last executing test programs:

1m19.512288855s ago: executing program 1 (id=670):
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0xfffffffffffffffb, 0x8000)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000040)=""/251, &(0x7f0000000140)=0xfb)
pread64(r0, &(0x7f0000000180)=""/88, 0x58, 0x2)
r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000240)=0xc)
ioctl$HIDIOCAPPLICATION(r0, 0x4802, 0x0)
close(r1)
readahead(r1, 0x0, 0xc3)
write$UHID_CREATE(r0, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000280)=""/15, 0xf, 0x1000, 0x1cd2, 0x5, 0x86, 0x9}}, 0x120)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000400)={<r2=>0x0, 0xf1, "8b99d36ce8bb8abf61e38891931381ab78c31f61816d1da378ef4214271d94c42a79e6ef842a96fdfc1c41ad1fa176411c30ea8ce39327f9fe2746bdcf2f14706a690ebf1cbcfe6e900dd84747d97aa6303a38512a05f0a596339a93a03ff0a91da4ee5a2ebe42ad9f05580f0eb6ddf2cef0061b8ae3b3e6a62b5710ca3a70dd99a64f29047a56d623a3c1a867e7ae327d6c743a833478f2ff9194fc86a12852968954790439a6173c8901015c8bae4ae47570b848524fa9672b0445ff98c77f2b3115d95b9131346c46f5d198baee44ec066c5c61b30d131d9a0104b1dd44638015f7a7f2ddd92e2c600352f4cb9390cb"}, &(0x7f0000000500)=0xf9)
r3 = syz_open_dev$media(&(0x7f0000000540), 0x7, 0x3)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x98, 0x2, 0x6, 0x3, 0x0, 0x0, {0x1, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x4}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_DATA={0x54, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x6}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x6}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x401}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x8}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x1}, @IPSET_ATTR_CIDR={0x5, 0x3, 0x63}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xe1}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xffffffff}, @IPSET_ATTR_BUCKETSIZE={0x5}]}]}, 0x98}, 0x1, 0x0, 0x0, 0xaf09b02ff632aab6}, 0x8000)
r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
writev(r4, &(0x7f00000019c0)=[{&(0x7f0000000740)="882a96840cecbe83fca99e58d783074055699415289f3cf8fc8acf0b9d20bd7d619ac22807ac5be4c154bc62da0b3d274bd8f85d02210e34271db18b5e9c787d8e6b0d53f44279c07eb30c9e6ca0e76d36e13a9bac0195402aec67", 0x5b}, {&(0x7f00000007c0)="94e4d21f34bd24cc4389a986011ce7581d551d8958998838f261320b250ecc8e5eb538bee243ad902b542775e6d626a76efeeb6d3f58f728c7c7f14530113b5ad6a07e70cbc56a583def56e8b067902bd27797ff4fe154caf1031b830986a987c435bbe8f37fead48ad5dc485e34712873c5198b0db7fa1679fdb91dcdf54d76f344b651288f6b6bd7bac8d4bfba6e6270ce75c9ab", 0x95}, {&(0x7f0000000880)="5dbb9eee6b2385aed36edc7c213db48e78b4a345e4499d17eb8626c39a731eb33be7887600757b7b45b0a83c17c7939414777c3002c20b2fb4b90402c315bf9000d5e8fafad49e640d3e83d78743417892c67c7a6c5af28aa1bd7c26328c7f2558521b10e5410ab296b906f1d07e88b36ef2a1ddf97bbcf3979895af63973e3ac3ea7c86602f4948", 0x88}, {&(0x7f0000000940)="e81ce8654a35654f8effa0518eb739a287b86ccd333fbc3565c0e21371d2acef5cc46f6fae636e648da2e508c42ad0c556c81fc25488fc5ad16697a731d63e6856cfdbcdf3f0d983a7", 0x49}, {&(0x7f00000009c0)="777bbef594c8789730a91750b6bde5ce4e64e9eb80f79dab552003a30cf743435c61508dcf44bdadf83f534d8cecfb4bd2d2528992f3fc3afc1fb62d279cd6a70d4a1aeb1a49c5ddfd872debddb8e575a661487f6d5348df5c4f9db70e33689079eabd5e90774867fd33e3459109319846043e748acda784200130fe5ee0a34efd32d381cebc25b5da90f3f7df7159ef68e529e713ab3f793da954fcba68bcc412f3eb239b07f91ec4ac6a7c70e9979c7971f93358d86b439a1e853f38e93b3a866fa74842451f0a747e5d8301195e3cc90c45a5afdbacae46f3be7042042d83fbdf098e29f7717104ee8d5bcc2cfb7a9da9fceffa13edec05dd32835bee4defc486f4c8c0f05813c05423e4a9b54593b52cb47cd8d87509c285d08d378de48c3c4d4f572bd9eec5721d1148d31e329d1afde0c05894ae16ebe8963cfef37c261d496952d97348c72c003a3937ad465d6c430603df9a349968d263754a11290ee96b7ad48c254d5f585a09ba840481de84bda00e8620e2b33eb8fcb7054b779408157a0820b9b530e1dca01f69816552226c0f4fa30b71b42d8f3339db280f70daee0ced8287caf2b52531cbfd30e43809c39b283b629a8e323b299b7f32f5c6503376fbf76e98fc446f067f390d889f47c4f37fcf8587979c3afbd7f05b0ce8de86896cd83c5ad207990fce55830ee01ab4e5fa5ea87f24dff7906b5448e8ef12363eab52915227b0f05ab8e48b37964b34d0dce4a955a24826a4b1e34a07d34aefcf3b3544a5a8497ebb364d1aa0565fe93cac1b9a489d28e1819feab826f7c7eac337897856029fe74267a2959badfd5cb1c022b4413cb80584e1b23b04bdd82a399acc573165427f231a332fdf7873d257fbcb29d0a37f5cfd15b2c848dd40d54b6f5244cddbf3920689a4019649675b9f0cfc1df3b150970ac7bb4029739c3d57299968e96e3c5b7b11f1c19eb6d2236d7940cb66264252dc40ff66c05d22c7212c9f83c998c11681baa4b1cb3ccb8fa800c99ff2b9fd746d6460dc5b85d21b46c13cf53a62279032da494a4a74ce086e9d1817b5977b5c96ca37124821d306d8810257c743d14a730055ece462600b699783bed5ec46352f93a11fc6be05f37c122204b3ca21a6a9a5cb4287d0e090947f16e2f3ec9c07effd3a7b9d9b35687766a38c0b4d8cb63c4ecbe633c3a0c4d9bd4b77655ce0d16b9e55f0846034f12472b07ac70191dcea2d97f7ceb9ea8da612734161f4ea130d5aa717bc1cc5c32983d4baef43c091a5d033e46662db2095a404015ab8c489ce047d2027b493d1ae788044e51fb18ad14174029d95b7a24036c4cd015141a0d0c6221bcf87224df7fa9f8e2abf804b0d61448044451ac3d5a84c82360850bece87061c45d4514597c8b97ecfd3959d93d6e6c52f7ef1e16ae9cdada968f25bc90e0359bb2562daf5f125e20a6bbdad2793fa1b4a52e46e2e13e39ce6f97ffae6f2334ab23595d70761051cba195b4cb569a02abf0e83f9724c97a99b4f051c7e9a01d72a655769fc6dbb71b4fb85acd64480495bb8501b63d60f23b1eb441c219196b3d545fadf6f2c4f9d9f164d3a89502a8d86d09405cd091b061c1028358dce789ecb18a8b9c9db5618eaaa73a64a5b74476e1c05026f451e1d581825423090885adc2e4d9e571f1d5b03f9a006f0719918cd24114591d02dc2819d25356c847c78bf76bff03d0c8ef53244d064ba04f60293435a7948c3246f32aa1b7e61bf298d5e851a663328ec1a5e2a9a564772889c66ac2ff15193e6ad301f6b9f644f160f39cbbb490b0352b61be6c36d6dbbd0a20f8d49d05436bd8c094cbd9aed27f9bb786d19069bcd96ac35a71000b58aa3fe867dc43dd7d000f8d5b78dc8b11546fcaf9129cabaae41d20cc3df37f7c8e44c4cf86dc6071584710830571b760d56c96b2ebe289c652ed6678336b71d767d7b1636506376f3ea2489e54b7dcd2b6ff04c8cc31117f00dcfd03eb7d1db5910ff6faca93d39dfbd4a0587b262a384d611e2a4847c6912d12a6be5cf6290fc76bb1e7cf2275ca29682b7e4cb0ca546611e78021535b7414af5c4127a0f63047c4b32a9036603b04ef0ea1d58debe621bb21e590683fd1d7e14b3f23bc14e94a38ff039a5b00a372a47d222b3695bc492af51f97dde6ad2d8cbcde1aa3de0d951b4a4f06efb7fcfd153075c86943490d69f2931da40caf3c4e84b8a98cafb32a73e009331efaee750cdb58566de87bba6e9d2d8c35b06914ed0cb6a54219f98db757aa17293b4885beb3afe1fa945fa219f71afd362b72cf78fdcc6dd7faf7129a11b509dec3b800214d0e67e1caa51c130b0ab0d57c57c0fa43de43201e66e552ffed085355daf9aa91fd55a366cdc303a64c615a6aaf55172458a3389a624ce31ca32c0e85378368315af02f0f327b04b01185c6253ab403598051e545ccfd3e7ee0d07e33fd3476706ec4707dddba24764da63cc415ac9399a5dc3a23932a98ace235b75c91b3bd62cd9356c51d7ef7fbd3dd8fdcf27922e417329a4daf5dd60d4623f0faf97945969f21716c15d52112a64e1ac080ec50398d8c041982a9269e383ab2204ef63f6926708f98925bf05c31af964179b01aff74fdcae500f580d9602c914efec3e7ff0370ab971b6a7144035ea7d97063e76d1fe6c8c64159c312cbb7f279975b801db9960caa6a92ca10f345639bad22d37bce0e633a74e5048ae74e9e427c574e55ccbade3172c6a05c0289a40e49e82a66cff0c51fe50287d33d18c1dbb2f6659a29da6aa96fded3960885b5c4d814f9d064c671f6771a2c681517cd2553ecfc91ae482ec80ccbf2073b21e1ed44da318a5bdbd2261eeda12f30d189cacffa4cec14dbf672710448c2e53a0c5889b45a6bbfb3bc668c7930dfcb06434a066aa4a120c80cfea3c135662e998f750fa8c586be3017b1b3da884ba2ecae45d57feaf20f0b67fa3b4dcb1c2e907a840820317e9cd28578e2db5af3f69ca049b42e3d4d1abb93773e2bfaa0714e133e7c8b70c609a74eb92c26a4c04af316a4c685a45d35892a01c3ab5c66207fb491a5d5d048b74645bfc4ee72c35402305200aa0e2bd22be6eef4d38232171d0ef7676964050b1ec4c7bf2a2e4a632bb4ec83f89bca48ca8524c20ef9a2c06344449b3be431f801c551bbf9e0889fe7496dd4f961f838468127129a253718fa8414f65e30dad4ce5695ad6fbbef0f9e77cce6ef6c2ed00f32aff91283fd809b3c292fd71e959f4d6668bf5420ebfee3bf43ebe1e5b55bdec2fed181394255812b8dfe09b434f3161dd9ebe23026469cdd8ca98619244b3ebdf56bd850c5f1efa0c3e2691990ce492f0b14d3eabd51e5fd0c47b582ff01e3a7a2f7dac73ec17679a2c2e702448fb4f942c5042930c462390cb7b2220fe78b13549e4d395b0e65b3a79116bf21d94992acaafa498490d2aff387e54ef6b936ded81bc54aa472ea53ba022b9973199d00e7e475bce25ea86c0dbb5f586775a6a5e022307e31991af535507b65bbb10180d68e8511c55ab2dcdba01b49add804bc3fe4861ad3de0372e690a8752ff6ab80f60c17150c75b73d007c34a3fd85b30fc96c5dcbce68a39cb1a501463c1fa51f17a270f5b1165276ff1f8571486ff9f6d63792fa2961a4b89768d5b25a7bcdd54a190de94e6a12b68f6afaab627d21ee2a95ede97b48288a1256db0075002d64ccd31cf781a77bba70be3f552e6cc4bba00f6da6cff76e4e76b0921142b2be5a241c28aa923504c0700d6788231c8ca3ad040a7a57da53d748a58d48e0300f3cc72f1698ec37bcab89277c08ce3d4133ddfa761678251b66a813c953ebd94ebfb1b366b93141233407d84f78b43ebd143f03ef162e3071e6d8893c15621ec46fd206d6f0c924bfcfcbcb04c8ab34db035481eafb32350f5482b17053f0e41db4811e67496ee60e5583909ec4475bdd9a75d99e492c1984aea479d039bf0c5a7acef38a983eea2d9020ba40db8ef6a4d9e116ac13b6245aa7022b03c7795a355bb2d0181b9a10bb128d80cacdfa910ce4e7d43e350248ee37acddabd58030d3b79b9a51dcf909cff570f1c309e07432cd5def671a882cd3a4da57dcc4f47bd32d6af4305995b3a6a22a68a6577d2175ad3ba5457b00135092ce89c19c8b493a569f8f3420b0f4b7e080cecea1941eee04a8af8fec8acbe8709df2311cd7076c4c58b1d533686e1227ae6da6b855df70e1a79c8a958ab7bac5f6feda83f87927ffd9433d1fea80697eae9aab3bfced3218fe1f40220f2ee85750e28a26a1e4d787be4ecb7f9c14d502ec6800771d37c2f5c046590bcc5939c867af3a11edd46cc57eeb8680a7d4758269f3c247bf55b23aacff61bc3149ef62f09c2ffc8c90877b687638616e68f136472d64b19f7e06653038eafbe99d8391a32605fab4a611f2f0fee93abab975fea3e181a95b33409d23e95610359ca6819a82480f2995935a7fded52820ea93c2c46fc92534ee62a964fdfe59bb4a6c4e0af02af0d34af6bfb6398e93d522d9dffdb9253409bd2754fc7d78bf78e97eda476bdf43b1c183aad7c5a70183f686592ecd575f799bb30c5bb658a52ac6ac98e8408ef96b1429a50dc0371cca9f783ad35e870da0851cc4f3d3bd94fa4e67a2242be38b7c0c2a094814b83c69bbda617edcfb4863e328b57224554394a78b8d26a5cbec506be784a9370f9a4cef8d4190a727ee409ae8abc95e01b4b119cb5e0b9609346673c5844183f02ae0e109bb2df564cb3167a3dc0d53616aa67dcd73e7c7815595ad329783978259e1f7f3073231fa4d46923087dc9f3815443f582a68841b30a5b5ae0f80ae71850a633cc73beb6dc6f5ce7f74711be28b4c7b91a5edc827427f7a4a25798d19887a766cf9ced5be2591d03fee93f47e90dcc35a76bda98ea564dd74b2ff5e4a61b938deffdc0a65cfb7e49ed19a4ed03f3e679b50a0fb924bdb4cc92df08c0ffe58d178c6f18ea7fc1ae0c1554a534b37302b2236b4a4fb0246daebbc5438047e89a22ee870f2dd77aa6a00c2a8c7f13308423c6863afe9c25fc03f71675757cda1b6df39eadd6e11bbd15d8f1123cc8a4207b584307b3b1057789ac1ef067dec352a9869f8b6d20621989cb3a391b60f49c9385a9da82c06a008ff522ac8c2fd8f7b80a9ebe83e9e9d58a302ddeca34eb31bb05ab66c53d821b357bf73631fefe9c9b1c21e3adbda9667f05b0ee26ab2def9c62d635be7ea677d49d7eaa98d50f44db1d8c35279b6b085ef7a5e64890325fe18002fd4c072cba3d330ed7d2f294a52c20e583f42e9e8b57a989c457e800e6fba797214198f655b4f0ea06f66f119d22a5fb07a20d73a4df62e2bfee5cb38c51f83c72c8f7b4711a0879ed8f7205a09fb1fffe9d904cf7e3fe839dce77d57f88c664450368f492e14e8885fd985298eab5b25bb0f636e02cc9b37b00c82945e4fb78a79c6c935e5766b5f48308719ca3298d2b788dba5744d9ea5ac9b683a9cdcbc95dc424e024b91e4c85bde1fcb143ab72788e08ff9c8ce7186801c67a50b08a74fa7d49f0a74ed4c39ed76f03e406d50f1de5a94730a5f211d7517d0f9b527cd58176f325e6bfc41eeff1d5b93d8a4e412c81719520b59472b4c1423deb1c1a9a044b81f63f31d6311d0ce6b0b18f54a421a1217150c3bafc025927368a27d2a92737ff8af96b50b471dda78e34b36f654dfeb0f5dd4cfc02a92eab37cbb781827e7bc904174637fbb3577503195beee598542114b7700347c0d69d3f3b47", 0x1000}], 0x5)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000001a40)=0x4)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000001ac0)=@generic={&(0x7f0000001a80)='./file0\x00', 0x0, 0x18}, 0x18)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001b00), 0x6100)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000001b40)={0x54, @time={0x4, 0x48a4}, 0x9, {0x6, 0x6}, 0x5, 0x0, 0x4})
ioctl$BTRFS_IOC_START_SYNC(r1, 0x80089418, &(0x7f0000001b80)=<r6=>0x0)
ioctl$BTRFS_IOC_DEV_INFO(r3, 0xd000941e, &(0x7f0000001c40)={<r7=>0x0, "eb1d43448ad5e49a5deb329f80dc52ea"})
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r1, 0x5000943f, &(0x7f0000002c40)={{r5}, r6, 0x10, @inherit={0x68, &(0x7f0000001bc0)={0x1, 0x4, 0xfffffffffffffff7, 0x4, {0x0, 0x9, 0xfff, 0x4, 0xfffffffffffffff7}, [0x2, 0x70c9f145, 0xaff2, 0xfffffffffffffff7]}}, @devid=r7})
ioctl$SCSI_IOCTL_START_UNIT(r0, 0x5)
fallocate(r5, 0xc, 0x3, 0x2)
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000003c40)={0x0, 0x2})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000003c80)=0x3)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r4, 0xc0745645, &(0x7f0000003cc0)={0xc, [0x81, 0x6, 0x1, 0x7, 0x5ec, 0x12a4, 0x9, 0x191, 0x0, 0x0, 0x100, 0x72, 0xc, 0x2, 0xfffc, 0x80, 0x255d, 0x7, 0x2, 0xa, 0x0, 0x6, 0x101, 0x69e, 0x4c, 0x3, 0x3, 0x4, 0x6, 0x6, 0xfff9, 0x3, 0x2, 0x6, 0x2, 0x5, 0x100, 0x80, 0xffff, 0x7, 0x5, 0xcf1d, 0x5, 0x8, 0x8, 0x1, 0xffff], 0x8})
ioctl$AUTOFS_IOC_PROTOVER(0xffffffffffffffff, 0x80049363, &(0x7f0000003d40))
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000003d80)={r2, 0xbc65, 0x51, "f24cf2556fc832c15e81de57f15fe2830a32042faa77ca18a8816b0f7fdea8c26bd0f01da168bd241ea6462f39b8b591ef6de55ce43c336407fbd419681e89278a347831a77d5648577ac8160756bf6d06"}, 0x59)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000003ec0)={&(0x7f0000003e00)="a0ed630317b11ec605a1373782919663ee3d5c224260f2a0f4a8deb090b89c5bfd14818c04bb9cb4f45b39a7e45b7f06c55c5bbf8a0a0f0d1a932049a264f06b3fca936c842e4e8ada9ee15f03e01b44dfa44dad0bbae22b8051469adbc07dbd130861db7a06450b43e11f7e848019a3c9a54e30a7f4e4a705bcabd230e294bda6ac158c28832a1c4202109a179db55d085f8ec8b6528802ded577f80108b658a3127b8af8bed0974f2c137a862b59eb17b4143990", 0xb5})
openat$sysctl(0xffffffffffffff9c, &(0x7f0000003f00)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0)

