @loopback}, @local, 0x40, 0x8008, 0x0, 0x6}})
syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a"], 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={0x0, 0x15c}}, 0x10)
open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1001)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/274, 0x112, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))

1.988494158s ago: executing program 2 (id=5543):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xa1, 0x0, &(0x7f0000000700)="e3ef7f670000ec6783b42415449400000000000000000000000011e0f0544b00aab05450dc23d998e6f578af3a439e1432fa00228f11b0f472aeeb58d909c57270d30b5b85617a3c000000000000000000bed3cb4f5737a1cce87ad63cf1de95ca08377a7db4171a1f641a5c9897416db2e9033e8891ca647d439a9658a65830496d949de70e16c13b6504f0c2fe5d3244d391c966c72f897b6e009c2b4a947ad2", 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x9}, 0x50)
r0 = syz_open_dev$sg(&(0x7f0000000140), 0xa, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
fdatasync(r1)
ioctl$VIDIOC_SUBDEV_G_SELECTION(r1, 0xc040563d, &(0x7f0000000000)={0x0, 0x0, 0x101, 0x4, {0xe2, 0x4, 0x7ff, 0x4}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d08000640ffffff02080003400000000c2c"], 0xc0}}, 0x4048080)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x22202, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r5 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x3}, 0x18, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000080)={0x26000, 0x103000})
r6 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc4c85512, &(0x7f0000000780)={{0x8, 0x0, 0x0, 0x0, 'syz0\x00', 0x1000000}, 0x0, [0x4, 0x4, 0x40000000000, 0xffffffffffffffff, 0x8, 0x0, 0x4, 0x0, 0x7, 0x4, 0x0, 0x0, 0xfffffeffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0xffffffffffffffff, 0x4, 0x1, 0x6, 0x1, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0xb, 0x6, 0x0, 0x0, 0x0, 0x9, 0x0, 0x10000, 0x1000, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffdfffffffff, 0xfffffffffffffffc, 0x3, 0x0, 0x7, 0x10000, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x80000002000, 0x0, 0x4, 0x0, 0xfffffffffffffffe, 0x0, 0x7ff, 0x0, 0xfffffffffffffffe, 0x9, 0x1000000000, 0x0, 0x80000000000002, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffff7fffd, 0x0, 0x2c5, 0x0, 0x100, 0x81, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x9, 0x100000000000, 0x4000000000, 0x3, 0x2, 0x0, 0x7, 0xc0c0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, 0xffffffffffeffffc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]})
landlock_restrict_self(r5, 0x9)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85)

1.938102576s ago: executing program 3 (id=5544):
r0 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$cgroup_subtree(r0, 0x0, 0x6)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'bond0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x3000000, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x0, 0x0, 0x2}}}}]}, 0x48}}, 0x0)

1.769586689s ago: executing program 3 (id=5545):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000100)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000002140)={0x50, 0x0, r2, {0x7, 0x27, 0x0, 0x4e4414, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xfffffffe}}, 0x50)
read$FUSE(r0, &(0x7f000000b040)={0x2020, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
syz_fuse_handle_req(r0, &(0x7f0000009040)="c9b6cf40d6a9928c6a8c0fdaba1e7bbd4ee597917b02ec4e8ff3bec8d7d8c08f8813039f40175e54e3d66ec19388ed788cf69c0c5b560f0401f1adb4b1f5198fe0bd7627cb9dc384db5b44495ba6094046fb2c8c7d0af7d67dbc3f5ef4aef8ec6bb01c52b6a10d4f9473987d0809b6a84f2ff8aae19a082abcb68b41c291add3ca2204a38c59e28c7c910aaa5a075676e541b6bb91de3854d2f97d3f80dc56c0705e74624a947f2c21ff936c6ba827742a24fd6d9e10b470ceb73a23fc57f5fa27cf073f2d0235e6fa4d1c29f9d0b6509c890ce0e7c3a2a4dd8b6336f02b9d7cc4c8e37f5f5a57f63aeec3228bd15b6d041eab97bccb14ee1ca6fbf7f7ed2e4dd0a32d41cc41c1031424b94621edcea1bddd40f3ad905202dfba3b912efd3468d2ad42b8a01bcb13b288afdc00b7e5857425d7919651160ec15447a26758f20653e69559f0892efc8f0715d8d79f52a44c79aba8ac58dc726ed721eeab3480eaacc2655d4b8831c9aff049c32709ab7adfb24ae767d45468dc0e42bc34b3568ce95e850eaabbf3a1be4d0f9b3e8781a2a9dc06374fe496a755b48abce67fd56de43816d64e883d9db51489ab8a81d1af3a180b6772d2bdac6313d3c183239d4c0bbbe76173f011f144ba71ac8043107f6533b3ef2f44924039b8587485749647315eb7bfe1e412e94f8cdaa937480fdd23769a69e14ea82d741484c99dd1ddd1edfb4faa51431f15531b61e59d68f9d189b27d0bf925970ac66fc35dbe1e430893cc60b28ca6d8e34931bf02154aee6f1fc58d0c0d8e48eaf8079ded67fdd9f19ebfa85d1ab6ec7f54e1963be353b34a6cb7fa35ddb60a9fc6bd1c6f11bf981b5a1bba81513fe447ff7eb2db0d27f1cfd04353e05f37d6c1bd6eb8219ce799338de3518bfec529373e4acfd644212be283856be064bac0f4926c02c0915816615f1f04d1d5136872029afee663f0bf1b6811c594e1465fba59f5727e5a826e3c60576bc2087f21521ffc90dcca39cbec7c0466c8fb7b1bcea7cffb333d2d16daa269d63f4911d10ed24462b37cdceb7c88e819489e1939e5e3cdcc5a858d09803c98d9e5fd617bc92c0880f072c54608f6ea69edba05b4edcd8d3f5e3c926220a191f2aa0d2f0c9158e298bc2e756ee091a0ac48752e4bb56fac67b02eb2c7b3380244ed66648482d8bc2a29bfc26ade0f4a5665282ea408254fd88e2812a184ee9af9c7769fba1ec380043d5cdf6056f89b4d7f12a441c3013b0fe0d8418fc47c13fbf4fc2b4a89496d4ab9d9826d0e586574e8dd15d4eb8b86ed372e37287fc818df5b6993b650fba844d960e3fd62db0bc7b12ab286d6492388a91ae4da6bdece6e101c13100eaba3b9998706fd4defaa3ed2965ce7fe6062b8c58f20c6b44b01121184ee1dda1cb66b3ababecfc0b7a9a12624e0b826c35d0149335149cfb49fbe68d1dbb7eef96d7956dc573d449847ff4bb7ba0ededd00c904130f1252c3dd4bdcdeccf6f8a83e3abfa14d12c753558022efa0704549b0571e31c4bc9f3e485f8d2d88189b4149569ef83e8feb2ad26c263b0f91f8975c86c8fa9c9457da5ef4a8a94844f824873576f722e32b376ba5f3ed0ea9818d86ddc35ba0e7f322594d9a0fea878af5c03d242bc7b0af89091f088245154391e75ab1b6b2730ccd01c28e9ec99428cc22c2d08ae2829537c34ebd1273327d0d18175698f9fe587e968d19f00ff98555fcfe95d00cb3abae32afcd48f3d4cd7c63c45581203a8a3040363d98bf9426493039fce7bb03493ab6e176cb45e2af461e77fc93d1202fe0bc7b77398c52bbc1c1436439f26cb2e17933a0ae309611e46bebd4d84a939d9b040a08cad90c2eda6ddc933edffc8e562aa64658f99a9ec8a47278edb828b5312a95ca34c0af428aac64d3fa1c4045885891fda7666dfb680da4dc2c02becb8303b76987b6d9be01174df88e41a48a42444caeae5e36118564e57209594285bc2915b222f99f016326430c38c9807994cfa1c3c85aa0f6375c716cd7f27be9b2cef6866d07c8ed00bc101a74219182562467ebbd43d2ba78a4b0eae22c67702f318bc55ccd92f5fd11557335f94ff6f38cfe9fbe31d3fac064dcd7d660d02fbeaa26acf8927c1e3bc71d9ed8ef2e93f0a42813526daa1fad36676734103bcc621a114b098295de578bf8d7df9034fb3ba86ea529bf639cde496b5e48145e4a814f894fb3bf3f41b49d0572dad5988348dad7a064b2d76d9092336cb404934790683b2b3576d3b75534df2c36bc78e05ed250b9aaede772a08bf5972444ecf4e447c062d95e556768e264813369465713834f6e239695b6bfca1b6108a09368688e212b7ba556df50c02486bf1b2196da3d4c0553923fe9b1bb4474d0f569bec1f35dce4be0f5e2408efa69aa66dda6bb1ef43295fe005f4a86840bb608796ce14bcc1134013bf741ad1aa70cc6579edbd42478d3054e1f7bdbd5b1131ded725041270e8a46bcc8bbfe89089f87105939deb2a9f10dd60d059679d4514bfbfc94b333c7dde79576426f07f24ab6a57290b0d723bf3bffa2f66fe191d0dee8b292c8c15eb42245b899ddde3c6afbbf0d7c301dd142878dbca579f387931460c8c37e186f60f8d9209dc98f1a27b84ecefd71de077017261ad6cc3072fe57ec589cd9498946fda8a834e3f02e8a91f7ce6e18e76f936f6f39d354b63dccc706e25b1d8b1a4830c46f249b5e5a40042fea920ed57a2415431f83c238113ee7d152c16f0780c502d5c995168e3f91113af11752f10434b8dc5ef0e46a276c683261aa73877ce96ebd0176977e124c5b93bbb02ef97a6f6a13c15c261f23014f4b13c8f18746727206b245bee70d7b94968141f104f0682a3df4242c6a60fa1b70c227306520b1b9fbd6c916b0edf5e2ce5220fc9ef10ab0a10e1bf259e91eb127d5a31b7633f15130fdb44ce2178a20d5dc3f91688090881c061d75b4b59c3b2b7eb7a3dd1564bfa6c883c217cb76c2a7516dec926add0a1886570531c32b6284b1e80fbde88905f67ea5cea41003325327000a7f7249a99986f19f423843e8dc791df8679a2ed2b024d7d8c79112644a4fbd32bef0cd1f9d55025708135ed34cbf52ce3a0af0f8cd985362ef6fceb6c72f241128b16dad7575558badb3847e051f38d7b5ca638a1f454054659d90b2c046e4f9e2ab127f257ccc92f887b3e0c4fb49d159741fc649638180addf3f23e5265015f6dad9b25cb86d8a33b802e55258749ec050d15d0d7d821f9615c7d8c12ce11c63fb1eb118455c4e2167f66e4eaf9dec0dd2f345a7e2bb369a66b0755003a9c89449393f71acd98afdf6347792251d669ff3c64c50d705a67e543cad95655d6a4cce233acdac5ffc96681772be3c04a1b36f5273815af65ef87c7ad0d51462bf337c2389a8eded875f75eeebe5e5efc26933948e623364d0dbad3402f659a93acaaa21bc8f559dca605aa6732d0eced5a21ee8a6403b1f91722fcbada24a3031d6aa221612a36584d5edc6ba0f64096e9b6eae1555a95945b937457c4c74371f474939d3c3f299f691316497951c646f142adbd6ee49182aec388ce2ca560a1f4b7d8a63e5cd25ba91ebc61175a6955895bcddae7bf1cefccac5c93dd669ab65a2f508adbcfd62ec46027efa396b9f69984d6adcb38fdddb616ec38929fedd97677c3d06060309db5a9cb5fc8919f4310f06bb40f1b76bc197798acbf8d3162257071e034174047006796fac6fbc95c28afd881e1197c20fea8b4be5c5de39a292bd1ff3819d4d4f48162ea1a57930d8f324ce54875d3ad09eea95c4c825765842f9bbb1957fa8188578e86081adfc87502e69c8841218b596d71c4ec49afa60408028012d974051559d924f5f8a59ee195fb01994b8710994d8201ae10f6e88e0e418489c47499b7efd2021f56a6c9fba761beaf79acb6087a496afe7524f2260e14a792cf1a1203d4b0cd8a11d2544293b7657fc393014295fa28e409ab8be0a02695223d17d7caf4f44cf5d0f416130067f28f3fc51c88ad7b53e401e658214abcc8f597f22d662144f878573d0370c874287698784b6ba9abf9b22da2eeb0ce8b817f85e429e799a5edd246d72d77228652b80c4949a85cd5131d851d9f9bda9afa0646de5e477e0fa999562cb46758502c7d63dd3e8b6f88c7ea44f41c4212d633f0160e738c6d36128e9e58c154b08460c899a26276dc1257dc5de18495573693674e40faf1dad49db8ac83baecf92f3aa5c23f639cdcf6e6864c14a8d6a3de95906813fd17f83c406ffd1d2d7bc75737b7b00172448b2ff167b9fa43649db32ab4094652cbb2e18c3bdb527f24049878bb44b82135009f9af22d24ffbee4b5289fa61bd0502f019b2f24a08542db818bffb7c1637b4f4cb9043952f88aa69d9431b8df2e3f9ef6e4a5ba58e79acf082bbd871aa0f0feef71ade8f921bb597ea28548f4116a281ab3542b732c4a8e9973409c75a0c6443d83547d0d314cc7bd62128e3b0db9c03c78b9d78ba714627866230414947523a6a239873f932c2b28c09cbdf182e856bf41598998150cbdd6d54f76c227fb1519f5afb0008e31d6a0b87818d0a2ca0dd6e953a5ba1a347dd927acd36f3fa3a68920eb9c36bce6cef857447aa733e4ffb7014e194993eb1399270b64151ddbb15478c2b762a14d1782608fb24199d9d311281c47726f565b3a3b7be584afb03d87cdc5eb8156772694ab422f59cd7b1e359583a7cc0695b9f64e6416c6b52de230afbc160d2e9384501b40645189434d416c0fbb034e9ffc654d0dee7ee7a878f9e559daac7ee5af769aeac7a92e85b1bc7983803d3bb572befe76184a46b76450feccffa753cc6123cba0686440a5ba81236458831031a4ba4c91d7aab3bb2514208a902face1c12b7dfe25318ab5ca2c1ef9769aa06ba0539f6904f95d3c8440617efc7858d3984f566b3390b9b1a0f2ec3c86dd77a0b82958c4b15278ffaf10e47e613545f4cf67ef7e8b31a6bda35022871840ae1536fb65bb11b932936db7a15642359bb6b157893d19e7918b11d3d3072b78c761c1784afa2214c865fc2aed860dcc17b69cfe9189bcd0767a84cb306a59966e5f96514a7d7182e6aa7204bbd1a84092ba645f86b68813debd5a2290acc93388e5eacc17db51d69604733ea9160a0e77ec5317194654313a9a8a0535c0bc49d0837e2821df92e8ee2f154cbea6b87ffc207aab4ea491e8aa75b90f70136d84ea2f5dfd138371dbdf8fe273956cb7411db6df48ebf56105da42b219b9dad387ca7be9ecd90508c62279a53bc9f7e2a845f9da42d8e85d2653854737948ce228b2d76d1b9fe2e0e456fdff24575939b82a3f6e1a4be6ffcf1c493c17dabbfa0859a87d259ae3931fb6da544589b9b6bb7cc93e078813ac94918942bf113aee5742498d86a70fff31d2a69507739317a9aa9e0289f053dad4eec63cd58e833027f0859fb4ab74e8fc742d03b5b6dca1168d3d47fd95b514a567e6518342d52b3c3bb6438b5aeacb95ff9001d2f5480f6a80a0685b5bda2ceba06925ab5ae0986954c3169e92fedaf3f1681247cb114202c0f728296a51396063fc64aad05662bf05a626b90f656b47069ca668bb96208c287e8f793d77d4fb1f1cc14e73406005e11a2c1c46ca7448be534c97738487527d79e284d7a0ae275bd4361ecf4a352e6dc8b8c8c8e132a3edb7d645f4943445f523fb28bbf857218a117f1288afec49f9def9aabc2381b38a315d5c927aeb96fa1ad3eb13b0151dd570f6734f004467171d2cdd609d1d09d115c9b42e1da3472ada98d3e1da90a8f373a98133fa708f5a62c75b5eb1b643c48de72143ffc8761ccffd7f3336b69faa277d364cdf2d4f2bc428bda8b76e4748d5ae02d9850ac6f2ed0ddcb874c25d210163d4da10c0d6cc5218a3558deee5519c94032158bca02fe1c1b8184fdf417e863352b224b7b06267486296ebd4100ad5f1108c78a7056979f5ad6f97794a0460bf371584d9b962034aa7449f4e6b0f925b7a648d4ed7f2442135629b0baee3385882682fde57e5eb9204647a898c566120e4b577ba215ed863f76d5ad9ed19a6b7465952292e7543110eac3dc436a16c85047f3ff10a00c917d5902d296c063c4b173775f2b612e407bce02c8647877abcc07b21b89a60e16ff5c5cdc3708f285d6e411036661e97f628c6c2bef7a6e297f0ea7db2aaceb87d13425e80c28cf095b1dd4e08122e89f58862c6466d79fe7d06e0038a9a1869cba0d1554bffc08b94bf3dc7ec4d108073a4dcb7a6a503b608e777f1ca6b64deec19072052cdab8e7222966170bd35cfa66d3d013c537e723bfa2f634b34edba64ee27ab814bf66c5943e5b7b4d2cbad0550982b2d68ea0633a48f24ef5a59da6e9671717afed4253db66afce693ab08e2b4343d9efd1705802393ba22af5f0e04fc559ddafd78bb1c013b2826cfd77591736cd8a1e079c00f72dc89ee419cf4cc5e867138e35372bb0854df45d2142ce56ea01465d7cf42d3beabbed8602ff568df5d8e53d22bbd897c0aa050165319ba28d6f861a128556e420275562b8a19c0a2112df4490925f52090c6c7ac79b8533936d4020af3ea5d383cc8e4f23cf275194887d42bde7061bc17246a91b735472c4dee6f2d159a4fb2cce10f0727a964658f6d60aa18bd474ce1e88114ce3c2a3acabd74175b82afc6126ed79d8d333ed993e3a0d67afba888c94cb266f906681d9595f2ca21946f32d8f07eb7cfc979cdd56a885e6a5deb1dc54ffbbbac728db4145056cc9b78386f1f17ad16856cc10b04038f0d835a5842584b6a9516a770abd839ade5d379db9889d22d9049dd13010ad612a64128f724f7a643505b8ca50bddc4ec4875beed2f8593b7382645625809bbc3591027d53bde8a16be5bb209cd49e71aaa435c923ef3c4d1aefec7111773b0d58b47efabc7a43b93cb7eab287cefe554a5b59e2a746081d0d875919df356504008374ef184be2f7ef7e644bf5535dedf5b969b30dcedcfbecb83173b0cea015efe45630880c303472daf1dc22b384e65078cb0ae21baa4834fcd4b4f7c995b700117e1448d041a7106277302fabf3a512ad4e802988c43e6cad0b4b74962e195b355b653acfab53d9f38337e46758c0f8c147333d30f8fbb508a889b84d4672e025b0d9adec09fd4e2d62bda0e0c40570d8fcf5487a59380584f7b85a8576985a4423cbdb1503ea4f93d4f3dbb2c384efcac84dd8649e6f09d2ac37e1d8268c3c07db365581c7c3752410909968598b8ea5ea05b68e6013965cc60be6f6b24e493655f5ddd572a84a924803a7df025914f4b57527841928d30c03b09aeee28c8b81860968f53a663f4f56b004e07cc380f5b0b0dad43869faeed5f240ce389a0fb0920073b8d3de611e54d4011f55ba28743a3b51af6293ed1376fcfe3592c877e2d81d14ee882410cf8207476409b5673eb65297155e91cbe089c8c043964063f9b469419bce6e59e0017e0f527d20eab5d9579208df9cc65389ca8fdb3d62618395bb0274b8094799cb4c36632488e79950ac3bd3d982d521614f56df1bd16c1f928481dd4580a796eb7892b3e4a33b748b16f96b1def674c2b70d0315b486a94a979292d635a2ad1fa877927de9355f38a612747fb982bccf12040d9a14a63c34b6f2b3b450a6401d4d0c96a9090ab80d30f7e7af84bade864791455402cbd278427c5a1e84e2e2286c4bf773da614e6705802c130ade8a3a67b309f9db1558372046ec276a34fb50f72c7df40e33f447ab5f0af05eece4e8f654b3c2dad6ea76ef6b694699f4ad8c6fdcbfd8bdc23d0c580631d0c95ac6ae9613dad680939db2ecf9e7a0d4d0f2f2b7f1c1d308cfaccacc2381e97bb278a53b14daf686c0541e56264c33d5176b830ac7d13c28edb2d8e77