last executing test programs:

5m4.596621452s ago: executing program 1 (id=224):
syz_open_dev$video(&(0x7f00000013c0), 0x803, 0x40400)
socket$pppoe(0x18, 0x1, 0x0)
r0 = syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0xf62c, 0x800, 0x3, 0x362}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

5m4.072997532s ago: executing program 1 (id=225):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r1=>0x0], &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x1, 0x1})
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f003, 0x5})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2, 0x0, 0x0, <r4=>0xffffffffffffffff})
r5 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x8f, 0x1, 0x2, 0xd59f80, 0x19ef, 0x6, 0x19ef, 0x3, 0x6, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x2c, {0x8, 0xffffffff}, 0xd0, 0x9}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000100)={'gre0\x00', <r6=>0x0, 0x20, 0x7, 0x7, 0x6, {{0x15, 0x4, 0x1, 0x15, 0x54, 0x67, 0x0, 0x5, 0x2f, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf, 0x3, 0x2, [{@local, 0x1}, {@multicast1, 0x81}, {@local, 0xd}]}, @end, @rr={0x7, 0xb, 0x73, [@multicast2, @empty]}, @lsrr={0x83, 0x13, 0x6, [@multicast1, @empty, @broadcast, @remote]}, @noop, @noop]}}}}})
connect$can_bcm(r4, &(0x7f0000000080)={0x1d, r6}, 0x10)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r0, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000003340)=[0x0]})

5m3.308717497s ago: executing program 1 (id=226):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESOCT, @ANYRESDEC])
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
r5 = dup2(r1, r0)
readv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/81, 0x51}], 0x1)

5m2.6274425s ago: executing program 1 (id=233):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', <r2=>0x0})
setsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000300)=0x1, 0x4)
bind$can_j1939(r1, &(0x7f0000000380)={0x1d, r2, 0x0, {0x2, 0xf0, 0x4}, 0xfe}, 0x18)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r5, &(0x7f0000000140)={0x1d, r2, 0x1, {0x0, 0x0, 0x4}, 0x2}, 0x18)
setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048001)
setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000280)=0x8, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=@newtfilter={0x24, 0x11, 0x1, 0x70bd28, 0x0, {0x0, 0x0, 0x74, r2, {0xfffd, 0xffeb}, {0x1, 0x1}, {0xfff2, 0xd}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4012}, 0x850)

5m1.43321037s ago: executing program 1 (id=239):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2, 0x1000000}}, 0x2e)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
unshare(0x22020400)
flistxattr(r2, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=ANY=[], 0x40}, 0x1, 0x0, 0x0, 0xc100}, 0x4040)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf36e, 0x1000, 0x0, 0x4000000}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000280)=""/29, 0x1d}], 0x1)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<'], 0x38}}, 0x80)
r7 = openat$cgroup_ro(r2, &(0x7f0000000540)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(r7, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r7, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000380)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfffffffffffffff4, 0x0, 0x6})
io_uring_enter(r4, 0x2d3e, 0x2936, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r8, &(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2080, 0x3, 0x0, {0xa, 0x4e23, 0x8, @local, 0x3}}}, 0x32)

5m0.899987223s ago: executing program 1 (id=241):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r3, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, 0x0, 0x8080)
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
mknod$loop(0x0, 0x2, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
syz_open_dev$ndb(0x0, 0x0, 0x10000)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
fsopen(&(0x7f0000000000)='bfs\x00', 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101840, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNDETACHFILTER(r7, 0x401054d6, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)

5m0.255431143s ago: executing program 32 (id=241):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r3, &(0x7f0000002080)={0xfc, {"a2336848149e516d4b5e071887f70e09d038e7ff7fc6e5539b0d500a8b089b3f383563030890e0879b0a71c6e70a9b334a959b669a242f0a0af3988f7ef319520100ffe8d178708c523c921b1b3e31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9903f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928d28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f2730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b81305c038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849cd9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484539ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1f93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb8843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b2804563407308c58c89d9e99c81769177e6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463373b4b87c9050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e080000007ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e3933ed07c2b8081c128ad2706f48261ff07000000000000613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59500000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, 0x0, 0x8080)
socket$vsock_stream(0x28, 0x1, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000580)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {0x5, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
mknod$loop(0x0, 0x2, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
syz_open_dev$ndb(0x0, 0x0, 0x10000)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
fsopen(&(0x7f0000000000)='bfs\x00', 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x101840, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNDETACHFILTER(r7, 0x401054d6, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)

13.247785081s ago: executing program 5 (id=1365):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x70)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_CANCEL(r1, 0x941c, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x208400, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32=r3, @ANYRES32, @ANYRES32=r2], 0x20)
r4 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x85ea, 0x28221, 0x0, 0x209, 0x0, r3}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)={0x70, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x70}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r8, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x4, 0x3, 0x0, [0x0, 0x18000000], [0x8200, 0x1]}}, 0xe})
syz_usb_connect(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e0100002b4101"], 0x0)
ioctl$VIDIOC_QBUF(r8, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x18603})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
ioctl$SNDCTL_DSP_POST(r1, 0x5008, 0x0)
io_uring_enter(r4, 0x847ba, 0x0, 0xe, 0x0, 0x0)
write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)

9.198076286s ago: executing program 5 (id=1378):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0x10, 0x80000, 0x3)
r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r3, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}})
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x40086602, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[@ANYRESDEC=0x0, @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000b50000008200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r4, @ANYRESOCT=r4], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffca8)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$TCSETAW(r6, 0x5407, &(0x7f0000000140)={0x6, 0x7, 0x3, 0x8, 0x14, "722a609d5b8e6760"})
ioctl$TIOCMSET(r6, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
r7 = socket$kcm(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r7, 0x1, 0x32, &(0x7f0000000000)=r5, 0x4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r8, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f00005dd000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000000)=[{0x7, 0x0, 0x83}, {0x9, 0x0, 0xb187}], 0x2, 0x201, 0x40, 0x0, 0x4eda53ca59449ce2, 0x5c})
r9 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r9, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xf}, @multicast2}}}], 0x20}, 0x0)
unshare(0x42000000)
syz_usb_connect(0x2, 0x36, &(0x7f0000000b80)={{0x12, 0x1, 0x0, 0xdb, 0x42, 0xf1, 0x10, 0x471, 0x2088, 0xc666, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0xe3, 0x1b, 0x67, 0xd8, [], [{{0x9, 0x5, 0xb, 0x0, 0x3ff, 0x2, 0x9, 0x30}}, {{0x9, 0x5, 0x3, 0x3, 0x200, 0xfb, 0x0, 0x9b}}]}}]}}]}}, 0x0)

6.421123171s ago: executing program 3 (id=1390):
socket$netlink(0x10, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x80400, 0x0)
socket(0x10, 0x803, 0x0)
futex(&(0x7f0000000080), 0x88, 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
futex(&(0x7f0000000080), 0x88, 0x0, 0x0, 0x0, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0x8, "9e3ce079"}]}}, 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGVERSION(r2, 0x80044801, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={<r3=>0xffffffffffffffff})
close(r3)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x9, 0x4, 0x0, 0xffffffff, 0x8}, 0x0, &(0x7f0000000080)={0x7fc, 0x2, 0x4000000000800000, 0xfffffffffffffffc, 0x0, 0xc3ad}, 0x0, 0x0)
ioctl$SNDCTL_DSP_POST(r0, 0x5008, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.801589621s ago: executing program 4 (id=1393):
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
migrate_pages(0x0, 0x7, &(0x7f0000000000)=0x6, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)
setsockopt(r0, 0x84, 0x82, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000000300), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$IP6T_SO_GET_REVISION_MATCH(r3, 0x29, 0x44, &(0x7f00000001c0)={'TPROXY\x00'}, &(0x7f0000000240)=0x1e)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r4, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00220f000004540b4550182195f57584b39e3ce0791be58a7c501faa3c71a8432a539c070768fb5044a592ee42d2ddccfdce8154a87bd1f1a8e0ab129f8ba36bdf3901b2f758d0cdf3ddab00effa86f3a87da57a031cad710c9c6634050e5adff9913bb5d267267eb1d7fa0a4e8dc08b4fb948d32e5d22a697"], 0x0}, 0x0)
r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCSUSAGE(r6, 0x4018480c, 0x0)
ioctl$HIDIOCGUCODE(r6, 0xc018480d, &(0x7f0000000040)={0x1, 0xffffffff, 0x7, 0x7, 0x2, 0x3})
syz_emit_ethernet(0x46, &(0x7f0000001840)=ANY=[@ANYBLOB="ffffffffff7faaaaaaaaaa3386dd60122d9200103a0000000000000000000000ffff00000000ff0200000000000000000000000000018c009078000080000000000000000000"], 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x2, 0x80000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000280)={0x0, r1}, 0x8)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000440), 0x67)

5.720509917s ago: executing program 2 (id=1394):
capset(&(0x7f0000000080)={0x19980330}, &(0x7f0000000000)={0x0, 0x800, 0x0, 0x10, 0xfffffffe})
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
set_mempolicy(0x2, &(0x7f00000000c0)=0x8, 0xf5)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f0000000dc0)=[{{&(0x7f0000000300)=@x25, 0x80, &(0x7f0000000400)}, 0x5}, {{&(0x7f0000000440), 0x80, &(0x7f0000000640)=[{&(0x7f00000004c0)=""/221, 0xdd}, {&(0x7f00000005c0)=""/82, 0x52}], 0x2}, 0x2a98}, {{&(0x7f0000000680)=@isdn, 0x80, &(0x7f0000000c00)=[{&(0x7f00000007c0)=""/156, 0x9c}, {&(0x7f0000000700)=""/32, 0x20}, {&(0x7f0000002e80)=""/4105, 0x1009}, {&(0x7f0000001e80)=""/142, 0x8e}, {&(0x7f0000000740)=""/34, 0x22}, {&(0x7f0000000940)=""/188, 0xbc}, {&(0x7f0000000a00)=""/161, 0xa1}, {&(0x7f0000000ac0)=""/70, 0x46}, {&(0x7f0000000b40)=""/180, 0xb4}], 0x9, &(0x7f0000000cc0)=""/254, 0xfe}, 0xffff8000}], 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x18, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket(0x10, 0x2, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/igmp6\x00')
read$alg(r5, &(0x7f0000000e80)=""/4096, 0x1000)
sendmsg$nl_route(r4, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001e0001002bbd7000ffdbdf2507000000", @ANYRES32=0x0, @ANYBLOB="fd10f6ff01280000080020000020000008001f0008000000"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x40010)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001800dd8def0b00000000000080ad45cd5900000000000002"], 0x1c}}, 0x8c0)
sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="02fddbdf25ff000000000000000000e1ffffff00"], 0x14}}, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff0100000001", 0x15}], 0x1)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r8, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r7, 0x3ba0, &(0x7f0000000280)={0x48, 0x15, r9})
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
socket$packet(0x11, 0x3, 0x300)

5.394978992s ago: executing program 5 (id=1395):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x8c, 0xd615, 0x9, 0x0, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000000000000000004200", "f4bd000000801900", [0x0, 0x2000000000001]}})

4.956476394s ago: executing program 5 (id=1396):
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode'])
syz_open_dev$sg(0x0, 0x0, 0x803341)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
sendmsg$inet_sctp(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="cec48d4c37ef574f38d15e0faef69db1b953a8b2b062f82e8f2cdea600dc85c646e0f41bcec1cb1b89e1d6788ab660dccd953ef9ab668ca64ae1a7b1b6b36f5c28f81966875f1b53c0b6980032d9279e71fd4901e1b0433ea1d254fb41", 0x5d}], 0x1, 0x0, 0x0, 0x40000}, 0x1)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000fc0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90bef903057465406c7f306003d8080000000000002200c200", [0x5]}})

4.488719307s ago: executing program 5 (id=1397):
socket$alg(0x26, 0x5, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000008000180000000080000000b7080000000000007baaf0ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa420000000000007040000f0ffffffb70200000800000418230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000300)='GPL\x00', 0x5, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x1}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, 0x0, 0x118)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x10846, &(0x7f0000000ec0)=ANY=[])
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000000000000000220182018000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014002000b70300002000000085000000d4000000bf0900000000000045090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0xa, 0xffc, &(0x7f0000001e40)=""/4092, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x94)

4.337442012s ago: executing program 5 (id=1398):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="04010000160001000000000000000000fe8000000000000000000000000000bb6401627a9530b2d2da46076414047a965201010000000000000000000000004e210000000000000000000000000000454db8e4feac4918dbc1f556c78245e6e6ba09000000000000006ca28979485c41c8571ac74698d2ce05060c52a9762d4d01d453e94182076269b90b25f9e9d4992568ced8f4768b873b5ed35fd9bc94d233b05a3e7b64b2677669282cd799f3d337c7e6cfa913701282840bc17021ff22b3963cda3fb7342c1be898ae3a8c7c5f5c27fd4fb709fc705234e0329cbc170b91bfc78659e1997105b5b64a53c1f30000000000", @ANYRES32=<r0=>0xffffffffffffffff, @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB="fe8800000000000000000000000000010000000033000000ffffffff0000000000000000000000000000000000000000008b780000010000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000a005eccffe07a130200ac0000000000000005000000050000000c0015"], 0x104}, 0x1, 0x0, 0x0, 0x8844}, 0x44)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet(0xa, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000000c0)=@filter={'filter\x00', 0xe, 0x4, 0x260, 0xffffffff, 0x130, 0x130, 0x0, 0xffffffff, 0xffffffff, 0x130, 0x1c8, 0x208, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @private, 0x0, 0x0, 'pimreg\x00', 'veth1_to_bond\x00'}, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@ip={@empty, @rand_addr, 0x0, 0x0, 'veth1_to_bridge\x00', 'pim6reg1\x00'}, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c0)
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x10, 0x0, 0x0, 0x0, 0x2}, 0x94)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ptrace(0x10, r5)
ptrace$setregs(0xd, r5, 0x0, &(0x7f00000003c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f00000006c0)=ANY=[@ANYRES64=r4, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b88f8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb702000008000000", @ANYRESHEX=r0, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bind$l2tp6(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, 0x0, 0x521a22, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x10031, 0xffffffffffffffff, 0x65be1000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
openat$kvm(0x0, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace(0x10, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="050000000400000008000000120000bc03069400", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRESHEX=r7, @ANYRESOCT=r2, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYRESOCT=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)

3.895052063s ago: executing program 0 (id=1399):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async, rerun: 32)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0) (rerun: 32)
readv(r1, &(0x7f0000001780)=[{&(0x7f0000001240)=""/242, 0xf2}], 0x1)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000001200)={0xffffff80, 0xffffff1e, 0xffffffff, 0x4, 0x16, "1d1b03002e374b00a2c20200"}) (async)
r2 = syz_open_pts(r1, 0x101)
r3 = dup3(r2, r1, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd) (async)
r4 = syz_io_uring_setup(0x4576, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x3, 0x324}, &(0x7f0000000000)=<r5=>0x0, &(0x7f00000000c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1}) (async)
io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0)
write$UHID_INPUT(r3, 0x0, 0x0) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32], 0x20) (async, rerun: 32)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) (async)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000580)=@mangle={'mangle\x00', 0x1f, 0x6, 0x390, 0x1c8, 0x2b8, 0x2b8, 0x130, 0x2b8, 0x3b0, 0x3b0, 0x3b0, 0x3b0, 0x3b0, 0x6, 0x0, {[{{@ip={@local, @broadcast, 0xffffffff, 0xffffffff, 'bond_slave_0\x00', 'bridge0\x00', {}, {0xc10c421ca43f3e7e}, 0x88, 0x3, 0xb3}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x29}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0xffffff00, 0xff, 'wg2\x00', 'macvlan0\x00', {}, {}, 0xff, 0x0, 0x41}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x40}, 0x0, 0x0, 'veth0_to_bond\x00', 'gre0\x00', {}, {}, 0x89, 0x1, 0x1}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@TOS={0x28}}, {{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x44}, 0xffffff00, 0xffffff00, 'batadv0\x00', 'veth1_macvtap\x00', {0xff}, {0xff}, 0x2f, 0x7, 0x2}, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x1, 0x5}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f0)
listen(r0, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x800)
pipe(&(0x7f0000000380)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
splice(r8, 0x0, r10, 0x0, 0xf3a, 0x0)
r11 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7ffffffc}]})
sendmsg$tipc(r9, &(0x7f0000001640)={&(0x7f0000000000)=@id={0x1e, 0x3, 0x0, {0x4e24, 0x1}}, 0x10, &(0x7f0000001580), 0x1000000000000101, &(0x7f0000000240)="169a3deca50633333bff0beaf48bea1cb3fa4d4b3740e98d6c5c2bd8f0ea4c2d176227cf3c658ab7164349e1afe5a6310149c8", 0x33, 0x44810}, 0x4000000) (async)
close_range(r11, 0xffffffffffffffff, 0x0) (async)
poll(&(0x7f0000000040)=[{r0, 0x2124}, {r0, 0xb0c4}], 0x2, 0x11ff) (async)
shutdown(r0, 0x0)

3.692254022s ago: executing program 0 (id=1400):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0) (async)
write$P9_RSTATFS(0xffffffffffffffff, &(0x7f0000000140)={0x43, 0x9, 0x2, {0x7fff, 0x9eda, 0x100, 0x3ff, 0x9, 0x6944eab6, 0xdf5f, 0x7fff, 0x8}}, 0x43) (async)
openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) (async)
migrate_pages(0x0, 0x7, &(0x7f0000000000)=0x6, 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x82, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs={0x0, 0x0, 0x4eb4}, 0x5e) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000001280)={'filter\x00', 0x7, 0x2, 0x3e8, 0x0, 0x300, 0x0, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @multicast1, @broadcast, 0x1}}}, {{@uncond, 0xc0, 0x108}, @unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8, 'syz0\x00', {0x3}}}}, {{@arp={@remote, @multicast2, 0x0, 0x0, 0x40, 0x10, {@mac, {[0x0, 0x0, 0x0, 0x0, 0xff]}}, {}, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 'pim6reg\x00', 'vcan0\x00', {}, {}, 0x0, 0x280}, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)
mknodat(0xffffffffffffffff, &(0x7f0000000200)='./file1\x00', 0x800, 0x0) (async)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r4, 0x10f, 0x81, &(0x7f0000000080), 0x4) (async)
sendmmsg$inet(r4, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) (async)
close(r5) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0x3c1, 0x3, 0x4a8, 0x208, 0x940c, 0x3002, 0x0, 0x2c0, 0x3d8, 0x3d8, 0x3d8, 0x3d8, 0x3d8, 0x3, 0x0, {[{{@ipv6={@private1={0xfc, 0x1, '\x00', 0x1}, @local, [0x0, 0xff000000, 0xff], [0xffffff00, 0xffffffff, 0xffffff00, 0xffff00], 'vlan0\x00', 'geneve0\x00', {}, {0xff}, 0x1d, 0x66, 0x5, 0x2}, 0x0, 0x1c8, 0x208, 0x4001, {}, [@inet=@rpfilter={{0x28}, {0x5}}, @common=@inet=@recent0={{0xf8}, {0x1, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x1, 0x2b, "e0a1dff634a4af5313c30a32cdad7c73ff3de5fe02a8825d9e89f6ff5d96"}}}, {{@uncond, 0x0, 0x168, 0x1d0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x2, 0xd7b, 'fsm\x00', "9337de1e55a152eb2742da26b2b123dc1d9efd4200e60effea4433cc4afceaea7402180e04994dbe21ddb7faea6522b14aa7a7bcc49faa527d95eb7dffc5869db45e5683e3b2f1d0bae412587d6934c2d0ad081ed8b18c6e00a93bb26bd6e05751a3db1903d079a07c65320aecbe9de3f8450991171fd4ade31bc0089246610c", 0x27, 0x1, {0xfffffffffffffff3}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x5, 0x2, 0x1, 0xb, '\x00', 'syz1\x00', {0xf0000000000}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x508) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x40004)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}}, 0x84)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0), &(0x7f0000000900), 0x0, 0x0, 0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r3, 0xc01064ab, &(0x7f0000000240)={0x6, 0x0, r8})
syz_open_procfs(0x0, 0x0)