1m19.331697212s ago: executing program 1 (id=672):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r2, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r2, &(0x7f0000000580)={&(0x7f00000005c0)={0x2, 0x4e23, @rand_addr=0x64010101}, 0x10, 0x0, 0x0, &(0x7f0000000340)=[@fadd={0x58, 0x114, 0x6, {{0x5, 0x80000000}, &(0x7f00000001c0)=0x2, 0x0, 0x6, 0x2, 0x1b, 0x7, 0x2e, 0x9}}], 0x58, 0x4000000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
read(r3, &(0x7f0000000040)=""/225, 0xe1)

1m18.295504021s ago: executing program 1 (id=677):
listen(0xffffffffffffffff, 0x6)
listen(0xffffffffffffffff, 0x8)

1m18.151083027s ago: executing program 1 (id=678):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x224, 0x52000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_OFLAGS={0x6, 0x3, 0xff01}]}}}]}, 0x3c}}, 0x8000)

1m18.132951322s ago: executing program 1 (id=679):
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d0423c600000000000109022400010040000009040000010300000e09210108fd"], 0x0)
r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0xf7, 0x40000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x12c, @ioapic={0xfec00000, 0x4, 0xc, 0x9, 0x0, [{0x8, 0xdf, 0xc, '\x00', 0x1}, {0x3, 0x5, 0x8, '\x00', 0x7}, {0xff, 0x15, 0x3, '\x00', 0x5e}, {0xb, 0x3}, {0xff, 0xfd, 0x1, '\x00', 0x1}, {0x6, 0x0, 0x7, '\x00', 0x6}, {0x0, 0x1, 0xe0, '\x00', 0x6}, {0x0, 0x7, 0xf8, '\x00', 0x6}, {0x7f, 0x85, 0xc, '\x00', 0x9}, {0x7f, 0xa, 0x7, '\x00', 0x4}, {0xe, 0x40, 0x67, '\x00', 0xf}, {0x5, 0x4, 0x35, '\x00', 0x7}, {0x0, 0xa7, 0x7f, '\x00', 0x7}, {0x4, 0x1, 0x3d, '\x00', 0x2}, {0xa, 0x3, 0x7, '\x00', 0x9}, {0x4, 0x2f, 0xd, '\x00', 0x4}, {0xa, 0xc7, 0xaf, '\x00', 0x1}, {0x9, 0x9, 0x9, '\x00', 0x81}, {0x10, 0xa, 0x3, '\x00', 0x1}, {0x95, 0xc, 0x2, '\x00', 0x7}, {0xc, 0x9, 0x8, '\x00', 0x4}, {0x85, 0xf8, 0x1, '\x00', 0x3}, {0x7f, 0x8, 0x0, '\x00', 0xa7}, {0x8, 0x6, 0x0, '\x00', 0x5}]}})
ioctl$HIDIOCGUSAGES(r0, 0xd01c4813, &(0x7f0000000100)={{0x1, 0x1, 0x1, 0x0, 0x3, 0x7}, 0x1c0, [0x4, 0x7ea, 0x7, 0x5, 0x44e5, 0x8, 0xfffffffc, 0x6818d81d, 0x2d89, 0x1ff, 0x2, 0x2, 0xfffffff7, 0x10001, 0x62423341, 0xb3, 0x8b, 0x0, 0x80000000, 0xfffffffa, 0xc1, 0x434a, 0x5, 0x7, 0x7, 0x6, 0x4, 0x7, 0xbdb, 0x1fd, 0x2, 0x8, 0x75000000, 0x4, 0x2, 0xad, 0x3, 0x7, 0x8, 0x8, 0x0, 0x10000, 0x7, 0x2, 0xd, 0xab, 0x6, 0x3, 0x7, 0x9, 0x6, 0x3, 0xd26, 0x0, 0x0, 0xb5, 0xd89, 0x100, 0x31e3, 0xffffffff, 0x8, 0x473, 0x3, 0x1, 0x1, 0x0, 0xffffbeb6, 0x4, 0xa, 0x92, 0x401, 0x4, 0x4, 0xfffffff7, 0x3, 0x5, 0xf, 0x8001, 0xa0000000, 0x1, 0x5, 0xffffffff, 0x36, 0x2, 0x2, 0x6, 0x3, 0x8, 0x4, 0x3, 0x4, 0x1, 0x0, 0x8, 0x7, 0xc81, 0x8, 0x5, 0x3, 0x5, 0x6, 0x5, 0x3, 0x3, 0x0, 0x870b, 0xfffffff8, 0x53f6, 0x8000, 0x3, 0x6, 0x7, 0x5, 0x28e, 0x7, 0x3, 0x3, 0xfff, 0xffff, 0x7, 0x5, 0xb6f7, 0x3, 0xfff, 0x40, 0x2, 0x3, 0x7, 0x0, 0x3, 0x1, 0x10001, 0x80000000, 0xfffffff3, 0x8, 0xffff, 0x9, 0x9b4, 0x8, 0x4, 0xfffffff7, 0x6, 0x4, 0x7, 0xfffffff9, 0x40, 0x80000001, 0x9, 0x971, 0x9, 0x10, 0xfe7, 0x3, 0x7, 0x5, 0x4a, 0x401, 0x0, 0x200, 0x4, 0x4, 0x6, 0x0, 0x2, 0x8, 0x42, 0x1, 0x0, 0x3, 0xa000, 0x40000000, 0x1, 0xa45c, 0x8, 0xb38, 0x0, 0x6, 0x2, 0x10, 0x800, 0x4, 0x10, 0x100, 0x6, 0x37, 0x8000, 0x40, 0x8, 0x2145, 0x401, 0x79, 0xb, 0x3779, 0x3, 0x619, 0x1, 0x1, 0x6a9ca5b6, 0x8, 0x0, 0x200, 0x6, 0x3ff, 0x0, 0x59e, 0x80000001, 0x85, 0x3, 0xfd, 0x8f, 0x0, 0x0, 0x6, 0x3d6, 0xa7c, 0x200, 0xdd, 0xee7, 0x3c6f, 0x800, 0x8, 0x7ff, 0x1ff, 0xab6f, 0x3, 0x3, 0x40, 0x4, 0x3, 0x20, 0x0, 0x7, 0x5, 0x100, 0xa, 0x101, 0x0, 0x1a, 0x10000, 0x8, 0x8, 0x38c8, 0x8000, 0xd63b, 0x2, 0x10000, 0x80, 0x7, 0x78, 0x8, 0x3, 0xfffffffb, 0xa, 0xfffffff7, 0x1, 0x9, 0x401, 0x1, 0xe047, 0x4, 0x8, 0x3, 0xfffffff9, 0x100, 0x9, 0x6, 0x2, 0x2, 0xc, 0x0, 0x7, 0x5, 0x8, 0x7, 0x5b, 0x7, 0x5, 0x1ff, 0x4, 0x5, 0x2, 0xdb, 0x5, 0x1, 0xfffffffd, 0x3, 0x3, 0x3, 0x3, 0x3f6830f9, 0x80b, 0xa, 0x80, 0x6, 0x6, 0xe, 0x7fff, 0x796, 0xc5, 0x8, 0x7, 0x1, 0xff, 0x1, 0xf5, 0x1, 0x1, 0x4, 0xe, 0x52ab6add, 0x0, 0x3, 0x2, 0x7fffffff, 0x7, 0x2, 0x80, 0x10000, 0x81, 0xfff, 0xd0600000, 0x9, 0x0, 0x5, 0x5, 0x0, 0x5, 0x0, 0x8, 0x6, 0x4, 0x2e58b0b2, 0x8, 0x9, 0x1c, 0x2, 0x5, 0x0, 0x6, 0x0, 0x682, 0x1, 0xd45, 0x2, 0x2, 0x9, 0x7ff, 0x999d, 0x266, 0x9, 0xffff, 0x2, 0x0, 0xd05a, 0x3f, 0x7, 0x5ce, 0x9, 0x8, 0x21b80e6, 0x3, 0x0, 0x3941, 0xb, 0x3ff, 0x10001, 0xff, 0x8, 0x7, 0x3, 0x10000, 0x8, 0x800, 0xbca, 0x80000000, 0x0, 0x7, 0x40, 0xe2b1, 0xff, 0x7, 0x2, 0x4, 0x64, 0x0, 0xfffffff3, 0x8, 0x2, 0x800, 0x2d3, 0x4566, 0x0, 0x8, 0x6, 0x1, 0xfffff36d, 0x8, 0x9d99, 0xe, 0x10000, 0x0, 0x7fff, 0x9, 0x92, 0x2, 0x8, 0x8, 0xfffff801, 0x710, 0x2, 0xd64, 0x1, 0x6, 0x7f, 0xffffff97, 0x3, 0x0, 0x0, 0x7, 0x0, 0xc, 0x6, 0x6, 0x55, 0x1, 0x3, 0x76, 0x736, 0x6, 0x1, 0x5, 0x4, 0x1, 0x1000, 0x1, 0xfffffffd, 0x2b, 0x9c, 0xae, 0x4, 0x0, 0xacf8, 0x7f, 0x6, 0x3, 0x4, 0x1, 0x4, 0x0, 0x5, 0x1ff, 0x6, 0x6, 0x7, 0x1, 0x7ff, 0x3, 0x7fffffff, 0x199, 0xffff, 0x80000000, 0x120000, 0xe5, 0xa27, 0x7fffffff, 0xc, 0x9, 0xb439, 0x40, 0xd1, 0x5, 0x2, 0x5, 0x7ff, 0x10001, 0x7, 0x7, 0x4d, 0x4, 0x10001, 0x8, 0x1000, 0x3, 0x40, 0x1b65, 0x65a5786d, 0x8001, 0x1, 0x9, 0x3ff, 0x7, 0x4800000, 0x5, 0x7, 0x2, 0xe, 0x400, 0x6, 0xfffffffc, 0xc933, 0x4, 0x1, 0x10000, 0x0, 0x1, 0x20, 0xfffffa92, 0x5, 0x2, 0x7, 0x1, 0x7, 0x3, 0x9, 0x1ff, 0x81, 0x4, 0x10000, 0x81, 0x6, 0x3ff, 0x0, 0x3, 0x2, 0x400, 0x5, 0x2, 0x6, 0xffffc70b, 0x7f, 0x6, 0x7, 0x3, 0x5, 0x0, 0x4, 0x2, 0x3, 0x3a9, 0x0, 0x5, 0x11, 0xfffffff5, 0x3, 0xa9, 0x4, 0x2, 0x1, 0xd, 0x4, 0x22f5, 0x8000, 0x100, 0x3, 0xffffffff, 0xfffff800, 0x870a, 0x5, 0x81, 0x1, 0x2, 0x9, 0x7, 0x3, 0x330, 0x4, 0x8, 0xfff, 0x2, 0x4, 0x10001, 0x10001, 0x12, 0x9, 0x800000, 0x7, 0x8, 0x8, 0x6, 0x4, 0x5, 0x0, 0x4, 0x7fff, 0x10001, 0x7, 0x5, 0x0, 0x9, 0x9, 0x2, 0x81, 0x1000, 0x14ad2000, 0x4, 0x11596c76, 0x5, 0x0, 0x7, 0x0, 0xffffffff, 0x0, 0xfffffffb, 0x2, 0x0, 0x9, 0x7ed4, 0xff, 0x2, 0x100, 0x1, 0x4, 0x4, 0x5, 0x2, 0x6, 0x3, 0x6, 0xffffffff, 0x8, 0x1, 0x2, 0xf, 0xe, 0x80000000, 0x200, 0x9, 0x0, 0x2, 0xc, 0x7, 0x51, 0x6, 0x3, 0x4, 0x2, 0x101, 0x8, 0x2, 0x80000001, 0x7ff, 0x1, 0x0, 0x50, 0x2, 0x7f, 0x6, 0x0, 0xfffffff7, 0xe, 0x5, 0xd8, 0x99ce, 0x9, 0x9, 0x3, 0x4e62, 0x3, 0x81, 0x0, 0x0, 0x8, 0xf98, 0x0, 0xb, 0x801, 0x2, 0xf, 0x9, 0xb, 0xae4, 0x5, 0x5, 0x127, 0x2, 0x330, 0x0, 0x9, 0x2, 0x2, 0x2, 0x9, 0x81, 0x8, 0xffff, 0x2, 0x1ff, 0x0, 0x5, 0x5, 0x8e557cc, 0x4, 0x10001, 0x5d63, 0xb, 0x1, 0x7, 0xc, 0x4, 0xe, 0x2, 0x3, 0x8, 0x1000000, 0x7f, 0x4, 0x8001, 0xffffffff, 0x9, 0x5, 0xa, 0x8d74, 0x10, 0xfff, 0xa, 0x1, 0x84, 0xa, 0x8, 0xed79, 0x4, 0x8, 0x80000001, 0x0, 0x2, 0x7274, 0x1, 0x9, 0x9, 0x1, 0xe81, 0x21f9c856, 0x3, 0x5, 0x0, 0x2, 0x6ec, 0x80000001, 0xf, 0x8, 0x6, 0x9, 0x4, 0xf, 0x9282, 0x80, 0x9, 0xc, 0x9, 0x0, 0x7ff, 0x81, 0x3, 0xc7, 0xd9, 0x8, 0xc43, 0xfffffff7, 0x5, 0x0, 0x5, 0xe0f4, 0x9, 0x985e, 0x8, 0x3, 0x7, 0x7, 0x77, 0x7fff, 0x0, 0x40, 0x2, 0x0, 0x6, 0x8, 0x6, 0xc43, 0x1ff, 0x3, 0x7, 0x1e1, 0x4, 0xf, 0x101, 0x0, 0x80, 0xfffffba6, 0x7, 0xfff, 0x3, 0x9, 0x2, 0xffffff59, 0x7, 0xe9, 0x4, 0x1, 0x1, 0x1, 0x5, 0x0, 0x9, 0x100, 0x7, 0xee, 0x1, 0x90, 0xfae, 0x8, 0x380000, 0x0, 0x10001, 0x3, 0x8, 0x401, 0x100, 0xf, 0x0, 0x7, 0x7469, 0x9e7, 0x401, 0x7, 0x77, 0x6ba2, 0x8, 0x2, 0x1, 0xf1, 0x6, 0x840d, 0x5, 0x1, 0x42, 0x9, 0x9, 0x3, 0x8236, 0xfff, 0x4, 0xc9, 0x28df, 0x7, 0x5a9, 0x9, 0x471a, 0xb, 0x2, 0x3, 0x448dbcbc, 0x1, 0xdd0, 0x0, 0x8, 0x81, 0x2, 0x2, 0x4, 0xffffffff, 0x80200000, 0x1, 0x5, 0x4, 0x0, 0x57b, 0x768, 0x2, 0x7, 0x1, 0x7, 0x9, 0x280, 0x7, 0x80000000, 0x9, 0x6, 0x4, 0x85, 0x1, 0x1, 0x2, 0x6, 0x8, 0x9, 0x5, 0x8, 0xe, 0x4, 0x2, 0x9, 0x2, 0x5, 0x8000, 0x8, 0x9, 0xfff, 0x1, 0x1000, 0x3, 0x1, 0x6, 0x9, 0x8000, 0x6, 0x1, 0x2, 0x4, 0xffffffff, 0x6, 0x1, 0x80, 0x6, 0x5, 0xd, 0x8001, 0x0, 0xfffff001, 0x6, 0x6, 0x3, 0x7fff, 0x8001, 0x7ff, 0x5, 0x1, 0x7, 0x9, 0x5, 0x3ff, 0xe7b1, 0x4, 0x5, 0xffff, 0x2, 0x9, 0x401, 0x7f, 0x6, 0x9, 0xfffffffe, 0x0, 0xb, 0x5, 0x80000001, 0xb46e, 0x80, 0x4, 0x400, 0x9, 0x7, 0x81, 0x2, 0x81b, 0x9, 0x0, 0x3, 0x9, 0x2, 0x7, 0xe, 0x9, 0x200, 0x10b9980c, 0x2, 0x5, 0xfe, 0x9, 0x8, 0x6, 0x1d, 0x53fc6ad1, 0x4e2b, 0x2, 0x9, 0x4, 0x8, 0x8acd, 0x0, 0x2f75, 0x5, 0x4, 0x7, 0x0, 0xf, 0x2, 0x10000, 0x8b0, 0x8ef, 0x1800000, 0xffffff80, 0x2, 0x93, 0x1, 0x1, 0x7ff, 0x10001, 0xc, 0x10001, 0x1, 0x0, 0xfffffffc, 0x1, 0x0, 0x5, 0xffffffff, 0x4, 0x2, 0x537e, 0x1, 0x80000000, 0x7fff, 0x9, 0xb5f, 0x78d, 0x95, 0x9, 0x5, 0x4, 0x200, 0xe, 0x2, 0x8000, 0x1]})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000000f14010027bd7000fcdbdf250b00450075766572627376"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc4000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet_tcp(0x2, 0x1, 0x0)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_freezer_state(r5, &(0x7f0000000140), 0x2, 0x0)
write$cgroup_freezer_state(r6, &(0x7f0000000440)='FROZEN\x00', 0x7)
r7 = socket$can_raw(0x1d, 0x3, 0x1)
recvmsg$can_raw(r7, &(0x7f0000001580)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000300)=""/66, 0x42}, {0x0}, {&(0x7f0000000140)=""/82, 0x52}, {&(0x7f00000013c0)=""/168, 0xa8}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000001700)=""/197, 0xc5}, {&(0x7f00000000c0)=""/24, 0x18}, {&(0x7f00000015c0)=""/165, 0xa5}], 0x8, &(0x7f0000001500)=""/123, 0x7b}, 0x2106)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f00000003c0)={0x1, 0x0, [{0x40000002}]})
r11 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r11, 0x84, 0x81, &(0x7f0000000280)="1a0000000212a277", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r11, 0x84, 0x17, &(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="06"], 0x9)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r11, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x6}, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r11, 0x84, 0x18, &(0x7f0000000100)={0x0, 0x6}, 0x8)

1m14.340514685s ago: executing program 1 (id=693):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000000ba7e44d5e41f269d6aedf923ea7b257e3671429fd29c5cb0d48f6e3f27da473e817c8068b0e75e7087d68ee7965772ed3a08def8ee82e6db248718722e6", @ANYRES16=r2, @ANYBLOB="01000000000001000000170000000c00068008000600ffffffff"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x20101, 0x0)
unshare(0x24020400)
syz_emit_ethernet(0xffffffffffffff9d, 0x0, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r3, 0x40043311, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$rtl8150(r5, 0x0, &(0x7f0000000840)={0x2c, &(0x7f0000000740)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0})
write$tun(r0, &(0x7f0000001400)=ANY=[@ANYBLOB="000000f6"], 0xfce)

59.091209396s ago: executing program 32 (id=693):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="200000000ba7e44d5e41f269d6aedf923ea7b257e3671429fd29c5cb0d48f6e3f27da473e817c8068b0e75e7087d68ee7965772ed3a08def8ee82e6db248718722e6", @ANYRES16=r2, @ANYBLOB="01000000000001000000170000000c00068008000600ffffffff"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x20101, 0x0)
unshare(0x24020400)
syz_emit_ethernet(0xffffffffffffff9d, 0x0, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r3, 0x40043311, 0x0)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$uac1(r5, 0x0, 0x0)
syz_usb_control_io$rtl8150(r5, 0x0, &(0x7f0000000840)={0x2c, &(0x7f0000000740)={0x40, 0x3}, 0x0, 0x0, 0x0, 0x0})
write$tun(r0, &(0x7f0000001400)=ANY=[@ANYBLOB="000000f6"], 0xfce)

7.842902367s ago: executing program 2 (id=972):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904", @ANYRESDEC, @ANYRESHEX], 0x0)
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, &(0x7f0000001080))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904", @ANYRESDEC, @ANYRESHEX], 0x0) (async)
socket(0x2, 0x80805, 0x0) (async)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, 0x0, &(0x7f0000001080)) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)

7.688622128s ago: executing program 3 (id=973):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
r1 = eventfd2(0xff, 0x80801)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x2200000, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
rmdir(&(0x7f0000000040)='./file0/../file0/file0\x00')
read$FUSE(r2, &(0x7f000000e280)={0x2020}, 0x2020)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0)
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r9=>0xffffffffffffffff})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, 0x0)
ioctl$SYNC_IOC_MERGE(r9, 0xc0303e03, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x4d, 0x6, 0x3, 0x9, 0x2, 0xffff2d34, 0xfffffefd, 0x6, 0x3, 0xfffffffc, 0x5, 0x5, 0xfffff2d2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x4, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0x1, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc48, 0x48c93690, 0x43, 0x103], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x6, 0x5, 0xffffffff, 0x85, 0x3, 0x303c, 0x4, 0xb, 0x5, 0x2, 0x2, 0x403, 0x20000008, 0x2, 0x6d03, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0xc59d, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x0, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xb3, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