d7acbced061c4ec315cb1a259966ad997c7c7beae44d4d1b6955842d7fbba0bb0c461bb22db3e15f0fc1cd3fd997dac5e6a4bff6e2eb8310d828f15309b2c8feaa21281963d35ab2d5c099beb806cd384d304449c58d89910105df11225fb893e984734a8e5cba2e553f03ebd5ce4cae24826547df81db3f2bd7d930f785755c8b6311f221da59679ce50479adef1cc5dac984a5d2f9343fe4892b2b5640892892cfd50d0015c1f568792d8919943a578b62585081175237444d9542a2241c967bcfbc3dab4e8961ecad89165eaada2d759e844be5021aed42b971e9ffea8c08a3d6e4073ce4226b4e54b83f3d8ccd207a0cfcf9da7b5e55d1a26a90e03f7c3611c6562b65edb42fe110dc3970b44aa36660d1cdbc882495271f80816350b945aedb0d46ca6d160d5f0096e8263325e257dbb574932e32f1b28ce2b7f5b3ee6ccec64085496bb513ec168b53d79e6ecb72622a70b22e1f9116fa48815709b2080b27b31a6b26dde0701cd74c31b4e33a702f051ae07ad54ce23ae33e6060e5451a4171cc930af2ab70862044c5a0ff9e8aeebd3cc41c62d38e7b79596d3851430dd661b071c319751985d48eeea2afb463d7d9390ed4e68a60f90ad80aeca4b8d283ae0538e590668c857a526a264be238641eeb5f321248d829539efccf03dcefa54c6def8b7d4a8cdf6bc76d71eefaca1a7a33bd4b56e94b8e38f784b742bdd080faca4769e1aa91ff50d9374f3632cb7b66a0042beb802c6cedff0a3634aec072f57d38a6ea61439029ba5d921f57bfbc281d75f5ec322b8f8c90b4d3f65d00ef97dcffe7e07fa01af8e7f8da15532f0c18b73d7a183327aea46680651645782f4f318c00f2355c301fe2e805a22f8586119768b8424735f5495607d170f0818be232cec1d9e40daf79bcd63a26cbead93753b7171bcad462da2af68e9ea9c0b207200f1fcf3793283931603a719e745120273efb541a7af896f6eea7359939d7226896c8023cc963e4e0a7579bc83a37cb8d871324bb3e66b671d8df83d645495740c5b99aaf2edda3018e1895dda6744b1e6623cb62d4b80ac208f69a81caa0277a497e41bf637817518cbe0fcd2028d07be199a126f82641f2fd54e6b20287b912ee8d8dd72db5824ca9e464a94d45beda7f52932d1bb57a28a4e99ac32ea4c3650197613a87e4cec91d82f37069fde871575d3cb2220aaad9277511271a86377da5f2a9f94303e7151acb087ca549fd0cb9b1961954ddb28333a24b510b92cddc057ec5a147ccdd708a2db3c8cb3600756100b38b71f0676f6fc5a7f5912b5e81bf6d2b07e15fb5b1c96459110ceb22ba4f2fb0e531dcaa913a13437cc6276c8b4e1bdbc5365144c7abd2e2a6c93ef102e26b14e576ada244408d9db50aab045f9879bf95425eaa7b11d77e0dc503851c5c278c282aa736103adf5ca2b30724bde27f98e4e7a947f964b7abfe58a3da354e3008a2b86d50223d3077e151ce2e086172002eab7279ac1948361e172073184401d5650181547f1bacc1534f9ab2ad66fd9d200d867de79a92e465dda8d781b15881acc9bfdc53815f3fc3f064c830db3908cdb173e3e1295ea7dca280273ca99073d5663003f14c4f7ac9ef9bc735b2a413daaa7d97101553f90a0d33b043d1f2b0f131d35c9244808bb4b76213ff5c418053a569d760498518d701aae39cfbd7a052b586c53617dfaad1415c1cafbb41640d1650be9297dd42c803d8bfd443916310bb80a74c991cc26331ab70c0c4bc4f2295f069787f6759878e42ffbc76b34493f71d88a109b0813ebfcd24953b2b5f1f5164d9974bab7ed1f4d42f62b8379912dd7e9f35a19951e4d57b0c70fe516cd2059c4ef879d9f9b1191d5bb51b852d3e9462e4528b9c1f7c676e6039d1deb00442a482e297b08a67c79bb818d0316072d8174885de3413ae0505232100f217e424e0106811902d60ecc0e0aaca7c5f00f4f365e1360f10aa645b9215c93668a08be97cacd6b0f9c80ead76478846d12e8f24a53bfab01628afd199b2db332d38d5009d7a1437f0f5b2a0d36b5c98f3a35e5043ffd55bac325d3927888fa5d0e3569d9be002205b501b3e68d661515bb9eac9d4f234e22e4e5bd0b4c4530933aadd99f132794ce48e9a3220d2c17748c012fc5fd93d265cebb3edc3be29a1ba26f2adcf510663c28d29e28774c4ec1190fbfbf614aa8e2745f8605f7d7e94fdd06322454a08833f1a22c77deedb1337e380a8e18f85168e045d1e7cf32fda1a709d3eddf62909a9e580ed8abd605e07dbab79b5bcc2f4533e6fec589b976816471b1f11ac3c89336c52e03b72520995d05275024e9988727f2e1ac9421ccaaa0b736e9f7f296c2d27cbd774d7179f9c6921df68985998034862c15adc452666deb40c0c40cedf16f4d187524a0a5cdff6f7b2531eda54fbe15a7ad1aea46466a51642326c5d7d374fb38475d119027a3714598fe7307de94bece2741b7a742b053682dae9452eed3b820b1386b604fa647e392b35b205019cf1ad317d1441cbee2aea5ca95e56fd5e959689bf96c9f470acb8e4e630b13403e9459242b629fa28e1ba8eacf1ed572b1db735a20ee1a5b8500b6edf66cbe671c5938741ab2b36ccd4e92160f6df9e1d465cdaf3a7746e128e26e0e7a7aa4869b2a482c6e9bf7e58408411016740c547129e4f11d2317af3c5bb55b2468e6d08e75e5039c3bfdc9b6da06e7c27933a8c9d8ad0e4c74a093e6d57c02b1b49e995962c1046b5c8a3df0ea4c20049e300cbe41bd92a0ea5993ef6fd92ea74e28e1cfaf4a8533c224104d6081b64ae08b4e7a23a259b2b03655b987c23687c6e279bab469a3e0881a30620910566982945f8f86229fd614ca2bb2adcbdd49a5c579c0d1bbdefb9e33cd0641bb43f6ca3fab33dc4188e1508e4293e6de932040b895a97bc1f196467ad4a0d4899e6078c014f42521cf39411e2e4f1b5adc26f1f3bb2fcd27b89ac418c8251423de82c4b5980a4e66649b9f3ec48c833c35f8653ca510a0a1b049561e64a6938714c3a1946b3fa5079533698bb8f8f85bea8711ccda5cf01de150b055d3586a890d0654d2b4cfba25c434e2ff492b69798aa197dffbfe2bba77d4b4eea35c42e698221e971a4bca34e59c46084f48f2170b83db6719324ecb55e07a9cf74a84ee0fc3567fa5cd2f3937ad956b4ed2187e2026b7d4166d50fd9c937fb4dd5aa96f2731f1db1dda4eac4e589295ffe9b72a7b9533f6e23c82b57c8361c8cb3b15128235f65c84b99d93383b7398e936884542d0e73bdf37cadfb6c70da47af3c5a3cde0d8e381cdf9ec1a39d2fc963f0d8ee31b76d9668c0171967cb9ef2f15d5bbdbd1058328da7a60bbc7d77efed2de74a2ed5637a8a84e1163325dd22b584b15fe894c9b1ce89d24619a344a8987f6d21b7de7ccf6fad223134e1c389a8e6baa375dd142baf4a8852e984eb6c281cf86e2457a7f85782c7764564af26d331d3ddf4850d24742ef449cd5e32f5957d2ee10e05e7d3312215e4d36ac5c8c4bae3340f074f88a20e18b270b3baf05de1b0363f4c6f2ab9386d6034e8567e4828ad256cd250448c70147c318a621697be402c1e8365d2798084f968a8897242ff6756c2937e4d1300", 0x2000, &(0x7f0000006b80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000002700)={0x90, 0x0, 0x45, {0x6, 0x0, 0x0, 0xfa0, 0xffffffff, 0x0, {0x8000, 0x0, 0x0, 0x0, 0x22, 0xf7fe, 0x3, 0x0, 0xfffffff7, 0x4000, 0x1, r4, 0x0, 0x0, 0xfffff8af}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
open_by_handle_at(r1, &(0x7f00000021c0)=ANY=[@ANYBLOB="1c000000810000000300000006"], 0xfeffffff)

1.620421701s ago: executing program 2 (id=5546):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x7, 0x5, 0x4, 0x20, 0x80, 0x6, 0xd, 0x7, 0x2, 0x31, 0xa2, 0xb, 0x81, 0x84}, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000380), 0x4000000004882, 0x0)
io_setup(0x1, &(0x7f00000004c0)=<r6=>0x0)
r7 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x0)
r9 = openat$cgroup_pressure(r8, 0x0, 0x2, 0x0)
write$cgroup_pressure(r9, &(0x7f0000000040)={'some', 0x20, 0x17e, 0x20, 0x100002}, 0x2f)
io_submit(r6, 0xf3, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a0012fb, 0x2759, 0x7, 0x1, 0x0, r5, &(0x7f0000000000)="98", 0x3e8000072a, 0x1000000, 0x0, 0x10}])
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r10, 0x0)
writev(0xffffffffffffffff, &(0x7f0000001640)=[{&(0x7f0000000400)="ad", 0x1}, {0x0}], 0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)

1.551255097s ago: executing program 3 (id=5547):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl0\x00', 0x0, 0x29, 0x10, 0x2, 0x4, 0xf, @ipv4={'\x00', '\xff\xff', @loopback}, @local, 0x40, 0x8008, 0x0, 0x6}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000f4dff4), 0xc, &(0x7f0000000040)={0x0, 0x15c}}, 0x10)
open(&(0x7f00000000c0)='./bus\x00', 0x1e5842, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
futex_waitv(&(0x7f0000001240)=[{0x1, &(0x7f0000000100)=0x7fff, 0x86}], 0x1, 0x0, 0x0, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1001)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001140), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r3, &(0x7f0000000980)={0x2, 0x0, {0x0, 0x4b, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000002080)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000001f00)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000540)=""/224, 0xe0, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000a00)=""/274, 0x112, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000780)=""/212, 0xd4, 0x0, 0x1, 0x2}}, 0x48)
write$vhost_msg_v2(r3, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/119, 0xfca2, 0x0, 0x0, 0x3}}, 0x48)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5393, &(0x7f0000000000))

1.292133338s ago: executing program 0 (id=5548):
syz_usb_connect$uac2(0x2, 0x87, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x41e, 0x3000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x3, 0x1, 0x2, 0x40, 0x1, {0x8, 0xb, 0x1, 0x2, 0x1, 0xff, 0x20, 0x7}, {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x20, 0x0, {{0x9, 0x24, 0x1, 0x2, 0x7, 0x15, 0xe}, [@output_terminal={0xc, 0x24, 0x3, 0x5, 0x100, 0x3, 0x4, 0x84, 0x4, 0x47}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x0, 0x3, 0x2, {0x8, 0x25, 0x1, 0x2, 0xf, 0xc5, 0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x20, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x250, 0x6, 0x9d, 0x8, {0x8, 0x25, 0x1, 0x2, 0x0, 0x8, 0x4}}}}}}}}]}}, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup2(r0, r1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c)
sendto$inet6(r1, &(0x7f0000000600)='e', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xe35a}, 0x1c)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e24, 0x9, @remote, 0xa}, 0x1c)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0xc03, 0x0)
socketpair(0x22, 0x0, 0x6, 0x0)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, 0x0)
ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x20000044)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x6, 0x2, 0xb, 0x7fff0000}]})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x5)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x43}, 0x8)
syz_open_dev$sndpcmc(&(0x7f0000004240), 0x588, 0x0)

833.688985ms ago: executing program 3 (id=5549):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
read$FUSE(r0, &(0x7f0000002c80)={0x2020}, 0x2020) (async)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0) (async)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40102, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x0, 0x1, 0x0, &(0x7f0000001600)=""/118, 0x0, 0x3332f000})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1000000) (async)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000000)) (async)
r3 = dup(r2)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000040)={0x0, r3})
pipe2(0x0, 0x4880)
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)

331.311214ms ago: executing program 2 (id=5550):
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7}) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd', @ANYRESHEX, @ANYBLOB, @ANYRESDEC=0x0]) (async)
syz_clone3(&(0x7f0000000380)={0x200, 0x0, &(0x7f0000000140), &(0x7f0000000180), {0x19}, &(0x7f0000000280)=""/215, 0xd7, &(0x7f00000001c0)=""/26, &(0x7f0000000200)=[0x0, 0x0], 0x2}, 0x58) (async)
r3 = fsopen(&(0x7f0000000000)='udf\x00', 0x0)
gettid()
r4 = socket$nl_generic(0x10, 0x3, 0x10)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000000c0)='io#harset', 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'wlan0\x00'})
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, 0x0, 0x28000) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x4040) (async)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b36"], 0x0) (async)
syz_usb_connect$hid(0x5, 0x36, &(0x7f00000001c0)=ANY=[], 0x0)
r5 = epoll_create1(0x0)
r6 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000040)={0x30000001}) (async)
r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r7)
r8 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r8, 0x403c6f2b, &(0x7f0000000000)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", '\x00', "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

0s ago: executing program 4 (id=5551):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180))
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./bus\x00', 0x0, 0x8}, 0x18)
r3 = openat$vsock(0xffffffffffffff9c, 0x0, 0x2c0c2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000000080)={0x1, 0x0, {0x1, 0x9, 0x3007, 0x0, 0xd, 0x0, 0x3, 0x6}})
syz_genetlink_get_family_id$batadv(0x0, r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000f40)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x8000002)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
setitimer(0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a09040000a0b80000000002000002400004803c0001800dffee00696d6d656469617465000000280002801c000280180002800900020073797a320000000008000180fffffffc08000140000000000900010073797a30000000000900020073797a32000000001400000011000100"/146], 0x94}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094)
prlimit64(0x0, 0x0, 0x0, &(0x7f0000000180))
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002640)=ANY=[@ANYBLOB="24000000200099dd554d7000ffdbdf250200"/36], 0x24}}, 0x8800)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x37)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="3c0000001000390400"/20, @ANYRES32=0x0, @ANYBLOB="01980000031300001c0012800900010069706970000083000c00028008000300e00000015c413394c2cd647ccea14a0fa72abaaded37e53e987e722424214f79ed6432be46dbbcbf8bc3039a06"], 0x3c}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

kernel console output (not intermixed with test programs):

from the interface descriptor's value: 255
[ 1572.721189][T21180] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1572.738427][T21180] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1572.759772][T21180] usb 3-1: SerialNumber: syz
[ 1572.793952][T21180] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[ 1572.815928][T21180] cdc_acm 3-1:1.0: This needs exactly 3 endpoints
[ 1572.834136][T21180] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -22
[ 1573.582534][   T42] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1573.853870][   T42] usb 4-1: Using ep0 maxpacket: 32
[ 1573.861794][   T42] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 12336, setting to 1024
[ 1573.906236][   T42] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[ 1573.938773][   T42] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[ 1573.949251][   T42] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[ 1573.967603][   T42] usb 4-1: Product: syz
[ 1573.976185][   T42] usb 4-1: Manufacturer: syz
[ 1573.987415][   T42] usb 4-1: SerialNumber: syz
[ 1574.024117][   T42] usb 4-1: config 0 descriptor??
[ 1574.040790][T25058] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1574.217904][T25063] fuse: Unknown parameter 'grou00000000000000000000'
[ 1574.264383][   T42] usb 4-1: USB disconnect, device number 16
[ 1574.414218][T20386] usb 3-1: USB disconnect, device number 23
[ 1574.854749][ T5828] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1575.013443][ T5828] usb 6-1: Using ep0 maxpacket: 16
[ 1575.021853][ T5828] usb 6-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1575.034993][ T5828] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1575.046178][ T5828] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1575.088910][ T5828] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1575.144844][ T5828] usb 6-1: config 0 descriptor??