3.577623644s ago: executing program 0 (id=1401):
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x10d600, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x4000010001ff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000240)={0x1a, 0x1, 0x1, "3a8e07ca5de21f0077ab7a4d8601acc620004b5c000000000000002100", 0x3231564e})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xa, 0x111002)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r3, 0xc008551b, &(0x7f0000000540)={0x1ff, 0xc, [0x4, 0x1, 0xfffffffe]})
r4 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000280), &(0x7f00000002c0)={'L+', 0x2}, 0x16, 0x0)
r5 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x18bf42)
syz_usb_disconnect(r5)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000440)={0x0, 0xffffffffffffffbb, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000000101010100ffffffff0000000000000a040006800800085c00000003080015400000000008001a40000000040800034000001400dd52ee7f67b7acd3f9f9eb48f8ed14f17d72b311e97995edc64c58d7f3dc76d13c188dec285ac5ac73ece6dd4669e06b4f393a3abf32f21ca8bcdfd16bb71682c3877b857fc13e1779bb426b758a81f82b6a9869df4ef2196482b6c7d89de5148dbe853b4737ff9cd58d6a6e52749dda2f3c179036825639006cc06f3eedb64cf8874d1ec021161aa3ed882b4d531e5e401473111d4c1ccc8a5882c0c8c8"], 0x38}, 0x1, 0x0, 0x0, 0x50}, 0x20000084)

3.285242452s ago: executing program 3 (id=1402):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000140)=ANY=[@ANYRESDEC, @ANYRESHEX=r0], 0x0) (async)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000140)=ANY=[@ANYRESDEC, @ANYRESHEX=r0], 0x0)
statx(0xffffffffffffffff, 0x0, 0x7000, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCSABS20(r1, 0x401845e0, &(0x7f0000000080)={0x8, 0x0, 0x4, 0x5, 0xffff, 0x4})
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAW(r4, 0x5407, &(0x7f0000000100)={0xa, 0x7, 0x3, 0x6, 0x1b}) (async)
ioctl$TCSETAW(r4, 0x5407, &(0x7f0000000100)={0xa, 0x7, 0x3, 0x6, 0x1b})
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000200))
ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000000)=0x8001)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
ioctl$sock_ifreq(r3, 0x8931, &(0x7f0000000000)={'caif0\x00', @ifru_hwaddr}) (async)
ioctl$sock_ifreq(r3, 0x8931, &(0x7f0000000000)={'caif0\x00', @ifru_hwaddr})
ioctl$KVM_CAP_X86_GUEST_MODE(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
eventfd2(0x0, 0x0) (async)
r5 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000300)={0x7, 0xeeee0000, 0x0, r5}) (async)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000300)={0x7, 0xeeee0000, 0x0, r5})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f00000001c0)={0x1ff, 0x1c0, 0x100, &(0x7f0000000d00)=[0xe0b, 0x8e0, 0xffffffffffff7b3b, 0x3ff, 0xfffffffffffffffa, 0x7, 0x0, 0x8, 0x0, 0xd, 0x2, 0x7, 0x9, 0x8000000000000000, 0xfffffffffffeffff, 0x0, 0x7ff, 0x3, 0x4, 0x4, 0x9, 0x5, 0x113b041f800000, 0x5, 0x8, 0x3, 0x77fbebcd, 0x6, 0x81, 0xffffffff80000001, 0x3, 0x3, 0x1, 0x6, 0x5809, 0x8, 0x7fffffffffffffff, 0xb2, 0x1, 0x8, 0x0, 0x1000, 0x9a, 0x2, 0xfffffffffffffffa, 0x1, 0xff, 0x1, 0xd, 0x2, 0xd6, 0x7, 0x8, 0x6, 0xc, 0x8, 0x5, 0x7, 0x80000001, 0xc0, 0x800, 0x4, 0x7, 0x1464, 0x2, 0x9, 0x1, 0x511, 0x90, 0x9, 0x8, 0x9, 0xb, 0x604, 0x9, 0xfff, 0x3, 0x4, 0x3b, 0x4, 0x5, 0x3a31, 0xffffffffffffff67, 0x67, 0x1a, 0x6, 0x1, 0x3, 0xfe6, 0xa, 0x3, 0x3, 0x1ff, 0xa79, 0x8, 0x8, 0x3, 0x0, 0xffffffffffffff7f, 0x7bf, 0x5, 0xfffffffffffffff7, 0x7, 0x100000000, 0x7, 0x5, 0x8, 0x101, 0x2, 0x1b2, 0x4, 0x6, 0xcea8, 0x3ff, 0xd, 0x9be9, 0x8, 0x8, 0x3, 0x2ac2, 0xdc92, 0x0, 0xffffffffffff2522, 0xfffffffffffffffa, 0xea, 0x5, 0xf, 0x3]})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1}) (async)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r7, 0x4010ae67, &(0x7f0000000000)={0x6000, 0x2000, 0x1})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.544841089s ago: executing program 4 (id=1403):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x1c, &(0x7f0000000140)=ANY=[@ANYBLOB="18080000fcffffff000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b9a00fe00000000b6090800000000007b9af0ff00000000bf8610000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000001500000076000000bfb800000000000056080000000000008500000007000000b735f3082200000095"], &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x40f00, 0x2c, '\x00', 0x0, @cgroup_skb=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2010000}, 0x94)

2.533246969s ago: executing program 2 (id=1404):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x8, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000040420f00b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000028008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2.281880625s ago: executing program 3 (id=1405):
r0 = socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_open_procfs$userns(0x0, &(0x7f0000000040))
r4 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x9869, 0x10100, 0xfffffffd, 0x2b4, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x708, 0x41e3, 0x0, 0x0, 0x0)
r7 = landlock_create_ruleset(&(0x7f00000000c0)={0x5002, 0x1}, 0x18, 0x0)
landlock_restrict_self(r7, 0x0)
landlock_restrict_self(r7, 0x1)
r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r8, 0x40045542, &(0x7f00000001c0))
syz_open_dev$dmmidi(&(0x7f0000000080), 0x200, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x10f9, &(0x7f0000000040)={0x0, 0x5652, 0x40, 0x1, 0xa})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r9)
mkdir(0x0, 0x0)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='./file5\x00')
r10 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
ioctl$SG_SET_RESERVED_SIZE(r10, 0x2275, &(0x7f0000000080)=0x2e9aa845)
writev(r10, &(0x7f0000000140)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1)
accept4(r0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x86, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff08004500007873000000000001907864010100ac1414aa0b009078032c000047000000000000000088000900000000ac1414aa86060000000086330000000000074b6cefc500000cdf61168c24ac88ad078c000a2189ea43a2149b84000bf7d11634eea26b75af000502a209440c5600"/135], 0x0)
openat$procfs(0xffffff9c, &(0x7f0000000c40)='/proc/crypto\x00', 0x0, 0x0)

2.215642894s ago: executing program 2 (id=1406):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan1\x00'})
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x1}}, 0x10)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002d00)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4870000002000000480000000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9ea4318123341cf9d90a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a22a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a19eed87b277be335c75e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44ae8a3a3641110bfc4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd5821124dcecb0c005d2a1bcf9436e101040000f73902ebcfcf49822775985b231f000000ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2ba7f1521b3ebb0cc52f49129b9b6150e320c9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e5efdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d255be1ed66d9051f22614d1f62734d678039a97d2b74f9e8e97f4e8e7025123e783df8b8a17e3a9a7d85832f9acee4f1b56e9623128d743792cead3c058a5b700d64d160abe33df726608510136ce8bf239414a1d98ea93e3d35dbb6c23b90cf36e83b8a4309b402d264b09f2779a0bcb02e69d384146056d125cf4aadd80800000000000000e88d10acd06864eac44c42fbe334bdc3e9768fc360b130dc6111fe3293e8e02f819a2aa34dba1c25be27945507a3477b437525b81aef2f0b4c4f63483026b5e34d44705b76ef29f7f6e0a2be625eae975e02069f6f24e1e1bc976d965ddabb01085f16bff63a06578d6d184e5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8eae87691e6e365a70c3f15871565bba8dd8a8ca049f798abe646f738bebdfc9d8a5edd7a19ca7a42bc3f1db37c17f22a287c6d31a13db5dfef409eb1d3c91c05000000000000000c4736c81936315418f26770cca4e2f89800d18c2a30003b952ae1ebfd0ca88368ee6ce139e8b5822422cf4c9dde943d34c432e1001171792c65986146666a549092398af45ba38c41fa7e0fffeac41824ca1fd0eb68aa243c9035c788d5480e5aee9c9e5f2e5a3628995b1531bd20360d33d8f9ffffff5f4bf6ea0000000000000080ca02ee3686da707b56d8db491ba0cc33f6be92c55969a2b52a25419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9bc31f09832d4788be2a442aa81b259e9eb1bf5314844051f3a642aca9ff98c9036471ccff0522903e7bcf62e18f7796bbc280b95e8e0d6fd5644b0ebde3885b06548862de809d3dae3cccf109f7c78e8479a345e805e4acd27dfa82cafc6b64b1f4659834aecbed6d44b11a443c5ba92a326dd10921aa79c62800844c7a59f55ee205a11ab50fb402e7da6ada561ec1117cc186b01fd5c20680c580dc31b0963ff953ce09148e8dfea9d03a61bbd2bb173518507a3cd0e37c4da0a71eee31071d5d642498181c69cee3b2e414ddd6a12ff4bdf6e96c247b6025d4376067e25357d3b521a5b927d3392a7503718aea2417952cf6a0c6de4e61b49cad1e4d6b000000000000005b2d16877299acefc0fb5bc1422c3d425d988eedebcf242b780a687c9acae2a5a71c2a16a32ceb377f5d54f9b2fa90b2905906e611be56e9eb0cab20c290a1f6c09272dbc3b2c0ab2b5baa1b07b16e81f278e54a479f1a068658e3656cfa196d6c050000000000000000814955c62a7d72b317399e572a7f6a4657b7cbe066c9179ffd097d61fcfd0fa1d46cfb110e3e8cff5579e83f2820f95eaa0c609f666950c24311740e36de8f65708cfffce788c99ef8f62fd2398e999b220125da8eb07947512365abbc5b84ef524bdf184727c67910051f204662264607d548dbdffe14b4907c49f604e5a92e3f9de595d31dd084adfe00007267f226019ef0a25bc15da71e893856a2182c3167d8ba73f7c6294b159a426ce44cd73f000000a66fc501eae0c3504c1400697ba69fd9b7eaf49aff6a6aea529610db8dfef86c3cc698e9fddf1b132876159972281a90c3a4cf415df25fbcdd35cf8368f068c4481844bdd0dda553e1cb0966d5686013d382956d50055dce0d1ac225c1d77612b1ec52e743dbc51f25cc07a202b704577316913cf667fa65e476f688de2d6c54ea192a569eed05d0d7536b3205c68d4ee0fe318ed3112c76dcf128a1d5595b773ef4c8a7ba4e10381de8808ff02dd0a7b996ecf1c65e6d9db90c87123d9cb3945330f7a270ee0cca35b133b249b800a34b0942d97b55d808c41ca8fec0b2f39f505140751b60f29a83e4bc0ef2ffea443e4aa221cc38a503add16a2c98cb589e1dac1912b4142a3be30f50b2d947ffff0000eb38030d0c0ce0598700130000000000000000000000554361e1628ee0017ad19ca787f2c078aa260701ce0800000080623902000000000000000000003d118a04fa6a80c4928c01ccab57bdf4eb265ad15004f967543fe6e6ddc2a12165fe3a08bf9475ee0eee3539369b0e566fedbd215a6ddd4fe03dcc7a922e16410d820747b7e806c0f3b6f14c884d150a0ff07f2e0000bfb083c56d3bed0a61fab880f8885c612ebff8523d14cfb12aca274c000000005e5155611969f6e67dd83b20206207cb8b2cd2fab6fa6d7fdaed6a27a2e4db1d5adc80014ff11d9dbceba41d8dfce410333a054e82b1d050331ce0aeacb843b94d67f69f49eb4dd3b1b85b018359c32df01db8ebce0dbc36cade09c6b44f6b93d28db8ae4db5624d8a02f7be91bec65e4b3373059587dd6528bbc48e3379d477d482faff738c39c61cac1195043bd5b70c0860c1083a169a8263e9aec56b9f7795fa27634a7f06359e3058d2dd69c4e5cc11b36d9ed9c4b2867f583de6fc582f789722bd1500e64c495abdb72de2c739d38c72f6f4fb1946081dcc825d5b5b747e9fa1b5226cd31e131263f1fcd5d45a630b46d04af906f0be464d829dd2dfcf7400002b7827f6d957e51bb1f1b44a50200c9dfadfaff2e32baa9c0edaac7144e174dba582a951d2b03c27219cec4fbc7b6e99c3f00188941e3fbf008cbace177ae250fd757a22e21ec05aa45c91e1345ca936184c3fc28153283e13654123cfaf4e666e80f34d0adad1e2116bc385f888405d48f0d386da0cc6068018e45772a68f2ea3fb7e7207000000b24088014c8e64f03d053c4e02ddd08b262e422eff1c9f124b892b0a9462b07d4f88c0693bd9c54ad2ab5227aa59ef2b53ac528c0800000000000000ebfde0c4a37c2d55c176680c4207000000e4aa467f995c9bc99e60441d4dbebead3b436427762618810bac7308c6d3298ea932b66572825e62d18462d3b2342ba48c145ff4674a94fa078cc552d064da2bb69a0d269076f8957176578f44ffb8895fbd4e2a757a4249a855632ca30e09789811bd5e06840f8848df72230a28e0304569bfa0350b6dde9e96273de1758505aa1ba89dfb12be7a7c6dd18f6148354df7e60a489dc543ccdee1fff9d8f8d78844de27a77ef1181d5055c2a193a5763ed7749a17296c76818b60426082c86619dacc8a884c4de8572a044faf0c8e4377776c8703ecf2e3f1c3d6410000000400008369f062639e3ddcf725be54f626448fb7bfc74c183b26e31b71a390ccea4be07278dd12fa16848797397b76908fa03613cd961b98b26a0879ccba4a78c82958764bce07a7f70df1cef6d4db1ddbda1db18e4f41c390fd3cb862216ece39a9ec60bd3bfb41cb630343b32ee5f9329dcaf33be8c87cc510557460d14421e1d26322ab64388f2ceae70922989f66827fe9acd2ec3ece39f3b4ffdc4dfea3da6ddb002512e2313253801044e751168e32d7bd6800000000a21008b8d26dabe977c503c30ef7c489e5ea1fff041e54de54cfeb258f2387dad096b72a78d934927492cfc773c731cca9b13b3f6e7760ab0929c46f51ea5643f3df4f4044f3ad0a6ba739e72d8b8b2935d81534bea8372bc590c111d573e04280659a096eaa495a4154daae7d1800c130d920964845c50c8ba4763b19b6008f6d7a5091895c7a4b7816ab706503be879b18b778b0f61ecfde2f8bbb32cfeb766ec4430ee0ad45a0a263ddc4b2f47680c8d53439f8d388dab87112c83997badaf8ed85cd5b03a7352a0fb83398566d1bc133582ce2d9f601cd23eba4432180b2d5c3019879cd949a5be1b241b3d0d0d52a3529cc9e704a9d8d54f4f7b776a969a4505e18fe5284985ca7d112c397d776e3baba918b7df456bd970e761e00f3b0efa5ce4246d9f08ba60da3be556c518a1f19504c7cea1491a9eadd27d747ca9cc5f92e30b2ca3cf0b142a8554c87e8026d4e586cf5f7c9d412e6eb4f66a076c8bca6b294305969dabb6c932b57a5dd4234bf1ed3bd095229ee3cbb86883d574c5af4bb78370561de3fbf55bfcd2db3979eb1be120b5795443324023353c959fd965702f1cd5bcb3c16d4b8bdd9fc87c862c247e140379ef098c7b3fa79a6638a245b6a74f14dde9bd4ee48e62cdc70f486ce38641e4e4309aa9f4bd097fa1530db966d9919544ab4890301e51f9525436f5d9591460340f5093161a78a249783945407f2576d6f35a99e3521d7991e3fdfde5ee7f6a8ff8181a68ef15a2ebfe9e22d7c745949ab5cc15b9f5659799b5e006f09f5173e260b82f80ae10adebbf9f623f75bfd4d83c4859ca9b652cea33daeeef07b60c78a21965bcf91919071c7ded1ca0fbea5cbe54ee42fb6809317dc0b7587d9322f8cd09e32675a187465bdfa101bcd9ac680839b375af12c160247dd960e70eb7ee60c52a900440aa9bd9a6b15a4a34dc73c3c4936d8986300fdc264b28537df387e64420f2f5fa2a31d24c1ed888a57fcc50400a084a38a3630ffc465f36a4b770fab0946148161184be39134542e934f3a538b011cb3928b4306301855c89afe795d881d4361e7fbd1fc2331b4e34733480bc497662a8234a7eeab3e65d6b0f5d92edff04416eedcd15b9ddbcb3cf9228afda6b17d44a276b205eabd0069f7e26aea50f537dc77b683ed83d2f9110e00a705f48e9d13378cf09bca22e8f45c4f360d5fff8b57a2a35f21c4513bcc0800000000000000dc5cc7ad7290c60bc609bff9be7cd922f474c3faa78fd42cba7c78d6d912656b6313497625e2f9afaba05b17ca242b7ca8d6556175aee38142a8aac5f677c2f8a6967f2cb5e97aae97a5e5579a706243688ac4d38a4601b4aadb2d319fe7d6bf1272fa3fa701338d7bce390e8bf959081ed39e63a431901d615a26ff95e1620a6c26eda4f92d83499a173e7217001f58ed5406ba14bfe611e5958458af7b3c5319fdb4c40b8d01365fdee93af6fad7c7a8da8646dc1379d1aceb72fd929e7de4e9620000000000000000000000000000007cf90000008f8a9da7a8a167815c6ffcd1b6863cde9ab45ecd8f06423198bb00cdf76877f407be46b0755d6be5afbb4cb3a8de259a8beb2223f28b855e2bdf4b31b91e5062a42a55bd95e93f77f2499391cf0000000000000000000000000000195007ad27d1d61dc4d5512f117f0ed554c2c88c4468a4808ae562a6bb1ff447d6e12da22ee9f0422a84f361684861169f498909c4841f4d5a0fa3b7d833075fdcd9c1d169b03d7df7f4150fad8b9e92eaf86992adbda360dd91de51c6df335445492608162fb0804dabdeac6fb70042f906eefd37f1d190a1c8a0d9de7f34dcc8cbd7b565fc675f3bf7aac559411808ee703ec3ad461c6ddc571994cb504c46eabbc2ff4b97df394bc75b5e7f45a4450753b576af95820540e1ac91a43954f0b1260fa3b351b5a424d2b2944866aff582486308aca33c9571d1928175737473eaba14c9818c05d57de4df75f08206c24f781a72f26159b0abf05a90364414c4be434323c0f1050494aed7d791966edcb89d555e9907222e9af2546f0d6f9e51d40e30c85bb10cef93aacbb2d1278ddfcb9c65fd6d55239b1b7097c262740c13c53937b6f11ca6d544789ad36df5721e198f3d7f3a70d987c534cd7ac8da762e6d8752637405ffc1399a79f6c266dda1593f18ea2fb93111c1416f5a07fd7d74f956b2f4f4f3e9bcc03613cfb2b89b42babeb5756a21af5d2f980f1eb505cee397fd4e2cf068804b31b8be623a04c103e0dd4f0c3626f6bffa8f9d597123da046692211f7ad0711469f4839d394ed227336c2394b9ba1c299e88bca4fd70723dcab03ed8de938a69c31cdb5dcc77df25bcae53d9f35125c9d19d6f948f29ed4cab2cff308f3d6230c0e1442f21163ed895e869bd37653abbf7ab3d48c15d8f4a99a1c84bfe7b76c0bb42cf72a1b871b6edf1ce441c720054ab2aaa9f1d7ce20f8827c967f61a4acffb1ffbe54dbf4b65f23f1e740412a6e90dbeaee4d177f7bd016ebf7aec4a80671f193d28eaf71043ca144f9dbdc8743d9dd16d17f87c8a84f66053460fa6de2a29c2ba81e4780689b03bb02c0249a645cb6282b91f7d0f412a823b81c8d6c39a4483efeaf68e6920255a38f3459b89eb3c1ebba6a1507dadd4e7bcbec4d5c6be67f2760ac557c71e79b79939d0f41ae12241b464390d2ff9c60d49c3cfb455ffa1a8cbe9df811bc8a917f2199884edcd83ff6978f9d1ddf702864330e896ef31c914685f74a4198d71b35fb3b6fe08d0bf6ede50ae5eea1633621f5b4ca1829d5525ff4e0b357e8dcc9026206d6ff395db6b034d6bdf697d0d05d79917684b1ba7153caee53f8769b72c566d8bf9545d857d6db6a9ad9f0d36d3bea290d73cbfd15044d245db5a8624a94555777cad157b12b98bbb1e4a71a3ca616c652fcf6c0354b96f20effea6bbbabe9287becc537db31fcca6216e63ac479f383a7de333167c0179b146806b71cbf473f05320a51373bcbf7cc2cde3e108bb8e2229ddb771c1bd8a0982cf85d01efcc572276f8dac8ce8cab40b409c8e9f9dc086ce70645d411be8563236eb1a5db6337e9d03c5cf3012eb1fe916038236df9cc3327fd0b4342f630e58d35fb5f635adcc92338f4d68ef91886b4392fd5b384600000000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f00000002c0), &(0x7f0000000240)=r3}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x103, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x20d302, 0x0}, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000000), 0x4)
r4 = dup3(r1, r1, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002cbd7000040000000500b600080009000200000008000c00a60a0000060001000500"], 0x40}, 0x1, 0x0, 0x0, 0xc100}, 0x4040)
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x4048890)
setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88)
r10 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
getdents(r10, &(0x7f0000000240)=""/167, 0xa7)