6.962627445s ago: executing program 0 (id=974):
r0 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r0, &(0x7f0000000300)=[{{&(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x4, 0x0}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000200)="9a", 0x1}], 0x1}}], 0x1, 0x4000000)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r2, 0x3, 0x1}, 0xc)

6.726907094s ago: executing program 4 (id=977):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="1201000000000040c41090ea8000000000010902"], 0x0)
openat$qrtrtun(0xffffff9c, &(0x7f0000000080), 0x208000)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
socketpair(0x2, 0x2, 0x0, &(0x7f0000000000))
socket(0x13, 0x800, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000004c0))
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4840, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x10, 0x2})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd)

6.69576757s ago: executing program 3 (id=978):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0xb8}}, 0x0)

6.617757656s ago: executing program 0 (id=979):
r0 = add_key$fscrypt_provisioning(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, &(0x7f00000009c0)=ANY=[@ANYBLOB="010000"], 0x48, 0xfffffffffffffffe)
keyctl$search(0xa, r0, &(0x7f00000004c0)='cifs.idmap\x00', &(0x7f0000000500)={'syz', 0x3}, 0xfffffffffffffff9)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2003, 0x0)
socket$alg(0x26, 0x5, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
socket$kcm(0x10, 0x2, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000a40)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4$alg(r3, 0x0, 0x0, 0x80800)
io_setup(0x19, &(0x7f00000009c0)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000000)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x2}])
readv(r4, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/25, 0x19}], 0x1)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20)
mprotect(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000008)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0xfffd}, 0x90)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x19, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000850000002a00000018110000", @ANYRES32=r7, @ANYBLOB="0000000000efffffb6080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400001e240f258500000082000000bf91000000000000b7020000000000008500000084000000b700000000000e009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r8}, 0x10)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r10 = socket(0x400000000010, 0x3, 0x0)
r11 = socket$unix(0x1, 0x1, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r10)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7fff, 0x80, 0x240}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r10, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r12, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_CLASSID={0x8, 0x1, {0x0, 0xfff1}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r13 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

6.527904411s ago: executing program 3 (id=980):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r3, &(0x7f00000001c0), 0x0, 0xe, 0x1)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e000080000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r5], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r7, @ANYBLOB="01"], 0x3c}}, 0x0)

6.386492075s ago: executing program 2 (id=981):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, 0x0)

6.161546705s ago: executing program 2 (id=982):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup(0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x202983, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40000)
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r3, &(0x7f00000021c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x4010)
r4 = memfd_secret(0x0)
ftruncate(r4, 0x581)
ftruncate(r4, 0x0)
mremap(&(0x7f0000d71000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000179000/0x2000)=nil)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r5 = io_uring_setup(0x3454, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, 0x0, 0x0)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa)
mmap(&(0x7f0000564000/0x800000)=nil, 0x800000, 0x300000a, 0x4031, r2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r6, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="e80000006c00010029bd7000fcdbdf2500000000", @ANYRES32, @ANYRES32=r5], 0xe8}}, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000000), 0x6, 0x103000)
ioctl$BLKDISCARD(r8, 0x1277, &(0x7f0000000080)=0x3)
socket$inet_udplite(0x2, 0x2, 0x88)

5.966066376s ago: executing program 3 (id=983):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000100)={0x79, 0x0, 0xc})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000180)={0x1, 0x0, [{0x0, 0x2, 0x0, 0x0, @adapter={0x6, 0x6f, 0xfd, 0x7f, 0x10001}}]})
ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f00000002c0)={0x0, 0x1})

5.906581403s ago: executing program 5 (id=984):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
openat$binfmt_format(0xffffff9c, 0x0, 0x2, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000001c0), 0x0, 0x10002, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
rt_sigprocmask(0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x20040768, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto(r2, &(0x7f0000000780)="7057da", 0x3, 0x24000011, 0x0, 0x0)
sendto$inet(r2, &(0x7f0000000700)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba1e9bb7ec30de54e3d82d4e023f9a336ec7e55fefd0d3c8f30eea40e40a6e32d6873837bb90f2fafc91", 0xffffffffffffff29, 0x80, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000000)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x1, &(0x7f0000000380)=""/240, &(0x7f0000000900)=""/103, &(0x7f0000000800)=""/90})

5.851684179s ago: executing program 0 (id=985):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_TIMEOUT(r0, 0x0, 0x48a, &(0x7f0000002180)={0xd, 0xffffffff, 0x8}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioperm(0x7, 0x81, 0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
fcntl$setlease(r3, 0x400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000180)=0x20000004)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xac)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f00000000c0)={0x2000042, 0x2, 0x3}, 0x10)
r4 = gettid()
prctl$PR_SCHED_CORE(0x3e, 0x0, r4, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x9, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102400, 0xffffffffffffff4f)
syz_open_dev$sg(0x0, 0x0, 0x8002)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c00000040000701feffffff00000000017c0000040042801000018006000600800a000004001c0004000280e96474dc38b64c5700f141299befe8a22cfb54b83e32d166e5f4b9172d278547e412c1a5da159856cfec2b452b6b04284a5dd5ee9dc909aee1c64ab8904c4231ceaf2dd7c36c4719c71e9deff8716a67c7c5ef090f08092772"], 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r7=>0x0, 0x0, 0x0, <r8=>0x0}, 0x2020)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000100)={0x18, 0x0, r7, {0x4}}, 0x18)
truncate(&(0x7f0000000040)='./file0\x00', 0x1000000)
close_range(r2, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={<r9=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r9, 0x5761, &(0x7f0000004200)=ANY=[@ANYRES32=r8, @ANYRESHEX=0x0, @ANYRESDEC=r1, @ANYRES32=r1, @ANYRESHEX, @ANYRES8=r7, @ANYBLOB="7770ba6c64e32d717d64845d408274684fca20bb8807c1dfa38c96b9ae961ac0836a6db1a4d843d112030c0dc24a39f537ee96fd7c8b357b0014b0c4cd1426e95855fb3b5c33f4706000be2b9132b5e8df6804c550eb78fb289c1007ad6978c412e1910178933e1d97ad80a7a8a27d37516eec042cbc8ed17541fd2a56b96e213e3a33812d3b3a78c177252d1bf4f21389", @ANYRESOCT=0x0, @ANYRES32=r1])
syz_usbip_server_init(0x1)

5.629758055s ago: executing program 3 (id=986):
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000500)={[0x5]}, 0x8)
r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x44, &(0x7f0000000880)=ANY=[@ANYBLOB="400a0100000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
prlimit64(0x0, 0x3, &(0x7f0000000840)={0x2, 0x8}, 0x0)
r2 = creat(&(0x7f0000000140)='./file0\x00', 0x71)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x25, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000001500010300000000000000000a00", @ANYRES32=r2], 0x1c}}, 0x20000080)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r0, &(0x7f0000000000), 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000240)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r8 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000a00), 0x480c80, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r8, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100", <r9=>0xffffffffffffffff})
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5000000027000100000000000000000a01"], 0x50}}, 0x0)
poll(&(0x7f0000000280)=[{r9, 0x4034}], 0x1, 0x1)
close_range(r8, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_MKDIRAT={0x25, 0x4, 0x0, r2, 0x0, &(0x7f00000009c0)='./file1\x00', 0xa, 0x0, 0x1})
io_uring_enter(r5, 0x351e, 0x483, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x83, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x71, 0x1, 0x1, 0x40, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x3, 0x2, 0x6, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x0, "03000000cc1a"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0xedca, 0x5, 0x58, 0x28}, [@call_mgmt={0x5, 0x24, 0x1, 0x1, 0x6b}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0x10}, @mbim_extended={0x8, 0x24, 0x1c, 0x6, 0x4}, @mdlm={0x15, 0x24, 0x12, 0x8001}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x400, 0x46, 0x6, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x2, 0xa, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x7f, 0x9, 0x7f}}}}}]}}]}}, &(0x7f0000000a80)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x250, 0x80, 0x39, 0x0, 0x10, 0x8}, 0x23, 0x0, 0x8, [{0xf5, &(0x7f0000000380)=@string={0xf5, 0x3, "9705c169ca2a03f11ef3cbc561a861ca4c21f81cce623f0964ca2fc595af328ae46e91405cde6b07f5c3c7298bd3dd1ce5be6a35681edb61bdac599369341d8c8b28eddade3ce3afa1ac122b10f1dd993df8d30711e833ae8b3bc1f378f0180ca3776ebf5b8509021173e0cc9d8dda911c4941442c1c60f2ef1120907067189bbb5edc0950eb77bd485c2617e5dd57fd35b93a42210505b8964f822fea47436b8bbb2882f5c33ecccbb02bc899498b24fd1d289587bf23850fad473627e3789d8e4136c0107650f925392dc094321bc88322c41475677a0c5433d39fc3a0b62708f12175324e84f2d4ffddea8efb7247b332ae"}}, {0x69, &(0x7f0000000480)=@string={0x69, 0x3, "45411f0c989a422258f6e6989ac396a6114b2202cfaec08152dfda646d49ccae8daba659db6e4a76c7c27f5b5645ef83822b689006e6a0886f4a0712fd862f5737ded534a063907333f6b3a1d0f5f8c6a096a6209364432e5c51b06f62a481dafab07ac3b68356"}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x430}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0xf4ff}}, {0xc5, &(0x7f0000000bc0)=ANY=[@ANYBLOB="c503e75905e22e31ec6ad996707fd57c5b75f018a52ebc26dc7367e13e12cd32b934f2c3c424972bfaeb67eb2bdfbc16942e0a04eebf12780978cf7e62e4eab1ba0046d845ac0d6594a4ce9a5885a2009c7a4623298afcff3e5b349a445a5a075c13408ec0286cb359ee30f0f165ef66d1d52a21a08bd04ad49fde4994aaf68f306ba5e82506a023344c50b3fb8abbc7e3ab5d845e135cf399df0740c423bc996bf2488d8818335521e1adca54601226e8303f66388e42bd4c49798fad8a8dc588d8a2f917b9ffa2234d45ee04aa098df2ef1195dad7c2416b92bef31bd385a625d28f678330bda6e727fe681c27da68a72786"]}, {0xf5, &(0x7f00000008c0)=ANY=[@ANYBLOB="f50376e33612e5e318d91cc2cfcb872440e09f41c5a28af6cbf336627374334dcb3c6f1d44dd5045d4da331ebb7b9a6695a0cdc576db6b184ea33bff77390fb736fe6fb62803ea2a892e0c789962c19a39e22e86bffb52b39940335b4d0d4c9888991fc174a846ebbf455de09ea35c7bdb9b977a163bd19aafd126dd0cff8e462695b49172dad402a05d78b598a0311668a617ae66f5137c91b9c4876856a65df12d6c552ab4c172a218721d981013e370a24b5708d7434664068e6563c290d6036bee61797ef13afbbb27ce6b1bc9dff000fd7b7b95d347ece1c9861ae5d38078a88c4f77ec063437f9347f4e998e844f461adb8b"]}, {0x8a, &(0x7f00000006c0)=@string={0x8a, 0x3, "53047badf6bccaa17d4c2e712b44ed90cac36e499a4b70051154cdc40d582acc0ccab441bd2dda8521be4e5e3ccd1823e91dfa0d38caf4dc889120148c11c627ba0e8228c46714234b731f524ab68f1666ba5acd7efe3bb929d8462fe98ab3f978148a97e9f0f270c003bb605fe226cc37e7fc1d02455e282fc5e2080d891a1b960d500147dd55d5"}}, {0xba, &(0x7f0000000b00)=ANY=[@ANYBLOB="ba0327b4b62c918a842c29ebadf821cb69da5ea172b77d97c6d21e80273d872e3c726ff182d169b5247c82d0590eab67f8e77ba695db373d2f3c0eced88d7636c4edd7746f0b7d0b763a9a4ed2e9504563fdac3a42946c7a78805d83be9b55011d9570c03204f31016e411dbad43d0a9d1f363487887f4a7ba4ce873803792c24a6faaab3556f38f4bf044879964d84df3015bafb378efc9e012bb29d091b286a545562faa5b306bce82cd4674a3324de2644e395189eb67dd7d"]}]})
name_to_handle_at(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)={0xa8, 0x0, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0xc, 0x5, 0x0, 0x1, {0x8, 0x1, 'RAS\x00'}}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x5}]}, 0xa8}, 0x1, 0x0, 0x0, 0x20000045}, 0x74800)

4.862573962s ago: executing program 0 (id=987):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x21c0, 0x103)
fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xee01, 0xffffffffffffffff, 0x1000)

4.849761781s ago: executing program 4 (id=988):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x380})
socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$video(&(0x7f0000001300), 0x7, 0x101000)
openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x335)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff)
close(r6)
prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd)
r7 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r8 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDCTL_DSP_RESET(r8, 0x80044dff, 0x1000000000000)

4.824662473s ago: executing program 0 (id=989):
syz_open_dev$ptys(0xc, 0x3, 0x0)
ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x8, &(0x7f0000000240))
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000a40)=ANY=[], 0x50)
r1 = socket$pppoe(0x18, 0x1, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'vcan0\x00'})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f0000000280)=r2)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
r3 = syz_clone3(&(0x7f0000000900)={0x23801000, &(0x7f0000000040)=<r4=>0xffffffffffffffff, 0x0, 0x0, {0x100003a}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r5=>0x0)
wait4(r3, 0x0, 0x1, 0x0)
io_submit(r5, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, r4, 0x0}])
r6 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r6, &(0x7f0000000180)={0xa0, 0x600, 0x0, {{0x4, 0x3, 0xaa8, 0x20007, 0x3, 0x4, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0xfffffffc, 0x3, 0x6, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x6}}, {0x0, 0x13}}}, 0xa0)
sendfile(r6, r6, &(0x7f0000000100), 0x7f03)