[ 1575.631981][ T5828] mcp2221 0003:04D8:00DD.0023: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[ 1576.081526][ T5828] usb 6-1: USB disconnect, device number 35
[ 1576.503583][ T1212] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[ 1576.668403][ T1212] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1576.689295][ T1212] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1576.699724][ T1212] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1576.730046][ T1212] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1576.744512][ T1212] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1576.765457][ T1212] usb 5-1: Product: syz
[ 1576.772826][ T1212] usb 5-1: Manufacturer: syz
[ 1576.782045][ T1212] usb 5-1: SerialNumber: syz
[ 1576.803826][ T1212] cdc_mbim 5-1:1.0: skipping garbage
[ 1576.813528][ T1212] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1576.825497][ T1212] cdc_mbim 5-1:1.0: bind() failure
[ 1577.003813][ T5828] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1577.058524][T25104] fuse: Unknown parameter 'grou00000000000000000000'
[ 1577.174738][   T42] usb 5-1: USB disconnect, device number 15
[ 1577.178436][ T5828] usb 6-1: Using ep0 maxpacket: 8
[ 1577.202122][ T5828] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 64
[ 1577.216228][ T5828] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1577.225444][ T5828] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1577.233673][ T5828] usb 6-1: Product: 쪥茽䔂អ媕読⢬㜲佋䶰즭ř窟⢚࣭䄭焉妘놂콨徖췌䷬ꁌ㐯螀糅Ṛ쒙꼸環ᥩ肿왳₌᪓콨텫虳蓇︗ཙ发釵蹟濊䭗ᑓ柱役佋檣ᑂű댽髕褷贿죴摜쭳គᢐ悂刎퉙严䛚ڦ䚐媚狹U眶藆ሱ⢸㶅
[ 1577.268743][ T5828] usb 6-1: Manufacturer: 㐊
[ 1577.297438][ T5828] usb 6-1: SerialNumber: 㩶৺٦迶李媳ᦇ㐽館㦭䆛ͅﭞ佑˳譱妘墁椷峟딮촵⒙୫⏱㓓ᗪ쩑力䣃藫䨰跲飪鵩ǔ횭
[ 1577.447734][T25099] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1577.673668][ T1212] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1577.833610][T18510] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1577.865930][ T1212] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1577.898869][ T1212] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1577.926410][ T1212] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1577.941661][ T1212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1577.974649][ T1212] usb 4-1: SerialNumber: syz
[ 1577.994496][T18510] usb 3-1: Using ep0 maxpacket: 32
[ 1578.002988][T18510] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1578.021552][T18510] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1578.035085][T18510] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1578.059817][T18510] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1578.075195][T18510] usb 3-1: Product: syz
[ 1578.082687][T18510] usb 3-1: Manufacturer: syz
[ 1578.088953][ T5828] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 36 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8
[ 1578.113278][T18510] hub 3-1:4.0: USB hub found
[ 1578.117154][ T5828] usb 6-1: USB disconnect, device number 36
[ 1578.128462][ T5828] usblp0: removed
[ 1578.207915][ T1212] usb 4-1: 0:2 : does not exist
[ 1578.257901][ T1212] usb 4-1: USB disconnect, device number 17
[ 1578.298057][T25132] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5075'.
[ 1578.312697][T18510] hub 3-1:4.0: 2 ports detected
[ 1578.495426][T25137] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1578.501975][T25137] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1578.545352][T25137] vhci_hcd vhci_hcd.0: Device attached
[ 1578.943476][ T1212] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1579.021279][ T1212] usb 43-1: new full-speed USB device number 5 using vhci_hcd
[ 1579.172112][T25144] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(15)
[ 1579.178749][T25144] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1579.190980][T25144] vhci_hcd vhci_hcd.0: Device attached
[ 1579.310596][T25148] vhci_hcd: connection closed
[ 1579.312785][   T78] vhci_hcd vhci_hcd.5: stop threads
[ 1579.325002][   T78] vhci_hcd vhci_hcd.5: release socket
[ 1579.331165][   T78] vhci_hcd vhci_hcd.5: disconnect device
[ 1579.341924][T25138] vhci_hcd: connection reset by peer
[ 1579.362126][   T50] vhci_hcd vhci_hcd.5: stop threads
[ 1579.367474][   T42] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[ 1579.380697][   T50] vhci_hcd vhci_hcd.5: release socket
[ 1579.392232][   T50] vhci_hcd vhci_hcd.5: disconnect device
[ 1579.533593][   T42] usb 4-1: device descriptor read/64, error -71
[ 1579.742774][T18510] hub 3-1:4.0: activate --> -90
[ 1579.773503][   T42] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[ 1579.903781][   T42] usb 4-1: device descriptor read/64, error -71
[ 1579.922223][T25151] vlan2: entered promiscuous mode
[ 1579.927845][T25151] vlan2: entered allmulticast mode
[ 1579.933000][T25151] hsr_slave_1: entered allmulticast mode
[ 1579.943280][T25151] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5079'.
[ 1580.018973][   T42] usb usb4-port1: attempt power cycle
[ 1580.157768][T18510] hub 3-1:4.0: hub_ext_port_status failed (err = -71)
[ 1580.157994][ T5828] usb 3-1: USB disconnect, device number 24
[ 1580.171899][T18510] usb 3-1-port2: attempt power cycle
[ 1580.363437][   T42] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[ 1580.383977][   T42] usb 4-1: device descriptor read/8, error -71
[ 1580.623537][   T42] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[ 1580.644475][   T42] usb 4-1: device descriptor read/8, error -71
[ 1580.756107][   T42] usb usb4-port1: unable to enumerate USB device
[ 1581.076347][T25161] FAULT_INJECTION: forcing a failure.
[ 1581.076347][T25161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1581.090727][T25161] CPU: 0 UID: 0 PID: 25161 Comm: syz.0.5082 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1581.090758][T25161] Tainted: [L]=SOFTLOCKUP
[ 1581.090767][T25161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1581.090780][T25161] Call Trace:
[ 1581.090788][T25161]  <TASK>
[ 1581.090798][T25161]  dump_stack_lvl+0xe8/0x150
[ 1581.090832][T25161]  should_fail_ex+0x412/0x560
[ 1581.090865][T25161]  _copy_from_user+0x2d/0xb0
[ 1581.090884][T25161]  ___sys_sendmsg+0x1c6/0x360
[ 1581.090908][T25161]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1581.090998][T25161]  __sys_sendmmsg+0x27c/0x4e0
[ 1581.091022][T25161]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1581.091042][T25161]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1581.091081][T25161]  ? ksys_write+0x242/0x270
[ 1581.091101][T25161]  ? __pfx_ksys_write+0x10/0x10
[ 1581.091123][T25161]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1581.091145][T25161]  do_syscall_64+0x14d/0xf80
[ 1581.091165][T25161]  ? trace_irq_disable+0x3b/0x150
[ 1581.091179][T25161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1581.091195][T25161]  ? clear_bhb_loop+0x40/0x90
[ 1581.091214][T25161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1581.091229][T25161] RIP: 0033:0x7fb6b639c819
[ 1581.091244][T25161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1581.091257][T25161] RSP: 002b:00007fb6b7235028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1581.091273][T25161] RAX: ffffffffffffffda RBX: 00007fb6b6615fa0 RCX: 00007fb6b639c819
[ 1581.091285][T25161] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[ 1581.091296][T25161] RBP: 00007fb6b7235090 R08: 0000000000000000 R09: 0000000000000000
[ 1581.091306][T25161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1581.091315][T25161] R13: 00007fb6b6616038 R14: 00007fb6b6615fa0 R15: 00007fb6b673fa48
[ 1581.091338][T25161]  </TASK>
[ 1583.613527][T18510] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[ 1583.643781][T25186] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[ 1583.650335][T25186] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1583.661039][T25186] vhci_hcd vhci_hcd.0: Device attached
[ 1583.746595][T25193] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(15)
[ 1583.753236][T25193] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1583.774144][T25193] vhci_hcd vhci_hcd.0: Device attached
[ 1583.787696][T18510] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1583.809147][T18510] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1583.823506][ T5898] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[ 1583.833470][T20386] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1583.840002][T18510] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1583.865496][T18510] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1583.883412][T18510] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1583.901565][T18510] usb 4-1: Product: syz
[ 1583.911671][T18510] usb 4-1: Manufacturer: syz
[ 1583.913635][T20386] usb 37-1: new full-speed USB device number 9 using vhci_hcd
[ 1583.917071][T18510] usb 4-1: SerialNumber: syz
[ 1584.014854][ T5898] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1584.025512][ T5898] usb 5-1: config 0 has no interfaces?
[ 1584.031299][ T5898] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1584.040924][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1584.062724][ T5898] usb 5-1: config 0 descriptor??
[ 1584.253565][ T1212] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1584.282901][ T5898] usb 5-1: USB disconnect, device number 16
[ 1584.466363][   T29] kauditd_printk_skb: 18 callbacks suppressed
[ 1584.466385][   T29] audit: type=1326 audit(1775820614.936:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1584.488578][T25202] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5092'.
[ 1584.523479][T25194] vhci_hcd: connection closed
[ 1584.523575][T25187] vhci_hcd: connection reset by peer
[ 1584.553969][   T50] vhci_hcd vhci_hcd.2: stop threads
[ 1584.567587][   T29] audit: type=1326 audit(1775820614.946:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1584.573614][   T50] vhci_hcd vhci_hcd.2: release socket
[ 1584.598840][   T50] vhci_hcd vhci_hcd.2: disconnect device
[ 1584.606039][   T50] vhci_hcd vhci_hcd.2: stop threads
[ 1584.611442][   T50] vhci_hcd vhci_hcd.2: release socket
[ 1584.617815][   T50] vhci_hcd vhci_hcd.2: disconnect device
[ 1584.638558][   T29] audit: type=1326 audit(1775820614.946:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1584.697898][   T29] audit: type=1326 audit(1775820614.946:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1584.762557][   T29] audit: type=1326 audit(1775820614.946:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1584.892315][T25207] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5093'.
[ 1584.951060][   T29] audit: type=1326 audit(1775820614.946:2349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1585.006965][   T29] audit: type=1326 audit(1775820614.946:2350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1585.060378][T25209] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5094'.
[ 1585.072248][   T29] audit: type=1326 audit(1775820614.946:2351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1585.108321][   T29] audit: type=1326 audit(1775820614.946:2352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1585.427526][ T5917] usb 4-1: USB disconnect, device number 22
[ 1585.506945][   T29] audit: type=1326 audit(1775820614.946:2353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25199 comm="syz.5.5092" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd4e7f9c819 code=0x7ffc0000
[ 1586.703438][ T5898] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1586.863452][ T5898] usb 4-1: device descriptor read/64, error -71
[ 1587.833448][ T5898] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1587.973441][ T5898] usb 4-1: device descriptor read/64, error -71
[ 1588.147678][ T5898] usb usb4-port1: attempt power cycle
[ 1588.229346][T25241] Cannot find add_set index 0 as target
[ 1588.246500][T25241] netdevsim netdevsim5: Direct firmware load for /
[ 1588.246500][T25241]  failed with error -2
[ 1588.278491][T25241] netdevsim netdevsim5: Falling back to sysfs fallback for: /
[ 1588.278491][T25241] 
[ 1588.289359][T25243] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[ 1588.295879][T25243] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1588.313147][T25243] vhci_hcd vhci_hcd.0: Device attached
[ 1588.411169][T25248] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(15)
[ 1588.417809][T25248] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1588.435883][T25248] vhci_hcd vhci_hcd.0: Device attached
[ 1588.503496][ T5898] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1588.503853][ T5917] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1588.524866][ T5898] usb 4-1: device descriptor read/8, error -71
[ 1588.573565][ T5917] usb 33-1: new full-speed USB device number 13 using vhci_hcd
[ 1588.763483][ T5898] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[ 1588.798856][ T5898] usb 4-1: device descriptor read/8, error -71
[ 1588.914288][ T5898] usb usb4-port1: unable to enumerate USB device
[ 1589.043494][T20386] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1589.111956][T25249] vhci_hcd: connection closed
[ 1589.112185][ T7148] vhci_hcd vhci_hcd.0: stop threads
[ 1589.138481][T25245] vhci_hcd: connection reset by peer
[ 1589.145574][ T7148] vhci_hcd vhci_hcd.0: release socket
[ 1589.164538][ T7148] vhci_hcd vhci_hcd.0: disconnect device
[ 1589.170426][ T7148] vhci_hcd vhci_hcd.0: stop threads
[ 1589.183427][ T7148] vhci_hcd vhci_hcd.0: release socket
[ 1589.188930][ T7148] vhci_hcd vhci_hcd.0: disconnect device
[ 1589.561684][T25272] xt_hashlimit: size too large, truncated to 1048576
[ 1589.853566][ T5898] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1590.019138][T25286] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5116'.
[ 1590.028332][ T5898] usb 6-1: device descriptor read/64, error -71
[ 1590.047361][T25286] macsec0: entered promiscuous mode
[ 1590.273431][ T5898] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1590.413665][ T5898] usb 6-1: device descriptor read/64, error -71
[ 1590.523972][ T5898] usb usb6-port1: attempt power cycle
[ 1590.703473][T20386] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1590.752860][T25302] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1590.759424][T25302] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1590.770781][T25302] vhci_hcd vhci_hcd.0: Device attached
[ 1590.803619][ T1212] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1590.863515][ T5898] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1590.917564][ T5898] usb 6-1: device descriptor read/8, error -71
[ 1590.943707][   T42] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1590.950348][T25306] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(15)
[ 1590.956968][T25306] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1590.973818][T20386] usb 3-1: Using ep0 maxpacket: 32
[ 1590.981280][T20386] usb 3-1: config 1 has an invalid descriptor of length 135, skipping remainder of the config
[ 1590.993483][ T1212] usb 4-1: Using ep0 maxpacket: 16
[ 1591.000581][T20386] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 129, changing to 7
[ 1591.014052][ T1212] usb 4-1: config 9 has an invalid interface number: 62 but max is 0
[ 1591.023039][ T1212] usb 4-1: config 9 has no interface number 0
[ 1591.030034][T20386] usb 3-1: too many endpoints for config 1 interface 2 altsetting 138: 146, using maximum allowed: 30
[ 1591.041917][ T1212] usb 4-1: config 9 interface 62 has no altsetting 0
[ 1591.051285][T25306] vhci_hcd vhci_hcd.0: Device attached
[ 1591.057492][   T42] usb 41-1: new full-speed USB device number 9 using vhci_hcd
[ 1591.078950][ T1212] usb 4-1: New USB device found, idVendor=0458, idProduct=7045, bcdDevice=ab.3e
[ 1591.088489][T20386] usb 3-1: config 1 interface 2 altsetting 138 has 0 endpoint descriptors, different from the interface descriptor's value: 146
[ 1591.101914][ T1212] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1591.110269][T20386] usb 3-1: config 1 interface 2 has no altsetting 0
[ 1591.117160][ T1212] usb 4-1: Product: syz
[ 1591.121597][ T1212] usb 4-1: Manufacturer: syz
[ 1591.126668][ T1212] usb 4-1: SerialNumber: syz
[ 1591.134904][T20386] usb 3-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40
[ 1591.145339][T20386] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1591.153539][T20386] usb 3-1: Product: syz
[ 1591.213529][ T5898] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1591.245185][ T5898] usb 6-1: device descriptor read/8, error -71
[ 1591.261665][T20386] usb 3-1: Manufacturer: syz
[ 1591.547221][ T5898] usb usb6-port1: unable to enumerate USB device
[ 1591.549617][T20386] usb 3-1: SerialNumber: syz
[ 1591.726256][T25303] vhci_hcd: connection reset by peer
[ 1591.739680][T25307] vhci_hcd: connection closed
[ 1591.748531][ T6274] vhci_hcd vhci_hcd.4: stop threads
[ 1591.758755][ T6274] vhci_hcd vhci_hcd.4: release socket
[ 1591.764399][ T6274] vhci_hcd vhci_hcd.4: disconnect device
[ 1591.772187][ T6274] vhci_hcd vhci_hcd.4: stop threads
[ 1591.779254][ T6274] vhci_hcd vhci_hcd.4: release socket
[ 1591.785763][ T6274] vhci_hcd vhci_hcd.4: disconnect device
[ 1591.810461][ T1212] gspca_main: gspca_sn9c20x-2.14.0 probing 0458:7045
[ 1591.820123][ T1212] gspca_sn9c20x: Write register 1000 failed -71
[ 1591.828951][ T1212] gspca_sn9c20x: Device initialization failed
[ 1591.836552][ T1212] gspca_sn9c20x 4-1:9.62: probe with driver gspca_sn9c20x failed with error -71
[ 1591.864291][ T1212] usb 4-1: USB disconnect, device number 27
[ 1591.948755][T20386] usb 3-1: 1:1 : incorrect wMaxPacketSize for BADD profile
[ 1591.960067][T20386] usb 3-1: incorrect wMaxPacketSize 0x400 for BADD profile
[ 1592.142767][T20386] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[ 1592.179783][T20386] usb 3-1: USB disconnect, device number 29
[ 1592.213814][T18123] udevd[18123]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1592.491600][T25315] netlink: 'syz.3.5124': attribute type 39 has an invalid length.
[ 1592.886478][T25329] xt_hashlimit: size too large, truncated to 1048576
[ 1592.951902][T25334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1593.259407][T25334] bridge_slave_0 (unregistering): left allmulticast mode
[ 1593.283153][T25334] bridge_slave_0 (unregistering): left promiscuous mode
[ 1593.306110][T25334] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1593.683537][ T5917] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1593.895860][T25358] create_pit_timer: 9 callbacks suppressed
[ 1593.895875][T25358] kvm: requested 1676 ns i8254 timer period limited to 200000 ns
[ 1594.037366][T25352] kvm: requested 838 ns i8254 timer period limited to 200000 ns
[ 1594.218559][    C1] blk_print_req_error: 5 callbacks suppressed
[ 1594.218580][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.234353][    C1] buffer_io_error: 5 callbacks suppressed
[ 1594.234370][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1594.248013][    C1] I/O error, dev loop9, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.257602][    C1] Buffer I/O error on dev loop9, logical block 1, async page read
[ 1594.265490][    C1] I/O error, dev loop9, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.275093][    C1] Buffer I/O error on dev loop9, logical block 2, async page read
[ 1594.282927][    C1] I/O error, dev loop9, sector 3 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.292492][    C1] Buffer I/O error on dev loop9, logical block 3, async page read
[ 1594.300346][    C1] I/O error, dev loop9, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.309907][    C1] Buffer I/O error on dev loop9, logical block 4, async page read
[ 1594.317769][    C1] I/O error, dev loop9, sector 5 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.327325][    C1] Buffer I/O error on dev loop9, logical block 5, async page read
[ 1594.335176][    C1] I/O error, dev loop9, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.344742][    C1] Buffer I/O error on dev loop9, logical block 6, async page read
[ 1594.388106][    C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.397726][    C1] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1594.405604][    C1] I/O error, dev loop9, sector 1 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.415170][    C1] Buffer I/O error on dev loop9, logical block 1, async page read
[ 1594.423111][    C1] I/O error, dev loop9, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[ 1594.432676][    C1] Buffer I/O error on dev loop9, logical block 2, async page read
[ 1594.513799][ T5195] ldm_validate_partition_table(): Disk read failed.
[ 1594.589026][ T5195] Dev loop9: unable to read RDB block 0
[ 1594.606345][ T5195]  loop9: unable to read partition table
[ 1594.612190][ T5195] loop9: partition table beyond EOD, truncated
[ 1595.123878][T25381] netlink: 'syz.3.5141': attribute type 7 has an invalid length.
[ 1595.131712][T25381] netlink: 'syz.3.5141': attribute type 12 has an invalid length.
[ 1595.323923][T25387] fuse: Bad value for 'user_id'
[ 1595.335734][T25387] fuse: Bad value for 'user_id'
[ 1595.577129][T25389] could not allocate digest TFM handle 
[ 1595.763440][ T5898] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1595.915696][ T5898] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1595.927384][ T5898] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1595.937458][ T5898] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1595.959125][ T5898] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1596.034703][T25408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5150'.