2.215395616s ago: executing program 4 (id=1407):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x1, {{@in=@empty, @in6=@local, 0x0, 0x0, 0x0, 0x8, 0xa, 0x60, 0x30, 0x58, 0x0, 0xee01}, {0x0, 0x7f, 0x7, 0x3, 0x0, 0xfffffffffffffffd, 0x5, 0xffffffffffffffff}, {0xffffffff, 0x0, 0x0, 0x10001}, 0x0, 0x0, 0x1, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x1158e3b975e78980}, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'sit0\x00'})
pipe(&(0x7f0000000580)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000000906010200000000000000000200ffff08000940000080390900020073797a310000000005000100070000001400088010000780"], 0x44}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080)
write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc)
splice(r1, 0x0, r3, 0x0, 0x7fff, 0x5)

1.920571295s ago: executing program 2 (id=1408):
socket$alg(0x26, 0x5, 0x0)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000008000180000000080000000b7080000000000007baaf0ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa420000000000007040000f0ffffffb70200000800000418230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000008000000850000006900000095"], &(0x7f0000000300)='GPL\x00', 0x5, 0xff7, &(0x7f0000001e00)=""/4087, 0x0, 0x1}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, 0x0, 0x118)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001240)={0x8, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000001000000000000000220182018000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014002000b70300002000000085000000d4000000bf0900000000000045090100000003709500000000000000bf91000000000000b7020000000000008500000000000000b70000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0xa, 0xffc, &(0x7f0000001e40)=""/4092, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100}, 0x94)

1.842121928s ago: executing program 0 (id=1409):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000b00)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000040)=""/15, 0xf, 0x9c, 0x8, 0x3, 0x5, 0x1635}}, 0x120)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000100)={0x60, 0x1, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x1000, 0x0, 0x0, 0x6, 0x2c, 0x4, 0x9, 0x1a})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000980)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x6, 0x0, 0x1, '\x00', 0x77cd})
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
write$UHID_SET_REPORT_REPLY(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0e0000"], 0x25)

1.379378277s ago: executing program 2 (id=1410):
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x8c, 0xd615, 0x9, 0x0, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000ffffffffffffffe400", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

1.012528877s ago: executing program 4 (id=1411):
unshare(0x12000400) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000005d40)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000400000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a54909e8441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce993c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1a8f2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f2466a39addc610406744a8715dbdb12de0a8e53079adc05002703e2f47ba499d0d593e3dc071fe30e0d29c69c5631fbf30c8082905d6834e82b75a0722b273fe4da1c6645e8d3913c8cd8ac50a8a0a25f98c4da5bfd14ea0ca884dba1b0eff2fd6e294e127f9d26ecbeca028d14439a41e8fd11cba79605e26b4cc4b7b6c128e3b9efc02682"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000940), &(0x7f0000000700)='\x00', 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000000)='pkcs7_test\x00', &(0x7f0000000080)=@chain={'key_or_keyring:', r0}) (async)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280), 0x40900, 0x0) (async)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x5, 0x3d4}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0xa440) (async, rerun: 32)
io_uring_enter(r2, 0xdb4, 0x0, 0x0, 0x0, 0x0) (async, rerun: 32)
r4 = syz_open_procfs(0x0, &(0x7f0000000280)='fdinfo/4\x00')
preadv(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)=""/51, 0x33}], 0x1, 0x0, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x20, 0x7, 0x0, 0x206}, {0x6, 0xff, 0xfe}]})
r5 = add_key$user(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000a80)="3e12", 0x2, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r5}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'sha3-512-generic\x00'}})

980.533136ms ago: executing program 3 (id=1412):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @limit={{0xa}, @void}}, {0x14, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x7c}}, 0x20004001)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @limit={{0xa}, @void}}, {0x14, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_COMPAT={0xc, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV6={0x8}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x7c}}, 0x20004001) (async)

856.816578ms ago: executing program 4 (id=1413):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00a8bc", 0x28, 0x6, 0xff, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x2, 0x0, 0x0, 0x0, {[@generic={0x1, 0x11, "87d5c9ed7eed4e6de58079eef72628"}]}}}}}}}}, 0x0)
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000000)={0x5, 0x4, 0x2})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000040)={0x2, 0xdda, 0x1})
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000001c0)={0x2, 0x8, 0x2})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000000240))
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f00001cd000/0x1000)=nil, &(0x7f00004fa000/0x4000)=nil, 0x9, &(0x7f00000021c0)=[{0x9, 0xffffffff, 0xfffffffffffffffd}], 0x1, 0xc2ff, 0x0, 0x0, 0x66, 0x76})
socket$inet6(0xa, 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8003, 0xc95a, 0xf, 0x4, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0xef, 0xffff2d37, 0xff7fff01, 0x6, 0x3, 0x7, 0x7, 0x4, 0x0, 0x7, 0x3c5e, 0x1, 0x3, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0xfffffbf2, 0x7, 0x3, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xb, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8e, 0x2, 0x106, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x9, 0x0, 0x5, 0x2006, 0x8, 0x3d8, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x3, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x4, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x80000002, 0x4, 0xb, 0x4, 0x5662, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x80b, 0x4, 0x5, 0x800, 0x0, 0x4d4, 0x5, 0x8, 0x6, 0x3, 0xcc, 0x3e7, 0xb, 0x5, 0x2, 0x6, 0x8, 0x2000000b, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x5f1, 0x2, 0xf98, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x3, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x7, 0x120000, 0x3, 0x6, 0x712, 0x9, 0x25], [0x9, 0xbb35, 0x7b304120, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0x7f, 0x1ff, 0x4000002, 0x57, 0x5, 0x3, 0x101, 0x3f51, 0x4, 0x1, 0xffff, 0xa620, 0x1, 0x5, 0x2000001, 0x2000002, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x9, 0x3, 0x7e, 0x100, 0xa, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0x4, 0xd5, 0x200, 0x9, 0xfff]}, 0x45c)
r2 = syz_open_procfs(0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r2, 0x4c06, 0xffffffffffffffff)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

540.56683ms ago: executing program 2 (id=1414):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff}) (async, rerun: 64)
r1 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0) (rerun: 64)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70000000060a0b0400000000000000000200000044000480400001800b00010064796e736574000030000280080004400000000308000340000003010800023600000003080009ccf50000020900010073797a31000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x98}}, 0x0) (async)
io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000380)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1) (async)
r5 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)=ANY=[@ANYBLOB="1800000000000000100100000b00"], 0x10b8}, 0x0) (async, rerun: 32)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x2, r0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0}}) (async, rerun: 32)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x36}, 0x4, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x2, 0x25cd, 0x1, 0xa4, 0x6, 0xa2b9, 0x7, 0x9, 0x3, 0x4, 0xfc000000, 0x3, 0xbbf, 0x40, 0x8, 0x9, 0xd, 0x2, 0x12a3, 0x6, 0x3, 0x2, 0x4, 0x7, 0x81, 0x8a, 0xfffffff8, 0x558e0d31, 0x8, 0xfffeffff, 0x91, 0x5, 0x6, 0x7, 0x4838, 0x5, 0x400, 0x7fff, 0x5, 0x4a7, 0x81, 0x6, 0x8f9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x3, 0x7, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x6, 0x60, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x7, 0x5, 0xf, 0xfffffff3, 0x4, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x8, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x80, 0x49, 0xf1, 0x4, 0xab00000, 0x5, 0xb, 0x2, 0x1, 0x3ff, 0x1ff, 0x8001, 0x7fff, 0x762, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0xa, 0x2, 0x8000, 0x2, 0xfffffff9, 0x200004, 0xffd, 0x3, 0x5], [0x2, 0x1, 0x4000ffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0xb, 0x1, 0x491, 0x8d3, 0x6, 0x108, 0x3ff, 0x3, 0x8, 0x40, 0x6, 0x7, 0x1000007, 0x5, 0x0, 0x5, 0x9, 0x0, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x6, 0x3e55, 0x4, 0xd3, 0x7, 0x3435, 0x5, 0x9, 0xfd, 0x401, 0x101, 0x7ff, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x7ffd, 0xf44, 0x3, 0xd500, 0x8, 0x77, 0x9, 0x9, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0xbfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x40, 0xaf38, 0x5, 0x7fffffff, 0x7, 0x4, 0x9, 0x81, 0x3, 0x9d86, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x6c5, 0x101, 0x80000001, 0x0, 0xfff, 0xffffffff, 0x100, 0xd8ce, 0x6fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x806, 0xfffffff9, 0x4, 0xffffffff, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x14000, 0x1, 0x1b18]}, 0x45c)
io_uring_enter(r1, 0x27e2, 0x0, 0x0, 0x0, 0x0)

540.182572ms ago: executing program 3 (id=1415):
r0 = creat(&(0x7f0000019080)='./file0\x00', 0xecf86c37d530494c)
close(r0)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000019140)={[], 0xffffffffffffff8c}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x8)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x40048c0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000240)={'wlan0\x00'})
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)}, 0x4000)
write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x8, 0x81, 0x4, 0x1, 0x1, 0x3, 0xfff, 0x134, 0x40, 0x7b, 0x652, 0x95, 0x38, 0x4, 0x101, 0x8, 0xf0}, [{0x60000000, 0x401, 0x2, 0x1, 0xbc45, 0x2, 0xfffffffffffffffc, 0x8000000000000000}, {0x5, 0x3000000, 0x8, 0x6, 0xa, 0x4, 0xa, 0x2}, {0x6474e551, 0x800, 0x8, 0x401, 0x9, 0x7, 0x7ff, 0x7}, {0x6, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x7, 0x8}], "fa2d90bbc153a2422ccf8b396ced04a5ffd89bd673b385d74ab98f535d2b3615fb51ce41592d43a9dccdf4f38d4bc86ee819b2660d57c9b508aedef14d26140ae63348ad1ef3eb733eefcfb75fa9e311d8faaed3d4992686c195a642dae15e381c899ce9892c3ad44935e42cb2754414aea6f645eb68ef5c9a016aa6b4ca683fc09c58c8abf2d5e6e1bfa5360103d8c19b2c5826d8a78b", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x8b7)

508.147641ms ago: executing program 4 (id=1416):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10003, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
landlock_create_ruleset(&(0x7f0000000040)={0x1ad2, 0x0, 0x1}, 0xfffffd76, 0x0)
syz_usb_connect(0x0, 0x64, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000cb8be7406d04230807000102030109025200010000000009044000000e0100390a240108000b020102082407010500070e11240606060509000600040007000300390c2402050302060254df000a092402050001031f04092403"], 0x0)

325.276204ms ago: executing program 0 (id=1417):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000006c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x8, 0xf, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000040420f00b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000034008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

148.471659ms ago: executing program 3 (id=1418):
socket$nl_route(0x10, 0x3, 0x0)
unshare(0x40020000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$inet(0xa, 0x1, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x8848, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="00000000e000000000000000000000000000000008"], 0x38}}, 0x0)
r3 = syz_io_uring_setup(0x1a11, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x3, 0x4000000}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
r6 = landlock_create_ruleset(&(0x7f00000000c0)={0x501b, 0x2, 0x1}, 0x18, 0x0)
landlock_restrict_self(r6, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
r7 = syz_open_dev$dri(0x0, 0x1, 0x2)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000100)=[0x0], 0x1})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
socket(0x10, 0x800, 0x0)
r10 = dup(r9)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

0s ago: executing program 0 (id=1419):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x7800, 0x0)
ioctl$BLKRESETZONE(r0, 0x40101283, &(0x7f0000000040)={0x7, 0x8})
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='1', 0x1)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004018000000010902120001000000000904000016cafb1a00"], 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c)
socket$nl_xfrm(0x10, 0x3, 0x6)
read$FUSE(r1, &(0x7f0000001740)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