4.778161268s ago: executing program 5 (id=990):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000040000000030a010200000000000000000100ffff0900030073797a32000000001400148008000240"], 0xb8}}, 0x0)

3.884879902s ago: executing program 4 (id=991):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$getsig(0x4202, r1, 0x5, &(0x7f00000003c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0)
r4 = socket(0x10, 0x3, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, 0x0, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x48}}, 0x400400c0)
r7 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, r8, {0x0, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1e3a9}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x3d1, 0x3, 0x0, 0x6, 0x6}, 0x7e}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}}, 0x2)
sendmmsg$alg(r6, &(0x7f00000000c0), 0x492492492492627, 0x0)
recvmmsg(r4, &(0x7f0000002a40), 0x0, 0x40002000, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000540)={'wlan1\x00'})

3.437028923s ago: executing program 5 (id=992):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)

2.969567283s ago: executing program 2 (id=993):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={0x0})
prlimit64(r0, 0x4, &(0x7f0000000140)={0x2, 0x200000088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000309000/0x1000)=nil, 0x1000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x188fd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0xe160515b4f827250)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r3, 0xc05c5340, &(0x7f0000000240)={0x6, 0x83de, 0x9, {0x2}, 0x1, 0x6000000})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6(0xa, 0x80003, 0x1)
connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
fcntl$setown(r4, 0x8, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7, 0xfffffffd}}, 0xe8)
prlimit64(0x0, 0xd, &(0x7f0000000040)={0xd12c, 0x3}, &(0x7f0000000080))
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000005400019b4abd70010000000007000000", @ANYRES32=r6, @ANYBLOB="20000100", @ANYRES32=r6, @ANYBLOB="000002000000000000000000000000000000000186dd"], 0x38}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)

2.88031676s ago: executing program 0 (id=994):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0)
read$char_usb(r2, &(0x7f00000002c0)=""/151, 0x97)
syz_usb_disconnect(r1)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000006680), r0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r5, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r4, 0x100, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x14}}, 0x44000)
r6 = socket$inet(0x2, 0x2, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, 0x0, 0x0)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000008000100040000002c00048005000300010000000500030080ffffff05000300016900000500030080ffffff05000300050000000800020003"], 0x50}}, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r7, 0x0, 0x484, &(0x7f00000000c0)=""/24, &(0x7f0000000340)=0x18)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000006780)={0x0, 0x0, &(0x7f0000006740)={&(0x7f0000000040)={0x30, r4, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x1}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8004}, 0x48000)

2.816675938s ago: executing program 5 (id=995):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x2c, r2, 0x431, 0x70bd2a, 0x259fdc00, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4c810}, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r4, 0xc018937a, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r5=>r4, {0xffffffff}}, './file0\x00'})
sendmmsg$unix(r5, &(0x7f0000000000), 0x0, 0x880)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='htcp', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000040)=[@sack_perm, @sack_perm, @timestamp, @mss={0x2, 0x2}, @timestamp, @window={0x3, 0x40, 0xfffd}, @mss={0x2, 0x9}], 0x7)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)

2.576967507s ago: executing program 2 (id=996):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, 0x0)
preadv(r3, &(0x7f00000001c0), 0x0, 0xe, 0x1)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r5, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r5], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r6 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(0x0, r6)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r7, @ANYBLOB="01"], 0x3c}}, 0x0)

2.574019796s ago: executing program 4 (id=997):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@ipv6_newnexthop={0x28, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ENCAP={0xc, 0x8, 0x0, 0x1, @LWTUNNEL_IP_TTL={0x5, 0x4, 0xff}}]}, 0x28}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r1 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x301, 0x0)
fadvise64(r2, 0x8000000000000001, 0x8, 0x3)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
sendfile(r3, r3, 0x0, 0x40000f63c)

2.321885596s ago: executing program 2 (id=998):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000006c0)=ANY=[@ANYBLOB="1201000000000040c41090ea8000000000010902"], 0x0)
openat$qrtrtun(0xffffff9c, &(0x7f0000000080), 0x208000)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
socketpair(0x2, 0x2, 0x0, &(0x7f0000000000))
socket(0x13, 0x800, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000004c0))
syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x4840, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x10, 0x2})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

1.522279912s ago: executing program 5 (id=999):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000000c0)=0x4)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10010}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x64, 0x0, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x38, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @ipv4={'\x00', '\xff\xff', @remote}}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}]}, 0x64}, 0x1, 0x0, 0x0, 0x80}, 0xc040)
r5 = socket(0x23, 0x5, 0x0)
r6 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r6, 0x81204101, &(0x7f0000000440))
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, 0x0, 0x0)
ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead)