[ 1596.103258][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1596.136279][ T5898] usb 6-1: Product: syz
[ 1596.147147][ T5898] usb 6-1: Manufacturer: syz
[ 1596.163775][   T42] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1596.170978][ T5898] usb 6-1: SerialNumber: syz
[ 1596.233645][ T5898] cdc_mbim 6-1:1.0: skipping garbage
[ 1596.263017][ T5898] cdc_mbim 6-1:1.0: CDC Union missing and no IAD found
[ 1596.295656][ T5898] cdc_mbim 6-1:1.0: bind() failure
[ 1596.604504][ T5898] usb 6-1: USB disconnect, device number 41
[ 1598.022379][T25430] fuse: Bad value for 'user_id'
[ 1598.073919][T25430] fuse: Bad value for 'user_id'
[ 1598.945225][T25444] netlink: 'syz.4.5160': attribute type 1 has an invalid length.
[ 1599.028241][T25444] bond3: entered promiscuous mode
[ 1599.161910][T25444] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1599.296482][T25460] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1599.303057][T25460] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1599.349581][T25460] vhci_hcd vhci_hcd.0: Device attached
[ 1599.504840][T25466] QAT: failed to copy from user.
[ 1599.523527][ T5917] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1599.601399][ T5917] usb 43-1: new full-speed USB device number 6 using vhci_hcd
[ 1599.646385][T25471] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(15)
[ 1599.653017][T25471] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1599.693661][T25471] vhci_hcd vhci_hcd.0: Device attached
[ 1599.759446][T25478] loop5: detected capacity change from 0 to 7
[ 1599.805899][T25478]  loop5: p1 < > p4
[ 1599.813995][T25478] loop5: partition table partially beyond EOD, truncated
[ 1600.198125][T25475] vhci_hcd: connection closed
[ 1600.202888][   T78] vhci_hcd vhci_hcd.5: stop threads
[ 1600.216528][T25461] vhci_hcd: connection reset by peer
[ 1600.233446][   T78] vhci_hcd vhci_hcd.5: release socket
[ 1600.252999][   T78] vhci_hcd vhci_hcd.5: disconnect device
[ 1600.284902][   T78] vhci_hcd vhci_hcd.5: stop threads
[ 1600.307580][   T78] vhci_hcd vhci_hcd.5: release socket
[ 1600.325445][   T78] vhci_hcd vhci_hcd.5: disconnect device
[ 1600.343479][   T42] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[ 1600.425258][T25489] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5172'.
[ 1600.603622][T25494] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5172'.
[ 1600.613120][   T42] usb 3-1: config 0 has an invalid interface number: 214 but max is 0
[ 1600.642838][   T42] usb 3-1: config 0 has no interface number 0
[ 1600.672895][   T42] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[ 1600.690738][   T42] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[ 1600.743752][   T42] usb 3-1: Manufacturer: syz
[ 1600.748408][   T42] usb 3-1: SerialNumber: syz
[ 1600.788615][T25489] bond2: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms
[ 1600.801153][T25494] bond2: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms
[ 1600.844373][   T42] usb 3-1: config 0 descriptor??
[ 1601.081171][T25500] netlink: 'syz.3.5175': attribute type 12 has an invalid length.
[ 1601.485800][T25480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1601.494637][T25480] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1601.504626][T25480] netlink: 29 bytes leftover after parsing attributes in process `syz.2.5169'.
[ 1601.518119][   T42] usbtouchscreen 3-1:0.214: probe with driver usbtouchscreen failed with error -71
[ 1601.533145][   T42] usb 3-1: USB disconnect, device number 30
[ 1602.804468][T25518] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5182'.
[ 1602.853487][T25518] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5182'.
[ 1603.583587][T20386] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1603.673455][T21180] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[ 1603.865564][T20386] usb 4-1: config 0 has no interfaces?
[ 1603.871308][T20386] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1603.890505][T20386] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1603.936908][T20386] usb 4-1: config 0 descriptor??
[ 1604.000098][ T5898] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1604.106252][T21180] usb 5-1: config 1 has an invalid interface descriptor of length 8, skipping
[ 1604.115400][T21180] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[ 1604.135739][T21180] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1604.164346][ T5898] usb 3-1: Using ep0 maxpacket: 16
[ 1604.176948][T21180] usb 5-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping
[ 1604.198559][ T5898] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 1604.208053][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1604.216378][ T5898] usb 3-1: Product: syz
[ 1604.220677][T21180] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1604.234843][T18510] usb 4-1: USB disconnect, device number 28
[ 1604.248041][ T5898] usb 3-1: Manufacturer: syz
[ 1604.252725][ T5898] usb 3-1: SerialNumber: syz
[ 1604.276097][ T5898] usb 3-1: config 0 descriptor??
[ 1604.282952][T21180] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1604.294976][T21180] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1604.322174][T21180] usb 5-1: SerialNumber: syz
[ 1604.356455][T21180] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[ 1604.370639][T21180] cdc_acm 5-1:1.0: This needs exactly 3 endpoints
[ 1604.378437][T21180] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[ 1604.665487][T25536] program syz.5.5187 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1604.713528][T21180] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[ 1604.723555][ T5917] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1604.732463][ T5898] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[ 1604.744060][ T5898] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1604.781043][ T5898] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[ 1604.789644][ T5898] usb 3-1: media controller created
[ 1604.806794][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1604.871178][T21180] usb 4-1: config 0 has no interfaces?
[ 1604.886677][T21180] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1604.911231][T21180] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1604.934152][T21180] usb 4-1: config 0 descriptor??
[ 1605.014241][T25527] netlink: 'syz.2.5184': attribute type 12 has an invalid length.
[ 1605.213496][T21180] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[ 1605.343500][T21180] usb 6-1: device descriptor read/64, error -71
[ 1605.385050][ T5898] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1605.392298][ T5898] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[ 1605.400509][ T5898] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[ 1605.583452][T21180] usb 6-1: new full-speed USB device number 43 using dummy_hcd
[ 1605.713480][T21180] usb 6-1: device descriptor read/64, error -71
[ 1605.757032][ T5884] usb 5-1: USB disconnect, device number 17
[ 1605.833981][T21180] usb usb6-port1: attempt power cycle
[ 1606.173476][ T5884] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[ 1606.183630][T21180] usb 6-1: new full-speed USB device number 44 using dummy_hcd
[ 1606.214293][T21180] usb 6-1: device descriptor read/8, error -71
[ 1606.324992][ T5884] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1606.336594][ T5884] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1606.345680][ T5884] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1606.361327][ T5884] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1606.370557][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1606.378649][ T5884] usb 5-1: Product: syz
[ 1606.382968][ T5884] usb 5-1: Manufacturer: syz
[ 1606.387700][ T5884] usb 5-1: SerialNumber: syz
[ 1606.398879][ T5884] cdc_mbim 5-1:1.0: skipping garbage
[ 1606.405748][ T5884] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1606.412660][ T5884] cdc_mbim 5-1:1.0: bind() failure
[ 1606.453662][ T5917] usb 3-1: USB disconnect, device number 31
[ 1606.454236][T21180] usb 6-1: new full-speed USB device number 45 using dummy_hcd
[ 1606.526047][T21180] usb 6-1: device descriptor read/8, error -71
[ 1606.549793][ T5917] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[ 1606.584576][ T5898] usb 4-1: USB disconnect, device number 29
[ 1606.634750][T21180] usb usb6-port1: unable to enumerate USB device
[ 1606.795510][T18510] usb 5-1: USB disconnect, device number 18
[ 1607.087015][ T5898] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1607.136228][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.142590][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.243429][ T5898] usb 4-1: Using ep0 maxpacket: 16
[ 1607.274753][T25558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1607.283810][T25558] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1607.435947][T25564] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1607.442522][T25564] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1607.451632][T25564] vhci_hcd vhci_hcd.0: Device attached
[ 1607.599676][T25571] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(15)
[ 1607.606348][T25571] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1607.614689][T25571] vhci_hcd vhci_hcd.0: Device attached
[ 1607.623635][T18510] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1607.633103][   T29] kauditd_printk_skb: 20 callbacks suppressed
[ 1607.633120][   T29] audit: type=1804 audit(1775820638.106:2374): pid=25568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.5197" name="/newroot/289/file0" dev="fuse" ino=1 res=1 errno=0
[ 1607.670896][   T29] audit: type=1326 audit(1775820638.146:2375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc61f9c819 code=0x7ffc0000
[ 1607.693833][T18510] usb 41-1: new full-speed USB device number 10 using vhci_hcd
[ 1607.703967][   T29] audit: type=1326 audit(1775820638.146:2376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc61f9c819 code=0x7ffc0000
[ 1607.728835][   T29] audit: type=1326 audit(1775820638.146:2377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc61f9c819 code=0x7ffc0000
[ 1607.752839][   T29] audit: type=1326 audit(1775820638.146:2378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fdc61f9c819 code=0x7ffc0000
[ 1607.778283][   T29] audit: type=1326 audit(1775820638.236:2379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdc61f5d04e code=0x7ffc0000
[ 1607.803929][   T29] audit: type=1326 audit(1775820638.236:2380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdc61f5d04e code=0x7ffc0000
[ 1607.838936][   T29] audit: type=1326 audit(1775820638.236:2381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdc61f5d04e code=0x7ffc0000
[ 1607.922331][   T29] audit: type=1326 audit(1775820638.236:2382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdc61f5d04e code=0x7ffc0000
[ 1607.989424][   T29] audit: type=1326 audit(1775820638.266:2383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25567 comm="syz.2.5197" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fdc61f5d04e code=0x7ffc0000
[ 1608.032214][T25576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1608.061388][T25576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1608.134080][T25576] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1608.194016][T25576] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1608.451660][T25572] vhci_hcd: connection closed
[ 1608.456804][   T78] vhci_hcd vhci_hcd.4: stop threads
[ 1608.477027][   T78] vhci_hcd vhci_hcd.4: release socket
[ 1608.493206][   T78] vhci_hcd vhci_hcd.4: disconnect device
[ 1608.521455][T25565] vhci_hcd: connection reset by peer
[ 1608.532396][   T78] vhci_hcd vhci_hcd.4: stop threads
[ 1608.538635][   T78] vhci_hcd vhci_hcd.4: release socket
[ 1608.545222][   T78] vhci_hcd vhci_hcd.4: disconnect device
[ 1608.583491][T25584] netlink: 'syz.5.5201': attribute type 10 has an invalid length.
[ 1608.591343][T25584] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5201'.
[ 1608.814821][T20386] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1608.983560][T20386] usb 3-1: Using ep0 maxpacket: 16
[ 1608.991583][T20386] usb 3-1: config 192 has an invalid interface number: 53 but max is 0
[ 1609.000005][T20386] usb 3-1: config 192 has no interface number 0
[ 1609.007931][T20386] usb 3-1: config 192 interface 53 altsetting 64 endpoint 0x7 has invalid maxpacket 2015, setting to 64
[ 1609.032281][T20386] usb 3-1: config 192 interface 53 altsetting 64 endpoint 0xB has invalid maxpacket 9778, setting to 64
[ 1609.058226][T20386] usb 3-1: config 192 interface 53 altsetting 64 endpoint 0xA has invalid maxpacket 512, setting to 64
[ 1609.079786][T20386] usb 3-1: config 192 interface 53 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[ 1609.097097][T20386] usb 3-1: config 192 interface 53 altsetting 64 has a duplicate endpoint with address 0xA, skipping
[ 1609.111930][T20386] usb 3-1: config 192 interface 53 altsetting 64 endpoint 0x1 has an invalid bInterval 193, changing to 11
[ 1609.124305][T20386] usb 3-1: config 192 interface 53 altsetting 64 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[ 1609.154728][T20386] usb 3-1: config 192 interface 53 altsetting 64 has a duplicate endpoint with address 0xA, skipping
[ 1609.171865][T20386] usb 3-1: config 192 interface 53 altsetting 64 endpoint 0xF has invalid maxpacket 1023, setting to 64
[ 1609.183593][T20386] usb 3-1: config 192 interface 53 has no altsetting 0
[ 1609.191882][T25591] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[ 1609.198200][T20386] usb 3-1: New USB device found, idVendor=06cd, idProduct=010b, bcdDevice=a7.a0
[ 1609.198421][T25591] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1609.207957][T20386] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1609.224651][T25591] vhci_hcd vhci_hcd.0: Device attached
[ 1609.236685][T20386] usb 3-1: Product: ﻐઌ隰﷜䖼ﮢ许噥빯޳늤
[ 1609.244775][T20386] usb 3-1: Manufacturer: 썲듇䤎邹岆駜씳③䲰᜔豇罠뵾䰻씖㍯뉃慑ぃ嵁覤쎽ሡ⟕䆟唸愡堩灰ᣛ獣팫᲌Ｕ긧꩜賯ି﵍〈匜甠讍ꎃＵ碉鶌腔⠅軛슬
[ 1609.277544][T20386] usb 3-1: SerialNumber: 蟁
[ 1609.302320][T25591] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(13)
[ 1609.308992][T25591] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1609.316979][T25591] vhci_hcd vhci_hcd.0: Device attached
[ 1609.325890][T25594] vhci_hcd: connection closed
[ 1609.326902][ T7148] vhci_hcd vhci_hcd.4: stop threads
[ 1609.339797][T25592] vhci_hcd: connection closed
[ 1609.339851][ T7148] vhci_hcd vhci_hcd.4: release socket
[ 1609.351661][ T7148] vhci_hcd vhci_hcd.4: disconnect device
[ 1609.357972][ T7148] vhci_hcd vhci_hcd.4: stop threads
[ 1609.363424][ T7148] vhci_hcd vhci_hcd.4: release socket
[ 1609.369020][ T7148] vhci_hcd vhci_hcd.4: disconnect device
[ 1609.585844][T25601] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5205'.
[ 1609.596906][T25601] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1609.623186][T25603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1609.646393][T25603] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1609.691135][T25586] syzkaller1: entered promiscuous mode
[ 1609.705779][T25586] syzkaller1: entered allmulticast mode
[ 1609.736448][T25604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1609.751158][T20386] keyspan 3-1:192.53: Keyspan - (without firmware) converter detected
[ 1609.770632][T25604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1609.797435][T20386] usb 3-1: Direct firmware load for keyspan/usa19qi.fw failed with error -2
[ 1609.830060][T20386] usb 3-1: Falling back to sysfs fallback for: keyspan/usa19qi.fw
[ 1610.071719][T25613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1610.116974][T25613] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1610.199086][T25618] FAULT_INJECTION: forcing a failure.
[ 1610.199086][T25618] name failslab, interval 1, probability 0, space 0, times 0
[ 1610.241442][T25618] CPU: 0 UID: 0 PID: 25618 Comm: syz.0.5212 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1610.241480][T25618] Tainted: [L]=SOFTLOCKUP
[ 1610.241489][T25618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1610.241502][T25618] Call Trace:
[ 1610.241510][T25618]  <TASK>
[ 1610.241519][T25618]  dump_stack_lvl+0xe8/0x150
[ 1610.241552][T25618]  should_fail_ex+0x412/0x560
[ 1610.241586][T25618]  should_failslab+0xa8/0x100
[ 1610.241634][T25618]  __kmalloc_cache_noprof+0x88/0x660
[ 1610.241650][T25618]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[ 1610.241667][T25618]  ? sctp_add_bind_addr+0x8c/0x370
[ 1610.241710][T25618]  sctp_add_bind_addr+0x8c/0x370
[ 1610.241736][T25618]  sctp_copy_local_addr_list+0x314/0x4f0
[ 1610.241761][T25618]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[ 1610.241785][T25618]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1610.241802][T25618]  ? sctp_v6_is_any+0x64/0x80
[ 1610.241820][T25618]  ? sctp_copy_one_addr+0x93/0x360
[ 1610.241853][T25618]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1610.241877][T25618]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1610.241911][T25618]  sctp_connect_new_asoc+0x2ff/0x6b0
[ 1610.241940][T25618]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1610.241964][T25618]  ? __local_bh_enable_ip+0xd0/0x130
[ 1610.241995][T25618]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1610.242022][T25618]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1610.242052][T25618]  sctp_sendmsg+0x1528/0x2c10
[ 1610.242091][T25618]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1610.242112][T25618]  ? aa_sk_perm+0x6d5/0x900
[ 1610.242152][T25618]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1610.242186][T25618]  ? sock_rps_record_flow+0x19/0x400
[ 1610.242217][T25618]  ? inet_sendmsg+0x2f4/0x370
[ 1610.242247][T25618]  ____sys_sendmsg+0x80a/0x9f0
[ 1610.242272][T25618]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1610.242313][T25618]  ? import_iovec+0x73/0xa0
[ 1610.242347][T25618]  ___sys_sendmsg+0x2a5/0x360
[ 1610.242383][T25618]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1610.242405][T25618]  ? kstrtouint+0x6e/0xe0
[ 1610.242457][T25618]  ? __fget_files+0x2a/0x420
[ 1610.242476][T25618]  ? __fget_files+0x3a0/0x420
[ 1610.242504][T25618]  __sys_sendmmsg+0x27c/0x4e0
[ 1610.242538][T25618]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1610.242556][T25618]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1610.242618][T25618]  ? ksys_write+0x242/0x270
[ 1610.242644][T25618]  ? __pfx_ksys_write+0x10/0x10
[ 1610.242674][T25618]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1610.242702][T25618]  do_syscall_64+0x14d/0xf80
[ 1610.242729][T25618]  ? trace_irq_disable+0x3b/0x150
[ 1610.242756][T25618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1610.242778][T25618]  ? clear_bhb_loop+0x40/0x90
[ 1610.242802][T25618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1610.242822][T25618] RIP: 0033:0x7fb6b639c819
[ 1610.242844][T25618] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1610.242857][T25618] RSP: 002b:00007fb6b7235028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1610.242873][T25618] RAX: ffffffffffffffda RBX: 00007fb6b6615fa0 RCX: 00007fb6b639c819
[ 1610.242884][T25618] RDX: 0000000000000001 RSI: 0000200000000380 RDI: 0000000000000003
[ 1610.242905][T25618] RBP: 00007fb6b7235090 R08: 0000000000000000 R09: 0000000000000000
[ 1610.242918][T25618] R10: 000000000004c040 R11: 0000000000000246 R12: 0000000000000002
[ 1610.242932][T25618] R13: 00007fb6b6616038 R14: 00007fb6b6615fa0 R15: 00007fb6b673fa48
[ 1610.242963][T25618]  </TASK>
[ 1610.635352][T25620] FAULT_INJECTION: forcing a failure.