e802154 phy0 wpan0: encryption failed: -22
[  378.813054][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  378.905701][   T24] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  379.163083][T10137] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  379.171893][   T24] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  379.173464][T10137] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1066'.
[  379.210970][T10137] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  379.226975][ T5916] usb 4-1: new high-speed USB device number 93 using dummy_hcd
[  379.253045][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  379.301566][   T24] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  379.360367][   T24] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  379.383686][ T5916] usb 4-1: Using ep0 maxpacket: 32
[  379.394443][   T24] usb 1-1: Manufacturer: syz
[  379.401353][ T5916] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  379.409546][ T5916] usb 4-1: config 0 has no interface number 0
[  379.450892][   T24] usb 1-1: config 0 descriptor??
[  379.465797][ T5916] usb 4-1: config 0 interface 184 has no altsetting 0
[  379.483095][ T5916] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  379.500329][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.528727][ T5916] usb 4-1: Product: syz
[  379.549218][ T5916] usb 4-1: Manufacturer: syz
[  379.577723][ T5916] usb 4-1: SerialNumber: syz
[  379.616869][ T5916] usb 4-1: config 0 descriptor??
[  379.644759][ T5916] smsc75xx v1.0.0
[  379.665215][   T24] rc_core: IR keymap rc-hauppauge not found
[  379.698176][   T24] Registered IR keymap rc-empty
[  379.727452][   T24] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  379.745412][   T24] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input56
[  380.194761][T10123] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1065'.
[  380.206837][    T9] usb 1-1: USB disconnect, device number 73
[  380.574297][ T5916] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71
[  380.642254][ T5916] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  380.652927][ T5916] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  380.707226][ T5916] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  380.734059][ T5916] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  380.764759][ T5916] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  380.789063][ T5916] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  380.821386][ T5916] usb 4-1: USB disconnect, device number 93
[  381.520429][   T24] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  381.680448][   T24] usb 1-1: Using ep0 maxpacket: 8
[  381.690969][   T24] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  381.700450][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.708663][   T24] usb 1-1: Product: syz
[  381.713542][   T24] usb 1-1: Manufacturer: syz
[  381.718284][   T24] usb 1-1: SerialNumber: syz
[  381.726178][   T24] usb 1-1: config 0 descriptor??
[  381.941132][   T24] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  382.211987][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  382.219607][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x2
[  382.232428][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  382.239974][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  382.248710][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  382.256666][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  382.265583][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  382.273280][ T5915] hid-generic 009C:0008:0003.0021: unknown main item tag 0x0
[  382.283837][ T5915] hid-generic 009C:0008:0003.0021: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  382.350403][ T2155] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  382.368410][T10186] fido_id[10186]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  382.533015][ T2155] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 86, changing to 10
[  382.544813][ T2155] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  382.555301][ T2155] usb 5-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  382.568551][ T2155] usb 5-1: config 0 interface 0 has no altsetting 0
[  382.575285][ T2155] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00
[  382.584956][ T2155] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.596674][ T2155] usb 5-1: config 0 descriptor??
[  383.240569][ T2155] usbhid 5-1:0.0: can't add hid device: -71
[  383.262290][ T2155] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  383.295976][ T2155] usb 5-1: USB disconnect, device number 66
[  383.310550][ T5915] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  383.480199][ T5915] usb 3-1: Using ep0 maxpacket: 16
[  383.487518][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.499232][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.511819][ T5915] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  383.526642][ T5915] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  383.535880][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.546800][ T5915] usb 3-1: config 0 descriptor??
[  383.561722][   T24] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  383.591684][   T24] usb 1-1: USB disconnect, device number 74
[  383.986401][ T5915] usbhid 3-1:0.0: can't add hid device: -71
[  383.993633][ T5915] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  384.004872][ T5915] usb 3-1: USB disconnect, device number 57
[  384.390186][  T846] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  384.540656][  T846] usb 1-1: Using ep0 maxpacket: 8
[  384.552548][  T846] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  384.574627][  T846] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  384.596512][  T846] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  384.611274][  T846] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  384.632585][  T846] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  384.643731][  T846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.874127][  T846] usb 1-1: GET_CAPABILITIES returned 0
[  384.880634][  T846] usbtmc 1-1:16.0: can't read capabilities
[  385.919779][ T5907] usb 1-1: USB disconnect, device number 75
[  386.608918][T10242] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1096'.
[  386.804854][T10250] batadv_slave_0: entered promiscuous mode
[  386.934560][T10255] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1101'.
[  386.944530][T10247] batadv_slave_0: left promiscuous mode
[  387.440945][T10265] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1102'.
[  387.455742][T10263] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1103'.
[  388.350541][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  388.540550][ T2155] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  388.629255][T10284] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1108'.
[  388.699274][ T2155] usb 1-1: Using ep0 maxpacket: 8
[  388.728041][ T2155] usb 1-1: config 0 has an invalid interface number: 31 but max is 0
[  388.737029][T10287] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1108'.
[  388.752744][ T2155] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.763911][ T2155] usb 1-1: config 0 has no interface number 0
[  388.773092][ T2155] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  388.810417][ T2155] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.837243][ T2155] usb 1-1: Product: syz
[  388.845477][ T2155] usb 1-1: Manufacturer: syz
[  388.851372][ T2155] usb 1-1: SerialNumber: syz
[  388.871343][ T2155] usb 1-1: config 0 descriptor??
[  389.061494][ T5915] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  389.083132][ T2155] usb 1-1: Found UVC 0.04 device syz (046d:08c3)
[  389.091100][ T2155] usb 1-1: No valid video chain found.
[  389.173850][T10293] bond0: entered promiscuous mode
[  389.179300][T10293] bond_slave_0: entered promiscuous mode
[  389.186017][T10293] bond_slave_1: entered promiscuous mode
[  389.194429][T10293] batadv0: entered promiscuous mode
[  389.200576][T10293] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  389.208302][T10293] Cannot create hsr debugfs directory
[  389.215058][T10293] 8021q: adding VLAN 0 to HW filter on device hsr1
[  389.223953][T10293] bond0: left promiscuous mode
[  389.228808][T10293] bond_slave_0: left promiscuous mode
[  389.232735][ T5915] usb 3-1: config 0 has no interfaces?
[  389.235580][T10293] bond_slave_1: left promiscuous mode
[  389.243564][ T5915] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  389.254945][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.254956][T10293] batadv0: left promiscuous mode
[  389.275125][ T5915] usb 3-1: Product: syz
[  389.279632][ T5915] usb 3-1: Manufacturer: syz
[  389.296564][ T2155] usb 1-1: USB disconnect, device number 76
[  389.305242][ T5915] usb 3-1: SerialNumber: syz
[  389.320336][ T5915] usb 3-1: config 0 descriptor??
[  389.455167][T10303] trusted_key: syz.4.1115 sent an empty control message without MSG_MORE.
[  389.505223][T10306] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1116'.
[  389.533754][T10284] xt_policy: neither incoming nor outgoing policy selected
[  390.080299][  T846] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  390.230428][  T846] usb 1-1: Using ep0 maxpacket: 16
[  390.242904][  T846] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  390.255162][  T846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.264508][  T846] usb 1-1: Product: syz
[  390.268724][  T846] usb 1-1: Manufacturer: syz
[  390.277959][  T846] usb 1-1: SerialNumber: syz
[  390.287927][  T846] usb 1-1: config 0 descriptor??
[  390.498758][T10317] FAULT_INJECTION: forcing a failure.
[  390.498758][T10317] name failslab, interval 1, probability 0, space 0, times 0
[  390.540832][T10317] CPU: 0 UID: 0 PID: 10317 Comm: syz.4.1120 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  390.540864][T10317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  390.540877][T10317] Call Trace:
[  390.540885][T10317]  <TASK>
[  390.540897][T10317]  dump_stack_lvl+0x189/0x250
[  390.540934][T10317]  ? __pfx____ratelimit+0x10/0x10
[  390.540963][T10317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  390.540993][T10317]  ? __pfx__printk+0x10/0x10
[  390.541021][T10317]  ? __pfx___might_resched+0x10/0x10
[  390.541050][T10317]  ? fs_reclaim_acquire+0x7d/0x100
[  390.541079][T10317]  should_fail_ex+0x414/0x560
[  390.541108][T10317]  should_failslab+0xa8/0x100
[  390.541132][T10317]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  390.541153][T10317]  ? __alloc_skb+0x112/0x2d0
[  390.541179][T10317]  __alloc_skb+0x112/0x2d0
[  390.541204][T10317]  netlink_ack+0x146/0xa50
[  390.541244][T10317]  netlink_rcv_skb+0x28c/0x470
[  390.541267][T10317]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  390.541298][T10317]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  390.541333][T10317]  ? bpf_lsm_capable+0x9/0x20
[  390.541360][T10317]  ? security_capable+0x7e/0x2e0
[  390.541391][T10317]  nfnetlink_rcv+0x26a/0x2520
[  390.541424][T10317]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  390.541464][T10317]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  390.541492][T10317]  ? lockdep_hardirqs_on+0x9c/0x150
[  390.541521][T10317]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  390.541547][T10317]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  390.541574][T10317]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  390.541609][T10317]  ? rcu_preempt_deferred_qs_irqrestore+0x851/0xc40
[  390.541654][T10317]  ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10
[  390.541690][T10317]  ? rcu_is_watching+0x15/0xb0
[  390.541723][T10317]  ? rcu_read_unlock_special+0x3fe/0x4c0
[  390.541746][T10317]  ? skb_clone+0x246/0x3a0
[  390.541776][T10317]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  390.541799][T10317]  ? netlink_deliver_tap+0x2e/0x1b0
[  390.541828][T10317]  ? netlink_deliver_tap+0x2e/0x1b0
[  390.541858][T10317]  netlink_unicast+0x758/0x8d0
[  390.541889][T10317]  netlink_sendmsg+0x805/0xb30
[  390.541921][T10317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.541947][T10317]  ? aa_sock_msg_perm+0x94/0x160
[  390.541973][T10317]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  390.541997][T10317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  390.542029][T10317]  __sock_sendmsg+0x219/0x270
[  390.542063][T10317]  sock_sendmsg+0x158/0x230
[  390.542094][T10317]  ? __pfx_sock_sendmsg+0x10/0x10
[  390.542136][T10317]  ? __asan_memset+0x22/0x50
[  390.542163][T10317]  ? iov_iter_bvec+0xb8/0x180
[  390.542195][T10317]  splice_to_socket+0x8ff/0xf10
[  390.542240][T10317]  ? __pfx_splice_to_socket+0x10/0x10
[  390.542258][T10317]  ? aa_file_perm+0x3e7/0xed0
[  390.542309][T10317]  ? get_pid_task+0x20/0x1f0
[  390.542354][T10317]  ? bpf_lsm_file_permission+0x9/0x20
[  390.542381][T10317]  ? security_file_permission+0x75/0x290
[  390.542403][T10317]  ? rw_verify_area+0x258/0x650
[  390.542434][T10317]  ? __pfx_splice_to_socket+0x10/0x10
[  390.542451][T10317]  do_splice+0xc76/0x1660
[  390.542483][T10317]  ? __pfx_do_splice+0x10/0x10
[  390.542505][T10317]  __se_sys_splice+0x2e1/0x460
[  390.542524][T10317]  ? __pfx___se_sys_splice+0x10/0x10
[  390.542543][T10317]  ? __x64_sys_splice+0x21/0xf0
[  390.542560][T10317]  do_syscall_64+0xfa/0x3b0
[  390.542580][T10317]  ? lockdep_hardirqs_on+0x9c/0x150
[  390.542601][T10317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.542615][T10317]  ? clear_bhb_loop+0x60/0xb0
[  390.542631][T10317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.542645][T10317] RIP: 0033:0x7f428558e929
[  390.542659][T10317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  390.542671][T10317] RSP: 002b:00007f42863c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  390.542686][T10317] RAX: ffffffffffffffda RBX: 00007f42857b6080 RCX: 00007f428558e929
[  390.542697][T10317] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  390.542705][T10317] RBP: 00007f42863c7090 R08: 0000000000007fff R09: 0000000000000005
[  390.542714][T10317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  390.542722][T10317] R13: 0000000000000001 R14: 00007f42857b6080 R15: 00007f42858dfa28
[  390.542744][T10317]  </TASK>
[  391.587136][   T24] usb 3-1: USB disconnect, device number 58
[  391.661058][ T2155] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[  391.680924][ T5915] usb 4-1: new high-speed USB device number 94 using dummy_hcd
[  391.825039][ T2155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  391.850375][ T5915] usb 4-1: Using ep0 maxpacket: 16
[  391.873478][T10333] netlink: 'syz.5.1126': attribute type 21 has an invalid length.
[  391.879267][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  391.882407][T10333] netlink: 128 bytes leftover after parsing attributes in process `syz.5.1126'.
[  391.903930][T10333] netlink: 'syz.5.1126': attribute type 4 has an invalid length.
[  391.910591][ T2155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.931266][ T5915] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  391.937514][T10334] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1126'.
[  391.941434][ T2155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10
[  391.958834][T10333] netlink: 'syz.5.1126': attribute type 5 has an invalid length.
[  391.970775][T10333] netlink: 3 bytes leftover after parsing attributes in process `syz.5.1126'.
[  391.982554][T10334] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  392.016447][ T5915] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  392.026425][ T5915] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.045358][ T2155] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  392.055214][   T24] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  392.063147][ T5915] usb 4-1: Product: syz
[  392.067567][ T5915] usb 4-1: Manufacturer: syz
[  392.072879][ T2155] usb 5-1: New USB device found, idVendor=10c4, idProduct=8acf, bcdDevice= 0.00
[  392.082780][ T5915] usb 4-1: SerialNumber: syz
[  392.087825][ T2155] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.104712][ T5915] usb 4-1: config 0 descriptor??
[  392.113218][T10329] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  392.128112][    C1] port100 4-1:0.0: NFC: Urb failure (status -71)
[  392.136581][ T2155] usb 5-1: config 0 descriptor??
[  392.232735][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  392.250531][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  392.286400][   T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  392.333886][T10341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.372328][T10341] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.388642][    C1] port100 4-1:0.0: NFC: Urb failure (status -71)
[  392.413583][ T5915] port100 4-1:0.0: NFC: Could not get supported command types
[  392.439119][   T24] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  392.475815][ T5915] usb 4-1: USB disconnect, device number 94
[  392.490904][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.555484][   T24] usb 3-1: config 0 descriptor??
[  392.637037][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: unknown main item tag 0x0
[  392.654095][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: unknown main item tag 0x0
[  392.667772][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: unknown main item tag 0x0
[  392.677822][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: unknown main item tag 0x0
[  392.687491][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: unknown main item tag 0x0
[  392.714376][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: hidraw0: USB HID v0.00 Device [HID 10c4:8acf] on usb-dummy_hcd.4-1/input0
[  392.771840][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: U2F Zero LED initialised
[  392.803744][ T2155] hid-u2fzero 0003:10C4:8ACF.0022: U2F Zero RNG initialised
[  392.862609][ T2155] usb 5-1: USB disconnect, device number 67
[  392.937876][T10343] fido_id[10343]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  392.962387][  T846] speedtch 1-1:0.0: speedtch_bind: data interface not found!
[  392.997956][  T846] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  393.040534][  T846] usb 1-1: USB disconnect, device number 77
[  393.092009][   T24] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  393.131638][T10345] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1129'.
[  393.168401][T10345] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1129'.
[  394.715403][T10372] loop2: detected capacity change from 0 to 7
[  394.729382][T10372] Dev loop2: unable to read RDB block 7
[  394.736255][T10372]  loop2: unable to read partition table
[  394.742662][T10372] loop2: partition table beyond EOD, truncated
[  394.764090][T10372] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  395.093916][   T24] usb 3-1: USB disconnect, device number 59
[  395.293160][ T5915] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  395.496828][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  395.536289][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.571871][ T5915] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  395.615744][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.674826][ T5915] usb 5-1: config 0 descriptor??
[  395.722216][  T846] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  395.915049][  T846] usb 3-1: config 0 has an invalid interface number: 25 but max is 0
[  395.924487][  T846] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  395.958673][  T846] usb 3-1: config 0 has no interface number 0
[  395.987121][  T846] usb 3-1: too many endpoints for config 0 interface 25 altsetting 191: 100, using maximum allowed: 30
[  396.026173][  T846] usb 3-1: config 0 interface 25 altsetting 191 has 0 endpoint descriptors, different from the interface descriptor's value: 100
[  396.103161][T10385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.110151][  T846] usb 3-1: config 0 interface 25 has no altsetting 0
[  396.130682][T10385] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.140936][T10399] fuse: Unknown parameter '0000000000000000000000000000000000000006'
[  396.144613][  T846] usb 3-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53
[  396.181122][T10385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.184994][  T846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.230422][T10385] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.258636][  T846] usb 3-1: config 0 descriptor??
[  396.283089][  T846] usb 3-1: selecting invalid altsetting 0
[  396.521801][ T2155] usb 3-1: USB disconnect, device number 60
[  396.790598][   T24] usb 4-1: new full-speed USB device number 95 using dummy_hcd
[  396.956527][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  397.025845][   T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  397.274395][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  397.304100][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  397.626742][ T5915] usbhid 5-1:0.0: can't add hid device: -71
[  397.647861][ T5915] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  397.691906][   T24] usb 4-1: SerialNumber: syz
[  397.749257][   T24] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  397.792895][ T5915] usb 5-1: USB disconnect, device number 68
[  397.817212][   T24] usb-storage 4-1:1.0: USB Mass Storage device detected
[  397.948428][   T24] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  397.988208][   T24] scsi host1: usb-storage 4-1:1.0
[  398.203031][T10431] syzkaller1: entered promiscuous mode
[  398.209849][T10431] syzkaller1: entered allmulticast mode
[  398.935905][T10433] vcan0: tx drop: invalid da for name 0x0000000000000001
[  399.504935][ T2155] usb 4-1: USB disconnect, device number 95
[  399.869363][T10444] FAULT_INJECTION: forcing a failure.
[  399.869363][T10444] name failslab, interval 1, probability 0, space 0, times 0
[  400.000823][T10444] CPU: 0 UID: 0 PID: 10444 Comm: syz.5.1151 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  400.000846][T10444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  400.000855][T10444] Call Trace:
[  400.000861][T10444]  <TASK>
[  400.000868][T10444]  dump_stack_lvl+0x189/0x250
[  400.000895][T10444]  ? __pfx____ratelimit+0x10/0x10
[  400.000916][T10444]  ? __pfx_dump_stack_lvl+0x10/0x10
[  400.000939][T10444]  ? __pfx__printk+0x10/0x10
[  400.000966][T10444]  should_fail_ex+0x414/0x560
[  400.000987][T10444]  should_failslab+0xa8/0x100
[  400.001004][T10444]  kmem_cache_alloc_noprof+0x73/0x3c0
[  400.001027][T10444]  ? skb_clone+0x212/0x3a0
[  400.001050][T10444]  skb_clone+0x212/0x3a0
[  400.001071][T10444]  __netlink_deliver_tap+0x404/0x850
[  400.001097][T10444]  ? netlink_deliver_tap+0x2e/0x1b0
[  400.001113][T10444]  netlink_deliver_tap+0x19c/0x1b0
[  400.001130][T10444]  netlink_sendskb+0x68/0x140
[  400.001155][T10444]  netlink_rcv_skb+0x28c/0x470
[  400.001171][T10444]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  400.001194][T10444]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  400.001219][T10444]  ? bpf_lsm_capable+0x9/0x20
[  400.001232][T10444]  ? security_capable+0x7e/0x2e0
[  400.001256][T10444]  nfnetlink_rcv+0x26a/0x2520
[  400.001279][T10444]  ? __dev_queue_xmit+0x1cd7/0x3a70
[  400.001302][T10444]  ? kmem_cache_alloc_noprof+0x1c1/0x3c0
[  400.001327][T10444]  ? __dev_queue_xmit+0x27e/0x3a70
[  400.001346][T10444]  ? do_syscall_64+0xfa/0x3b0
[  400.001375][T10444]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  400.001397][T10444]  ? __pfx___dev_queue_xmit+0x10/0x10
[  400.001427][T10444]  ? ref_tracker_free+0x63a/0x7d0
[  400.001445][T10444]  ? __copy_skb_header+0xa7/0x550
[  400.001464][T10444]  ? __pfx_ref_tracker_free+0x10/0x10
[  400.001482][T10444]  ? __skb_clone+0x63/0x7a0
[  400.001503][T10444]  ? __skb_clone+0x483/0x7a0
[  400.001526][T10444]  ? skb_clone+0x246/0x3a0
[  400.001546][T10444]  ? __netlink_deliver_tap+0x807/0x850
[  400.001562][T10444]  ? netlink_deliver_tap+0x2e/0x1b0
[  400.001582][T10444]  ? netlink_deliver_tap+0x2e/0x1b0
[  400.001597][T10444]  ? netlink_deliver_tap+0x2e/0x1b0
[  400.001617][T10444]  netlink_unicast+0x758/0x8d0
[  400.001645][T10444]  netlink_sendmsg+0x805/0xb30
[  400.001668][T10444]  ? __pfx_netlink_sendmsg+0x10/0x10
[  400.001687][T10444]  ? aa_sock_msg_perm+0x94/0x160
[  400.001707][T10444]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  400.001724][T10444]  ? __pfx_netlink_sendmsg+0x10/0x10
[  400.001741][T10444]  __sock_sendmsg+0x219/0x270
[  400.001765][T10444]  sock_sendmsg+0x158/0x230
[  400.001789][T10444]  ? __pfx_sock_sendmsg+0x10/0x10
[  400.001835][T10444]  ? __asan_memset+0x22/0x50
[  400.001864][T10444]  ? iov_iter_bvec+0xb8/0x180
[  400.001896][T10444]  splice_to_socket+0x8ff/0xf10
[  400.001928][T10444]  ? __pfx_splice_to_socket+0x10/0x10
[  400.001941][T10444]  ? aa_file_perm+0x3e7/0xed0
[  400.001977][T10444]  ? get_pid_task+0x20/0x1f0
[  400.002006][T10444]  ? bpf_lsm_file_permission+0x9/0x20
[  400.002025][T10444]  ? security_file_permission+0x75/0x290
[  400.002041][T10444]  ? rw_verify_area+0x258/0x650
[  400.002064][T10444]  ? __pfx_splice_to_socket+0x10/0x10
[  400.002078][T10444]  do_splice+0xc76/0x1660
[  400.002111][T10444]  ? __pfx_do_splice+0x10/0x10
[  400.002134][T10444]  __se_sys_splice+0x2e1/0x460
[  400.002153][T10444]  ? __pfx___se_sys_splice+0x10/0x10
[  400.002173][T10444]  ? __x64_sys_splice+0x21/0xf0
[  400.002211][T10444]  do_syscall_64+0xfa/0x3b0
[  400.002232][T10444]  ? lockdep_hardirqs_on+0x9c/0x150
[  400.002252][T10444]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.002266][T10444]  ? clear_bhb_loop+0x60/0xb0