1.462939467s ago: executing program 4 (id=1000):
socket$nl_route(0x10, 0x3, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6(0xa, 0x2, 0x0)
close(0xffffffffffffffff)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90f, 0x1})
execve(0x0, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000006100)="d1f89c14e7f8640b43b1f1d1e00b2b0b3146d223d281c321953af4ade40d696d07f4b7d2ed1c1fd5691291056351901df48500519139568c88f49bb32801f1eb24b30efbab27313a3acab179fd6ce1f7150b0f0aae8cde4dd46b4f63cd60f647ea9bcf83f107e981a050f61f5d1bb5c7883f93269bba25e4122796c0f88ab27d913586d055f8c977ffcb05c85210f93cbad91499fedb2ab95e06bf009e54b422f66cef043560f4d77ae5c083cc67fcb0d3f10699aac8cceaf6d3b8f32e15555924edbc42b4ca3d2f4a92f5d30c18176c3abd17db4de2ef74472ffb637dd07460aeb7c882811c089217d88cbb5eec41d2be903e1c65cad2ad742f9ba8b512adab575f89d539492034ddfe4fd28205c8f27c52f0f631703d384634bfcad149ea9e842125062ac67006ca474be31f708b4f4f1e0c97a4eb2f26b671e172e251e8a6e9e1510bb74931aaf6b6ff84f8aefd63591f18f2ae8028985d78fcc5ed2d57bf595d3068e904387eeddd19bd359721a432bed0bff033cbca6acfddb6529fb11290bf1563b45034bd9b6c331091efef04303ca9942fcb64e56f3ff74d610e14c8f8a87e41582aebb272e5d6e945fdc7095bd181b93f13ddbdc18545f9cfc4db7f134c9ffa6add6727ab8755a06dca23d24a67658fda84321bb97fc475ace3b9912dad73f0ee6c8b2d6d58d7328ca63d1aeceb22a419fe4ec4c3b943051e9d276c559c33e6a45a97813bfcf80c7d79ebe04b1827878c4c8c2da2d598f9f3e444ae82f142716827dddcd94f8997d88a30be2a76432641125e28d5a0896b3e040a8b6805abc98da90844261468826b89f6cbac8d7b5eb6cd8a23f7c7ae9b99dfa6616f9dd10ac48e8c53a38ebfcee8c0ae1be1ee982515ce12a1ebf5d2d1902203007a9bd062c453845ce75f54dd07e3d8079e19b3b116dc51f7a07d005ba682da13b73e3854bb60059fb021b8f4b9430629d408b32ccd3678bf1dc149a3493c44b2a52a5572c128957e0db8a4a214848b64bea6733bb48fc17a4e42474e2b1f47b507d038bb87a3fc32e7bf471685a61f736a414772cc1825e9342c58768640c83486dbf058050dd6c8a9843c106d1a4efa5e5b36deae71448e55f4ef2721d2d210ce075bdc52c97bd6c097a9a4120a507f6c99cd9054579c250cd5b207684deadf75f2f8c54349a57500625be7577fd6c81ca72111935f577c74c2bd1e9419344e2a3563b5a7d6026722469a30a061d123b45f93027a01c7d38863589118d25e333c07f5c3eb85d4dde937d8f1421b72035f8733754ef4793acdc8d1362ef08ac1e9f0246bfb478647ada002f809a3e63433d031e6d5e4f86218ace6a6221103608705719c3106b4659c377f7e3b6ae1777075ea45a68df2004deb6ef742c5971c23d409278be94c5de68153d93d1a2378f1b1656786ec896b72de0da8259a6f181be8829f9cb7cb98ce0b169e734e4a240508952f6ce3ca984eef7e0cd549996147fe56a0bb1598f015ab955df145a51d783397366084e53455840d5688cb9b7d2cdf8abbfcdf850a7de4073eada567d6ca989611c4910e692e44677a857eec2b654f8dc66b2be192786dce3b9780f9806652bdef013304a43dba3f8d15e5105414f6d1fb2a57dea02211fa311b489088a9802e36d649ada97d72a216f54ca6da090a51c01f5638a04f364a3cbf24bb374f644fda38856a7e0f5c3c9cd7b00555d105daf57561379cf1d77bce66d12de44f202a866a43a7a05a6e0910a1f0ab5b1341d8ae992ae9d95fa2c876db1bcd3635d7851f03dde1eddae6dcf95b182edab72a0521c88c8c3a8c2ad3c6ec2cc44321ce1550d51476e95a18ae5fdab801ef4f5a7a56580261d850f392929061ae5808ba390b2f7d8fe7325df9c07c39faadeeb0ee1ed95db7ccf49c9b93fca83e06be745156d422c8b936d65b8e7e76d9eeb2bbf19c1f9a59b8ee6b55d594d4794a869b2d3b37b0b936866894f00e6a90c788c22e0fb87d0ac53ce75e519765647deee2862552c77ceb75d419627e0627067ba24571807cbfae0bd959fa95cb14c2812a1ce41f76d2ad620c55df55f473e56cb219f7b13bed8cc4a98dddfda9d3b9b5650754f73c34bf00496993a1c4056aeb44e4160c3e2090d733604b2b13f40ae346b726a31365b7a230d8f66665dcb726594280678a258f8ddddfe69d424d62abe910db05c0efa5e773d0f6d8ef8c4c49926b46568a7a1321d996eacabb2f716539a020e34a02afc3bfead458287dd2050000000000000068853637dba0b2eb5e5318750b63c829ab0145c02d6bc05aef4113ee0ea0ba97c44d74cedcc89adff648eb5d7fe932a7a76c772b1e2e36c148dd3be951cfa0cfe11bc58635b38708fa1ff88f949eb15f4a4a3de71c33e2915c799d8204d7d1f9cf7c13c608e6ddf29e12b409028ee5edf37353df7982f67a120ff1871001094b1a3148ed5f4f75d9372aa21b2bb6e02b470336a2c20efee8af866032acd6dc56d1fa7a84dc314cafea1a7bba5fbae89e037a4a5597d2eefd153406d67ddbb3b4eeed6d981b229c2c1b76347b05d20835ecc979b697a2981f6785df853d3d5ce07c624136c805d4dc6c7419d68afe2ad4822aea38da761742b33de8394bcd2462518b35c6ef265eb2a9b130e5a3d669b55d457f92500a7b69156475e001989d55547fc831edf2afe2290591e902858914af73ad4e87ddb8ea3a719f435fe1c2839a39fe088ccc863e7c82e96b66e1b6d32ddbdc42bf2f6076b9e93ed2ec4b6ba6fce5dd3a8f5b3aa105aecf72a5cc9108d02a0b923de2d490ad90aed3a45c46d4594948e7b3f3cc7d153f4b2837ca378fb4af215657f016fd9c66395b98357c1d12a655ce07268beccb35acb3f928c1522bea5df98a0337c751308bfb361e68f3775c75e020ac9570283119264d4f8916c143ccc28d8e0709df356de6b6f35fccde79a677606b5b4d846fdad7c271fc5c2ae5f5e2fbcd6fbf21508a2615ab8f0208e276164bce80fb886b648b4cb085c7922a829c2bccdd850cec329870c866f7923c2c1cd59d6c2653263f7aa1f13d84c82575a021793ef875954ce8737c98abee465e780ab64f1d23da92828e62908543850e5730099eb34f5e47dee740581f596413b8e2711bbfc9d25e4a35b57416a741a60ba650b52ae2189cdd125f64565544f9e75bd8c2cbd898ed2dbdd704ee40d1746715eab4155a51289cf7d89a19ab7a355609dff8111c94f6cdf94a94c667508d7201eab7e86569b8b08bca2291cf3fb166df68f6d6da05398e8a1c0c5c66ca3cee621727a77f19b92927569ba44709302c1102683f338150989d971ea6d0151b69865e540ad4e5a186ad9fc8ce57a56ad114487c5ad99c0beae0fd49927c52380de839cc952f8e41e167006573b4ffc39ebec8f9f9fb4168386a78fe52c00cf3c3be6dbcd4ab32ac7cb8fdd1bae70a5c3da6f555aa6c8e6bd7e668391bd5d87e39ee21f9035b0b14dd50b3c4e211794bfd7e8fbc48658044eab550f6b564d8f663c25ddb30233fb260e2d30bc9956f7293fd5532df2f74019f639c7313ca029280c513c2fc3c77dc4d0e7f5a9f273fda00349c28319743bc8f7eaeacc7f487bcf5866a55b2fa5b66e31964f090ac448a1ccd3b8cbc9735db5d7d1dd2f2bcdad1ee48b4f8a36688d8ddead1f166a5afb2efe12e943ce6ca41f1f45fe650536860881c28ff04a66ddce9cd19b4304c26e3238f114a1f4080999aaf6ff1f4b8b59ef5d54c10cd8a6598420949f1c0eff13259ba7da9f4c749b58f31f01627b780c2502cc6d1d82f68271e2bc945ddcb6784532e1aba414385096eeeb45afca0ddec570b16b476fbf7b4818275a05afe4beec9086e1c816ebf96608ed57a570c931577ca5b14c9359718b4b31b4789f291f5cb012f832e5763ba53521f58d3ee0a10930d3b4ea7747c5c751cfb476159287a9d371530e5d7cffa6ab09f049d2435960b0ad34f7890df22a3cfd6ce052b08409e67a1291f8459a59b988d7b97d2534f306d83656fd43313eebce1732837b6c22dc60a80d03c54b695b4efbf31381916c7da9644ef8e0f6739c98e7892ca89bf696715391c989c3bd53362e01b81d998e50e46fab088f9312465d200c034691b7e5dcb22ead3c3f3225f16a5588b2be09470e225290d8073dce5cd955d31e7acd452950505597f01c4b54a6f16f2e7d00ab182258f26e40bb70db783b2a10aae019f87708e1306e1957fcc081dac3659d603d4044c10b0a1fe61f4482e56d031d43fc355100a9dcf822db16d0895e554b439bd032e6103df725123da3fdd4a48b68863e6bb36e05343136e171d39d86168be30188bf1ebac4a1d748115167033149ac61bb4f8d4cad7f4c68c32de226b03fb42d24d5e37ba886fa357100644e64d869f6395e3d6d3768a30f53e2aca3688408807bd4818a2c5150f8ee770121a4a6402c7dc334a9ee5e876566d19867e45d4bdc73477ff7f543a23f38d5f0bf666219b0391e66457af4238c5bd9a05586333556f8972aca1def4507c4b073d1bc1c3051f0bf34f71673ccc1de9c69170c9fc5299ac733569cfde6a7bbb3cd60b601cfca16510bf7fbb26ffab3b674000844daf55fbf4ab48eade708cf7f5de901454acc8cc95c63fd2ee771bffaf19205e9a119b847931bcfb4c738e39701a3882cef4ff47b46b72ce26ac207a1ccaa253cd3ddae2b2eb61d5b9b3c8156928a169d7dbb2874b884c3b2097cb8ea92ce7fe70af90514c11887df33c4f7ec3d3ee6c327e7129b0188b0ca8c777451b17d8f489d547d711404bef72d1914f66a5676e9d716ede8c4282526419adb31d071d241db47a58bb55ee6ebcb67c82765a25e5e6fedc4c8d1d9b17e2b5bac5e0af3c63ea870ad8c5f9521390b660fc735d331e6eb326abde284256cdb381b4651d05f55807f4ad1b5b883bf6b55ee87285fad8de366f3248ae0b9c32bf85fc95d5bc19a716ac2a5f41e4e58d26bfdfa582be5d506f9929bfe7cea70184c81722ef7300f779d5d64c08a225a083d44ce75ced73f3a016f5047af67245bc8a81214024e905f383252cc0228085aa5fc184cbcb41db3eccede89480e0a1c1d1754cc3ffa53edc27c337ec86ae2f68c6225edb0027c1c5bf9aee1b94b62f6144e4631887272a36add32d908add308207559064cd61576f917db864845e5e89efcb27c80d259eb6fd5fca398da0c7e62fc423511bb8eb3969732c862de33448e95aa5e15d2028b84b3b8348a50abb39c5c10ac7fdc2034d1ceeae9870dc4486f48ac6aae573a775716ec380ed57665b9bf1c77f6869f720e428f8b94170b14c23786ff1cacf95a66ae631c70245bf264ce5078c3bddb4aaa7928eb6f1261d52e45ae5fde6f1b3bff90cd560c6c2f77ecfcf553db137051685c925be70def2be6c9bdd5825eac58d4c892a6d4ad5dcc078c6582ca140e5a75993e5ab7b487f31e5c601844f18f13039c099317f5e512eb9e054dcd8535106a9bd8977bf74254b68753b7f3a9b385d4a38ccaa17e029bd9ab4ff9b9b561b2a7e613ea05eb18a50fc231f32b79b9f32514469193a3d12269f58f3c932e501513e48e81774ad389275d9f00b4f8c677b8bb584b503201f83c7ad2e934e909f9ae1fc540f544dd2327fe1d8e3bb86984a252e2ffa88e2aed6d65a302d1883e51