[ 1610.635352][T25620] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1610.648575][T25620] CPU: 0 UID: 0 PID: 25620 Comm: syz.0.5213 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1610.648608][T25620] Tainted: [L]=SOFTLOCKUP
[ 1610.648616][T25620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1610.648629][T25620] Call Trace:
[ 1610.648639][T25620]  <TASK>
[ 1610.648648][T25620]  dump_stack_lvl+0xe8/0x150
[ 1610.648682][T25620]  should_fail_ex+0x412/0x560
[ 1610.648738][T25620]  _copy_from_iter+0x1d3/0x1670
[ 1610.648763][T25620]  ? rcu_is_watching+0x15/0xb0
[ 1610.648795][T25620]  ? __pfx__copy_from_iter+0x10/0x10
[ 1610.648822][T25620]  ? netlink_sendmsg+0x650/0xb40
[ 1610.648843][T25620]  ? skb_put+0x11b/0x210
[ 1610.648861][T25620]  netlink_sendmsg+0x6c0/0xb40
[ 1610.648919][T25620]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1610.648945][T25620]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1610.648982][T25620]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1610.649002][T25620]  ____sys_sendmsg+0x972/0x9f0
[ 1610.649027][T25620]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1610.649072][T25620]  ? import_iovec+0x73/0xa0
[ 1610.649099][T25620]  ___sys_sendmsg+0x2a5/0x360
[ 1610.649132][T25620]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1610.649177][T25620]  ? __fget_files+0x2a/0x420
[ 1610.649189][T25620]  ? __fget_files+0x3a0/0x420
[ 1610.649229][T25620]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1610.649259][T25620]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1610.649298][T25620]  ? __pfx_ksys_write+0x10/0x10
[ 1610.649323][T25620]  do_syscall_64+0x14d/0xf80
[ 1610.649342][T25620]  ? trace_irq_disable+0x3b/0x150
[ 1610.649372][T25620]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1610.649394][T25620]  ? clear_bhb_loop+0x40/0x90
[ 1610.649417][T25620]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1610.649439][T25620] RIP: 0033:0x7fb6b639c819
[ 1610.649457][T25620] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1610.649471][T25620] RSP: 002b:00007fb6b7235028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1610.649486][T25620] RAX: ffffffffffffffda RBX: 00007fb6b6615fa0 RCX: 00007fb6b639c819
[ 1610.649497][T25620] RDX: 0000000000004010 RSI: 0000200000000280 RDI: 0000000000000005
[ 1610.649524][T25620] RBP: 00007fb6b7235090 R08: 0000000000000000 R09: 0000000000000000
[ 1610.649537][T25620] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1610.649550][T25620] R13: 00007fb6b6616038 R14: 00007fb6b6615fa0 R15: 00007fb6b673fa48
[ 1610.649579][T25620]  </TASK>
[ 1610.899152][ T5917] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[ 1611.093555][ T5917] usb 5-1: Using ep0 maxpacket: 16
[ 1611.103797][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1611.114841][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1611.124797][ T5917] usb 5-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[ 1611.133888][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1611.158672][ T5917] usb 5-1: config 0 descriptor??
[ 1611.271702][T25625] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1611.300533][T25625] syzkaller0: entered promiscuous mode
[ 1611.343719][T25625] syzkaller0: entered allmulticast mode
[ 1611.599825][ T5917] usbhid 5-1:0.0: can't add hid device: -71
[ 1611.606059][ T5917] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1611.627755][ T5917] usb 5-1: USB disconnect, device number 19
[ 1611.991514][T25643] Cannot find add_set index 0 as target
[ 1612.008934][T25643] netdevsim netdevsim5: Direct firmware load for /
[ 1612.008934][T25643]  failed with error -2
[ 1612.028155][T25643] netdevsim netdevsim5: Falling back to sysfs fallback for: /
[ 1612.028155][T25643] 
[ 1612.255013][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1612.283757][ T5898] usb 4-1: unable to read config index 0 descriptor/start: -32
[ 1612.291461][ T5898] usb 4-1: chopping to 0 config(s)
[ 1612.389210][ T5898] usb 4-1: can't read configurations, error -32
[ 1612.403542][ T5917] tipc: Node number set to 594549853
[ 1612.653575][ T5898] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[ 1612.730718][T25664] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5226'.
[ 1612.803519][T18510] vhci_hcd vhci_hcd.4: vhci_device speed not set
[ 1612.809944][ T5898] usb 4-1: device descriptor read/64, error -32
[ 1612.923620][ T5898] usb usb4-port1: attempt power cycle
[ 1613.112605][T25673] could not allocate digest TFM handle 
[ 1613.210953][T25677] netdevsim netdevsim3: Direct firmware load for /
[ 1613.210953][T25677]  failed with error -2
[ 1613.221845][T25677] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[ 1613.221845][T25677] 
[ 1613.293481][ T5898] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1613.323786][ T5898] usb 4-1: device descriptor read/8, error -32
[ 1613.568550][ T5898] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[ 1613.603703][ T5898] usb 4-1: device descriptor read/8, error -32
[ 1613.727013][ T5898] usb usb4-port1: unable to enumerate USB device
[ 1614.281155][T25624] tipc: Resetting bearer <eth:syzkaller0>
[ 1614.329819][T25624] tipc: Disabling bearer <eth:syzkaller0>
[ 1614.420343][T25693] fuse: Bad value for 'fd'
[ 1614.512378][   T29] kauditd_printk_skb: 45 callbacks suppressed
[ 1614.512395][   T29] audit: type=1326 audit(1775820644.986:2429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25689 comm="syz.5.5234" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd4e7f9c819 code=0x0
[ 1614.577743][T25694] netlink: 40 bytes leftover after parsing attributes in process `syz.5.5234'.
[ 1616.247382][T25721] netlink: 48 bytes leftover after parsing attributes in process `syz.0.5245'.
[ 1616.256034][T25724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1616.272723][T25724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1616.301039][T25725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1616.319624][T25725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1616.539852][T25724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1616.591644][T25724] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1616.770365][T25735] geneve2: entered promiscuous mode
[ 1617.522341][T25756] SET target dimension over the limit!
[ 1617.530971][T25756] netdevsim netdevsim0: Direct firmware load for /
[ 1617.530971][T25756]  failed with error -2
[ 1617.743534][T25756] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[ 1617.743534][T25756] 
[ 1618.700731][T25763] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1618.707307][T25763] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1618.737120][T25763] vhci_hcd vhci_hcd.0: Device attached
[ 1618.914540][ T5898] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1618.983445][ T5898] usb 43-1: new full-speed USB device number 7 using vhci_hcd
[ 1619.123443][T25770] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(14)
[ 1619.130096][T25770] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1619.148467][T25770] vhci_hcd vhci_hcd.0: Device attached
[ 1619.742766][T25771] vhci_hcd: connection closed
[ 1619.743021][ T7148] vhci_hcd vhci_hcd.5: stop threads
[ 1619.780541][ T7148] vhci_hcd vhci_hcd.5: release socket
[ 1619.791873][T25779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1619.806915][T25764] vhci_hcd: connection reset by peer
[ 1619.819605][T25779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1619.840944][ T7148] vhci_hcd vhci_hcd.5: disconnect device
[ 1619.862303][ T7148] vhci_hcd vhci_hcd.5: stop threads
[ 1619.873583][ T7148] vhci_hcd vhci_hcd.5: release socket
[ 1619.909594][ T7148] vhci_hcd vhci_hcd.5: disconnect device
[ 1620.198463][T25782] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[ 1620.205029][T25782] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1620.218750][T25782] vhci_hcd vhci_hcd.0: Device attached
[ 1620.393499][T21180] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1620.403577][T25786] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(14)
[ 1620.410478][T25786] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1620.438581][T25786] vhci_hcd vhci_hcd.0: Device attached
[ 1620.483552][T21180] usb 37-1: new full-speed USB device number 10 using vhci_hcd
[ 1620.570812][T25791] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[ 1620.577373][T25791] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1620.610098][T25791] vhci_hcd vhci_hcd.0: Device attached
[ 1620.796966][T18510] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1620.863440][T18510] usb 39-1: new full-speed USB device number 9 using vhci_hcd
[ 1620.878042][T25798] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(14)
[ 1620.884701][T25798] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1620.907848][T25798] vhci_hcd vhci_hcd.0: Device attached
[ 1621.073484][T25787] vhci_hcd: connection closed
[ 1621.075455][   T50] vhci_hcd vhci_hcd.2: stop threads
[ 1621.083856][T25783] vhci_hcd: connection reset by peer
[ 1621.111434][T25805] Attempt to restore checkpoint with obsolete wellknown handles
[ 1621.120507][   T50] vhci_hcd vhci_hcd.2: release socket
[ 1621.127716][   T50] vhci_hcd vhci_hcd.2: disconnect device
[ 1621.138555][   T50] vhci_hcd vhci_hcd.2: stop threads
[ 1621.164188][   T50] vhci_hcd vhci_hcd.2: release socket
[ 1621.170648][   T50] vhci_hcd vhci_hcd.2: disconnect device
[ 1621.229850][T25807] FAULT_INJECTION: forcing a failure.
[ 1621.229850][T25807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1621.243443][T25807] CPU: 1 UID: 0 PID: 25807 Comm: syz.5.5265 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1621.243473][T25807] Tainted: [L]=SOFTLOCKUP
[ 1621.243482][T25807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1621.243494][T25807] Call Trace:
[ 1621.243502][T25807]  <TASK>
[ 1621.243510][T25807]  dump_stack_lvl+0xe8/0x150
[ 1621.243550][T25807]  should_fail_ex+0x412/0x560
[ 1621.243574][T25807]  _copy_from_user+0x2d/0xb0
[ 1621.243592][T25807]  ___sys_recvmsg+0x175/0x590
[ 1621.243610][T25807]  ? __lock_acquire+0x6b5/0x2cf0
[ 1621.243630][T25807]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1621.243670][T25807]  do_recvmmsg+0x334/0x800
[ 1621.243692][T25807]  ? __schedule+0x15f3/0x52d0
[ 1621.243709][T25807]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1621.243745][T25807]  __x64_sys_recvmmsg+0x198/0x250
[ 1621.243766][T25807]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1621.243793][T25807]  do_syscall_64+0x14d/0xf80
[ 1621.243811][T25807]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1621.243824][T25807]  ? clear_bhb_loop+0x40/0x90
[ 1621.243841][T25807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1621.243854][T25807] RIP: 0033:0x7fd4e7f9c819
[ 1621.243868][T25807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1621.243879][T25807] RSP: 002b:00007fd4e61f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1621.243894][T25807] RAX: ffffffffffffffda RBX: 00007fd4e8216180 RCX: 00007fd4e7f9c819
[ 1621.243904][T25807] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000006
[ 1621.243913][T25807] RBP: 00007fd4e61f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1621.243921][T25807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1621.243930][T25807] R13: 00007fd4e8216218 R14: 00007fd4e8216180 R15: 00007fd4e833fa48
[ 1621.243950][T25807]  </TASK>
[ 1621.523778][T25792] vhci_hcd: connection reset by peer
[ 1621.534019][T25799] vhci_hcd: connection closed
[ 1621.534269][ T6272] vhci_hcd vhci_hcd.3: stop threads
[ 1621.665987][ T6272] vhci_hcd vhci_hcd.3: release socket
[ 1621.688261][ T6272] vhci_hcd vhci_hcd.3: disconnect device
[ 1621.717886][ T6272] vhci_hcd vhci_hcd.3: stop threads
[ 1621.723133][ T6272] vhci_hcd vhci_hcd.3: release socket
[ 1621.740435][ T6272] vhci_hcd vhci_hcd.3: disconnect device
[ 1622.552778][T25817] netlink: 'syz.0.5268': attribute type 1 has an invalid length.
[ 1622.840150][T25818] bond3: (slave geneve2): making interface the new active one
[ 1622.854474][T25818] bond3: (slave geneve2): Enslaving as an active interface with an up link
[ 1622.893978][ T6272] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0
[ 1622.933469][ T6272] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0
[ 1622.975475][ T6272] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0
[ 1623.030141][ T6272] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0
[ 1623.449034][T25840] Cannot find add_set index 0 as target
[ 1623.456289][T25840] netdevsim netdevsim4: Direct firmware load for /
[ 1623.456289][T25840]  failed with error -2
[ 1623.469237][T25840] netdevsim netdevsim4: Falling back to sysfs fallback for: /
[ 1623.469237][T25840] 
[ 1623.735682][T25842] FAULT_INJECTION: forcing a failure.
[ 1623.735682][T25842] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1623.789682][T25842] CPU: 1 UID: 0 PID: 25842 Comm: syz.5.5278 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1623.789716][T25842] Tainted: [L]=SOFTLOCKUP
[ 1623.789724][T25842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1623.789737][T25842] Call Trace:
[ 1623.789746][T25842]  <TASK>
[ 1623.789756][T25842]  dump_stack_lvl+0xe8/0x150
[ 1623.789790][T25842]  should_fail_ex+0x412/0x560
[ 1623.789827][T25842]  _copy_from_user+0x2d/0xb0
[ 1623.789853][T25842]  sg_io+0x29f/0x890
[ 1623.789881][T25842]  scsi_ioctl+0x148b/0x2130
[ 1623.789908][T25842]  ? __pfx_scsi_ioctl+0x10/0x10
[ 1623.789958][T25842]  ? kasan_quarantine_put+0xbb/0x1f0
[ 1623.789999][T25842]  ? scsi_block_when_processing_errors+0x3b6/0x480
[ 1623.790028][T25842]  ? __pfx_scsi_block_when_processing_errors+0x10/0x10
[ 1623.790071][T25842]  sg_ioctl+0x112f/0x2220
[ 1623.790110][T25842]  ? __pfx_sg_ioctl+0x10/0x10
[ 1623.790142][T25842]  ? __fget_files+0x2a/0x420
[ 1623.790164][T25842]  ? __fget_files+0x2a/0x420
[ 1623.790181][T25842]  ? __fget_files+0x3a0/0x420
[ 1623.790211][T25842]  ? __fget_files+0x2a/0x420
[ 1623.790231][T25842]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1623.790258][T25842]  ? __pfx_sg_ioctl+0x10/0x10
[ 1623.790285][T25842]  __se_sys_ioctl+0xfc/0x170
[ 1623.790312][T25842]  do_syscall_64+0x14d/0xf80
[ 1623.790336][T25842]  ? trace_irq_disable+0x3b/0x150
[ 1623.790352][T25842]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1623.790371][T25842]  ? clear_bhb_loop+0x40/0x90
[ 1623.790396][T25842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1623.790415][T25842] RIP: 0033:0x7fd4e7f9c819
[ 1623.790432][T25842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1623.790450][T25842] RSP: 002b:00007fd4e8da3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1623.790471][T25842] RAX: ffffffffffffffda RBX: 00007fd4e8215fa0 RCX: 00007fd4e7f9c819
[ 1623.790486][T25842] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 0000000000000008
[ 1623.790499][T25842] RBP: 00007fd4e8da3090 R08: 0000000000000000 R09: 0000000000000000
[ 1623.790512][T25842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1623.790524][T25842] R13: 00007fd4e8216038 R14: 00007fd4e8215fa0 R15: 00007fd4e833fa48
[ 1623.790553][T25842]  </TASK>
[ 1624.083453][ T5898] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1624.260457][T25852] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[ 1624.266999][T25852] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1624.283565][T25852] vhci_hcd vhci_hcd.0: Device attached
[ 1624.463531][   T42] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1624.469940][T25852] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(14)
[ 1624.476560][T25852] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1624.543554][   T42] usb 33-1: new full-speed USB device number 14 using vhci_hcd
[ 1624.733615][T25852] vhci_hcd vhci_hcd.0: Device attached
[ 1624.758766][T25863] syzkaller1: entered promiscuous mode
[ 1624.889154][T25866] netlink: 24 bytes leftover after parsing attributes in process `syz.5.5281'.
[ 1624.903540][T25863] syzkaller1: entered allmulticast mode
[ 1625.068146][T25857] vhci_hcd: connection closed
[ 1625.068613][T25853] vhci_hcd: connection reset by peer
[ 1625.073431][ T6274] vhci_hcd vhci_hcd.0: stop threads
[ 1625.097441][ T6274] vhci_hcd vhci_hcd.0: release socket
[ 1625.107791][ T6274] vhci_hcd vhci_hcd.0: disconnect device
[ 1625.127217][ T6274] vhci_hcd vhci_hcd.0: stop threads
[ 1625.146279][ T6274] vhci_hcd vhci_hcd.0: release socket
[ 1625.161910][ T6274] vhci_hcd vhci_hcd.0: disconnect device
[ 1625.603620][T21180] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1625.643915][T25876] trusted_key: encrypted_key: insufficient parameters specified
[ 1625.916975][   T29] audit: type=1804 audit(1775820656.386:2430): pid=25881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.5284" name="/newroot/485/file1" dev="fuse" ino=1 res=1 errno=0
[ 1626.003566][T18510] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1626.213584][ T5884] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[ 1626.414858][ T5884] usb 5-1: Using ep0 maxpacket: 16
[ 1626.429756][ T5884] usb 5-1: config 0 has no interfaces?
[ 1626.436749][ T5884] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1626.461263][ T5884] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1626.479572][ T5884] usb 5-1: Manufacturer: syz
[ 1626.499258][ T5884] usb 5-1: config 0 descriptor??
[ 1626.708035][T25888] netlink: 'syz.5.5287': attribute type 1 has an invalid length.
[ 1626.730165][T25888] loop4: detected capacity change from 0 to 7
[ 1626.737926][T25888] Dev loop4: unable to read RDB block 7
[ 1626.743684][T25888]  loop4: AHDI p1 p2
[ 1626.747650][T25888] loop4: partition table partially beyond EOD, truncated
[ 1626.755583][T25888] loop4: p1 start 1835360114 is beyond EOD, truncated
[ 1626.767497][T25888] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5287'.
[ 1627.355580][ T5884] usb 6-1: new full-speed USB device number 46 using dummy_hcd
[ 1627.517793][ T5884] usb 6-1: config 1 has an invalid interface descriptor of length 8, skipping
[ 1627.536224][ T5884] usb 6-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[ 1627.547526][ T5884] usb 6-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1627.564513][ T5884] usb 6-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 5, skipping
[ 1627.586138][ T5884] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1627.648071][ T5884] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1627.668782][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1627.690882][ T5884] usb 6-1: SerialNumber: syz
[ 1627.791933][ T5884] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[ 1627.826083][ T5884] cdc_acm 6-1:1.0: This needs exactly 3 endpoints
[ 1627.847369][ T5884] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -22
[ 1629.051451][T25913] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[ 1629.058074][T25913] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1629.067794][T25913] vhci_hcd vhci_hcd.0: Device attached
[ 1629.128390][T21180] usb 5-1: USB disconnect, device number 20
[ 1629.263617][T18510] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1629.362250][T18510] usb 39-1: new full-speed USB device number 10 using vhci_hcd
[ 1629.459625][T25917] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(15)
[ 1629.466279][T25917] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1629.520399][T25917] vhci_hcd vhci_hcd.0: Device attached
[ 1629.763538][   T42] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1630.255326][T25922] vhci_hcd: connection closed
[ 1630.263934][ T6274] vhci_hcd vhci_hcd.3: stop threads
[ 1630.290735][T25914] vhci_hcd: connection reset by peer
[ 1630.331924][ T6274] vhci_hcd vhci_hcd.3: release socket
[ 1630.364117][ T6274] vhci_hcd vhci_hcd.3: disconnect device
[ 1630.398428][ T6274] vhci_hcd vhci_hcd.3: stop threads
[ 1630.427995][ T5884] usb 6-1: USB disconnect, device number 46
[ 1630.445928][ T6274] vhci_hcd vhci_hcd.3: release socket
[ 1630.463881][ T6274] vhci_hcd vhci_hcd.3: disconnect device
[ 1630.602730][T25920] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5296'.