[  400.002284][T10444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.002297][T10444] RIP: 0033:0x7f77aed8e929
[  400.002310][T10444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.002323][T10444] RSP: 002b:00007f77afc05038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[  400.002340][T10444] RAX: ffffffffffffffda RBX: 00007f77aefb6080 RCX: 00007f77aed8e929
[  400.002350][T10444] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[  400.002359][T10444] RBP: 00007f77afc05090 R08: 0000000000007fff R09: 0000000000000005
[  400.002368][T10444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.002377][T10444] R13: 0000000000000001 R14: 00007f77aefb6080 R15: 00007f77af0dfa28
[  400.002405][T10444]  </TASK>
[  401.734539][T10464] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1157'.
[  402.347293][  T846] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  402.426456][T10475] loop2: detected capacity change from 0 to 7
[  402.439690][T10475] Dev loop2: unable to read RDB block 7
[  402.447302][T10475]  loop2: unable to read partition table
[  402.466840][T10475] loop2: partition table beyond EOD, truncated
[  402.507936][T10475] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  402.568177][  T846] usb 1-1: Using ep0 maxpacket: 16
[  402.601577][  T846] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  402.651388][  T846] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  402.690149][  T846] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  402.701897][ T7036] tipc: Subscription rejected, illegal request
[  402.712149][T10481] !��: renamed from bond_slave_0 (while UP)
[  402.759691][  T846] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  402.779805][  T846] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  402.812214][  T846] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  402.860301][  T846] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  402.868388][  T846] usb 1-1: Manufacturer: syz
[  402.901267][  T846] usb 1-1: config 0 descriptor??
[  403.285754][T10493] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1164'.
[  403.391329][T10493] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1164'.
[  403.450296][  T846] rc_core: IR keymap rc-hauppauge not found
[  403.456278][  T846] Registered IR keymap rc-empty
[  403.462079][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  403.490267][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  403.531512][  T846] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  403.558464][  T846] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input63
[  403.577507][T10499] FAULT_INJECTION: forcing a failure.
[  403.577507][T10499] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  403.600474][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  403.630217][T10499] CPU: 0 UID: 0 PID: 10499 Comm: syz.4.1167 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  403.630248][T10499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  403.630261][T10499] Call Trace:
[  403.630269][T10499]  <TASK>
[  403.630278][T10499]  dump_stack_lvl+0x189/0x250
[  403.630315][T10499]  ? __pfx____ratelimit+0x10/0x10
[  403.630348][T10499]  ? __pfx_dump_stack_lvl+0x10/0x10
[  403.630380][T10499]  ? __pfx__printk+0x10/0x10
[  403.630416][T10499]  should_fail_ex+0x414/0x560
[  403.630446][T10499]  _copy_to_user+0x31/0xb0
[  403.630469][T10499]  simple_read_from_buffer+0xe1/0x170
[  403.630495][T10499]  proc_fail_nth_read+0x1df/0x250
[  403.630524][T10499]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  403.630552][T10499]  ? rw_verify_area+0x258/0x650
[  403.630581][T10499]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  403.630607][T10499]  vfs_read+0x200/0x980
[  403.630644][T10499]  ? __pfx___mutex_lock+0x10/0x10
[  403.630675][T10499]  ? __pfx_vfs_read+0x10/0x10
[  403.630707][T10499]  ? __fget_files+0x2a/0x420
[  403.630735][T10499]  ? __fget_files+0x3a0/0x420
[  403.630756][T10499]  ? __fget_files+0x2a/0x420
[  403.630788][T10499]  ksys_read+0x145/0x250
[  403.630821][T10499]  ? __pfx_ksys_read+0x10/0x10
[  403.630857][T10499]  ? do_syscall_64+0xbe/0x3b0
[  403.630892][T10499]  do_syscall_64+0xfa/0x3b0
[  403.630919][T10499]  ? lockdep_hardirqs_on+0x9c/0x150
[  403.630947][T10499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.630968][T10499]  ? clear_bhb_loop+0x60/0xb0
[  403.630993][T10499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.631023][T10499] RIP: 0033:0x7f428558d33c
[  403.631042][T10499] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  403.631060][T10499] RSP: 002b:00007f42863c7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  403.631082][T10499] RAX: ffffffffffffffda RBX: 00007f42857b6080 RCX: 00007f428558d33c
[  403.631097][T10499] RDX: 000000000000000f RSI: 00007f42863c70a0 RDI: 0000000000000006
[  403.631110][T10499] RBP: 00007f42863c7090 R08: 0000000000000000 R09: 0000000000000005
[  403.631122][T10499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.631147][T10499] R13: 0000000000000001 R14: 00007f42857b6080 R15: 00007f42858dfa28
[  403.631177][T10499]  </TASK>
[  404.047407][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.070189][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.100219][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.120366][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.136873][T10509] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1171'.
[  404.146043][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.159161][T10509] 0�X��D: renamed from macvtap0 (while UP)
[  404.168847][T10509] 0�X��D: entered allmulticast mode
[  404.174692][T10509] veth0_macvtap: entered allmulticast mode
[  404.190417][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.215807][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.228059][T10509] A link change request failed with some changes committed already. Interface 
30�X��D may have been left with an inconsistent configuration, please check.
[  404.253038][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.286303][  T846] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  404.325155][  T846] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  404.353196][ T5908] usb 6-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  404.356148][  T846] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  404.434664][  T846] usb 1-1: USB disconnect, device number 78
[  404.451606][ T5908] dvb_usb_az6007 6-1:0.0: probe with driver dvb_usb_az6007 failed with error -110
[  404.530927][ T5908] usb 6-1: USB disconnect, device number 48
[  404.911727][  T846] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[  405.084388][  T846] usb 1-1: config 4 has an invalid interface number: 39 but max is 1
[  405.211003][T10533] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1176'.
[  405.222184][  T846] usb 1-1: config 4 has an invalid interface number: 49 but max is 1
[  405.499206][  T846] usb 1-1: config 4 has no interface number 0
[  405.532174][  T846] usb 1-1: config 4 has no interface number 1
[  405.546088][  T846] usb 1-1: config 4 interface 39 has no altsetting 0
[  405.554092][  T846] usb 1-1: config 4 interface 49 has no altsetting 0
[  405.613071][  T846] usb 1-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[  405.649629][  T846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.669363][  T846] usb 1-1: Product: syz
[  405.681903][  T846] usb 1-1: Manufacturer: syz
[  405.703462][  T846] usb 1-1: SerialNumber: syz
[  406.017155][  T846] usb 1-1: USB disconnect, device number 79
[  406.040181][    T9] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  406.119050][ T5908] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  406.217493][    T9] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  406.246155][T10552] mmap: syz.3.1181 (10552): VmData 37462016 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  406.262492][ T5886] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  406.295804][ T5908] usb 5-1: config 0 has an invalid interface number: 0 but max is -1
[  406.308276][    T9] usb 3-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  406.309884][ T5908] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0
[  406.334330][ T5908] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 126, changing to 10
[  406.347134][ T5908] usb 5-1: config 0 interface 0 has no altsetting 0
[  406.354817][    T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  406.359744][ T5908] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  406.373841][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.384460][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.401130][ T5908] usb 5-1: config 0 descriptor??
[  406.419204][    T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  406.430294][ T5886] usb 6-1: Using ep0 maxpacket: 16
[  406.520188][ T5916] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  406.632347][    T9] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -2
[  406.744138][T10539] veth3: entered promiscuous mode
[  406.770866][ T5916] usb 4-1: Using ep0 maxpacket: 8
[  406.785759][ T5916] usb 4-1: config 0 has an invalid interface number: 124 but max is 0
[  406.910244][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  407.418888][    T9] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  407.450889][ T5916] usb 4-1: config 0 has no interface number 0
[  407.469412][T10546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.480381][T10546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.531560][ T5916] usb 4-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=72.01
[  407.540828][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.560457][ T5916] usb 4-1: Product: syz
[  407.567018][ T5916] usb 4-1: Manufacturer: syz
[  407.577228][ T5916] usb 4-1: SerialNumber: syz
[  407.591532][ T5916] usb 4-1: config 0 descriptor??
[  407.598393][    T9] usb 1-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[  407.613318][    T9] usb 1-1: config 16 interface 0 has no altsetting 0
[  407.620515][    T9] usb 1-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[  407.631205][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.808276][ T5916] usb 4-1: USB disconnect, device number 96
[  407.896078][T10554] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967295 (34359738360 ns) > initial count (3800 ns). Using initial count to start timer.
[  407.928129][T10554] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  408.051728][    T9] usb 1-1: string descriptor 0 read error: -71
[  408.105472][    T9] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  408.119384][    T9] imon 1-1:16.0: unable to initialize intf0, err -19
[  408.136644][    T9] imon:imon_probe: failed to initialize context!
[  408.149848][    T9] imon 1-1:16.0: unable to register, err -19
[  408.167964][    T9] usb 1-1: USB disconnect, device number 80
[  408.531664][T10557] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  408.814508][ T5908] usb 5-1: string descriptor 0 read error: -71
[  408.918517][ T5908] usbhid 5-1:0.0: can't add hid device: -71
[  408.965446][ T5908] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  408.980856][ T5886] usb 6-1: unable to get BOS descriptor or descriptor too short
[  409.050101][   T30] audit: type=1326 audit(1751371684.276:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  409.073953][ T5886] usb 6-1: unable to read config index 0 descriptor/start: -71
[  409.116423][ T5886] usb 6-1: can't read configurations, error -71
[  409.168171][   T30] audit: type=1326 audit(1751371684.276:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  409.227912][ T5907] usb 3-1: USB disconnect, device number 61
[  409.351858][ T5908] usb 5-1: USB disconnect, device number 69
[  409.370147][   T30] audit: type=1326 audit(1751371684.276:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  409.489371][   T30] audit: type=1326 audit(1751371684.276:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  409.549563][T10575] fuse: Bad value for 'fd'
[  409.617153][T10580] FAULT_INJECTION: forcing a failure.
[  409.617153][T10580] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  409.659646][T10580] CPU: 1 UID: 0 PID: 10580 Comm: syz.5.1190 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  409.659677][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  409.659686][T10580] Call Trace:
[  409.659692][T10580]  <TASK>
[  409.659699][T10580]  dump_stack_lvl+0x189/0x250
[  409.659725][T10580]  ? __pfx____ratelimit+0x10/0x10
[  409.659747][T10580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  409.659769][T10580]  ? __pfx__printk+0x10/0x10
[  409.659807][T10580]  should_fail_ex+0x414/0x560
[  409.659828][T10580]  _copy_to_user+0x31/0xb0
[  409.659842][T10580]  simple_read_from_buffer+0xe1/0x170
[  409.659860][T10580]  proc_fail_nth_read+0x1df/0x250
[  409.659879][T10580]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  409.659898][T10580]  ? rw_verify_area+0x258/0x650
[  409.659919][T10580]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  409.659937][T10580]  vfs_read+0x200/0x980
[  409.659962][T10580]  ? __pfx___mutex_lock+0x10/0x10
[  409.659984][T10580]  ? __pfx_vfs_read+0x10/0x10
[  409.660006][T10580]  ? __fget_files+0x2a/0x420
[  409.660025][T10580]  ? __fget_files+0x3a0/0x420
[  409.660046][T10580]  ? __fget_files+0x2a/0x420
[  409.660076][T10580]  ksys_read+0x145/0x250
[  409.660106][T10580]  ? __pfx_ksys_read+0x10/0x10
[  409.660130][T10580]  ? fput+0xa0/0xd0
[  409.660157][T10580]  ? do_syscall_64+0xbe/0x3b0
[  409.660190][T10580]  do_syscall_64+0xfa/0x3b0
[  409.660217][T10580]  ? lockdep_hardirqs_on+0x9c/0x150
[  409.660244][T10580]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.660264][T10580]  ? clear_bhb_loop+0x60/0xb0
[  409.660288][T10580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.660308][T10580] RIP: 0033:0x7f77aed8d33c
[  409.660326][T10580] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  409.660343][T10580] RSP: 002b:00007f77afc26030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  409.660365][T10580] RAX: ffffffffffffffda RBX: 00007f77aefb5fa0 RCX: 00007f77aed8d33c
[  409.660379][T10580] RDX: 000000000000000f RSI: 00007f77afc260a0 RDI: 0000000000000004
[  409.660391][T10580] RBP: 00007f77afc26090 R08: 0000000000000000 R09: 0000000000000000
[  409.660403][T10580] R10: 0000200000002100 R11: 0000000000000246 R12: 0000000000000001
[  409.660413][T10580] R13: 0000000000000000 R14: 00007f77aefb5fa0 R15: 00007f77af0dfa28
[  409.660445][T10580]  </TASK>
[  409.910493][   T30] audit: type=1326 audit(1751371684.306:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  409.970348][   T30] audit: type=1326 audit(1751371684.306:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  410.416608][   T30] audit: type=1326 audit(1751371684.306:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  410.511910][   T30] audit: type=1326 audit(1751371684.306:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10569 comm="syz.0.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f8f85b8e929 code=0x7ffc0000
[  410.713983][T10590] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1192'.
[  411.120166][ T2155] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  411.151216][ T5907] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  411.310589][ T2155] usb 3-1: Using ep0 maxpacket: 16
[  411.330426][ T5907] usb 5-1: Using ep0 maxpacket: 32
[  411.333160][ T2155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  411.342648][ T5907] usb 5-1: unable to get BOS descriptor or descriptor too short
[  411.370127][ T2155] usb 3-1: New USB device found, idVendor=1ea7, idProduct=0907, bcdDevice= 0.00
[  411.377423][ T5907] usb 5-1: config 7 has an invalid interface number: 187 but max is 0
[  411.414533][ T2155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.435941][ T5907] usb 5-1: config 7 has no interface number 0
[  411.450632][ T5907] usb 5-1: config 7 interface 187 altsetting 6 endpoint 0x3 has invalid wMaxPacketSize 0
[  411.460979][ T5907] usb 5-1: config 7 interface 187 has no altsetting 0
[  411.471173][ T2155] usb 3-1: config 0 descriptor??
[  411.473233][ T5907] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[  411.487026][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.495555][ T5907] usb 5-1: Product: syz
[  411.504197][ T5907] usb 5-1: Manufacturer: syz
[  411.509547][ T5907] usb 5-1: SerialNumber: syz
[  411.740215][ T5907] usb 5-1: Limiting number of CPorts to U8_MAX
[  411.791391][ T5907] usb 5-1: Unknown endpoint type found, address 0x07
[  411.818503][ T5907] usb 5-1: Unknown endpoint type found, address 0x03
[  411.850144][ T5907] usb 5-1: Not enough endpoints found in device, aborting!
[  411.929704][ T2155] semitek 0003:1EA7:0907.0024: item fetching failed at offset 0/2
[  411.961540][ T2155] semitek 0003:1EA7:0907.0024: probe with driver semitek failed with error -22
[  411.976290][T10597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1196'.
[  412.300358][ T5907] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  412.378646][T10623] loop2: detected capacity change from 0 to 7
[  412.387597][T10623]  loop2:
[  412.391723][T10623] loop2: partition table partially beyond EOD, truncated
[  412.460394][ T5907] usb 6-1: Using ep0 maxpacket: 16
[  412.474357][ T5907] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  412.485001][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  412.496379][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  412.507072][ T5907] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  412.518397][ T5907] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  412.532747][ T5907] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  412.543189][ T5907] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  412.551474][ T5907] usb 6-1: Manufacturer: syz
[  412.558282][ T5907] usb 6-1: config 0 descriptor??
[  412.660454][ T2155] usb 4-1: new high-speed USB device number 97 using dummy_hcd
[  412.810396][ T2155] usb 4-1: Using ep0 maxpacket: 32
[  412.817620][ T2155] usb 4-1: config 0 has an invalid interface number: 250 but max is 1
[  412.828397][ T2155] usb 4-1: config 0 has no interface number 1
[  412.835577][ T2155] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  412.840422][ T5907] rc_core: IR keymap rc-hauppauge not found
[  412.849861][ T2155] usb 4-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f
[  412.861702][ T5907] Registered IR keymap rc-empty
[  412.863081][ T2155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.866910][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  412.875676][ T2155] usb 4-1: Product: syz
[  412.886915][ T2155] usb 4-1: Manufacturer: syz
[  412.891910][ T2155] usb 4-1: SerialNumber: syz
[  412.899321][ T2155] usb 4-1: config 0 descriptor??
[  412.908729][ T2155] usb 4-1: Found UVC 0.00 device syz (0408:3090)
[  412.913086][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  412.915547][ T2155] usb 4-1: No valid video chain found.
[  412.951348][ T5907] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  412.971862][ T5907] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input68
[  413.008972][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.041978][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.082557][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.120669][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.131449][  T846] usb 4-1: USB disconnect, device number 97
[  413.161985][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.200274][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.241508][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.285071][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.331044][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.360476][ T5907] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  413.391329][  T846] usb 5-1: USB disconnect, device number 70
[  413.399765][ T5907] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  413.417551][ T5907] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  413.438218][ T5907] usb 6-1: USB disconnect, device number 51
[  413.880393][  T846] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  413.949006][ T5916] usb 3-1: USB disconnect, device number 62
[  414.071973][  T846] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  414.090723][  T846] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  414.120265][  T846] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  414.160743][  T846] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  414.194733][  T846] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  414.219974][  T846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.246233][  T846] usb 5-1: config 0 descriptor??
[  414.430205][ T5907] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  414.480156][ T5917] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  414.510204][    T9] usb 4-1: new full-speed USB device number 98 using dummy_hcd
[  414.580415][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  414.588691][ T5907] usb 6-1: unable to read config index 0 descriptor/start: -61
[  414.597627][ T5907] usb 6-1: can't read configurations, error -61
[  414.640234][    T9] usb 4-1: device descriptor read/64, error -71
[  414.648414][ T5917] usb 3-1: config 0 has an invalid interface number: 197 but max is 0
[  414.658134][ T5917] usb 3-1: config 0 has no interface number 0
[  414.664635][ T5917] usb 3-1: config 0 interface 197 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8
[  414.678366][  T846] plantronics 0003:047F:FFFF.0025: ignoring exceeding usage max
[  414.689675][ T5917] usb 3-1: config 0 interface 197 altsetting 0 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  414.705911][ T5917] usb 3-1: config 0 interface 197 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[  414.721169][ T5917] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42
[  414.730618][ T5907] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  414.738384][  T846] plantronics 0003:047F:FFFF.0025: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  414.751350][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.761136][ T5917] usb 3-1: Product: syz
[  414.765359][ T5917] usb 3-1: Manufacturer: syz
[  414.769991][ T5917] usb 3-1: SerialNumber: syz
[  414.787654][ T5917] usb 3-1: config 0 descriptor??
[  414.793725][T10654] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  414.801785][T10654] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  414.880279][    T9] usb 4-1: new full-speed USB device number 99 using dummy_hcd
[  414.910609][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  414.919680][ T5907] usb 6-1: unable to read config index 0 descriptor/start: -61
[  414.937748][ T5907] usb 6-1: can't read configurations, error -61
[  414.950175][ T5907] usb usb6-port1: attempt power cycle
[  415.011429][ T5917] qmi_wwan 3-1:0.197: probe with driver qmi_wwan failed with error -71
[  415.030184][    T9] usb 4-1: device descriptor read/64, error -71
[  415.064510][ T5917] usb 3-1: USB disconnect, device number 63
[  415.150635][    T9] usb usb4-port1: attempt power cycle
[  415.300804][ T5907] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  415.322000][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  415.337995][ T5907] usb 6-1: unable to read config index 0 descriptor/start: -61
[  415.358194][ T5907] usb 6-1: can't read configurations, error -61
[  415.378445][T10670] wg1: entered promiscuous mode
[  415.384082][T10670] wg1: entered allmulticast mode
[  415.396464][T10668] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1212'.
[  415.500207][ T5907] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  415.510323][    T9] usb 4-1: new full-speed USB device number 100 using dummy_hcd
[  415.540534][ T5907] usb 6-1: Using ep0 maxpacket: 32
[  415.552370][    T9] usb 4-1: device descriptor read/8, error -71
[  415.572842][ T5907] usb 6-1: unable to read config index 0 descriptor/start: -61
[  415.586491][ T5907] usb 6-1: can't read configurations, error -61
[  415.593771][ T5907] usb usb6-port1: unable to enumerate USB device
[  415.726259][T10677] netlink: 'syz.0.1215': attribute type 3 has an invalid length.
[  415.735801][T10677] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.1215'.
[  415.813975][    T9] usb 4-1: new full-speed USB device number 101 using dummy_hcd
[  415.842197][    T9] usb 4-1: device descriptor read/8, error -71
[  415.852594][T10683] fuse: Bad value for 'fd'
[  415.968302][    T9] usb usb4-port1: unable to enumerate USB device
[  416.153093][ T5907] usb 1-1: new low-speed USB device number 81 using dummy_hcd
[  416.520994][ T2155] usb 5-1: reset high-speed USB device number 71 using dummy_hcd
[  416.804415][ T5907] usb 1-1: device descriptor read/64, error -71
[  417.060152][ T5907] usb 1-1: new low-speed USB device number 82 using dummy_hcd
[  417.190625][ T5907] usb 1-1: device descriptor read/64, error -71
[  417.302038][ T5907] usb usb1-port1: attempt power cycle
[  417.502661][ T5916] usb 5-1: USB disconnect, device number 71
[  417.650295][ T5907] usb 1-1: new low-speed USB device number 83 using dummy_hcd
[  417.704903][ T5907] usb 1-1: device descriptor read/8, error -71
[  417.960387][ T5907] usb 1-1: new low-speed USB device number 84 using dummy_hcd
[  417.991434][ T5907] usb 1-1: device descriptor read/8, error -71
[  418.150883][ T5907] usb usb1-port1: unable to enumerate USB device
[  418.400311][ T2155] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  418.567672][ T2155] usb 6-1: config 0 has no interfaces?