654fdb046d35270130fb9f8e4a4861d7278a07ee627fe272dcf99d294d7b1ce72f2f804cddfe4fa7aeb2c9543ef2665bf826c8ce0ca82dc7d4e57b7181b55a5d96ad83417b79376793235ed5a320a3ffac3a025aefa669450a6df20d830042034c0953836097c9461bc0d9c1446485692d1b9d5c991086f3f118a49bfe2a0888a5af8a868d880e31946dbd0c7ddcfcd27dcf5c62c9c5ff8fa9750d129f32e3c4f524eb3c31d5c9cb33fbcf52384a04a9f4faa216020e45be91181efeb7393d96b1f3ad8e9fadcffe49bec1bf36e70c2291475356ec5a416feb5d3b4f1331052271679d1186b338163682ac5b6bb79c64d6d0f8ddfec84d0d9870f45a64413f529c8dd93b358e66c9da2fd233e53b73ae2761f363ee69a38a0d7320a149c90c086e6a426abca5c461088747a2fb5006919ad7640aad79b1ec03cf6f49206f37382ad3105fcbd0e08d00815029d8cc3ca16472e58226f1def116bfab456c32a2a2323bb5a661eacb3b7c915d1eaa8c5aa8b1bf25c3a7bc9a2e047c499d8f2fbf2fe25606fc7f0ae5a539af68830b1955f82962f596e2ad0feb3e99b1982ffe3e553f102b4360b8e1d659575a8f713b8bb88d97dbcfd98f91c147a97e896646a47a43334569da8a01541b012063e0465c4122cb96b57484b0ab8c5f0c8f346c0766be69decf4e3ebef7f74f153ef8c6b6e9c5fe224e8f995f11c1867c5600cd7a345afacafec9076d4ccfca741fd41e445478a3b71a5f06b0d0cf596c755235408782a5e37abeb1f2dad79c83e59a1040c4b3b6a5a2acce9df0ebdb607c9c0549a4b16028595f7a9cd9da115dab0189f3d98b0dc2b8ddf6be4de2b38421a2071d91f14f8752c74df31fecb64de59dce09da2c3a1a2826446d982509baaa89b76379d8320bf3c1f76448e0ddc0889fe57ba756ab1403949cd2ca9ab520fa485576eca5acb471002a14a31e8d7f54c8c3edda8f416b0ae9d9fdfc445b54ed8fb34ed7c1d11b3c57a2c5ad92217ab2fdebafc195d09fee7a518e027ccf9d2e8de8cef1e0ad52144d82b65519495b8a5c314e85361adca8953dce587cf461a461dc9bbc0eb13a54144964930d80d8b4a015676f3efd10ccfd0ec5fe64deb93b5901b506581461bf2aaf04fa9f8118936c5e67e1cee60ccfc4f011ee2812eb9716af42b22c40d83c55d4e4c4838826cc34387a2085aa3e17219c78255ace7bb1fc30ec80676449084744c0887dc4e7696d25a544f3e4b365cc6ad800931d5787be99d678347ea4d6cdeab5662f6cbcb5fa80590e513c4ca96d73d378085026e0e7c71d968a670aefd48519e35beaeef9c67506db6f9b3edb62ef1b3b52b9c2db876b76101644e7dcf5a5056a8d916a0f69ea5bf096e7a4c2f8f1d0da29dbcef9d2ad1b82179ccd0ef95006b7a1d542a847e3e0f864d63434c15d6de4fecad18b788a867da5515e3d51871417bfd783d2dffd852953ea7113d3a61aac3c7c1a4efb449faa928456eb570e62d0ff9542a971b542d7c1fed9d633eb4a81499c105d0f73c5165badb54b0e83f8192d3d51d46ddd9908b04e9f57d5a4e6b65affee3799ae7cc51b4098f71e8ee947ffdeee4fd03095536376e1281ef8158fd1da4a39aebdad37fad75f6217bf45bfad16f2f1a80f5e8a3eea1141a56beb91319fe948bb44350a6e79959c140a5dad9955fb287aeba0a8a45d1fd8d692d30c96d01c9100e417082ae6edf62965fef7e190af60a99145925a307d1e11534d2a64484be3c6cd642432a2db66ba6d3ab1b7ea645edf4e54623d2ba0619bcc2a917cc2df8b0dbed096951947445ed5f08c626e1f9a5f566515bf106c48174f73587314b513962ed556fa7f16d8c6a953bcdda72f083a9b16357b3262c13cd500dfa09cc3d09240a7338514031768ea3053caa5166c8e4e090b3128464a88ccdc751d8ee1b3b1098997c9eaa2b3a13a47e43723a49e5d011dabb22c0d9605e48d5e26b90a47519536fd77c5260bc713e2b510fa6da698069f6c1df7a72462399d7dd288be19a0eab18adb072677268a306f19685c2d813564bab4ac90b7389c2fb87c0517e769577c081ced55572da71b40d18e4979b6b6290afcde4caa610166920549286dfa80197a10ff074b08d6b96c97110e36742fdbc5607f4c48ea9dd53301eecb5c25fce4eec9381b84e6b5af767c5bcca600149a3021c3f4aa237a0143363549a705c5768b5aa6ed51fd1ca9f0f9dd242f0df21f7c3eaf321fca97837d989ca101b5462d2dc248316c21339cb2b4e3451bb483390c09c958d474c6df2f2eac208ef704cbae5c9f6597c19ce48c4c9161c1b14622ed824b0e8669cbe6746051729fd2fcabb020190764a468c58ce369528bfca46cf8ec51ab69e711a53c4121476d2a5d2ceb19c332a5a86a52cabb246d2be739f361d97a6efc2c1d408b6f079ff5cbfdfa7ffb5da3af4611e42f876a44f8180ebadf8efe05645f3326fd1b1bb7f82753ee13e25c406469a6b103b9083ac06d590a48543240bca6e467eafc7069c97aa93a3a4ef61b6043383b6e990d174637d695893bd910f217c9c2465688eccd8a171cb5270fca2e002261f2e3e595f3484b67c0bbd7b50ea53a470e3935c0eafc6226521f0a15fc7cf5494b67fcfb705019a86a5972a9dd285bc50985947e42ca8519de25510db7ba6553419d4e368fe56c2a7acec8e77cd734f557a0f1b507e0869d2d5c9913c52fcd78b42b8f59ad3ae92226e292ea4439b5486629b739f4cca3d7f21cef79045427656fd1679dc5ab23686e13500dcb6284df60599ce81e2570d1cd5c7c2e0026640177bf1395fcf6e999acac08e3a993c3700ad891b1a68d5efc32a4b4f9cc8841e837e778c2500eb6cffc1b9970b2adf724839c7711ebbb2ee3e55f7aa97746d7538153589deafeef63eee6dfbd43fc72e0b763a0e4709da3deb26691303e99230a93c490029383b322099363ba3b2f76b4773c0c43907361b578cfb312cde55ea6de2f477c351ac82786d15b52f08a42385b2a3349116d34f8719264f79082d7c24165423a8e6764c53b922a0b3121cbb88976e6f53c455be77521bc1ad4997135ff24c520b2fa0002cbcc8eb8ee5cb33b1140dc811ee36816f47f23ff0b77d6680d597ec2fe77f5bfe1bb75c3eddb2356940c01e694da66d1c4fd78f7df5857111c01bb5e9954585e54086af287dc0ce861d921b378e9a2a9c9c5a37d9812595063643b1dae4afa57d884501ee0de2d7e39692ed5ecbd2ba1d9bf4e3f291cf0b1dfb809a2f915ae90bd5fbe76d5848752c298f34e69d8e95f6f3c8a8ef365d0927811b8a90c8f58836da07c058f71b01025af8c9829f761d71465d3d813e1e08a7d8f66dcb0f98daa19bb106fb9b25d49a35e8900e6de4502668cecbb9638c5b0d158317970e802be345ab3570f6a452e18da421fb4957429ec4b6c481b5393be9c7f1cea3d77ad1c935ce6cab01ed08f7f24e5b01d25105211d5e28b25d3a5fea30e3c4cd1289bc2606728f127574cdfed91d7c19d7381c3e532c92d7e532e74f3d24281cbf0f4e1908dd4f5cf145daeb21db6b34f2fe175aafd1c20224544c113f132cefe620bd99c5caff7b74d6acf8a1aae2fda5212ec64c80d647308439d5f90f6f481101599b539cd09a1bdfc510b6c9027c879f76bfd397dce9d3985ff01e62ee0455372960b68202412c6d5eb7b09c36f265b7b8b3822aa489dc169f8079e71dc96e0b75de2ade686761b067416e4915287dfdd6309946487a68115ee9d0bec73ffc63223e9463a30b819297d24824cb20724c6b524d58af1e03264e8e2b8dce59377c78dbd5ff5977782181aeaa8c2bd6d9f3d25ec566fa4a01eb5aeaeb6912acad55ca7336d28e305781bf128d6575dba16110d64c55ec9840f299e353fcc5628f248bd660f4dfa5f3a1bb7fbdac78ec727e87a134c98a98f405a4cd3773e79bd4f22bd3239a5fa8cd5806601e07241b25678f048b05bab6f8da56818f8dd9c97d001f4a7ea8beb3fa65ed7a951878bcef7e1da873e21ac6208cf0852c6cb297c10c84b74582bf59aaa11e7d8239997c9e7fd3c5bbee5b8466c17394fa61771aa10a3541f88419b16bb4fa36126745e99c292911d30ed0fa366dcd62c10879a6826609ab2b80b3a0c2de3d877805a564ce925916063c53d9698bb918eed2b49315fb83465a0db1a63a0528a887f5106dd054edbf381280989581c859a517573a6eb4946e0fcc61956fd5868fd37c788090fd7c3341028cf1bcb38ed595a4fd845ccd45558282c6e23d92d4268875f80ebad1c24f8d247595de2f8b83708b504f674447bc6fa1748b86fdfc971c9275baedda1348324c4dbde22d423744e2d537a4e28d95771b18302bc5d92f9e0ba6b1029a3e73761080a4e6e1b52a9ebe3538cb3e982586c23f0b0cfa78126198a0a496d96734880885e4aef7b35d90af287f9d5b18998fba69cf5a13b9153edc5f1c3cd0d181c1cecb4936a489f34682b056eaf5c57caea4a9ebd9fc7d842bc3850046f925dc430769863922ce5bea6709fa9bf7f21098097d7f47c74269b524c4194bceae0571fe968ebdda85a28fa5be7f794632189da179e248fde037a3ba3fd53845e42db45747caa6cebf574e9abb75e3b33c1096e40e0e845385d6f961c56fd1c71f92ae31a0c9088b2100b457cf2f8b33ac984fe79ceeb65fde350f9c6229433aa20d226aeb7677e0e7e8002e3e220fb74d4a1bc07ca43fa23fcf9cbabe7799b5b8daeb63b35923c4a92d2c636d36d58e719e6855b57445a26072d716aba7b653dfcdee115b3310b0c8af8649337597c1ac8bcee8b0533cb458d165b4ca4ee72c60a49f4a7061aab09449a318a6dc1d5b1a4f2a7f82c5af241e1f0cbe3e9fd5079e385ec86bc978ca82aaf1de5b470dcbb06b5f0360142857a0519583e3a77a6fbdadfff48de440bb5c3dcb2c3e6624800fa7898ab00242b7109809d58e5aa8a25705266d9bb04f165f843f1c61c23b41f010ad67f80aa8e455385cf3ff89073dc9434ce9be78993d6c73a8adf4db6b540e7a9f60d8dbcf3133a8f5c5c59f8378f2e5aad07f31707fb9834c66d6d0ded8a8b2d984ff5b6bfe70bb6479aecf208beb8f4da7b23957ce77d574993e1a44de0b3a5cb245f0ebf8ea32a22472270798defec3deeb94a4d025d1fe276612ebfe0f4e6e639de1300d47e542fb032150ab0aded71ba693817feb9cb43beb6f3074c2d7bfb77b9b2783e0335449c9a9775ccf9060ab2468a6644ebddd41f70add6d2d24fb9dd377c4f0dce3439283f22075ff3973e4e70e0bdcb53001be03800392084d6768c3e8f7fad09b192a497a36f602d07655d3e6a7ccab561ab92c79506e1e06aad05975accc9b8b48c41da8bc611d331717ee312d77403f9f66ee9a81fa4e624cca690540dca722986dc740a919597f7836ee95b554d3c34db3443ee5b6908f8623b2c82f32b65c3e8c20ee92825d9c82745bb5368ddda47036390910e26470b96cfd7c4e7b0df89f897153fd5ab4302de65fcda1f48206346d6051a94d8e0c32b959d914c218f54813811d13d99ef6259f54c0e635c04f875772b38524e94fae3a73109f60d0b00c96c1809f37e8fb37e61620690b07d726d388e9ae5dbc3a1c3557d1e4288da0622d77081ab4cd00ce22243824c363ad1be5cb0ceaad6336a797d8ca6d988c4373b3c00667d651452d50f81a830ac6ebb71559590181eea67dce1599d10000000000000000736dcc7c36782c1788cdc8d5c3820d68093ea84d56daaeaac19c19724ed7d3ebc1b8c1e3092839314dc6eddd99dc0eede13dbcb7fd22d401df8eb7f679a04f785006d3b4c4012bf78b7e43b1b355a9f6d04ca0e86c32d44f73fa514d1e2b14746400", 0x2000, 0x0)