[ 1630.670527][T25941] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1630.681751][T25941] syzkaller0: entered promiscuous mode
[ 1630.687497][T25941] syzkaller0: entered allmulticast mode
[ 1630.942647][T25949] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 25949 comm: syz.2.5305)
[ 1630.974387][   T29] audit: type=1800 audit(1775820661.456:2431): pid=25949 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5305" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=142550 res=0 errno=0
[ 1631.024022][ T5884] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[ 1631.273435][ T5884] usb 6-1: Using ep0 maxpacket: 16
[ 1631.280620][ T5884] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1631.292052][ T5884] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1631.307160][ T5884] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1631.346562][ T5884] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1631.357085][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1631.387918][ T5884] usb 6-1: config 0 descriptor??
[ 1631.597781][T25940] tipc: Resetting bearer <eth:syzkaller0>
[ 1631.608773][ T5884] usbhid 6-1:0.0: can't add hid device: -71
[ 1631.644596][ T5884] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1631.657540][T25940] tipc: Disabling bearer <eth:syzkaller0>
[ 1631.757535][ T5884] usb 6-1: USB disconnect, device number 47
[ 1633.759556][T25988] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1633.766092][T25988] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1633.781582][T25988] vhci_hcd vhci_hcd.0: Device attached
[ 1634.120427][   T42] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1634.193435][   T42] usb 43-1: new full-speed USB device number 8 using vhci_hcd
[ 1634.562472][T18510] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1634.698265][T25999] Cannot find add_set index 0 as target
[ 1634.801220][T26002] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(15)
[ 1634.807897][T26002] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1634.838504][T26000] netdevsim netdevsim3: Direct firmware load for /
[ 1634.838504][T26000]  failed with error -2
[ 1634.849517][T26002] vhci_hcd vhci_hcd.0: Device attached
[ 1634.888097][T26000] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[ 1634.888097][T26000] 
[ 1635.207135][T26003] vhci_hcd: connection closed
[ 1635.227264][T25989] vhci_hcd: connection reset by peer
[ 1635.256841][   T78] vhci_hcd vhci_hcd.5: stop threads
[ 1635.277145][   T78] vhci_hcd vhci_hcd.5: release socket
[ 1635.291542][   T78] vhci_hcd vhci_hcd.5: disconnect device
[ 1635.320057][   T78] vhci_hcd vhci_hcd.5: stop threads
[ 1635.346383][   T78] vhci_hcd vhci_hcd.5: release socket
[ 1635.408598][   T78] vhci_hcd vhci_hcd.5: disconnect device
[ 1635.649146][T26010] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1636.053975][T26010] syzkaller0: entered promiscuous mode
[ 1636.069042][T26010] syzkaller0: entered allmulticast mode
[ 1636.763675][T18510] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[ 1636.963667][T18510] usb 5-1: Using ep0 maxpacket: 8
[ 1636.981156][T18510] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[ 1636.992518][T18510] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1637.003257][T18510] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1637.013785][T18510] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1637.024492][T18510] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1637.037804][T18510] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1637.046960][T18510] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1637.071352][T26031] Cannot find add_set index 0 as target
[ 1637.078669][T26031] netdevsim netdevsim3: Direct firmware load for /
[ 1637.078669][T26031]  failed with error -2
[ 1637.091542][T26031] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[ 1637.091542][T26031] 
[ 1637.342889][T18510] usb 5-1: GET_CAPABILITIES returned 0
[ 1637.348558][T18510] usbtmc 5-1:16.0: can't read capabilities
[ 1637.956698][ T1212] usb 5-1: USB disconnect, device number 21
[ 1638.620886][T26042] FAULT_INJECTION: forcing a failure.
[ 1638.620886][T26042] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1638.667424][T26009] tipc: Resetting bearer <eth:syzkaller0>
[ 1638.713806][T26042] CPU: 1 UID: 0 PID: 26042 Comm: syz.4.5329 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1638.713836][T26042] Tainted: [L]=SOFTLOCKUP
[ 1638.713844][T26042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1638.713856][T26042] Call Trace:
[ 1638.713864][T26042]  <TASK>
[ 1638.713873][T26042]  dump_stack_lvl+0xe8/0x150
[ 1638.713906][T26042]  should_fail_ex+0x412/0x560
[ 1638.713943][T26042]  _copy_to_user+0x31/0xb0
[ 1638.713971][T26042]  simple_read_from_buffer+0xe1/0x170
[ 1638.713995][T26042]  proc_fail_nth_read+0x1bb/0x230
[ 1638.714018][T26042]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1638.714040][T26042]  ? rw_verify_area+0x2a6/0x4d0
[ 1638.714056][T26042]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1638.714077][T26042]  vfs_read+0x20c/0xa70
[ 1638.714090][T26042]  ? fdget_pos+0x246/0x320
[ 1638.714106][T26042]  ? __pfx___mutex_lock+0x10/0x10
[ 1638.714127][T26042]  ? __pfx_vfs_read+0x10/0x10
[ 1638.714143][T26042]  ? __fget_files+0x2a/0x420
[ 1638.714157][T26042]  ? __fget_files+0x3a0/0x420
[ 1638.714169][T26042]  ? __fget_files+0x2a/0x420
[ 1638.714186][T26042]  ksys_read+0x150/0x270
[ 1638.714203][T26042]  ? __pfx_ksys_read+0x10/0x10
[ 1638.714224][T26042]  do_syscall_64+0x14d/0xf80
[ 1638.714242][T26042]  ? trace_irq_disable+0x3b/0x150
[ 1638.714254][T26042]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1638.714274][T26042]  ? clear_bhb_loop+0x40/0x90
[ 1638.714290][T26042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1638.714304][T26042] RIP: 0033:0x7f2ae055d04e
[ 1638.714317][T26042] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1638.714329][T26042] RSP: 002b:00007f2ae1478fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1638.714344][T26042] RAX: ffffffffffffffda RBX: 00007f2ae14796c0 RCX: 00007f2ae055d04e
[ 1638.714355][T26042] RDX: 000000000000000f RSI: 00007f2ae14790a0 RDI: 000000000000000f
[ 1638.714363][T26042] RBP: 00007f2ae1479090 R08: 0000000000000000 R09: 0000000000000000
[ 1638.714372][T26042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1638.714381][T26042] R13: 00007f2ae0816038 R14: 00007f2ae0815fa0 R15: 00007f2ae093fa48
[ 1638.714401][T26042]  </TASK>
[ 1638.958390][T26009] tipc: Disabling bearer <eth:syzkaller0>
[ 1639.303518][   T42] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1639.337463][T26064] fuse: Unknown parameter ''
[ 1639.514037][T18510] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[ 1639.522490][T26066] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5336'.
[ 1639.736520][T18510] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1639.760411][T18510] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1639.775381][T26067] netlink: 'syz.2.5336': attribute type 25 has an invalid length.
[ 1639.792038][T18510] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1639.827267][T26067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5336'.
[ 1639.855008][T18510] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1639.888947][T20296] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[ 1639.903469][T18510] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1639.918788][T26071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1639.922089][T20296] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1639.938754][T18510] usb 5-1: Product: syz
[ 1639.947709][T18510] usb 5-1: Manufacturer: syz
[ 1639.988561][T18510] usb 5-1: SerialNumber: syz
[ 1639.994003][T20296] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1640.009685][T18510] cdc_mbim 5-1:1.0: skipping garbage
[ 1640.017425][T20296] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1640.028622][T18510] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1640.036025][T18510] cdc_mbim 5-1:1.0: bind() failure
[ 1640.092955][T26071] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1640.324287][T18510] usb 5-1: USB disconnect, device number 22
[ 1640.990643][T26088] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1641.019851][T26090] fuse: Bad value for 'fd'
[ 1641.608474][T26103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5348'.
[ 1641.625448][T26103] netlink: zone id is out of range
[ 1641.933236][T26110] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5351'.
[ 1641.944652][T26110] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5351'.
[ 1642.155803][   T29] audit: type=1326 audit(1775820672.636:2432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.185659][T18510] usb 5-1: new low-speed USB device number 23 using dummy_hcd
[ 1642.200006][   T29] audit: type=1326 audit(1775820672.636:2433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.236051][   T29] audit: type=1326 audit(1775820672.636:2434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.268966][   T29] audit: type=1326 audit(1775820672.636:2435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.307576][   T29] audit: type=1326 audit(1775820672.636:2436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.334182][   T29] audit: type=1326 audit(1775820672.636:2437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.363795][   T29] audit: type=1326 audit(1775820672.636:2438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.391437][T18510] usb 5-1: device descriptor read/64, error -71
[ 1642.400711][   T29] audit: type=1326 audit(1775820672.636:2439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.423825][   T29] audit: type=1326 audit(1775820672.636:2440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.446673][   T29] audit: type=1326 audit(1775820672.636:2441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26109 comm="syz.3.5351" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1642.523420][ T5925] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[ 1642.644991][T18510] usb 5-1: new low-speed USB device number 24 using dummy_hcd
[ 1642.701027][ T5925] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1642.712788][ T5925] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1642.721777][ T5925] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1642.740822][ T5925] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1642.753696][ T5925] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1642.774024][ T5925] usb 6-1: Product: syz
[ 1642.844812][T18510] usb 5-1: device descriptor read/64, error -71
[ 1642.852382][T26117] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1642.922067][ T5925] usb 6-1: Manufacturer: syz
[ 1642.930059][ T5925] usb 6-1: SerialNumber: syz
[ 1642.966500][ T5925] cdc_mbim 6-1:1.0: skipping garbage
[ 1642.972218][ T5925] cdc_mbim 6-1:1.0: CDC Union missing and no IAD found
[ 1642.983618][T18510] usb usb5-port1: attempt power cycle
[ 1643.011702][ T5925] cdc_mbim 6-1:1.0: bind() failure
[ 1643.333503][T18510] usb 5-1: new low-speed USB device number 25 using dummy_hcd
[ 1643.521793][T18510] usb 5-1: device descriptor read/8, error -71
[ 1643.637109][ T5925] usb 6-1: USB disconnect, device number 48
[ 1643.792303][T18510] usb 5-1: new low-speed USB device number 26 using dummy_hcd
[ 1643.824420][T18510] usb 5-1: device descriptor read/8, error -71
[ 1643.935008][T18510] usb usb5-port1: unable to enumerate USB device
[ 1644.082050][T26088] tipc: Disabling bearer <eth:syzkaller0>
[ 1644.449307][T26139] netlink: 'syz.0.5359': attribute type 10 has an invalid length.
[ 1644.485596][T26141] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5358'.
[ 1644.496218][T26139] bridge0: entered allmulticast mode
[ 1644.502126][T26139] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1644.712369][T26153] Cannot find add_set index 0 as target
[ 1644.720676][T26153] netdevsim netdevsim0: Direct firmware load for /
[ 1644.720676][T26153]  failed with error -2
[ 1644.731469][T26153] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[ 1644.731469][T26153] 
[ 1644.883398][ T5884] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[ 1645.054112][ T5884] usb 6-1: Using ep0 maxpacket: 8
[ 1645.063707][ T5884] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 64
[ 1645.114375][ T5884] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1645.126324][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1645.137548][ T5884] usb 6-1: Product: 쪥茽䔂អ媕読⢬㜲佋䶰즭ř窟⢚࣭䄭焉妘놂콨徖췌䷬ꁌ㐯螀糅Ṛ쒙꼸環ᥩ肿왳₌᪓콨텫虳蓇︗ཙ发釵蹟濊䭗ᑓ柱役佋檣ᑂű댽髕褷贿죴摜쭳គᢐ悂刎퉙严䛚ڦ䚐媚狹U眶藆ሱ⢸㶅
[ 1645.182991][ T5884] usb 6-1: Manufacturer: 㐊
[ 1645.190810][ T5884] usb 6-1: SerialNumber: 㩶৺٦迶李媳ᦇ㐽館㦭䆛ͅﭞ佑˳譱妘墁椷峟딮촵⒙୫⏱㓓ᗪ쩑力䣃藫䨰跲飪鵩ǔ횭
[ 1645.228784][T26152] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1645.347013][T26162] loop5: detected capacity change from 0 to 7
[ 1645.354025][T26162]  loop5:
[ 1645.357173][T26162] loop5: partition table partially beyond EOD, truncated
[ 1645.946069][ T5884] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 49 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8
[ 1645.971527][ T5884] usb 6-1: USB disconnect, device number 49
[ 1645.985009][T26172] [U] V�3��Fپ"S��/��4:�XTZ�W�T��LW��=
[ 1646.034504][ T5884] usblp0: removed
[ 1646.468723][ T1212] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1646.750692][ T1212] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1646.771071][ T1212] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1646.786561][ T1212] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1646.806411][ T1212] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1646.817793][ T1212] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1646.827927][ T1212] usb 5-1: Product: syz
[ 1646.887236][ T1212] usb 5-1: Manufacturer: syz
[ 1646.892095][ T1212] usb 5-1: SerialNumber: syz
[ 1646.954066][ T1212] cdc_mbim 5-1:1.0: skipping garbage
[ 1646.966374][ T1212] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1646.980602][ T1212] cdc_mbim 5-1:1.0: bind() failure
[ 1646.988203][T26165] [U] J"�E:��"


[ 1647.307547][T18510] usb 5-1: USB disconnect, device number 27
[ 1648.828397][T26169] syz.3.5368 (26169): drop_caches: 2
[ 1648.887246][T26197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5376'.
[ 1649.030135][T26201] netlink: 80 bytes leftover after parsing attributes in process `syz.3.5378'.
[ 1650.506331][T26216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1650.577096][T26216] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1650.765456][T26224] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5386'.
[ 1650.775537][T26224] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5386'.
[ 1650.784869][T26224] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5386'.
[ 1650.971036][T26228] netlink: 76 bytes leftover after parsing attributes in process `syz.0.5388'.
[ 1651.163584][T18510] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1651.315189][T18510] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1651.336724][T18510] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1651.362689][T18510] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1651.386668][T18510] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1651.396101][T18510] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1651.408267][T18510] usb 5-1: Product: syz
[ 1651.414266][T18510] usb 5-1: Manufacturer: syz
[ 1651.420064][T18510] usb 5-1: SerialNumber: syz
[ 1651.439103][T18510] cdc_mbim 5-1:1.0: skipping garbage
[ 1651.448480][T18510] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1651.460015][T18510] cdc_mbim 5-1:1.0: bind() failure
[ 1651.705923][T26252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5393'.
[ 1651.798149][ T1212] usb 5-1: USB disconnect, device number 28
[ 1652.279388][T26260] fuse: Invalid uid '00000000000000000000003'
[ 1652.289287][T26260] fuse: Invalid uid '00000000000000000000003'
[ 1653.781147][T26278] FAULT_INJECTION: forcing a failure.
[ 1653.781147][T26278] name failslab, interval 1, probability 0, space 0, times 0
[ 1653.794411][T26278] CPU: 1 UID: 0 PID: 26278 Comm: syz.3.5401 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1653.794433][T26278] Tainted: [L]=SOFTLOCKUP
[ 1653.794439][T26278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1653.794448][T26278] Call Trace:
[ 1653.794455][T26278]  <TASK>
[ 1653.794461][T26278]  dump_stack_lvl+0xe8/0x150
[ 1653.794486][T26278]  should_fail_ex+0x412/0x560
[ 1653.794512][T26278]  should_failslab+0xa8/0x100
[ 1653.794533][T26278]  __kmalloc_cache_noprof+0x88/0x660
[ 1653.794563][T26278]  ? sctp_add_bind_addr+0x8c/0x370
[ 1653.794581][T26278]  sctp_add_bind_addr+0x8c/0x370
[ 1653.794597][T26278]  sctp_copy_local_addr_list+0x314/0x4f0
[ 1653.794615][T26278]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[ 1653.794629][T26278]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1653.794646][T26278]  ? sctp_v6_is_any+0x64/0x80
[ 1653.794662][T26278]  ? sctp_copy_one_addr+0x93/0x360
[ 1653.794679][T26278]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1653.794693][T26278]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1653.794716][T26278]  sctp_connect_new_asoc+0x2ff/0x6b0
[ 1653.794736][T26278]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1653.794758][T26278]  ? __local_bh_enable_ip+0xd0/0x130
[ 1653.794776][T26278]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1653.794794][T26278]  ? security_sctp_bind_connect+0x7e/0x2c0
[ 1653.794815][T26278]  sctp_sendmsg+0x1528/0x2c10
[ 1653.794840][T26278]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1653.794860][T26278]  ? aa_sk_perm+0x6d5/0x900
[ 1653.794903][T26278]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1653.794926][T26278]  ? sock_rps_record_flow+0x19/0x400
[ 1653.794947][T26278]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1653.794967][T26278]  ? inet_sendmsg+0x2f4/0x370
[ 1653.794987][T26278]  ? __pfx_inet_sendmsg+0x10/0x10
[ 1653.795007][T26278]  __sys_sendto+0x5de/0x710
[ 1653.795027][T26278]  ? __pfx___sys_sendto+0x10/0x10
[ 1653.795042][T26278]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1653.795071][T26278]  ? __fget_files+0x3a0/0x420
[ 1653.795091][T26278]  ? ksys_write+0x242/0x270
[ 1653.795109][T26278]  ? __pfx_ksys_write+0x10/0x10
[ 1653.795128][T26278]  __x64_sys_sendto+0xde/0x100
[ 1653.795148][T26278]  do_syscall_64+0x14d/0xf80
[ 1653.795167][T26278]  ? trace_irq_disable+0x3b/0x150
[ 1653.795188][T26278]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1653.795203][T26278]  ? clear_bhb_loop+0x40/0x90
[ 1653.795221][T26278]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1653.795236][T26278] RIP: 0033:0x7f9e5139c819
[ 1653.795250][T26278] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1653.795262][T26278] RSP: 002b:00007f9e522f5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1653.795278][T26278] RAX: ffffffffffffffda RBX: 00007f9e51615fa0 RCX: 00007f9e5139c819
[ 1653.795289][T26278] RDX: 0000000000000001 RSI: 0000200000847fff RDI: 0000000000000004
[ 1653.795298][T26278] RBP: 00007f9e522f5090 R08: 000020000005ffe4 R09: 000000000000001c
[ 1653.795308][T26278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1653.795317][T26278] R13: 00007f9e51616038 R14: 00007f9e51615fa0 R15: 00007f9e5173fa48
[ 1653.795339][T26278]  </TASK>
[ 1654.192798][T26282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1654.201770][T26282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1654.212813][T26282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1654.224971][T26282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1654.336005][T26284] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5404'.