[  418.582883][ T2155] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  418.598228][ T2155] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.607898][ T5916] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  418.638299][ T2155] usb 6-1: Product: syz
[  418.658659][ T2155] usb 6-1: Manufacturer: syz
[  418.731279][ T2155] usb 6-1: SerialNumber: syz
[  418.756455][ T2155] usb 6-1: config 0 descriptor??
[  418.800489][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  418.845834][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  418.944971][ T5916] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB3, changing to 0x83
[  419.007855][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  419.093333][ T5916] usb 5-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10
[  419.108220][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.126311][ T5916] usb 5-1: Product: syz
[  419.139634][ T5916] usb 5-1: Manufacturer: syz
[  419.160585][ T5916] usb 5-1: SerialNumber: syz
[  419.192029][T10707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  419.201608][T10707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  419.272001][ T5916] usb 5-1: config 0 descriptor??
[  419.287373][T10718] pim6reg1: entered promiscuous mode
[  419.302884][ T5916] radioshark2 5-1:0.0: Invalid radioSHARK2 device
[  419.309403][ T5916] radioshark2 5-1:0.0: probe with driver radioshark2 failed with error -22
[  419.320370][T10718] pim6reg1: entered allmulticast mode
[  419.366638][T10718] pimreg: entered allmulticast mode
[  419.375500][ T5916] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  419.491278][ T5907] usb 5-1: USB disconnect, device number 72
[  419.630438][  T846] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  419.826093][  T846] usb 4-1: device descriptor read/64, error -71
[  420.075417][  T846] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  420.202704][T10740] hsr0: entered promiscuous mode
[  420.228049][T10740] hsr0: left promiscuous mode
[  420.250348][  T846] usb 4-1: device descriptor read/64, error -71
[  420.422089][  T846] usb usb4-port1: attempt power cycle
[  420.435315][T10745] fuse: Bad value for 'group_id'
[  420.440509][T10745] fuse: Bad value for 'group_id'
[  420.844467][  T846] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  420.874118][  T846] usb 4-1: device descriptor read/8, error -71
[  421.140234][  T846] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  421.163886][  T846] usb 4-1: device descriptor read/8, error -71
[  421.290704][  T846] usb usb4-port1: unable to enumerate USB device
[  421.850279][ T5916] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  421.907045][  T846] usb 6-1: USB disconnect, device number 56
[  422.018135][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.036051][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.058045][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.060316][ T5916] usb 5-1: Using ep0 maxpacket: 8
[  422.070637][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.070670][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.070698][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.070724][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.070750][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.070776][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.070803][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.070829][    T9] hid-generic 009C:0002:0000.0026: unknown main item tag 0x0
[  422.091240][    T9] hid-generic 009C:0002:0000.0026: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  422.271404][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  422.288851][ T5916] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 17
[  422.305692][ T5916] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[  422.311460][T10772] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1240'.
[  422.315742][ T5916] usb 5-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[  422.349836][ T5916] usb 5-1: Product: syz
[  422.358799][ T5916] usb 5-1: Manufacturer: syz
[  422.373908][ T5916] usb 5-1: SerialNumber: syz
[  422.420696][ T5916] usb 5-1: config 0 descriptor??
[  422.517411][   T30] audit: type=1326 audit(1751371697.746:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.563434][   T30] audit: type=1326 audit(1751371697.746:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.574251][T10774] syz.3.1241: attempt to access beyond end of device
[  422.574251][T10774] loop3: rw=2048, sector=0, nr_sectors = 8 limit=0
[  422.585811][    C0] vkms_vblank_simulate: vblank timer overrun
[  422.589683][   T30] audit: type=1326 audit(1751371697.786:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.637878][T10776] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  422.640477][   T30] audit: type=1326 audit(1751371697.786:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.644456][T10776] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  422.666801][    C0] vkms_vblank_simulate: vblank timer overrun
[  422.686713][   T30] audit: type=1326 audit(1751371697.786:444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.687349][ T5916] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  422.709963][   T30] audit: type=1326 audit(1751371697.786:445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.710017][   T30] audit: type=1326 audit(1751371697.786:446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.762395][T10776] vhci_hcd vhci_hcd.0: Device attached
[  422.819871][   T30] audit: type=1326 audit(1751371697.786:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.865249][T10777] vhci_hcd: connection closed
[  422.877851][ T1168] vhci_hcd: stop threads
[  422.900236][ T1168] vhci_hcd: release socket
[  422.921147][ T1168] vhci_hcd: disconnect device
[  422.927367][   T30] audit: type=1326 audit(1751371697.786:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.949836][    C0] vkms_vblank_simulate: vblank timer overrun
[  422.961699][   T30] audit: type=1326 audit(1751371697.786:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.3.1241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f29b158e929 code=0x7ffc0000
[  422.984091][    C0] vkms_vblank_simulate: vblank timer overrun
[  423.170539][  T846] usb 3-1: new full-speed USB device number 64 using dummy_hcd
[  423.330131][  T846] usb 3-1: device descriptor read/64, error -71
[  423.570195][  T846] usb 3-1: new full-speed USB device number 65 using dummy_hcd
[  423.574390][T10787] kernel read not supported for file /eth0 (pid: 10787 comm: syz.3.1244)
[  423.727924][T10790] openvswitch: netlink: Flow actions attr not present in new flow.
[  423.740600][  T846] usb 3-1: device descriptor read/64, error -71
[  423.763995][ T5916] gspca_sunplus: reg_w_riv err -71
[  423.772756][ T5916] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  423.792081][ T5916] usb 5-1: USB disconnect, device number 73
[  423.890791][  T846] usb usb3-port1: attempt power cycle
[  424.267130][  T846] usb 3-1: new full-speed USB device number 66 using dummy_hcd
[  424.281920][T10801] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1249'.
[  424.322798][  T846] usb 3-1: device descriptor read/8, error -71
[  424.351479][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1249'.
[  424.408657][T10802] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  424.417845][T10802] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  424.427005][T10802] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  424.435878][T10802] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  424.449239][T10802] vxlan0: entered promiscuous mode
[  424.500452][    T9] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  424.581141][  T846] usb 3-1: new full-speed USB device number 67 using dummy_hcd
[  424.620981][  T846] usb 3-1: device descriptor read/8, error -71
[  424.681368][    T9] usb 1-1: Using ep0 maxpacket: 16
[  424.692764][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  424.729572][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  424.741167][  T846] usb usb3-port1: unable to enumerate USB device
[  424.756800][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  424.784890][T10816] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1252'.
[  424.809998][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  424.841048][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  424.849156][    T9] usb 1-1: SerialNumber: syz
[  424.926460][    T9] hub 1-1:1.0: bad descriptor, ignoring hub
[  424.980476][    T9] hub 1-1:1.0: probe with driver hub failed with error -5
[  424.988686][    T9] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  425.240411][    T9] usb 1-1: USB disconnect, device number 85
[  426.189628][T10845] : entered promiscuous mode
[  426.683902][T10859] netlink: 84 bytes leftover after parsing attributes in process `syz.4.1264'.
[  427.220204][ T5916] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  427.421584][ T5916] usb 5-1: Using ep0 maxpacket: 32
[  427.503426][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  427.536685][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  427.566908][ T5916] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  427.603914][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.695896][ T5916] usb 5-1: config 0 descriptor??
[  428.138017][ T5916] ft260 0003:0403:6030.0027: item fetching failed at offset 0/2
[  428.165732][ T5916] ft260 0003:0403:6030.0027: failed to parse HID
[  428.199871][ T5916] ft260 0003:0403:6030.0027: probe with driver ft260 failed with error -22
[  428.442917][ T2155] usb 5-1: USB disconnect, device number 74
[  429.770006][T10899] netlink: 84 bytes leftover after parsing attributes in process `syz.5.1278'.
[  429.842035][  T846] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  429.915945][T10901] loop2: detected capacity change from 0 to 7
[  429.938977][T10901] Dev loop2: unable to read RDB block 7
[  429.956314][T10901]  loop2: unable to read partition table
[  429.978720][T10901] loop2: partition table beyond EOD, truncated
[  429.990635][T10901] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  430.043373][  T846] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  430.086850][  T846] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  430.111845][  T846] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  430.121653][  T846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  430.137092][  T846] usb 5-1: SerialNumber: syz
[  430.210597][ T2155] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  430.295815][T10913] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1280'.
[  430.370316][ T2155] usb 4-1: Using ep0 maxpacket: 16
[  430.411463][T10915] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1282'.
[  430.441616][ T2155] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  430.480598][ T2155] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  430.545874][ T2155] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.742083][ T2155] usb 4-1: config 0 descriptor??
[  431.217584][ T2155] mcp2221 0003:04D8:00DD.0028: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0
[  431.390518][    T9] usb 3-1: new full-speed USB device number 68 using dummy_hcd
[  431.476289][T10903] input: syz1 as /devices/virtual/input/input70
[  431.583938][    T9] usb 3-1: config 0 has an invalid interface number: 133 but max is 0
[  431.641248][    T9] usb 3-1: config 0 has no interface number 0
[  431.670621][    T9] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  431.679932][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.688877][    T9] usb 3-1: Product: syz
[  431.700644][ T5917] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  431.709640][    T9] usb 3-1: Manufacturer: syz
[  431.724728][    T9] usb 3-1: SerialNumber: syz
[  431.765455][    T9] usb 3-1: config 0 descriptor??
[  431.825680][ T5916] usb 4-1: USB disconnect, device number 106
[  432.146064][    T9] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected
[  432.156728][ T5917] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  432.179995][    T9] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81
[  432.180113][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.196886][    T9] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1
[  432.205365][   T10] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  432.222385][    T9] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2
[  432.288716][    T9] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  432.320851][ T5917] usb 1-1: config 0 descriptor??
[  432.344035][T10930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  432.353750][T10946] FAULT_INJECTION: forcing a failure.
[  432.353750][T10946] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  432.371646][T10930] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  432.389970][T10946] CPU: 1 UID: 0 PID: 10946 Comm: syz.4.1290 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  432.390000][T10946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  432.390016][T10946] Call Trace:
[  432.390028][T10946]  <TASK>
[  432.390037][T10946]  dump_stack_lvl+0x189/0x250
[  432.390074][T10946]  ? __pfx____ratelimit+0x10/0x10
[  432.390103][T10946]  ? __pfx_dump_stack_lvl+0x10/0x10
[  432.390134][T10946]  ? __pfx__printk+0x10/0x10
[  432.390155][T10946]  ? __might_fault+0xb0/0x130
[  432.390186][T10946]  should_fail_ex+0x414/0x560
[  432.390214][T10946]  _copy_from_user+0x2d/0xb0
[  432.390233][T10946]  ___sys_sendmsg+0x158/0x2a0
[  432.390261][T10946]  ? __pfx____sys_sendmsg+0x10/0x10
[  432.390322][T10946]  ? __fget_files+0x2a/0x420
[  432.390345][T10946]  ? __fget_files+0x3a0/0x420
[  432.390377][T10946]  __x64_sys_sendmsg+0x19b/0x260
[  432.390404][T10946]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  432.390439][T10946]  ? __pfx_ksys_write+0x10/0x10
[  432.390455][T10946]  ? rcu_is_watching+0x15/0xb0
[  432.390491][T10946]  ? do_syscall_64+0xbe/0x3b0
[  432.390524][T10946]  do_syscall_64+0xfa/0x3b0
[  432.390553][T10946]  ? lockdep_hardirqs_on+0x9c/0x150
[  432.390580][T10946]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.390600][T10946]  ? clear_bhb_loop+0x60/0xb0
[  432.390625][T10946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.390649][T10946] RIP: 0033:0x7f428558e929
[  432.390669][T10946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  432.390686][T10946] RSP: 002b:00007f42863e8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  432.390708][T10946] RAX: ffffffffffffffda RBX: 00007f42857b5fa0 RCX: 00007f428558e929
[  432.390724][T10946] RDX: 0000000000000004 RSI: 0000200000000280 RDI: 0000000000000003
[  432.390737][T10946] RBP: 00007f42863e8090 R08: 0000000000000000 R09: 0000000000000000
[  432.390749][T10946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  432.390762][T10946] R13: 0000000000000000 R14: 00007f42857b5fa0 R15: 00007f42858dfa28
[  432.390793][T10946]  </TASK>
[  432.393345][ T5917] cp210x 1-1:0.0: cp210x converter detected
[  432.800808][   T10] usb 6-1: New USB device found, idVendor=1934, idProduct=0706, bcdDevice=e2.9e
[  432.828497][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.843478][   T10] usb 6-1: Product: syz
[  432.847924][   T10] usb 6-1: Manufacturer: syz
[  432.853258][   T10] usb 6-1: SerialNumber: syz
[  432.867879][   T10] usb 6-1: config 0 descriptor??
[  432.877184][   T10] f81232 6-1:0.0: f81232 converter detected
[  432.887596][   T10] usb 6-1: f81232 converter now attached to ttyUSB1
[  433.032810][ T5917] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  433.043010][ T5917] cp210x 1-1:0.0: GPIO initialisation failed: -524
[  433.058370][ T5917] usb 1-1: cp210x converter now attached to ttyUSB2
[  433.248340][ T2155] usb 1-1: USB disconnect, device number 86
[  433.258180][ T2155] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2
[  433.276919][ T2155] cp210x 1-1:0.0: device disconnected
[  433.463002][ T5916] usb 4-1: new full-speed USB device number 107 using dummy_hcd
[  433.641654][ T5916] usb 4-1: not running at top speed; connect to a high speed hub
[  433.662307][ T5916] usb 4-1: config 3 has an invalid interface number: 166 but max is 2
[  433.686873][ T5916] usb 4-1: config 3 has an invalid interface number: 200 but max is 2
[  433.718648][ T5916] usb 4-1: config 3 has an invalid interface number: 151 but max is 2
[  433.746272][ T5916] usb 4-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[  433.787234][ T5916] usb 4-1: config 3 has no interface number 0
[  433.809163][ T5916] usb 4-1: config 3 has no interface number 1
[  433.834238][ T5916] usb 4-1: config 3 has no interface number 2
[  433.850274][ T5916] usb 4-1: config 3 interface 200 altsetting 180 has an invalid descriptor for endpoint zero, skipping
[  433.883095][ T5916] usb 4-1: config 3 interface 200 altsetting 180 endpoint 0x84 has invalid maxpacket 1023, setting to 64
[  433.915434][ T5916] usb 4-1: config 3 interface 200 altsetting 180 has a duplicate endpoint with address 0x4, skipping
[  433.936757][T10962] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1295'.
[  434.007201][ T5916] usb 4-1: config 3 interface 151 altsetting 7 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  434.023488][ T5916] usb 4-1: config 3 interface 151 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  434.035252][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  434.048748][ T5916] usb 4-1: config 3 interface 151 altsetting 7 endpoint 0x2 has an invalid bInterval 82, changing to 4
[  434.096636][ T2155] usb 3-1: USB disconnect, device number 68
[  434.122777][ T2155] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  434.134220][ T2155] keyspan 3-1:0.133: device disconnected
[  434.145418][ T5916] usb 4-1: config 3 interface 151 altsetting 7 endpoint 0x8 has invalid wMaxPacketSize 0
[  434.179044][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  434.231847][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has an endpoint descriptor with address 0xC2, changing to 0x82
[  434.261594][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.301634][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.326323][ T5916] usb 4-1: config 3 interface 151 altsetting 7 endpoint 0x82 has invalid maxpacket 20199, setting to 64
[  434.355942][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.378732][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.386428][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  434.412559][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.427437][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  434.454432][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.501030][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  434.512297][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.530254][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.543779][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  434.581271][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.609727][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  434.636037][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.678159][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.761942][ T5916] usb 4-1: config 3 interface 151 altsetting 7 has 15 endpoint descriptors, different from the interface descriptor's value: 14
[  434.785633][ T2155] usb 6-1: USB disconnect, device number 58
[  434.805719][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.822403][ T2155] f81232 ttyUSB1: f81232 converter now disconnected from ttyUSB1
[  434.843039][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.851820][ T5916] usb 4-1: config 3 interface 166 has no altsetting 0
[  434.858662][ T5916] usb 4-1: config 3 interface 200 has no altsetting 0
[  434.866649][ T2155] f81232 6-1:0.0: device disconnected
[  434.872183][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.883209][ T5916] usb 4-1: config 3 interface 151 has no altsetting 0
[  434.892669][ T5908] hid-generic 009C:0008:0003.0029: unknown main item tag 0x0
[  434.905387][ T5916] usb 4-1: New USB device found, idVendor=12d1, idProduct=f213, bcdDevice=cd.80
[  434.915525][ T5916] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.962591][ T5908] hid-generic 009C:0008:0003.0029: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  434.980861][ T5916] usb 4-1: Product: 菧磯门ṅᛎ軺᜔❇᫑ꇖ䕑୑͐摼ꂍ底㡲䳲䅏顿頩ǽᙗꎍ䇴៦稣䄺㭸煣꓋螁䨫꾉⼔枼磘⊯嶕뿘距銉뺛壌㿉世㭾犥䝖븁䠀䷖๔ꜚ勋ဋ쀅ߵౝᑰ堡ֺ圎虱᳻瀏꯫凐胥늹Ꝍ튏䠌蒝쥕ׁ㧿캴꫑秕老⣩ꖖ쨊꒠捘ꄬ
[  435.009838][    C1] vkms_vblank_simulate: vblank timer overrun
[  435.193092][ T5916] usb 4-1: Manufacturer: Ѝ
[  435.197707][ T5916] usb 4-1: SerialNumber: 〉
[  435.352588][  T846] usb 5-1: 0:2 : does not exist
[  435.468412][T10959] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.513816][T10959] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.555149][ T5916] option 4-1:3.166: GSM modem (1-port) converter detected
[  435.724029][ T5916] usb 4-1: USB disconnect, device number 107
[  435.750443][ T5916] option 4-1:3.166: device disconnected
[  436.130430][ T5908] usb 1-1: new full-speed USB device number 87 using dummy_hcd
[  436.313995][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  436.360774][ T5908] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  436.399197][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.461138][ T5908] usb 1-1: config 0 descriptor??
[  436.749698][T10996] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1306'.
[  436.797839][T10994] syz_tun: entered promiscuous mode
[  436.927491][T10994] batadv_slave_0: entered promiscuous mode
[  436.948609][T10994] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  436.959322][T10994] Cannot create hsr debugfs directory
[  437.540691][   T10] usb 5-1: USB disconnect, device number 75
[  437.600853][T10994] hsr1: entered allmulticast mode
[  437.683429][T11011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.692935][T11011] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.717720][T10994] syz_tun: entered allmulticast mode
[  437.733817][T10994] batadv_slave_0: entered allmulticast mode
[  438.257902][T11006] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  438.354128][T11019] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1309'.
[  439.113596][T11026] binder: 11025:11026 ioctl c0306201 2000000001c0 returned -22
[  439.882592][ T5908] usbhid 1-1:0.0: can't add hid device: -71
[  439.931486][ T5908] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  439.986743][ T5908] usb 1-1: USB disconnect, device number 87
[  440.202568][ T1304] ieee802154 phy0 wpan0: encryption failed: -22
[  440.210903][ T1304] ieee802154 phy1 wpan1: encryption failed: -22
[  440.724824][T11050] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1319'.
[  440.760992][T11050] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1319'.
[  440.962138][T11057] FAULT_INJECTION: forcing a failure.
[  440.962138][T11057] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  441.008941][T11057] CPU: 1 UID: 0 PID: 11057 Comm: syz.0.1322 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  441.008972][T11057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  441.008986][T11057] Call Trace:
[  441.008994][T11057]  <TASK>
[  441.009004][T11057]  dump_stack_lvl+0x189/0x250
[  441.009040][T11057]  ? __pfx____ratelimit+0x10/0x10
[  441.009070][T11057]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.009102][T11057]  ? __pfx__printk+0x10/0x10
[  441.009124][T11057]  ? __might_fault+0xb0/0x130
[  441.009155][T11057]  should_fail_ex+0x414/0x560
[  441.009184][T11057]  _copy_from_iter+0x1db/0x16f0
[  441.009216][T11057]  ? rcu_is_watching+0x15/0xb0
[  441.009248][T11057]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  441.009269][T11057]  ? __pfx__copy_from_iter+0x10/0x10
[  441.009298][T11057]  ? __build_skb_around+0x257/0x3e0
[  441.009328][T11057]  ? netlink_sendmsg+0x642/0xb30
[  441.009348][T11057]  ? skb_put+0x11b/0x210
[  441.009373][T11057]  netlink_sendmsg+0x6b2/0xb30
[  441.009404][T11057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  441.009428][T11057]  ? aa_sock_msg_perm+0x94/0x160
[  441.009453][T11057]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  441.009478][T11057]  ? __pfx_netlink_sendmsg+0x10/0x10
[  441.009501][T11057]  __sock_sendmsg+0x219/0x270
[  441.009534][T11057]  ____sys_sendmsg+0x505/0x830
[  441.009564][T11057]  ? __pfx_____sys_sendmsg+0x10/0x10
[  441.009613][T11057]  ? import_iovec+0x74/0xa0
[  441.009634][T11057]  ___sys_sendmsg+0x21f/0x2a0
[  441.009660][T11057]  ? __pfx____sys_sendmsg+0x10/0x10
[  441.009723][T11057]  ? __fget_files+0x2a/0x420
[  441.009745][T11057]  ? __fget_files+0x3a0/0x420
[  441.009779][T11057]  __x64_sys_sendmsg+0x19b/0x260
[  441.009807][T11057]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  441.009854][T11057]  ? __pfx_ksys_write+0x10/0x10
[  441.009870][T11057]  ? rcu_is_watching+0x15/0xb0
[  441.009905][T11057]  ? do_syscall_64+0xbe/0x3b0
[  441.009939][T11057]  do_syscall_64+0xfa/0x3b0
[  441.009965][T11057]  ? lockdep_hardirqs_on+0x9c/0x150
[  441.009993][T11057]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.010014][T11057]  ? clear_bhb_loop+0x60/0xb0
[  441.010037][T11057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.010060][T11057] RIP: 0033:0x7f8f85b8e929
[  441.010078][T11057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  441.010094][T11057] RSP: 002b:00007f8f86ae3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  441.010115][T11057] RAX: ffffffffffffffda RBX: 00007f8f85db5fa0 RCX: 00007f8f85b8e929
[  441.010130][T11057] RDX: 0000000000000004 RSI: 0000200000000280 RDI: 0000000000000003
[  441.010142][T11057] RBP: 00007f8f86ae3090 R08: 0000000000000000 R09: 0000000000000000
[  441.010153][T11057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.010165][T11057] R13: 0000000000000000 R14: 00007f8f85db5fa0 R15: 00007f8f85edfa28