412.628088ms ago: executing program 4 (id=1001):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00006e3000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x7f9, &(0x7f0000000040)={0x0, 0xc8df, 0xfc00, 0xa, 0x20002f7})
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000274c0340ab0560000611000000010902120001000d00000904"], 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000440)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]})
socket$nl_netfilter(0x10, 0x3, 0xc)
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000008c0), 0x40400)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x11, 0x5, 0xfe)
r5 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000001840)={0x90000001})
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r6=>0x0})
bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r6, 0x1, {0x1, 0x0, 0x1}, 0x26dc51d41906950f}, 0x18)
sendmsg$nl_route_sched(r3, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=@gettfilter={0x4c, 0x2e, 0x100, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0x6}, {0xc, 0x4}, {0xfff3, 0x4}}, [{0x8, 0xb, 0x6}, {0x8}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x8}, {0x8, 0xb, 0x3}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40010}, 0x10)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x401, 0x9, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3, 0x0, 0x1ff}})
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})

213.738722ms ago: executing program 5 (id=1002):
r0 = socket(0x26, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={<r2=>0x0, 0x8, 0x6}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000080)={r2, @in6={{0xa, 0x4e21, 0x5, @local, 0xfffffff7}}, 0x6, 0x80000001, 0x1, 0x80000001, 0x8000}, &(0x7f0000000180)=0x98)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f000002e000/0x1000)=nil, &(0x7f0000207000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f00004dc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000301000/0x1000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x40081)
io_uring_setup(0x10004, &(0x7f0000000040)={0x0, 0x36e, 0xc000, 0x3, 0x20002f7})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/15], &(0x7f0000000000)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000200)={r4, 0x8})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000020c0004400000000000000c7f14000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

0s ago: executing program 3 (id=1003):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0x2000, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6}, {0xffff1000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x2000, 0x8080000, 0xb, 0x4, 0x7, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x0, 0xfc}, {0x0, 0xd000, 0x18592cbc7c573fc6, 0x9, 0x7f, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4, 0x2}, {0x80a0000, 0x6000, 0xe, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x81, 0x80, 0x1, 0x2, 0x0, 0x0, 0xff, 0x1}, {0x0, 0x54000, 0x9, 0x4, 0x1, 0x0, 0xa1, 0x20, 0x0, 0xff, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0xc, 0xf801, 0x0, [0x80000001, 0x0, 0xffffffffffffffff, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