[ 1654.348111][T26284] veth1_macvtap: left promiscuous mode
[ 1654.439719][T26282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1654.452428][T26282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1654.467561][T26282] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1654.483295][T26282] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1654.853427][ T5917] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[ 1655.008336][ T5917] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1655.019595][ T5917] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1655.028901][ T5917] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1655.045012][ T5917] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1655.054971][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1655.063110][ T5917] usb 6-1: Product: syz
[ 1655.067652][ T5917] usb 6-1: Manufacturer: syz
[ 1655.072317][ T5917] usb 6-1: SerialNumber: syz
[ 1655.089294][T26295] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[ 1655.095870][T26295] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1655.096175][ T5917] cdc_mbim 6-1:1.0: skipping garbage
[ 1655.110941][T26295] vhci_hcd vhci_hcd.0: Device attached
[ 1655.119787][ T5917] cdc_mbim 6-1:1.0: CDC Union missing and no IAD found
[ 1655.126988][ T5917] cdc_mbim 6-1:1.0: bind() failure
[ 1655.205084][T26298] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(15)
[ 1655.211700][T26298] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1655.222401][T26298] vhci_hcd vhci_hcd.0: Device attached
[ 1655.303558][ T1212] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1655.355509][ T5917] usb 6-1: USB disconnect, device number 50
[ 1655.373441][ T1212] usb 39-1: new full-speed USB device number 11 using vhci_hcd
[ 1655.590211][T26304] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1655.600933][T26304] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1655.760374][T26310] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 1656.109279][T26299] vhci_hcd: connection closed
[ 1656.109539][T26296] vhci_hcd: connection reset by peer
[ 1656.122367][ T6274] vhci_hcd vhci_hcd.3: stop threads
[ 1656.127926][ T6274] vhci_hcd vhci_hcd.3: release socket
[ 1656.144756][ T6274] vhci_hcd vhci_hcd.3: disconnect device
[ 1656.163644][ T6274] vhci_hcd vhci_hcd.3: stop threads
[ 1656.178163][ T6274] vhci_hcd vhci_hcd.3: release socket
[ 1656.249732][ T6274] vhci_hcd vhci_hcd.3: disconnect device
[ 1656.583437][T18510] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[ 1656.739278][T18510] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1656.754445][T18510] usb 6-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1656.771760][T18510] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1656.826245][T18510] usb 6-1: language id specifier not provided by device, defaulting to English
[ 1656.838113][T18510] usb 6-1: New USB device found, idVendor=056a, idProduct=0061, bcdDevice= 0.40
[ 1656.847661][T18510] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1656.856042][T18510] usb 6-1: Product: syz
[ 1656.860390][T18510] usb 6-1: SerialNumber: syz
[ 1657.427316][T18510] usbhid 6-1:1.0: can't add hid device: -71
[ 1657.538211][T18510] usbhid 6-1:1.0: probe with driver usbhid failed with error -71
[ 1657.586154][T18510] usb 6-1: USB disconnect, device number 51
[ 1657.908943][T26349] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=257 (514 ns) > initial count (10 ns). Using initial count to start timer.
[ 1658.263449][T18510] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[ 1658.554572][T18510] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1658.607077][T18510] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1658.748110][T18510] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1658.789307][T18510] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1658.798660][T18510] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1658.812600][T18510] usb 6-1: Product: syz
[ 1658.838561][T18510] usb 6-1: Manufacturer: syz
[ 1658.848841][T18510] usb 6-1: SerialNumber: syz
[ 1658.894213][T18510] cdc_mbim 6-1:1.0: skipping garbage
[ 1658.905878][T18510] cdc_mbim 6-1:1.0: CDC Union missing and no IAD found
[ 1659.100089][T18510] cdc_mbim 6-1:1.0: bind() failure
[ 1659.524871][ T5925] usb 6-1: USB disconnect, device number 52
[ 1660.213016][T26375] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1660.219601][T26375] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1660.281396][T26375] vhci_hcd vhci_hcd.0: Device attached
[ 1660.473726][ T5925] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1660.576658][ T1212] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1660.583494][ T5925] usb 43-1: new full-speed USB device number 9 using vhci_hcd
[ 1660.890335][T26391] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(15)
[ 1660.896980][T26391] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1660.908981][T26391] vhci_hcd vhci_hcd.0: Device attached
[ 1661.032680][T26397] vhci_hcd: connection closed
[ 1661.033006][T26342] vhci_hcd vhci_hcd.5: stop threads
[ 1661.044334][T26342] vhci_hcd vhci_hcd.5: release socket
[ 1661.056983][T26376] vhci_hcd: connection reset by peer
[ 1661.091273][T26342] vhci_hcd vhci_hcd.5: disconnect device
[ 1661.113722][T26342] vhci_hcd vhci_hcd.5: stop threads
[ 1661.130470][T26342] vhci_hcd vhci_hcd.5: release socket
[ 1661.150899][T26342] vhci_hcd vhci_hcd.5: disconnect device
[ 1661.404873][   T29] kauditd_printk_skb: 121 callbacks suppressed
[ 1661.404891][   T29] audit: type=1326 audit(1775820691.886:2563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26399 comm="syz.0.5432" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb6b639c819 code=0x0
[ 1661.455479][T26403] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5432'.
[ 1662.321499][T26420] Cannot find add_set index 0 as target
[ 1662.334200][T26420] netdevsim netdevsim4: Direct firmware load for /
[ 1662.334200][T26420]  failed with error -2
[ 1662.345013][T26420] netdevsim netdevsim4: Falling back to sysfs fallback for: /
[ 1662.345013][T26420] 
[ 1663.555870][   T29] audit: type=1326 audit(1775820694.016:2564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1663.613899][   T29] audit: type=1326 audit(1775820694.016:2565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1663.840483][   T29] audit: type=1326 audit(1775820694.016:2566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1663.911774][   T29] audit: type=1326 audit(1775820694.016:2567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1663.949104][   T29] audit: type=1326 audit(1775820694.016:2568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1663.983969][   T29] audit: type=1326 audit(1775820694.016:2569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1664.008532][   T29] audit: type=1326 audit(1775820694.016:2570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1664.032687][   T29] audit: type=1326 audit(1775820694.016:2571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1664.063202][   T29] audit: type=1326 audit(1775820694.016:2572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26410 comm="syz.3.5435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e5139c819 code=0x7ffc0000
[ 1664.157096][T26432] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5440'.
[ 1665.262034][T26438] netlink: 108 bytes leftover after parsing attributes in process `syz.3.5441'.
[ 1665.683478][ T5925] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1665.721981][T26449] xt_CHECKSUM: unsupported CHECKSUM operation 68
[ 1665.810495][T26451] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5445'.
[ 1665.831078][T26451] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5445'.
[ 1665.842557][T26451] bridge_slave_1: left allmulticast mode
[ 1665.850030][T26451] bridge_slave_1: left promiscuous mode
[ 1665.856484][T26451] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1665.874843][T26451] bridge_slave_0: left allmulticast mode
[ 1665.880671][T26451] bridge_slave_0: left promiscuous mode
[ 1665.886683][T26451] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1666.679695][   T29] kauditd_printk_skb: 137 callbacks suppressed
[ 1666.679714][   T29] audit: type=1326 audit(1775820697.156:2710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26452 comm="syz.0.5446" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb6b639c819 code=0x0
[ 1666.731833][T26455] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5446'.
[ 1668.073725][T26476] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14)
[ 1668.080380][T26476] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1668.303772][T26476] vhci_hcd vhci_hcd.0: Device attached
[ 1668.521423][T26484] vhci_hcd: connection closed
[ 1668.524560][ T5925] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1668.544427][   T12] vhci_hcd vhci_hcd.0: stop threads
[ 1668.563876][   T12] vhci_hcd vhci_hcd.0: release socket
[ 1668.576509][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.582881][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[ 1668.625260][ T5925] usb 33-1: new full-speed USB device number 15 using vhci_hcd
[ 1668.653196][   T12] vhci_hcd vhci_hcd.0: disconnect device
[ 1668.697561][ T5925] usb 33-1: enqueue for inactive port 0
[ 1668.813946][ T5925] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1670.771743][T26515] FAULT_INJECTION: forcing a failure.
[ 1670.771743][T26515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1670.830897][T26515] CPU: 1 UID: 0 PID: 26515 Comm: syz.5.5462 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1670.830930][T26515] Tainted: [L]=SOFTLOCKUP
[ 1670.830948][T26515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1670.830960][T26515] Call Trace:
[ 1670.830969][T26515]  <TASK>
[ 1670.830977][T26515]  dump_stack_lvl+0xe8/0x150
[ 1670.831010][T26515]  should_fail_ex+0x412/0x560
[ 1670.831044][T26515]  _copy_from_iter+0x1d3/0x1670
[ 1670.831068][T26515]  ? rcu_is_watching+0x15/0xb0
[ 1670.831101][T26515]  ? __pfx__copy_from_iter+0x10/0x10
[ 1670.831120][T26515]  ? __kmalloc_node_track_caller_noprof+0x4f9/0x7b0
[ 1670.831152][T26515]  ? netlink_sendmsg+0x650/0xb40
[ 1670.831172][T26515]  ? skb_put+0x11b/0x210
[ 1670.831200][T26515]  netlink_sendmsg+0x6c0/0xb40
[ 1670.831229][T26515]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1670.831254][T26515]  ? aa_sock_msg_perm+0xf1/0x1b0
[ 1670.831285][T26515]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1670.831311][T26515]  ____sys_sendmsg+0x972/0x9f0
[ 1670.831344][T26515]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1670.831377][T26515]  ? import_iovec+0x73/0xa0
[ 1670.831402][T26515]  ___sys_sendmsg+0x2a5/0x360
[ 1670.831432][T26515]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1670.831487][T26515]  ? __fget_files+0x2a/0x420
[ 1670.831505][T26515]  ? __fget_files+0x3a0/0x420
[ 1670.831530][T26515]  __x64_sys_sendmsg+0x1bd/0x2a0
[ 1670.831558][T26515]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1670.831581][T26515]  ? __pfx_ksys_write+0x10/0x10
[ 1670.831604][T26515]  do_syscall_64+0x14d/0xf80
[ 1670.831622][T26515]  ? trace_irq_disable+0x3b/0x150
[ 1670.831634][T26515]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1670.831648][T26515]  ? clear_bhb_loop+0x40/0x90
[ 1670.831664][T26515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1670.831678][T26515] RIP: 0033:0x7fd4e7f9c819
[ 1670.831691][T26515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1670.831703][T26515] RSP: 002b:00007fd4e8da3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1670.831718][T26515] RAX: ffffffffffffffda RBX: 00007fd4e8215fa0 RCX: 00007fd4e7f9c819
[ 1670.831728][T26515] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[ 1670.831737][T26515] RBP: 00007fd4e8da3090 R08: 0000000000000000 R09: 0000000000000000
[ 1670.831745][T26515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1670.831753][T26515] R13: 00007fd4e8216038 R14: 00007fd4e8215fa0 R15: 00007fd4e833fa48
[ 1670.831773][T26515]  </TASK>
[ 1671.086258][T26517] overlayfs: missing 'lowerdir'
[ 1671.097546][T26517] netlink: 108 bytes leftover after parsing attributes in process `syz.2.5460'.
[ 1672.725703][T26537] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5469'.
[ 1673.141868][   T29] audit: type=1804 audit(1775820703.616:2711): pid=26546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.5472" name="/newroot/520/file0" dev="fuse" ino=1 res=1 errno=0
[ 1673.242481][   T29] audit: type=1326 audit(1775820703.616:2712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ae059c819 code=0x7ffc0000
[ 1673.313410][   T29] audit: type=1326 audit(1775820703.616:2713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ae059c819 code=0x7ffc0000
[ 1673.385089][   T29] audit: type=1326 audit(1775820703.616:2714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ae059c819 code=0x7ffc0000
[ 1673.533447][   T29] audit: type=1326 audit(1775820703.616:2715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f2ae059c819 code=0x7ffc0000
[ 1673.619515][   T29] audit: type=1326 audit(1775820703.696:2716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2ae055d04e code=0x7ffc0000
[ 1673.722958][T20386] usb 3-1: ezusb_ihex_firmware_download - request "keyspan/usa19qi.fw" failed
[ 1673.777177][   T29] audit: type=1326 audit(1775820703.696:2717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2ae055d04e code=0x7ffc0000
[ 1673.787151][T20386] usb 3-1: failed to load firmware "keyspan/usa19qi.fw"
[ 1673.877683][T20386] keyspan 3-1:192.53: probe with driver keyspan failed with error -2
[ 1673.910965][T26561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1673.944957][T20386] usb 3-1: USB disconnect, device number 32
[ 1673.956179][ T5917] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[ 1673.992361][   T29] audit: type=1326 audit(1775820703.696:2718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2ae055d04e code=0x7ffc0000
[ 1674.015602][T26561] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1674.125950][   T29] audit: type=1326 audit(1775820703.746:2719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2ae055d04e code=0x7ffc0000
[ 1674.141628][ T5917] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1674.179048][ T5917] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1674.189068][ T5917] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1674.202163][   T29] audit: type=1326 audit(1775820703.746:2720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26545 comm="syz.4.5472" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f2ae055d04e code=0x7ffc0000
[ 1674.228304][ T5917] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1674.237836][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1674.246790][ T5917] usb 6-1: Product: syz
[ 1674.251123][ T5917] usb 6-1: Manufacturer: syz
[ 1674.256682][ T5917] usb 6-1: SerialNumber: syz
[ 1675.360888][T26582] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5482'.
[ 1676.093434][T20386] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1676.124742][ T5925] usb 6-1: USB disconnect, device number 53
[ 1676.275147][T20386] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1676.285338][T20386] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1676.295519][T20386] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1676.312375][T20386] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1676.321519][T20386] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1676.329639][T20386] usb 3-1: Product: syz
[ 1676.333928][T20386] usb 3-1: Manufacturer: syz
[ 1676.338858][T20386] usb 3-1: SerialNumber: syz
[ 1676.351652][T20386] cdc_mbim 3-1:1.0: skipping garbage
[ 1676.357305][T20386] cdc_mbim 3-1:1.0: CDC Union missing and no IAD found
[ 1676.365988][T20386] cdc_mbim 3-1:1.0: bind() failure
[ 1676.606708][ T5925] usb 3-1: USB disconnect, device number 33
[ 1676.853203][T26606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1676.899490][T26606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1677.563530][ T5917] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1677.663469][T20386] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1677.735477][ T5917] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1677.766862][ T5917] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1677.784074][ T5917] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1677.800179][ T5917] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1677.810774][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1677.825358][ T5917] usb 3-1: Product: syz
[ 1677.835126][T20386] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1677.849591][ T5917] usb 3-1: Manufacturer: syz
[ 1677.857845][ T5917] usb 3-1: SerialNumber: syz
[ 1677.862486][T20386] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1677.885636][ T5917] cdc_mbim 3-1:1.0: skipping garbage
[ 1677.890958][ T5917] cdc_mbim 3-1:1.0: CDC Union missing and no IAD found
[ 1677.898572][T20386] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1677.911965][ T5917] cdc_mbim 3-1:1.0: bind() failure
[ 1677.920421][T20386] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1677.933527][T20386] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1677.960788][T20386] usb 5-1: Product: syz
[ 1677.972127][T20386] usb 5-1: Manufacturer: syz
[ 1677.977874][T20386] usb 5-1: SerialNumber: syz
[ 1677.994906][T20386] cdc_mbim 5-1:1.0: skipping garbage
[ 1678.002681][T20386] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1678.013739][T20386] cdc_mbim 5-1:1.0: bind() failure
[ 1678.194622][T18510] usb 3-1: USB disconnect, device number 34
[ 1678.259805][ T5917] usb 5-1: USB disconnect, device number 29
[ 1678.919205][T26633] syzkaller0: entered promiscuous mode
[ 1678.925316][T26633] syzkaller0: entered allmulticast mode
[ 1679.204403][ T5925] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[ 1679.327690][T26640] netlink: 172 bytes leftover after parsing attributes in process `syz.2.5500'.
[ 1679.344678][T26640] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[ 1679.363592][ T5925] usb 5-1: Using ep0 maxpacket: 16
[ 1679.380668][ T5925] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1679.393364][ T5925] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1679.417765][ T5925] usb 5-1: config 0 interface 0 has no altsetting 0
[ 1679.434851][ T5925] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1679.462486][ T5925] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1679.478200][ T5917] usb 6-1: new full-speed USB device number 54 using dummy_hcd
[ 1679.488099][ T5925] usb 5-1: config 0 descriptor??
[ 1679.663468][ T5917] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1679.673810][ T5917] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 1679.686541][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 1679.705221][ T5917] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 1679.715095][ T5925] usbhid 5-1:0.0: can't add hid device: -71
[ 1679.715217][ T5925] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1679.730990][ T5917] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1679.753040][ T5925] usb 5-1: USB disconnect, device number 30
[ 1679.756159][ T5917] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 1679.768321][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 1679.780459][ T5917] usb 6-1: Product: syz
[ 1679.784970][ T5917] usb 6-1: Manufacturer: syz
[ 1679.784980][T21180] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1679.790042][ T5917] usb 6-1: SerialNumber: syz
[ 1679.851199][ T5917] usb 6-1: config 0 descriptor??