[  441.010196][T11057]  </TASK>
[  441.390190][   T10] usb 3-1: new full-speed USB device number 69 using dummy_hcd
[  441.604786][   T10] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  441.619043][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.698808][   T10] usb 3-1: config 0 descriptor??
[  441.742206][   T10] pwc: Samsung MPC-C10 USB webcam detected.
[  441.921883][   T10] pwc: send_video_command error -71
[  441.937463][   T10] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  441.947000][   T10] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  441.998150][   T10] usb 3-1: USB disconnect, device number 69
[  442.442885][T11082] syz.4.1329 (11082): attempted to duplicate a private mapping with mremap.  This is not supported.
[  442.520288][   T10] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  442.740194][   T10] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  442.757474][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.801226][   T10] usb 3-1: config 0 descriptor??
[  442.829460][   T10] pwc: Samsung MPC-C10 USB webcam detected.
[  443.117472][ T5915] usb 5-1: new high-speed USB device number 76 using dummy_hcd
[  443.169272][T11100] loop2: detected capacity change from 0 to 7
[  443.187564][T11100] Dev loop2: unable to read RDB block 7
[  443.193392][ T2155] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  443.203436][T11100]  loop2: unable to read partition table
[  443.209349][T11100] loop2: partition table beyond EOD, truncated
[  443.220701][T11100] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  443.247036][   T10] pwc: recv_control_msg error -71 req 02 val 2b00
[  443.272444][   T10] pwc: recv_control_msg error -71 req 02 val 2700
[  443.285881][ T5915] usb 5-1: Using ep0 maxpacket: 32
[  443.292019][   T10] pwc: recv_control_msg error -71 req 04 val 1700
[  443.310277][   T10] pwc: recv_control_msg error -71 req 02 val 2c00
[  443.318146][ T5915] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  443.321009][   T10] pwc: recv_control_msg error -71 req 04 val 1000
[  443.350287][ T5915] usb 5-1: config 0 has no interface number 0
[  443.365291][   T10] pwc: recv_control_msg error -71 req 04 val 1300
[  443.369869][ T5915] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  443.375824][   T10] pwc: recv_control_msg error -71 req 04 val 1400
[  443.385242][ T2155] usb 6-1: Using ep0 maxpacket: 32
[  443.388699][   T10] pwc: recv_control_msg error -71 req 02 val 2000
[  443.399748][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.401073][T11103] FAULT_INJECTION: forcing a failure.
[  443.401073][T11103] name failslab, interval 1, probability 0, space 0, times 0
[  443.418718][ T5915] usb 5-1: Product: syz
[  443.425711][ T2155] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  443.425735][T11103] CPU: 0 UID: 0 PID: 11103 Comm: syz.0.1335 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  443.425762][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  443.425781][T11103] Call Trace:
[  443.425791][T11103]  <TASK>
[  443.425801][T11103]  dump_stack_lvl+0x189/0x250
[  443.425843][T11103]  ? __pfx____ratelimit+0x10/0x10
[  443.425880][T11103]  ? __pfx_dump_stack_lvl+0x10/0x10
[  443.425917][T11103]  ? __pfx__printk+0x10/0x10
[  443.425952][T11103]  ? ref_tracker_alloc+0x318/0x460
[  443.425986][T11103]  should_fail_ex+0x414/0x560
[  443.426021][T11103]  should_failslab+0xa8/0x100
[  443.426049][T11103]  kmem_cache_alloc_noprof+0x73/0x3c0
[  443.426095][T11103]  ? skb_clone+0x212/0x3a0
[  443.426131][T11103]  skb_clone+0x212/0x3a0
[  443.426165][T11103]  __netlink_deliver_tap+0x404/0x850
[  443.426206][T11103]  ? netlink_deliver_tap+0x2e/0x1b0
[  443.426234][T11103]  netlink_deliver_tap+0x19c/0x1b0
[  443.426262][T11103]  netlink_unicast+0x72f/0x8d0
[  443.426298][T11103]  netlink_sendmsg+0x805/0xb30
[  443.426335][T11103]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.426367][T11103]  ? aa_sock_msg_perm+0x94/0x160
[  443.426398][T11103]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  443.426428][T11103]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.426456][T11103]  __sock_sendmsg+0x219/0x270
[  443.426494][T11103]  ____sys_sendmsg+0x505/0x830
[  443.426529][T11103]  ? __pfx_____sys_sendmsg+0x10/0x10
[  443.426567][T11103]  ? import_iovec+0x74/0xa0
[  443.426594][T11103]  ___sys_sendmsg+0x21f/0x2a0
[  443.426624][T11103]  ? __pfx____sys_sendmsg+0x10/0x10
[  443.426697][T11103]  ? __fget_files+0x2a/0x420
[  443.426722][T11103]  ? __fget_files+0x3a0/0x420
[  443.426760][T11103]  __x64_sys_sendmsg+0x19b/0x260
[  443.426792][T11103]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  443.426832][T11103]  ? __pfx_ksys_write+0x10/0x10
[  443.426850][T11103]  ? rcu_is_watching+0x15/0xb0
[  443.426893][T11103]  ? do_syscall_64+0xbe/0x3b0
[  443.426931][T11103]  do_syscall_64+0xfa/0x3b0
[  443.426962][T11103]  ? lockdep_hardirqs_on+0x9c/0x150
[  443.426995][T11103]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.427017][T11103]  ? clear_bhb_loop+0x60/0xb0
[  443.427047][T11103]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.427069][T11103] RIP: 0033:0x7f8f85b8e929
[  443.427097][T11103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.427119][T11103] RSP: 002b:00007f8f86ae3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  443.427143][T11103] RAX: ffffffffffffffda RBX: 00007f8f85db5fa0 RCX: 00007f8f85b8e929
[  443.427161][T11103] RDX: 0000000000000004 RSI: 0000200000000280 RDI: 0000000000000003
[  443.427176][T11103] RBP: 00007f8f86ae3090 R08: 0000000000000000 R09: 0000000000000000
[  443.427190][T11103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.427204][T11103] R13: 0000000000000000 R14: 00007f8f85db5fa0 R15: 00007f8f85edfa28
[  443.427242][T11103]  </TASK>
[  443.427413][   T10] pwc: recv_control_msg error -71 req 02 val 2100
[  443.447196][ T5915] usb 5-1: Manufacturer: syz
[  443.447224][ T5915] usb 5-1: SerialNumber: syz
[  443.449144][ T2155] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.458246][T11103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1335'.
[  443.462666][ T5915] usb 5-1: config 0 descriptor??
[  443.489962][T11103] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1335'.
[  443.533359][ T5915] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  443.545606][   T10] pwc: recv_control_msg error -71 req 02 val 2200
[  443.561590][ T2155] usb 6-1: config 0 descriptor??
[  443.579875][   T10] pwc: recv_control_msg error -71 req 06 val 0600
[  443.797358][ T5915] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  443.808967][   T10] pwc: recv_control_msg error -71 req 04 val 1500
[  443.838118][ T2155] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  443.847115][ T5915] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  443.865515][ T2155] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  443.947832][ T2155] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  443.953707][   T10] pwc: recv_control_msg error -71 req 02 val 2500
[  443.976644][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 101
[  444.066900][ T2155] usb 6-1: media controller created
[  444.101151][   T10] pwc: recv_control_msg error -71 req 02 val 2400
[  444.135705][ T2155] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  444.160868][   T10] pwc: recv_control_msg error -71 req 02 val 2600
[  444.226909][ T2155] az6027: usb out operation failed. (-71)
[  444.226920][   T10] pwc: recv_control_msg error -71 req 02 val 2900
[  444.239789][   T10] pwc: recv_control_msg error -71 req 02 val 2800
[  444.269778][   T10] pwc: recv_control_msg error -71 req 04 val 1100
[  444.332869][ T2155] az6027: usb out operation failed. (-71)
[  444.338803][ T2155] stb0899_attach: Driver disabled by Kconfig
[  444.341282][   T10] pwc: recv_control_msg error -71 req 04 val 1200
[  444.359411][ T2155] az6027: no front-end attached
[  444.359411][ T2155] 
[  444.368327][ T2155] az6027: usb out operation failed. (-71)
[  444.374450][ T2155] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  444.397140][ T2155] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input71
[  444.485661][   T10] pwc: Registered as video103.
[  444.537713][   T10] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input72
[  444.595094][   T10] usb 3-1: USB disconnect, device number 70
[  444.636386][ T2155] dvb-usb: schedule remote query interval to 400 msecs.
[  444.749475][ T2155] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  444.789257][ T2155] usb 6-1: USB disconnect, device number 59
[  445.062351][ T2155] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  445.757641][T11149] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1349'.
[  445.982796][T11154] loop8: detected capacity change from 16320 to 0
[  445.995540][    C1] I/O error, dev loop8, sector 3584 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0
[  446.511815][ T2155] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  446.540342][   T10] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[  446.670630][ T2155] usb 3-1: Using ep0 maxpacket: 32
[  446.691146][ T2155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  446.710344][   T10] usb 6-1: Using ep0 maxpacket: 32
[  446.715732][ T2155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  446.722638][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  446.738596][ T2155] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  446.743678][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  446.762637][ T2155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.773634][   T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  446.791581][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.792774][ T2155] usb 3-1: config 0 descriptor??
[  446.821650][   T10] usb 6-1: config 0 descriptor??
[  446.844883][   T10] hub 6-1:0.0: USB hub found
[  446.892586][ T2155] hub 3-1:0.0: USB hub found
[  447.040304][   T10] hub 6-1:0.0: 1 port detected
[  447.168005][T11175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  447.247943][ T2155] hub 3-1:0.0: 1 port detected
[  447.254284][   T10] hub 6-1:0.0: hub_hub_status failed (err = -71)
[  447.263047][T11175] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.275518][   T10] hub 6-1:0.0: config failed, can't get hub status (err -71)
[  447.298384][   T10] usbhid 6-1:0.0: can't add hid device: -71
[  447.334963][   T10] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  447.421395][   T10] usb 6-1: USB disconnect, device number 60
[  447.431930][T11166] openvswitch: netlink: Port -1 exceeds max allowable 65535
[  447.444736][T11166] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  447.480610][T11166] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.805715][T11190] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  447.939109][T11193] gretap0: entered promiscuous mode
[  447.946250][T11193] vlan2: entered promiscuous mode
[  448.203632][ T2155] usb 3-1: USB disconnect, device number 71
[  448.392533][T11195] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1360'.
[  450.123581][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  450.152736][ T5916] usb 5-1: USB disconnect, device number 76
[  450.178735][ T5916] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  450.266335][ T5916] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  450.372418][ T5916] quatech2 5-1:0.51: device disconnected
[  450.500160][    T9] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[  450.757845][    T9] usb 6-1: Using ep0 maxpacket: 16
[  450.792543][    T9] usb 6-1: config 0 has an invalid interface number: 105 but max is 0
[  450.808580][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  450.821085][    T9] usb 6-1: config 0 has no interface number 0
[  450.842370][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  450.873832][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.911326][    T9] usb 6-1: Product: syz
[  450.915571][    T9] usb 6-1: Manufacturer: syz
[  450.930096][    T9] usb 6-1: SerialNumber: syz
[  450.951197][    T9] usb 6-1: config 0 descriptor??
[  450.972948][    T9] usb 6-1: Found UVC 0.00 device syz (046d:08f3)
[  450.979409][    T9] usb 6-1: No valid video chain found.
[  451.515617][T11227] bridge0: port 3(netdevsim0) entered disabled state
[  451.670684][T11227] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  451.733573][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.743744][T11234] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1369'.
[  451.776287][T11236] loop2: detected capacity change from 0 to 7
[  451.800380][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.805242][T11236] Dev loop2: unable to read RDB block 7
[  451.861939][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.869774][T11236]  loop2: unable to read partition table
[  451.875411][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875452][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875478][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875504][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875530][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875557][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875583][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875610][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875635][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.875660][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x2
[  451.875688][    T9] hid-generic 009C:0008:0003.002A: unknown main item tag 0x0
[  451.879378][    T9] hid-generic 009C:0008:0003.002A: hidraw1: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  451.994427][T11236] loop2: partition table beyond EOD, truncated
[  452.022652][T11236] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  452.590552][    T9] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  452.862185][    T9] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  452.874997][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.905210][    T9] usb 3-1: Product: syz
[  452.910500][    T9] usb 3-1: Manufacturer: syz
[  452.939380][    T9] usb 3-1: SerialNumber: syz
[  453.001391][    T9] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  453.036320][ T5917] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  453.137509][  T846] usb 6-1: USB disconnect, device number 61
[  453.444091][ T2155] usb 3-1: USB disconnect, device number 72
[  453.785601][  T846] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  453.980677][  T846] usb 1-1: Using ep0 maxpacket: 8
[  454.004483][  T846] usb 1-1: unable to get BOS descriptor or descriptor too short
[  454.036668][  T846] usb 1-1: config 116 has an invalid descriptor of length 56, skipping remainder of the config
[  454.065817][  T846] usb 1-1: config 116 has 0 interfaces, different from the descriptor's value: 1
[  454.112015][  T846] usb 1-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=57.8a
[  454.123475][ T5917] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  454.135910][  T846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.146341][ T5917] ath9k_htc: Failed to initialize the device
[  454.157858][T11257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1377'.
[  454.160099][  T846] usb 1-1: Product: syz
[  454.179739][ T2155] usb 3-1: ath9k_htc: USB layer deinitialized
[  454.183207][  T846] usb 1-1: Manufacturer: syz
[  454.191847][  T846] usb 1-1: SerialNumber: syz
[  454.200726][T11257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1377'.
[  454.407545][T11266] sctp: [Deprecated]: syz.2.1379 (pid 11266) Use of struct sctp_assoc_value in delayed_ack socket option.
[  454.407545][T11266] Use struct sctp_sack_info instead
[  454.733349][  T846] usb 1-1: USB disconnect, device number 88
[  454.841627][T11272] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1381'.
[  454.950513][ T2155] usb 6-1: new full-speed USB device number 62 using dummy_hcd
[  454.988339][T11272] 8021q: adding VLAN 0 to HW filter on device bond4
[  455.001621][T11274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1381'.
[  455.075216][T11276] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1382'.
[  455.097435][T11276] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1382'.
[  455.111001][T11274] ipvlan2: entered promiscuous mode
[  455.116652][T11274] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  455.143022][ T2155] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  455.194174][ T2155] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  455.238932][ T2155] usb 6-1: config 0 interface 0 has no altsetting 0
[  455.254689][ T2155] usb 6-1: New USB device found, idVendor=0471, idProduct=2088, bcdDevice=c6.66
[  455.265908][ T2155] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.283671][ T2155] usb 6-1: config 0 descriptor??
[  455.314433][T11267] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  455.380120][  T846] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  455.431093][T11278] loop2: detected capacity change from 0 to 7
[  455.462654][T11280] Dev loop2: unable to read RDB block 7
[  455.480168][T11280]  loop2: unable to read partition table
[  455.490521][T11280] loop2: partition table beyond EOD, truncated
[  455.510827][T11278] Dev loop2: unable to read RDB block 7
[  455.530306][T11278]  loop2: unable to read partition table
[  455.542932][  T846] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  455.570318][T11278] loop2: partition table beyond EOD, truncated
[  455.576762][  T846] usb 5-1: config 0 interface 0 has no altsetting 0
[  455.620234][T11278] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  455.701470][  T846] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  455.715103][  T846] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  455.748506][  T846] usb 5-1: Product: syz
[  455.779422][  T846] usb 5-1: Manufacturer: syz
[  455.803175][  T846] usb 5-1: SerialNumber: syz
[  455.822151][  T846] usb 5-1: config 0 descriptor??
[  455.866337][  T846] usb 5-1: selecting invalid altsetting 0
[  455.873629][T11283] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1385'.
[  456.419090][T11290] binder: 11288:11290 ioctl 3ba0 200000000100 returned -22
[  456.658709][T11276] could not allocate digest TFM handle sha512_mb
[  456.741884][ T5908] usb 5-1: USB disconnect, device number 77
[  457.181327][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.199149][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.210147][  T846] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  457.229121][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.365427][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.380261][  T846] usb 4-1: device descriptor read/64, error -71
[  457.420113][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.451054][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.481066][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.488565][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.572406][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.594215][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.647966][ T2155] usb 6-1: string descriptor 0 read error: -71
[  457.660438][  T846] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  457.668353][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.685900][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.686397][ T2155] usb 6-1: USB disconnect, device number 62
[  457.701059][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.722791][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.732353][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.764822][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.780746][T11318] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  457.797207][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.814828][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.822500][  T846] usb 4-1: device descriptor read/64, error -71
[  457.838893][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.860162][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.874693][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.882426][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.890206][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.898221][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.900793][T11320] loop2: detected capacity change from 0 to 7
[  457.911827][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.911861][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.911890][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.911917][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.911945][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.911981][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912006][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912032][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912058][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912083][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912108][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912134][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912159][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912185][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912210][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912235][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912260][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912284][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.912309][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.933904][T11320] Dev loop2: unable to read RDB block 7
[  457.935275][  T846] usb usb4-port1: attempt power cycle
[  457.946935][T11320]  loop2: unable to read partition table
[  457.958668][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.974123][T11320] loop2: partition table beyond EOD, 
[  457.985082][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  457.987451][ T5915] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  457.999445][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.002592][T11320] truncated
[  458.010179][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.021478][T11320] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  458.040203][   T10] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  458.134576][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.142123][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.149578][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.157103][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.164917][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.172927][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.180903][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.188440][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.196381][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  458.207826][ T5915] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  458.210138][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.229440][ T5915] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  458.231977][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.254266][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.292573][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.293256][ T5915] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  458.306626][T11322] loop2: detected capacity change from 0 to 7
[  458.315307][  T846] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  458.317385][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.323555][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.342672][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.345631][ T5923] Dev loop2: unable to read RDB block 7
[  458.356043][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.357772][ T5923]  loop2: unable to read partition table
[  458.364730][  T846] usb 4-1: device descriptor read/8, error -71
[  458.371955][ T5915] usb 5-1: config 0 descriptor??
[  458.376877][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.398109][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.399443][ T5923] loop2: partition table beyond EOD, 
[  458.407189][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.410145][ T5923] truncated
[  458.416840][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.430951][   T10] usb 3-1: Using ep0 maxpacket: 32
[  458.444774][T11322] Dev loop2: unable to read RDB block 7
[  458.450744][   T10] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  458.450776][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  458.469792][T11322]  loop2: unable to read partition table
[  458.471958][   T10] usb 3-1: config 0 descriptor??
[  458.481986][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.492881][   T10] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  458.499965][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.500290][T11322] loop2: partition table beyond EOD, truncated
[  458.516062][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.518496][T11322] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  458.526612][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.543351][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.551936][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.559807][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.567355][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.589267][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.594672][T11316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.609997][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.610319][  T846] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  458.626720][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.627472][T11316] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.638167][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.651130][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.658658][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.667076][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.676574][  T846] usb 4-1: device descriptor read/8, error -71