[ 1679.990839][T26652] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1680.024344][T26652] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1680.033592][T21180] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1680.044007][T21180] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1680.082331][T21180] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1680.093915][ T5917] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -32
[ 1680.198083][T21180] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1680.208481][T26655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1680.218066][T21180] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1680.235984][ T5917] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -5
[ 1680.244366][T26655] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1680.257574][T21180] usb 3-1: Product: syz
[ 1680.270045][T21180] usb 3-1: Manufacturer: syz
[ 1680.275237][T21180] usb 3-1: SerialNumber: syz
[ 1680.299868][T21180] cdc_mbim 3-1:1.0: skipping garbage
[ 1680.307709][T21180] cdc_mbim 3-1:1.0: CDC Union missing and no IAD found
[ 1680.316615][T21180] cdc_mbim 3-1:1.0: bind() failure
[ 1680.762622][ T5884] usb 3-1: USB disconnect, device number 35
[ 1680.860820][T21180] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[ 1680.998538][T26665] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[ 1681.005084][T26665] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1681.041232][T26665] vhci_hcd vhci_hcd.0: Device attached
[ 1681.064776][T21180] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1681.113327][T21180] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1681.136082][T21180] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1681.154463][T21180] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1681.164503][T21180] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1681.316233][ T5925] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1681.395514][T21180] usb 5-1: Product: syz
[ 1681.399986][T26665] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(13)
[ 1681.406620][T26665] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1681.410192][T21180] usb 5-1: Manufacturer: syz
[ 1681.418679][T21180] usb 5-1: SerialNumber: syz
[ 1681.426763][T26665] vhci_hcd vhci_hcd.0: Device attached
[ 1681.443025][T26670] vhci_hcd: connection closed
[ 1681.443473][T26339] vhci_hcd vhci_hcd.0: stop threads
[ 1681.453725][ T5925] usb 33-1: new full-speed USB device number 16 using vhci_hcd
[ 1681.479181][T26666] vhci_hcd: connection reset by peer
[ 1681.487947][T26339] vhci_hcd vhci_hcd.0: release socket
[ 1681.503368][T21180] cdc_mbim 5-1:1.0: skipping garbage
[ 1681.509644][T26339] vhci_hcd vhci_hcd.0: disconnect device
[ 1681.519560][T21180] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1681.528999][T26339] vhci_hcd vhci_hcd.0: stop threads
[ 1681.541089][T21180] cdc_mbim 5-1:1.0: bind() failure
[ 1681.547348][T26339] vhci_hcd vhci_hcd.0: release socket
[ 1681.557677][T26339] vhci_hcd vhci_hcd.0: disconnect device
[ 1681.576986][   T29] kauditd_printk_skb: 8 callbacks suppressed
[ 1681.576997][   T29] audit: type=1326 audit(1775820712.056:2729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26672 comm="syz.2.5509" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc61f9c819 code=0x0
[ 1681.767111][ T5884] usb 5-1: USB disconnect, device number 31
[ 1682.199070][T26683] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13)
[ 1682.205794][T26683] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1682.217730][T26683] vhci_hcd vhci_hcd.0: Device attached
[ 1682.237472][ T5884] usb 6-1: USB disconnect, device number 54
[ 1682.589929][T26703] vimc link validate: Scaler:src:16x16 (0x33424752, 12, 0, 4, 0) RGB/YUV Capture:snk:4096x192 (0x30314752, 4, 0, 0, 0)
[ 1682.835251][T26704] Cannot find add_set index 0 as target
[ 1682.845651][T26704] netdevsim netdevsim4: Direct firmware load for /
[ 1682.845651][T26704]  failed with error -2
[ 1682.856821][T26704] netdevsim netdevsim4: Falling back to sysfs fallback for: /
[ 1682.856821][T26704] 
[ 1682.866933][ T5884] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[ 1683.092105][T26687] vhci_hcd: connection closed
[ 1683.093149][T26342] vhci_hcd vhci_hcd.0: stop threads
[ 1683.112254][T26342] vhci_hcd vhci_hcd.0: release socket
[ 1683.118563][T26342] vhci_hcd vhci_hcd.0: disconnect device
[ 1683.170192][ T5884] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1683.193408][ T5884] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1683.213519][ T5884] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1683.265192][ T5884] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1683.290299][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1683.543418][ T5884] usb 6-1: Product: syz
[ 1683.588920][ T5884] usb 6-1: Manufacturer: syz
[ 1683.596586][ T5884] usb 6-1: SerialNumber: syz
[ 1683.629513][ T5884] cdc_mbim 6-1:1.0: skipping garbage
[ 1683.637602][ T5884] cdc_mbim 6-1:1.0: CDC Union missing and no IAD found
[ 1683.651833][ T5884] cdc_mbim 6-1:1.0: bind() failure
[ 1684.040212][ T5884] usb 6-1: USB disconnect, device number 55
[ 1684.656461][T26714] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1684.663107][T26714] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1684.708893][T26714] vhci_hcd vhci_hcd.0: Device attached
[ 1684.883497][ T5898] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1684.957700][ T5898] usb 43-1: new full-speed USB device number 10 using vhci_hcd
[ 1685.184404][T26714] vhci_hcd vhci_hcd.0: pdev(5) rhport(1) sockfd(13)
[ 1685.191098][T26714] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1685.201715][T26714] vhci_hcd vhci_hcd.0: Device attached
[ 1685.221957][T26730] vhci_hcd: connection closed
[ 1685.222415][T26339] vhci_hcd vhci_hcd.5: stop threads
[ 1685.276937][T26339] vhci_hcd vhci_hcd.5: release socket
[ 1685.289607][T26715] vhci_hcd: connection reset by peer
[ 1685.297372][T26339] vhci_hcd vhci_hcd.5: disconnect device
[ 1685.339932][T26339] vhci_hcd vhci_hcd.5: stop threads
[ 1685.362950][T26339] vhci_hcd vhci_hcd.5: release socket
[ 1685.372832][T26339] vhci_hcd vhci_hcd.5: disconnect device
[ 1685.733399][ T5884] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[ 1685.943948][ T5884] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1685.975695][ T5884] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1685.995629][ T5884] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1686.045308][ T5884] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1686.054642][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1686.063507][ T5884] usb 5-1: Product: syz
[ 1686.068134][ T5884] usb 5-1: Manufacturer: syz
[ 1686.080322][ T5884] usb 5-1: SerialNumber: syz
[ 1686.097474][ T5884] cdc_mbim 5-1:1.0: skipping garbage
[ 1686.115610][ T5884] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1686.122529][ T5884] cdc_mbim 5-1:1.0: bind() failure
[ 1686.404394][ T5884] usb 5-1: USB disconnect, device number 32
[ 1686.573487][ T5925] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1686.761048][T26771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1686.785790][T26771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1687.943377][ T5884] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1688.143385][ T5884] usb 5-1: Using ep0 maxpacket: 8
[ 1688.150156][ T5884] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1688.159298][ T5884] usb 5-1: config 16 has an invalid interface number: 8 but max is 0
[ 1688.177509][ T5884] usb 5-1: config 16 has no interface number 0
[ 1688.188463][ T5884] usb 5-1: config 16 interface 8 altsetting 127 endpoint 0xA has invalid maxpacket 1024, setting to 64
[ 1688.205168][ T5884] usb 5-1: config 16 interface 8 has no altsetting 0
[ 1688.216179][ T5884] usb 5-1: New USB device found, idVendor=0499, idProduct=5008, bcdDevice=1d.48
[ 1688.233603][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1688.245927][ T5884] usb 5-1: Product: syz
[ 1688.305834][ T5884] usb 5-1: Manufacturer: syz
[ 1688.314453][ T5884] usb 5-1: SerialNumber: syz
[ 1688.364093][T26795] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[ 1688.370716][T26795] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1688.436004][T26795] vhci_hcd vhci_hcd.0: Device attached
[ 1688.498576][T26795] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(13)
[ 1688.505222][T26795] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1688.546366][T26795] vhci_hcd vhci_hcd.0: Device attached
[ 1688.558217][ T5884] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1688.575620][T26799] vhci_hcd: connection closed
[ 1688.575921][T26796] vhci_hcd: connection closed
[ 1688.581308][ T7189] vhci_hcd vhci_hcd.2: stop threads
[ 1688.604231][ T7189] vhci_hcd vhci_hcd.2: release socket
[ 1688.624427][ T5917] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1688.633603][ T7189] vhci_hcd vhci_hcd.2: disconnect device
[ 1688.656955][ T7189] vhci_hcd vhci_hcd.2: stop threads
[ 1688.662277][ T7189] vhci_hcd vhci_hcd.2: release socket
[ 1688.682772][T26802] fuse: Bad value for 'user_id'
[ 1688.693391][ T5917] usb 37-1: new full-speed USB device number 11 using vhci_hcd
[ 1688.693506][ T7189] vhci_hcd vhci_hcd.2: disconnect device
[ 1688.721532][ T5884] snd-usb-audio 5-1:16.8: probe with driver snd-usb-audio failed with error -2
[ 1688.731342][T26802] fuse: Bad value for 'user_id'
[ 1688.764651][ T5884] usb 5-1: USB disconnect, device number 33
[ 1688.819349][T18123] udevd[18123]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:16.8/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1689.298149][T26811] program syz.2.5543 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1689.451185][T26818] fuse: Unknown parameter 'grou00000000000000000000'
[ 1689.493431][ T5925] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1689.845161][ T5925] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1689.869324][ T5925] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1689.923645][ T5925] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1690.028590][ T5925] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1690.038013][ T5925] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1690.055227][ T5925] usb 5-1: Product: syz
[ 1690.095474][ T5898] vhci_hcd vhci_hcd.5: vhci_device speed not set
[ 1690.173911][ T5925] usb 5-1: Manufacturer: syz
[ 1690.182547][ T5925] usb 5-1: SerialNumber: syz
[ 1690.210930][ T5925] cdc_mbim 5-1:1.0: skipping garbage
[ 1690.216489][ T5925] cdc_mbim 5-1:1.0: CDC Union missing and no IAD found
[ 1690.223730][ T5925] cdc_mbim 5-1:1.0: bind() failure
[ 1690.579377][ T5884] usb 5-1: USB disconnect, device number 34
[ 1691.113416][ T5884] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1691.293663][ T5884] usb 3-1: Using ep0 maxpacket: 32
[ 1691.300712][ T5884] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[ 1691.453528][T26844] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5551'.
[ 1691.462616][T26844] netlink: 56 bytes leftover after parsing attributes in process `syz.4.5551'.
[ 1691.493671][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1691.522864][ T5884] usb 3-1: config 0 descriptor??
[ 1691.577318][ T5884] as10x_usb: device has been detected
[ 1691.588633][ T5884] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[ 1691.601226][T26843] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5551'.
[ 1691.718862][ T5884] usb 3-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[ 1691.748203][T26836] ------------[ cut here ]------------
[ 1691.753949][T26836] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
[ 1691.753965][T26836] WARNING: kernel/locking/mutex.c:593 at __mutex_lock+0x10a4/0x1300, CPU#0: syz.2.5550/26836
[ 1691.770004][T26836] Modules linked in:
[ 1691.773954][T26836] CPU: 0 UID: 0 PID: 26836 Comm: syz.2.5550 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1691.784947][T26836] Tainted: [L]=SOFTLOCKUP
[ 1691.789282][T26836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1691.799489][T26836] RIP: 0010:__mutex_lock+0x10ab/0x1300
[ 1691.804983][T26836] Code: 12 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 33 02 00 00 83 3d d9 b8 60 04 00 75 13 48 8d 3d 8c cc 63 04 48 c7 c6 c0 e0 cc 8b <67> 48 0f b9 3a 90 e9 ac f0 ff ff 90 0f 0b 90 e9 73 f4 ff ff 90 0f
[ 1691.824668][T26836] RSP: 0018:ffffc90005cbfa20 EFLAGS: 00010246
[ 1691.830736][T26836] RAX: 0000000000000000 RBX: 1ffff92000b97f5c RCX: ffff88801bb98000
[ 1691.839126][T26836] RDX: 0000000000000000 RSI: ffffffff8bcce0c0 RDI: ffffffff90152180
[ 1691.847126][T26836] RBP: ffffc90005cbfbd8 R08: ffffffff90120dc3 R09: 1ffffffff20241b8
[ 1691.855123][T26836] R10: dffffc0000000000 R11: fffffbfff20241b9 R12: ffff88804a1b8b60
[ 1691.863090][T26836] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1691.871092][T26836] FS:  00007fdc62dd26c0(0000) GS:ffff888125454000(0000) knlGS:0000000000000000
[ 1691.880053][T26836] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1691.886806][T26836] CR2: 00007fdc62db1d58 CR3: 000000006e184000 CR4: 00000000003526f0
[ 1691.894854][T26836] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1691.902833][T26836] DR3: 0000000000034000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1691.910832][T26836] Call Trace:
[ 1691.914158][T26836]  <TASK>
[ 1691.917099][T26836]  ? __mutex_lock+0x319/0x1300
[ 1691.921908][T26836]  ? as102_dvb_dmx_start_feed+0x70/0x290
[ 1691.927622][T26836]  ? dmx_section_feed_allocate_filter+0x34f/0x3e0
[ 1691.934166][T26836]  ? __pfx___mutex_lock+0x10/0x10
[ 1691.939217][T26836]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1691.944938][T26836]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1691.950928][T26836]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1691.955993][T26836]  as102_dvb_dmx_start_feed+0x70/0x290
[ 1691.961499][T26836]  dmx_section_feed_start_filtering+0x518/0x6c0
[ 1691.967764][T26836]  dvb_dmxdev_filter_start+0xcf4/0x10e0
[ 1691.973359][T26836]  ? dvb_dmxdev_filter_set+0x2d1/0x580
[ 1691.978840][T26836]  dvb_demux_do_ioctl+0x470/0x540
[ 1691.983926][T26836]  dvb_usercopy+0x199/0x2e0
[ 1691.988453][T26836]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[ 1691.994036][T26836]  ? __pfx_dvb_usercopy+0x10/0x10
[ 1691.999067][T26836]  ? __fget_files+0x3a0/0x420
[ 1692.003887][T26836]  ? __fget_files+0x2a/0x420
[ 1692.008497][T26836]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[ 1692.013823][T26836]  dvb_demux_ioctl+0x29/0x40
[ 1692.018428][T26836]  __se_sys_ioctl+0xfc/0x170
[ 1692.023016][T26836]  do_syscall_64+0x14d/0xf80
[ 1692.027623][T26836]  ? trace_irq_disable+0x3b/0x150
[ 1692.032638][T26836]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1692.038723][T26836]  ? clear_bhb_loop+0x40/0x90
[ 1692.043437][T26836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1692.049342][T26836] RIP: 0033:0x7fdc61f9c819
[ 1692.053807][T26836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1692.073451][T26836] RSP: 002b:00007fdc62dd2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1692.081862][T26836] RAX: ffffffffffffffda RBX: 00007fdc62215fa0 RCX: 00007fdc61f9c819
[ 1692.089870][T26836] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
[ 1692.097875][T26836] RBP: 00007fdc62032c91 R08: 0000000000000000 R09: 0000000000000000
[ 1692.105868][T26836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1692.113853][T26836] R13: 00007fdc62216038 R14: 00007fdc62215fa0 R15: 00007fdc6233fa48
[ 1692.121835][T26836]  </TASK>
[ 1692.124889][T26836] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1692.132197][T26836] CPU: 0 UID: 0 PID: 26836 Comm: syz.2.5550 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1692.143123][T26836] Tainted: [L]=SOFTLOCKUP
[ 1692.147437][T26836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[ 1692.157487][T26836] Call Trace:
[ 1692.160759][T26836]  <TASK>
[ 1692.163684][T26836]  vpanic+0x56c/0xa60
[ 1692.167670][T26836]  ? __pfx__printk+0x10/0x10
[ 1692.172253][T26836]  ? __pfx_vpanic+0x10/0x10
[ 1692.176757][T26836]  ? is_bpf_text_address+0x292/0x2b0
[ 1692.182050][T26836]  ? is_bpf_text_address+0x26/0x2b0
[ 1692.187247][T26836]  panic+0xc5/0xd0
[ 1692.190968][T26836]  ? __pfx_panic+0x10/0x10
[ 1692.195388][T26836]  __warn+0x315/0x4f0
[ 1692.199375][T26836]  ? __mutex_lock+0x10a4/0x1300
[ 1692.204237][T26836]  ? __mutex_lock+0x10a4/0x1300
[ 1692.209090][T26836]  __report_bug+0x29a/0x540
[ 1692.213587][T26836]  ? dvb_demux_do_ioctl+0x470/0x540
[ 1692.218785][T26836]  ? __mutex_lock+0x10a4/0x1300
[ 1692.223637][T26836]  ? __pfx___report_bug+0x10/0x10
[ 1692.228660][T26836]  ? pfn_valid+0x125/0x4c0
[ 1692.233083][T26836]  ? __lock_acquire+0x6b5/0x2cf0
[ 1692.238030][T26836]  report_bug_entry+0x19a/0x290
[ 1692.242891][T26836]  ? __mutex_lock+0x10ab/0x1300
[ 1692.247785][T26836]  ? __mutex_lock+0x10b0/0x1300
[ 1692.252636][T26836]  handle_bug+0xce/0x200
[ 1692.256888][T26836]  exc_invalid_op+0x1a/0x50
[ 1692.261392][T26836]  asm_exc_invalid_op+0x1a/0x20
[ 1692.266250][T26836] RIP: 0010:__mutex_lock+0x10ab/0x1300
[ 1692.271710][T26836] Code: 12 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 33 02 00 00 83 3d d9 b8 60 04 00 75 13 48 8d 3d 8c cc 63 04 48 c7 c6 c0 e0 cc 8b <67> 48 0f b9 3a 90 e9 ac f0 ff ff 90 0f 0b 90 e9 73 f4 ff ff 90 0f
[ 1692.291338][T26836] RSP: 0018:ffffc90005cbfa20 EFLAGS: 00010246
[ 1692.297415][T26836] RAX: 0000000000000000 RBX: 1ffff92000b97f5c RCX: ffff88801bb98000
[ 1692.305390][T26836] RDX: 0000000000000000 RSI: ffffffff8bcce0c0 RDI: ffffffff90152180
[ 1692.313369][T26836] RBP: ffffc90005cbfbd8 R08: ffffffff90120dc3 R09: 1ffffffff20241b8
[ 1692.321335][T26836] R10: dffffc0000000000 R11: fffffbfff20241b9 R12: ffff88804a1b8b60
[ 1692.329301][T26836] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1692.337299][T26836]  ? __mutex_lock+0x319/0x1300
[ 1692.342088][T26836]  ? as102_dvb_dmx_start_feed+0x70/0x290
[ 1692.347721][T26836]  ? dmx_section_feed_allocate_filter+0x34f/0x3e0
[ 1692.354155][T26836]  ? __pfx___mutex_lock+0x10/0x10
[ 1692.359187][T26836]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[ 1692.364816][T26836]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1692.370799][T26836]  ? do_raw_spin_lock+0x12b/0x2f0
[ 1692.375828][T26836]  as102_dvb_dmx_start_feed+0x70/0x290
[ 1692.381292][T26836]  dmx_section_feed_start_filtering+0x518/0x6c0
[ 1692.387530][T26836]  dvb_dmxdev_filter_start+0xcf4/0x10e0
[ 1692.393080][T26836]  ? dvb_dmxdev_filter_set+0x2d1/0x580
[ 1692.398558][T26836]  dvb_demux_do_ioctl+0x470/0x540
[ 1692.403608][T26836]  dvb_usercopy+0x199/0x2e0
[ 1692.408110][T26836]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[ 1692.413653][T26836]  ? __pfx_dvb_usercopy+0x10/0x10
[ 1692.418675][T26836]  ? __fget_files+0x3a0/0x420
[ 1692.423353][T26836]  ? __fget_files+0x2a/0x420
[ 1692.427963][T26836]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[ 1692.433243][T26836]  dvb_demux_ioctl+0x29/0x40
[ 1692.437831][T26836]  __se_sys_ioctl+0xfc/0x170
[ 1692.442422][T26836]  do_syscall_64+0x14d/0xf80
[ 1692.447007][T26836]  ? trace_irq_disable+0x3b/0x150
[ 1692.452030][T26836]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1692.458110][T26836]  ? clear_bhb_loop+0x40/0x90
[ 1692.462779][T26836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1692.468668][T26836] RIP: 0033:0x7fdc61f9c819
[ 1692.473100][T26836] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1692.492702][T26836] RSP: 002b:00007fdc62dd2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1692.501111][T26836] RAX: ffffffffffffffda RBX: 00007fdc62215fa0 RCX: 00007fdc61f9c819
[ 1692.509080][T26836] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
[ 1692.517047][T26836] RBP: 00007fdc62032c91 R08: 0000000000000000 R09: 0000000000000000
[ 1692.525014][T26836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1692.532983][T26836] R13: 00007fdc62216038 R14: 00007fdc62215fa0 R15: 00007fdc6233fa48
[ 1692.540965][T26836]  </TASK>
[ 1692.544568][T26836] Kernel Offset: disabled
[ 1692.548897][T26836] Rebooting in 86400 seconds..