[  458.710162][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.723202][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.731421][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.738918][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.747635][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.755662][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.773120][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.783015][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.793770][  T846] usb usb4-port1: unable to enumerate USB device
[  458.802609][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.810702][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.818197][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.826683][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.834628][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.842695][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.850571][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.858276][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.866334][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.874381][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.882394][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.913530][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.929120][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.942966][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.951765][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.960538][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.969562][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.977830][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.985654][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  458.996171][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.004302][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.012712][   T10] gspca_vc032x: reg_r err -110
[  459.017629][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.023663][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.029072][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.035043][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.042579][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.048293][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.055425][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.063106][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.068668][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.076898][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.082392][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.090572][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.096139][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.101865][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.109674][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.117432][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.122943][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.130848][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.136200][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.141916][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.149395][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.157787][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.169775][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.179238][ T5917] hid-generic 0008:007F:0001.002B: unknown main item tag 0x0
[  459.188193][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.195666][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.200349][ T5908] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  459.205294][ T5917] hid-generic 0008:007F:0001.002B: hidraw1: <UNKNOWN> HID v0.05 Device [syz0] on syz0
[  459.229873][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.241551][   T10] gspca_vc032x: I2c Bus Busy Wait 00
[  459.247104][   T10] gspca_vc032x: Unknown sensor...
[  459.256535][   T10] vc032x 3-1:0.0: probe with driver vc032x failed with error -22
[  459.349441][T11327] fido_id[11327]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  459.401242][ T5908] usb 6-1: Using ep0 maxpacket: 8
[  459.409780][ T5908] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  459.419605][ T5908] usb 6-1: config 179 has no interface number 0
[  459.502794][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  459.528354][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  459.540754][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  459.553058][ T5908] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  459.565377][ T5908] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  459.580671][ T5908] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  459.589870][ T5908] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.655837][T11326] raw-gadget.4 gadget.5: fail, usb_ep_enable returned -22
[  459.950482][ T2155] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  460.113288][ T2155] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  460.140259][ T2155] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  460.151439][ T2155] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  460.161279][ T2155] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.187029][T11339] raw-gadget.5 gadget.0: fail, usb_ep_enable returned -22
[  460.232954][ T2155] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  460.443298][   T10] usb 1-1: USB disconnect, device number 89
[  460.462419][T11326] x_tables: duplicate entry at hook 2
[  460.599311][ T5915] usbhid 5-1:0.0: can't add hid device: -71
[  460.628975][ T5915] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  460.679357][ T5917] usb 3-1: USB disconnect, device number 73
[  460.703507][ T5915] usb 5-1: USB disconnect, device number 78
[  460.742103][T11347] ptrace attach of "./syz-executor exec"[6810] was attempted by "./syz-executor exec"[11347]
[  461.120800][T11355] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1406'.
[  461.475899][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  461.511580][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  461.571541][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  461.621640][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  461.667171][T11367] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1409'.
[  461.727581][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  461.762384][T11367] vlan2: entered promiscuous mode
[  461.767559][T11367] hsr0: entered promiscuous mode
[  461.808915][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  461.942999][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.158375][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.186279][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.213412][T11371] loop2: detected capacity change from 0 to 7
[  462.222735][ T5202]  loop2: p4
[  462.226475][ T5202] loop2: partition table partially beyond EOD, truncated
[  462.234528][ T5202] loop2: p4 size 4294967295 extends beyond EOD, truncated
[  462.259999][T11371]  loop2: p4
[  462.293555][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.301419][T11371] loop2: partition table partially beyond EOD, truncated
[  462.308720][T11371] loop2: p4 size 4294967295 extends beyond EOD, truncated
[  462.370135][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.456001][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.509847][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.535990][ T5202]  loop2: p4
[  462.538252][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.545693][ T5202] loop2: partition table partially beyond EOD, truncated
[  462.586827][ T5202] loop2: p4 size 4294967295 extends beyond EOD, truncated
[  462.600479][   T10] hid-generic 009C:0008:0003.002C: unknown main item tag 0x0
[  462.651053][   T10] hid-generic 009C:0008:0003.002C: hidraw1: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  462.866731][ T5923] udevd[5923]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  463.019482][T11384] fido_id[11384]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  463.040706][ T5923] udevd[5923]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  463.140177][ T5916] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  463.185532][ T5923] udevd[5923]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory
[  463.259925][   T10] usb 6-1: USB disconnect, device number 63
[  463.259923][    C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  463.259978][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  463.283320][    C1] ==================================================================
[  463.291440][    C1] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[  463.299295][    C1] Read of size 4 at addr ffff8880243a005c by task kworker/u8:0/12
[  463.307140][    C1] 
[  463.309499][    C1] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  463.309531][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  463.309547][    C1] Workqueue: bat_events batadv_nc_worker
[  463.309581][    C1] Call Trace:
[  463.309591][    C1]  <IRQ>
[  463.309601][    C1]  dump_stack_lvl+0x189/0x250
[  463.309637][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  463.309658][    C1]  ? rcu_is_watching+0x15/0xb0
[  463.309690][    C1]  ? __kasan_check_byte+0x12/0x40
[  463.309711][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  463.309743][    C1]  ? rcu_is_watching+0x15/0xb0
[  463.309774][    C1]  ? lock_release+0x4b/0x3e0
[  463.309805][    C1]  ? __virt_addr_valid+0x1c8/0x5c0
[  463.309826][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[  463.309849][    C1]  print_report+0xd2/0x2b0
[  463.309876][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  463.309899][    C1]  kasan_report+0x118/0x150
[  463.309921][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  463.309948][    C1]  do_raw_spin_lock+0x23d/0x290
[  463.309990][    C1]  ? __wake_up_common_lock+0x2f/0x1f0
[  463.310015][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  463.310040][    C1]  _raw_spin_lock_irqsave+0xb3/0xf0
[  463.310067][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  463.310093][    C1]  ? kcov_remote_stop+0x78/0x6d0
[  463.310119][    C1]  __wake_up_common_lock+0x2f/0x1f0
[  463.310146][    C1]  __usb_hcd_giveback_urb+0x4d7/0x690
[  463.310167][    C1]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  463.310188][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  463.310214][    C1]  ? usb_hcd_giveback_urb+0x10e/0x420
[  463.310236][    C1]  dummy_timer+0x862/0x4550
[  463.310271][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  463.310308][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  463.310330][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  463.310349][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  463.310367][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  463.310406][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  463.310436][    C1]  ? read_tsc+0x9/0x20
[  463.310459][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  463.310492][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  463.310512][    C1]  handle_softirqs+0x286/0x870
[  463.310542][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  463.310574][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  463.310608][    C1]  __irq_exit_rcu+0xca/0x1f0
[  463.310638][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  463.310673][    C1]  irq_exit_rcu+0x9/0x30
[  463.310701][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  463.310727][    C1]  </IRQ>
[  463.310733][    C1]  <TASK>
[  463.310740][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  463.310761][    C1] RIP: 0010:lock_acquire+0x175/0x360
[  463.310791][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 0b dd fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  463.310810][    C1] RSP: 0018:ffffc90000117980 EFLAGS: 00000206
[  463.310829][    C1] RAX: 3a2e59b2a7f88800 RBX: 0000000000000000 RCX: 3a2e59b2a7f88800
[  463.310846][    C1] RDX: 0000000000000000 RSI: ffffffff8db6ee30 RDI: ffffffff8be28cc0
[  463.310861][    C1] RBP: ffffffff8b34bec2 R08: 0000000000000000 R09: ffffffff8b34bec2
[  463.310876][    C1] R10: dffffc0000000000 R11: ffffffff8b34bdf0 R12: 0000000000000002
[  463.310892][    C1] R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000246
[  463.310908][    C1]  ? batadv_nc_worker+0xd2/0x610
[  463.310935][    C1]  ? __pfx_batadv_nc_worker+0x10/0x10
[  463.310959][    C1]  ? batadv_nc_worker+0xd2/0x610
[  463.311001][    C1]  ? batadv_nc_worker+0xd2/0x610
[  463.311027][    C1]  ? batadv_nc_worker+0xd2/0x610
[  463.311053][    C1]  batadv_nc_worker+0xef/0x610
[  463.311078][    C1]  ? batadv_nc_worker+0xd2/0x610
[  463.311105][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  463.311137][    C1]  process_scheduled_works+0xade/0x17b0
[  463.311183][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  463.311262][    C1]  worker_thread+0x8a0/0xda0
[  463.311313][    C1]  kthread+0x70e/0x8a0
[  463.311355][    C1]  ? __pfx_worker_thread+0x10/0x10
[  463.311401][    C1]  ? __pfx_kthread+0x10/0x10
[  463.311425][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  463.311452][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  463.311480][    C1]  ? __pfx_kthread+0x10/0x10
[  463.311504][    C1]  ret_from_fork+0x3fc/0x770
[  463.311535][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  463.311568][    C1]  ? __switch_to_asm+0x39/0x70
[  463.311590][    C1]  ? __switch_to_asm+0x33/0x70
[  463.311612][    C1]  ? __pfx_kthread+0x10/0x10
[  463.311635][    C1]  ret_from_fork_asm+0x1a/0x30
[  463.311666][    C1]  </TASK>
[  463.311675][    C1] 
[  463.754799][    C1] Allocated by task 5908:
[  463.759147][    C1]  kasan_save_track+0x3e/0x80
[  463.763879][    C1]  __kasan_kmalloc+0x93/0xb0
[  463.768503][    C1]  __kmalloc_cache_noprof+0x230/0x3d0
[  463.773895][    C1]  xpad_probe+0x428/0x1fc0
[  463.778430][    C1]  usb_probe_interface+0x641/0xbc0
[  463.783550][    C1]  really_probe+0x26a/0x9a0
[  463.788063][    C1]  __driver_probe_device+0x18c/0x2f0
[  463.793375][    C1]  driver_probe_device+0x4f/0x430
[  463.798408][    C1]  __device_attach_driver+0x2ce/0x530
[  463.803793][    C1]  bus_for_each_drv+0x251/0x2e0
[  463.808656][    C1]  __device_attach+0x2b8/0x400
[  463.813432][    C1]  bus_probe_device+0x185/0x260
[  463.818294][    C1]  device_add+0x7b6/0xb50
[  463.822635][    C1]  usb_set_configuration+0x1a87/0x20e0
[  463.828112][    C1]  usb_generic_driver_probe+0x8d/0x150
[  463.833587][    C1]  usb_probe_device+0x1c1/0x390
[  463.838450][    C1]  really_probe+0x26a/0x9a0
[  463.842962][    C1]  __driver_probe_device+0x18c/0x2f0
[  463.848288][    C1]  driver_probe_device+0x4f/0x430
[  463.853321][    C1]  __device_attach_driver+0x2ce/0x530
[  463.858708][    C1]  bus_for_each_drv+0x251/0x2e0
[  463.863577][    C1]  __device_attach+0x2b8/0x400
[  463.868350][    C1]  bus_probe_device+0x185/0x260
[  463.873217][    C1]  device_add+0x7b6/0xb50
[  463.877553][    C1]  usb_new_device+0xa39/0x16c0
[  463.882328][    C1]  hub_event+0x2941/0x4a00
[  463.886758][    C1]  process_scheduled_works+0xade/0x17b0
[  463.892315][    C1]  worker_thread+0x8a0/0xda0
[  463.896919][    C1]  kthread+0x70e/0x8a0
[  463.901000][    C1]  ret_from_fork+0x3fc/0x770
[  463.905601][    C1]  ret_from_fork_asm+0x1a/0x30
[  463.910376][    C1] 
[  463.912703][    C1] Freed by task 10:
[  463.916513][    C1]  kasan_save_track+0x3e/0x80
[  463.921204][    C1]  kasan_save_free_info+0x46/0x50
[  463.926236][    C1]  __kasan_slab_free+0x62/0x70
[  463.931095][    C1]  kfree+0x18e/0x440
[  463.935005][    C1]  xpad_disconnect+0x350/0x480
[  463.939781][    C1]  usb_unbind_interface+0x26b/0x8f0
[  463.944996][    C1]  device_release_driver_internal+0x4d6/0x7c0
[  463.951071][    C1]  bus_remove_device+0x34d/0x410
[  463.956039][    C1]  device_del+0x511/0x8e0
[  463.960377][    C1]  usb_disable_device+0x3e9/0x8a0
[  463.965418][    C1]  usb_disconnect+0x330/0x910
[  463.970103][    C1]  hub_event+0x1cdb/0x4a00
[  463.974549][    C1]  process_scheduled_works+0xade/0x17b0
[  463.980134][    C1]  worker_thread+0x8a0/0xda0
[  463.984757][    C1]  kthread+0x70e/0x8a0
[  463.988842][    C1]  ret_from_fork+0x3fc/0x770
[  463.993454][    C1]  ret_from_fork_asm+0x1a/0x30
[  463.998233][    C1] 
[  464.000576][    C1] The buggy address belongs to the object at ffff8880243a0000
[  464.000576][    C1]  which belongs to the cache kmalloc-1k of size 1024
[  464.014637][    C1] The buggy address is located 92 bytes inside of
[  464.014637][    C1]  freed 1024-byte region [ffff8880243a0000, ffff8880243a0400)
[  464.028442][    C1] 
[  464.030774][    C1] The buggy address belongs to the physical page:
[  464.037205][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x243a0
[  464.045972][    C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  464.054475][    C1] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  464.062461][    C1] page_type: f5(slab)
[  464.066458][    C1] raw: 00fff00000000040 ffff88801a441dc0 0000000000000000 dead000000000001
[  464.075050][    C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  464.083644][    C1] head: 00fff00000000040 ffff88801a441dc0 0000000000000000 dead000000000001
[  464.092321][    C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  464.101022][    C1] head: 00fff00000000003 ffffea000090e801 00000000ffffffff 00000000ffffffff
[  464.109723][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  464.118400][    C1] page dumped because: kasan: bad access detected
[  464.124830][    C1] page_owner tracks the page as allocated
[  464.130550][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5927, tgid 5926 (syz.4.7), ts 96467998441, free_ts 96455914125
[  464.151503][    C1]  post_alloc_hook+0x240/0x2a0
[  464.156294][    C1]  get_page_from_freelist+0x21e4/0x22c0
[  464.161855][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  464.167704][    C1]  alloc_pages_mpol+0x232/0x4a0
[  464.172597][    C1]  allocate_slab+0x8a/0x3b0
[  464.177121][    C1]  ___slab_alloc+0xbfc/0x1480
[  464.181811][    C1]  __kvmalloc_node_noprof+0x429/0x5f0
[  464.187188][    C1]  io_alloc_cache_init+0x3d/0x140
[  464.192227][    C1]  io_rsrc_cache_init+0x26/0x50
[  464.197090][    C1]  io_ring_ctx_alloc+0x4ab/0xae0
[  464.202037][    C1]  io_uring_create+0x130/0xb60
[  464.206807][    C1]  __se_sys_io_uring_setup+0x264/0x270
[  464.212276][    C1]  do_syscall_64+0xfa/0x3b0
[  464.216792][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.222692][    C1] page last free pid 5840 tgid 5840 stack trace:
[  464.229037][    C1]  __free_frozen_pages+0xc71/0xe70
[  464.234185][    C1]  __put_partials+0x161/0x1c0
[  464.238884][    C1]  put_cpu_partial+0x17c/0x250
[  464.243661][    C1]  __slab_free+0x2f7/0x400
[  464.248091][    C1]  qlist_free_all+0x97/0x140
[  464.252712][    C1]  kasan_quarantine_reduce+0x148/0x160
[  464.258186][    C1]  __kasan_slab_alloc+0x22/0x80
[  464.263046][    C1]  __kmalloc_noprof+0x224/0x4f0
[  464.267922][    C1]  ieee80211_register_hw+0x1ebd/0x4120
[  464.273425][    C1]  mac80211_hwsim_new_radio+0x2f0e/0x5340
[  464.279182][    C1]  hwsim_new_radio_nl+0xea4/0x1b10
[  464.284309][    C1]  genl_family_rcv_msg_doit+0x215/0x300
[  464.289870][    C1]  genl_rcv_msg+0x60e/0x790
[  464.294387][    C1]  netlink_rcv_skb+0x205/0x470
[  464.299173][    C1]  genl_rcv+0x28/0x40
[  464.303168][    C1]  netlink_unicast+0x758/0x8d0
[  464.307943][    C1] 
[  464.310277][    C1] Memory state around the buggy address:
[  464.315920][    C1]  ffff88802439ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  464.323994][    C1]  ffff88802439ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  464.332076][    C1] >ffff8880243a0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  464.340139][    C1]                                                     ^
[  464.347086][    C1]  ffff8880243a0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  464.355155][    C1]  ffff8880243a0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  464.363237][    C1] ==================================================================
[  464.371323][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  464.378529][    C1] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc4-syzkaller-00013-g66701750d556 #0 PREEMPT(full) 
[  464.390515][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  464.400581][    C1] Workqueue: bat_events batadv_nc_worker
[  464.406238][    C1] Call Trace:
[  464.409529][    C1]  <IRQ>
[  464.412384][    C1]  dump_stack_lvl+0x99/0x250
[  464.416993][    C1]  ? __asan_memcpy+0x40/0x70
[  464.421602][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  464.426820][    C1]  ? __pfx__printk+0x10/0x10
[  464.431425][    C1]  panic+0x2db/0x790
[  464.435339][    C1]  ? __pfx_panic+0x10/0x10
[  464.439776][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  464.445687][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  464.452046][    C1]  ? print_memory_metadata+0x314/0x400
[  464.457527][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  464.462996][    C1]  check_panic_on_warn+0x89/0xb0
[  464.467957][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  464.472991][    C1]  end_report+0x78/0x160
[  464.477247][    C1]  kasan_report+0x129/0x150
[  464.481757][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  464.486792][    C1]  do_raw_spin_lock+0x23d/0x290
[  464.491656][    C1]  ? __wake_up_common_lock+0x2f/0x1f0
[  464.497055][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  464.502440][    C1]  _raw_spin_lock_irqsave+0xb3/0xf0
[  464.507653][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  464.513565][    C1]  ? kcov_remote_stop+0x78/0x6d0
[  464.518517][    C1]  __wake_up_common_lock+0x2f/0x1f0
[  464.523751][    C1]  __usb_hcd_giveback_urb+0x4d7/0x690
[  464.529133][    C1]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  464.534951][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  464.540856][    C1]  ? usb_hcd_giveback_urb+0x10e/0x420
[  464.546249][    C1]  dummy_timer+0x862/0x4550
[  464.550773][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  464.556257][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  464.561204][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  464.566152][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  464.571094][    C1]  __hrtimer_run_queues+0x52c/0xc60
[  464.576317][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  464.582053][    C1]  ? read_tsc+0x9/0x20
[  464.586131][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  464.591959][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  464.597081][    C1]  handle_softirqs+0x286/0x870
[  464.601867][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  464.606661][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  464.611993][    C1]  __irq_exit_rcu+0xca/0x1f0
[  464.616602][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  464.621825][    C1]  irq_exit_rcu+0x9/0x30
[  464.626081][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  464.631732][    C1]  </IRQ>
[  464.634671][    C1]  <TASK>
[  464.637611][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  464.643599][    C1] RIP: 0010:lock_acquire+0x175/0x360
[  464.648900][    C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 0b dd fe 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e
[  464.668521][    C1] RSP: 0018:ffffc90000117980 EFLAGS: 00000206
[  464.674617][    C1] RAX: 3a2e59b2a7f88800 RBX: 0000000000000000 RCX: 3a2e59b2a7f88800
[  464.682615][    C1] RDX: 0000000000000000 RSI: ffffffff8db6ee30 RDI: ffffffff8be28cc0
[  464.690598][    C1] RBP: ffffffff8b34bec2 R08: 0000000000000000 R09: ffffffff8b34bec2
[  464.698581][    C1] R10: dffffc0000000000 R11: ffffffff8b34bdf0 R12: 0000000000000002
[  464.706561][    C1] R13: ffffffff8e13ee20 R14: 0000000000000000 R15: 0000000000000246
[  464.714544][    C1]  ? batadv_nc_worker+0xd2/0x610
[  464.719497][    C1]  ? __pfx_batadv_nc_worker+0x10/0x10
[  464.724888][    C1]  ? batadv_nc_worker+0xd2/0x610
[  464.729854][    C1]  ? batadv_nc_worker+0xd2/0x610
[  464.734807][    C1]  ? batadv_nc_worker+0xd2/0x610
[  464.739757][    C1]  batadv_nc_worker+0xef/0x610
[  464.744534][    C1]  ? batadv_nc_worker+0xd2/0x610
[  464.749488][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  464.755224][    C1]  process_scheduled_works+0xade/0x17b0
[  464.760810][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  464.766813][    C1]  worker_thread+0x8a0/0xda0
[  464.771431][    C1]  kthread+0x70e/0x8a0
[  464.775521][    C1]  ? __pfx_worker_thread+0x10/0x10
[  464.780667][    C1]  ? __pfx_kthread+0x10/0x10
[  464.785294][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  464.790535][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  464.795777][    C1]  ? __pfx_kthread+0x10/0x10
[  464.800390][    C1]  ret_from_fork+0x3fc/0x770
[  464.805006][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  464.810141][    C1]  ? __switch_to_asm+0x39/0x70
[  464.814914][    C1]  ? __switch_to_asm+0x33/0x70
[  464.819687][    C1]  ? __pfx_kthread+0x10/0x10
[  464.824285][    C1]  ret_from_fork_asm+0x1a/0x30
[  464.829067][    C1]  </TASK>
[  464.832448][    C1] Kernel Offset: disabled
[  464.836784][    C1] Rebooting in 86400 seconds..