 48
[  276.060850][ T8310] RSP: 002b:00007f3b90eb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  276.060867][ T8310] RAX: ffffffffffffffda RBX: 00007f3b901e6180 RCX: 00007f3b8ff8f749
[  276.060879][ T8310] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000007
[  276.060890][ T8310] RBP: 00007f3b90eb1090 R08: 0000000000000000 R09: 0000000000000000
[  276.060901][ T8310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.060912][ T8310] R13: 00007f3b901e6218 R14: 00007f3b901e6180 R15: 00007fffb4c416f8
[  276.060937][ T8310]  </TASK>
[  276.937913][ T8276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  276.963608][ T8276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  276.987340][ T5822] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  277.013569][ T5822] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -EPROTO
[  277.044016][ T5822] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  277.063298][ T5822] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  277.084284][ T5822] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  277.151571][ T5822] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -71
[  277.192477][ T5822] usb 3-1: USB disconnect, device number 15
[  277.218054][ T8319] binder: BINDER_SET_CONTEXT_MGR already set
[  277.233582][ T5947] usb 1-1: new full-speed USB device number 13 using dummy_hcd
[  277.344497][ T8319] binder: 8318:8319 ioctl 4018620d 2000000002c0 returned -16
[  277.354939][ T8323] binder: 8318:8323 ioctl 89f3 200000000800 returned -22
[  277.385424][ T8325] FAULT_INJECTION: forcing a failure.
[  277.385424][ T8325] name failslab, interval 1, probability 0, space 0, times 0
[  277.429838][ T8323] binder: 8318:8323 ioctl 8903 200000000000 returned -22
[  277.433196][ T8325] CPU: 0 UID: 0 PID: 8325 Comm: syz.2.603 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  277.433224][ T8325] Tainted: [L]=SOFTLOCKUP
[  277.433230][ T8325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  277.433239][ T8325] Call Trace:
[  277.433244][ T8325]  <TASK>
[  277.433250][ T8325]  dump_stack_lvl+0x16c/0x1f0
[  277.433276][ T8325]  should_fail_ex+0x512/0x640
[  277.433300][ T8325]  ? __kmalloc_cache_noprof+0x5f/0x800
[  277.433327][ T8325]  should_failslab+0xc2/0x120
[  277.433349][ T8325]  __kmalloc_cache_noprof+0x80/0x800
[  277.433373][ T8325]  ? rcu_is_watching+0x12/0xc0
[  277.433389][ T8325]  ? vhost_task_create+0xe5/0x370
[  277.433411][ T8325]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  277.433438][ T8325]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  277.433461][ T8325]  ? vhost_task_create+0xe5/0x370
[  277.433480][ T8325]  vhost_task_create+0xe5/0x370
[  277.433500][ T8325]  ? __pfx_vhost_task_create+0x10/0x10
[  277.433528][ T8325]  ? __pfx_vhost_task_fn+0x10/0x10
[  277.433553][ T8325]  ? __pfx___mutex_lock+0x10/0x10
[  277.433579][ T8325]  kvm_mmu_post_init_vm+0x1b7/0x380
[  277.433601][ T8325]  kvm_arch_vcpu_ioctl_run+0x66/0x1860
[  277.433621][ T8325]  ? kvm_vcpu_ioctl+0x14f8/0x16d0
[  277.433650][ T8325]  kvm_vcpu_ioctl+0x76d/0x16d0
[  277.433676][ T8325]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  277.433701][ T8325]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  277.433721][ T8325]  ? do_vfs_ioctl+0x128/0x14f0
[  277.433739][ T8325]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  277.433757][ T8325]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  277.433786][ T8325]  ? hook_file_ioctl_common+0x144/0x410
[  277.433817][ T8325]  ? selinux_file_ioctl+0x180/0x270
[  277.433836][ T8325]  ? selinux_file_ioctl+0xb4/0x270
[  277.433858][ T8325]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  277.433883][ T8325]  __x64_sys_ioctl+0x18e/0x210
[  277.433902][ T8325]  do_syscall_64+0xcd/0xf80
[  277.433924][ T8325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  277.433940][ T8325] RIP: 0033:0x7fe09b18f749
[  277.433954][ T8325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  277.433969][ T8325] RSP: 002b:00007fe09bfeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  277.433989][ T8325] RAX: ffffffffffffffda RBX: 00007fe09b3e5fa0 RCX: 00007fe09b18f749
[  277.434000][ T8325] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  277.434009][ T8325] RBP: 00007fe09bfeb090 R08: 0000000000000000 R09: 0000000000000000
[  277.434019][ T8325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  277.434028][ T8325] R13: 00007fe09b3e6038 R14: 00007fe09b3e5fa0 R15: 00007fff7d6a2a58
[  277.434051][ T8325]  </TASK>
[  277.437345][   T30] audit: type=1326 audit(277.412:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8311 comm="syz.1.601" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b8ff8f749 code=0x0
[  277.729976][ T5947] usb 1-1: config 8 has an invalid interface number: 88 but max is 0
[  277.738212][ T5947] usb 1-1: config 8 contains an unexpected descriptor of type 0x2, skipping
[  277.747080][ T5947] usb 1-1: config 8 has an invalid descriptor of length 16, skipping remainder of the config
[  277.777850][ T5947] usb 1-1: config 8 has no interface number 0
[  277.784086][ T5947] usb 1-1: config 8 interface 88 altsetting 13 endpoint 0x5 has invalid maxpacket 50291, setting to 64
[  277.795434][ T5947] usb 1-1: config 8 interface 88 has no altsetting 0
[  277.852193][ T5947] usb 1-1: New USB device found, idVendor=043e, idProduct=9803, bcdDevice=19.7a
[  277.861696][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.872700][ T5947] usb 1-1: Product: syz
[  277.881597][ T5947] usb 1-1: Manufacturer: syz
[  277.888631][ T5947] usb 1-1: SerialNumber: syz
[  278.193757][ T5947] usb 1-1: USB disconnect, device number 13
[  278.206736][ T8336] netlink: 200 bytes leftover after parsing attributes in process `syz.3.606'.
[  279.022314][ T8344] atomic_op ffff888079386998 conn xmit_atomic 0000000000000000
[  280.659569][   T30] audit: type=1400 audit(280.622:450): avc:  denied  { nosuid_transition } for  pid=8364 comm="syz.4.615" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1
[  281.386365][ T5869] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  281.593317][ T5869] usb 1-1: Using ep0 maxpacket: 32
[  281.617365][ T5869] usb 1-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=3d.42
[  281.633688][   T30] audit: type=1400 audit(280.622:451): avc:  denied  { transition } for  pid=8364 comm="syz.4.615" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  281.663052][   T30] audit: type=1400 audit(280.622:452): avc:  denied  { entrypoint } for  pid=8364 comm="syz.4.615" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=113 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  281.693080][ T5869] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.701084][ T5869] usb 1-1: Product: syz
[  281.733307][ T5869] usb 1-1: Manufacturer: syz
[  281.757843][ T5869] usb 1-1: SerialNumber: syz
[  281.781816][   T30] audit: type=1400 audit(280.622:453): avc:  denied  { share } for  pid=8364 comm="syz.4.615" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  281.895378][ T5869] usb 1-1: config 0 descriptor??
[  281.927875][ T5869] ttusb_dec_send_command: command bulk message failed: error -22
[  281.933120][   T30] audit: type=1400 audit(280.622:454): avc:  denied  { noatsecure } for  pid=8364 comm="syz.4.615" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  281.953276][ T5869] ttusb-dec 1-1:0.0: probe with driver ttusb-dec failed with error -22
[  282.472440][   T30] audit: type=1400 audit(280.802:455): avc:  denied  { create } for  pid=8364 comm="syz.4.615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  282.509337][   T30] audit: type=1400 audit(280.812:456): avc:  denied  { sys_admin } for  pid=8364 comm="syz.4.615" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  282.605793][ T8369] netlink: 200 bytes leftover after parsing attributes in process `syz.3.617'.
[  283.470992][   T30] audit: type=1400 audit(281.712:457): avc:  denied  { getopt } for  pid=8370 comm="syz.2.618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  283.496423][   T30] audit: type=1400 audit(281.722:458): avc:  denied  { ioctl } for  pid=8370 comm="syz.2.618" path="socket:[19110]" dev="sockfs" ino=19110 ioctlcmd=0x89fa scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  283.520927][   T30] audit: type=1400 audit(281.992:459): avc:  denied  { module_request } for  pid=8372 comm="syz.1.619" kmod="net-pf-10-proto-3-type-2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  283.573341][   T30] audit: type=1326 audit(282.562:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8378 comm="syz.2.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe09b18f749 code=0x7ffc0000
[  283.746195][   T30] audit: type=1326 audit(282.562:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8378 comm="syz.2.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe09b18f749 code=0x7ffc0000
[  283.794094][ T8391] netlink: 'syz.3.623': attribute type 1 has an invalid length.
[  283.806172][   T30] audit: type=1326 audit(282.572:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8378 comm="syz.2.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe09b18f749 code=0x7ffc0000
[  283.833284][   T30] audit: type=1400 audit(282.572:463): avc:  denied  { create } for  pid=8378 comm="syz.2.620" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  283.858808][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.622'.
[  283.904835][ T8391] netlink: 28 bytes leftover after parsing attributes in process `syz.3.623'.
[  283.937964][ T8391] 8021q: adding VLAN 0 to HW filter on device bond3
[  283.977410][   T30] audit: type=1326 audit(282.572:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8378 comm="syz.2.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe09b18f749 code=0x7ffc0000
[  285.083799][ T5923] usb 1-1: USB disconnect, device number 14
[  286.207681][ T8423] pim6reg: entered allmulticast mode
[  286.882392][ T8430] netlink: 200 bytes leftover after parsing attributes in process `syz.1.633'.
[  286.987308][ T8441] netlink: 'syz.4.635': attribute type 1 has an invalid length.
[  287.073077][ T5869] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  287.111689][ T8441] netlink: 28 bytes leftover after parsing attributes in process `syz.4.635'.
[  287.141584][ T8441] 8021q: adding VLAN 0 to HW filter on device bond2
[  287.223089][ T5869] usb 3-1: Using ep0 maxpacket: 32
[  287.235514][ T5869] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  287.248823][ T5869] usb 3-1: New USB device strings: Mfr=115, Product=0, SerialNumber=0
[  287.265441][ T5869] usb 3-1: Manufacturer: syz
[  287.305053][ T5869] usb 3-1: config 0 descriptor??
[  287.680247][ T5869] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  287.701667][ T8439] ipt_REJECT: ECHOREPLY no longer supported.
[  287.715905][ T5869] usb 3-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  287.737535][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  287.737550][   T30] audit: type=1400 audit(287.702:487): avc:  denied  { firmware_load } for  pid=5869 comm="kworker/1:4" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  287.773173][ T5869] usb 3-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  287.809350][ T8457] FAULT_INJECTION: forcing a failure.
[  287.809350][ T8457] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  287.824807][ T8457] CPU: 1 UID: 0 PID: 8457 Comm: syz.1.641 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  287.824837][ T8457] Tainted: [L]=SOFTLOCKUP
[  287.824843][ T8457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  287.824853][ T8457] Call Trace:
[  287.824858][ T8457]  <TASK>
[  287.824865][ T8457]  dump_stack_lvl+0x16c/0x1f0
[  287.824891][ T8457]  should_fail_ex+0x512/0x640
[  287.824937][ T8457]  _copy_from_user+0x2e/0xd0
[  287.824963][ T8457]  vhost_vsock_dev_ioctl+0x382/0xb30
[  287.824983][ T8457]  ? hook_file_ioctl_common+0x144/0x410
[  287.825009][ T8457]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[  287.825032][ T8457]  ? selinux_file_ioctl+0xb4/0x270
[  287.825056][ T8457]  ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10
[  287.825075][ T8457]  __x64_sys_ioctl+0x18e/0x210
[  287.825097][ T8457]  do_syscall_64+0xcd/0xf80
[  287.825120][ T8457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  287.825137][ T8457] RIP: 0033:0x7f3b8ff8f749
[  287.825152][ T8457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  287.825168][ T8457] RSP: 002b:00007f3b90ef3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  287.825184][ T8457] RAX: ffffffffffffffda RBX: 00007f3b901e5fa0 RCX: 00007f3b8ff8f749
[  287.825196][ T8457] RDX: 0000200000000380 RSI: 000000004008af00 RDI: 0000000000000003
[  287.825212][ T8457] RBP: 00007f3b90ef3090 R08: 0000000000000000 R09: 0000000000000000
[  287.825222][ T8457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  287.825232][ T8457] R13: 00007f3b901e6038 R14: 00007f3b901e5fa0 R15: 00007fffb4c416f8
[  287.825254][ T8457]  </TASK>
[  288.907079][ T8474] netlink: 'syz.0.646': attribute type 1 has an invalid length.
[  288.933698][ T8474] 8021q: adding VLAN 0 to HW filter on device bond4
[  288.966835][ T8474] 8021q: adding VLAN 0 to HW filter on device bond4
[  288.975752][ T8474] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[  289.004055][ T8474] bond4: (slave vxcan3): Error -95 calling set_mac_address
[  289.202362][   T30] audit: type=1400 audit(289.162:488): avc:  denied  { map } for  pid=8473 comm="syz.0.646" path="socket:[19338]" dev="sockfs" ino=19338 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  290.083711][   T30] audit: type=1400 audit(289.192:489): avc:  denied  { read accept } for  pid=8473 comm="syz.0.646" path="socket:[19338]" dev="sockfs" ino=19338 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  290.320653][   T30] audit: type=1400 audit(290.282:490): avc:  denied  { setopt } for  pid=8489 comm="syz.0.651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  290.410533][ T8500] netlink: 16 bytes leftover after parsing attributes in process `syz.1.650'.
[  290.425961][ T8500] netlink: 16 bytes leftover after parsing attributes in process `syz.1.650'.
[  290.445377][ T8500] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  290.849318][   T30] audit: type=1400 audit(290.302:491): avc:  denied  { write } for  pid=8489 comm="syz.0.651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  290.875309][ T8487] netlink: 200 bytes leftover after parsing attributes in process `syz.4.647'.
[  290.986522][   T30] audit: type=1400 audit(290.842:492): avc:  denied  { listen } for  pid=8489 comm="syz.0.651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  293.946341][   T30] audit: type=1400 audit(293.912:493): avc:  denied  { append } for  pid=8550 comm="syz.0.669" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  293.973286][ T8551] netlink: 8 bytes leftover after parsing attributes in process `syz.0.669'.
[  293.982471][   T30] audit: type=1400 audit(293.942:494): avc:  denied  { ioctl } for  pid=8550 comm="syz.0.669" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x6629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  294.053095][ T5923] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  294.272592][ T5923] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  294.282352][ T5923] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.291234][ T5923] usb 5-1: Product: syz
[  294.297197][ T5923] usb 5-1: Manufacturer: syz
[  294.753574][ T5923] usb 5-1: SerialNumber: syz
[  294.765504][ T8562] atomic_op ffff888076fcf998 conn xmit_atomic 0000000000000000
[  294.778272][ T5923] usb 5-1: config 0 descriptor??
[  294.806714][ T5923] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 009
[  295.156573][ T8568] netlink: 'syz.2.675': attribute type 1 has an invalid length.
[  295.339245][ T8568] netlink: 28 bytes leftover after parsing attributes in process `syz.2.675'.
[  295.502960][ T8568] 8021q: adding VLAN 0 to HW filter on device bond1
[  295.593214][ T5891] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  296.013138][ T8587] netlink: 200 bytes leftover after parsing attributes in process `syz.0.676'.
[  296.376081][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  296.414763][ T5891] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  296.461699][ T5891] usb 2-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00
[  296.516283][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.536644][ T5891] usb 2-1: config 0 descriptor??
[  296.883228][ T6028] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  296.892732][   T30] audit: type=1400 audit(296.852:495): avc:  denied  { bind } for  pid=8596 comm="syz.2.684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  297.053114][ T6028] usb 4-1: Using ep0 maxpacket: 16
[  297.070000][ T6028] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  297.184044][ T5923]  (null): failure reading functionality
[  297.194429][ T5923] i2c i2c-1: failure reading functionality
[  297.203337][ T5923] i2c i2c-1: connected i2c-tiny-usb device
[  297.231655][ T6028] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  297.251721][ T6028] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.285374][ T5923] usb 5-1: USB disconnect, device number 9
[  297.316442][ T6028] usb 4-1: config 0 descriptor??
[  298.103647][ T5891] usb 2-1: string descriptor 0 read error: -71
[  298.135569][ T5891] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  298.164799][ T5891] usb 2-1: USB disconnect, device number 17
[  298.711150][ T8626] netlink: 'syz.4.691': attribute type 10 has an invalid length.
[  298.921636][ T8628] netlink: 96 bytes leftover after parsing attributes in process `syz.0.692'.
[  299.364129][   T30] audit: type=1400 audit(299.332:496): avc:  denied  { write } for  pid=8630 comm="syz.1.693" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  299.364226][ T8631] random: crng reseeded on system resumption
[  299.483076][   T30] audit: type=1400 audit(299.442:497): avc:  denied  { ioctl } for  pid=8630 comm="syz.1.693" path="/newroot/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  299.603748][ T8636] netlink: 4 bytes leftover after parsing attributes in process `syz.0.694'.
[  299.626244][ T6028] usbhid 4-1:0.0: can't add hid device: -71
[  299.632254][ T6028] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  299.649608][ T8636] batadv_slave_1: entered promiscuous mode
[  299.660907][ T6028] usb 4-1: USB disconnect, device number 20
[  299.783221][ T5822] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  299.851534][ T8643] netlink: 200 bytes leftover after parsing attributes in process `syz.4.695'.
[  299.973463][ T5822] usb 2-1: Using ep0 maxpacket: 32
[  299.988944][ T5822] usb 2-1: config 0 has an invalid interface number: 89 but max is 0
[  300.007369][   T30] audit: type=1400 audit(299.972:498): avc:  denied  { bind } for  pid=8640 comm="syz.3.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  300.566394][ T5822] usb 2-1: config 0 has no interface number 0
[  300.580465][ T5822] usb 2-1: config 0 interface 89 has no altsetting 0
[  300.603589][ T5822] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  300.617873][ T5822] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.629196][ T5822] usb 2-1: Product: syz
[  300.636264][ T5822] usb 2-1: Manufacturer: syz
[  300.643311][ T5822] usb 2-1: SerialNumber: syz
[  300.652481][ T5822] usb 2-1: config 0 descriptor??
[  300.667617][ T5822] em28xx 2-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  300.683035][ T5822] em28xx 2-1:0.89: Video interface 89 found: bulk
[  301.174262][ T8661] FAULT_INJECTION: forcing a failure.
[  301.174262][ T8661] name failslab, interval 1, probability 0, space 0, times 0
[  301.206724][ T8661] CPU: 1 UID: 0 PID: 8661 Comm: syz.4.702 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  301.206753][ T8661] Tainted: [L]=SOFTLOCKUP
[  301.206759][ T8661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  301.206770][ T8661] Call Trace:
[  301.206776][ T8661]  <TASK>
[  301.206783][ T8661]  dump_stack_lvl+0x16c/0x1f0
[  301.206811][ T8661]  should_fail_ex+0x512/0x640
[  301.206845][ T8661]  ? __kmalloc_cache_noprof+0x5f/0x800
[  301.206877][ T8661]  should_failslab+0xc2/0x120
[  301.206901][ T8661]  __kmalloc_cache_noprof+0x80/0x800
[  301.206929][ T8661]  ? copy_mount_options+0x55/0x190
[  301.206950][ T8661]  ? copy_mount_options+0x55/0x190
[  301.206968][ T8661]  copy_mount_options+0x55/0x190
[  301.206988][ T8661]  __x64_sys_mount+0x1ab/0x310
[  301.207007][ T8661]  ? __pfx___x64_sys_mount+0x10/0x10
[  301.207031][ T8661]  do_syscall_64+0xcd/0xf80
[  301.207055][ T8661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  301.207073][ T8661] RIP: 0033:0x7f9c58b8f749
[  301.207086][ T8661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  301.207103][ T8661] RSP: 002b:00007f9c599ae038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  301.207121][ T8661] RAX: ffffffffffffffda RBX: 00007f9c58de5fa0 RCX: 00007f9c58b8f749
[  301.207132][ T8661] RDX: 0000200000000640 RSI: 0000200000000180 RDI: 0000000000000000
[  301.207143][ T8661] RBP: 00007f9c599ae090 R08: 0000200000000000 R09: 0000000000000000
[  301.207153][ T8661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  301.207163][ T8661] R13: 00007f9c58de6038 R14: 00007f9c58de5fa0 R15: 00007ffc90d0bed8
[  301.207186][ T8661]  </TASK>
[  301.296399][   T30] audit: type=1400 audit(301.262:499): avc:  denied  { name_bind } for  pid=8666 comm="syz.0.704" src=18464 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[  301.405210][ T5822] em28xx 2-1:0.89: unknown em28xx chip ID (0)
[  301.550822][   T30] audit: type=1400 audit(301.432:500): avc:  denied  { ioctl } for  pid=8664 comm="syz.2.705" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  301.826520][   T30] audit: type=1400 audit(301.792:501): avc:  denied  { read } for  pid=8680 comm="syz.0.709" lport=14512 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  301.876388][ T8681] syz.0.709 (8681) used greatest stack depth: 19624 bytes left
[  301.881036][   T30] audit: type=1400 audit(301.812:502): avc:  denied  { write } for  pid=8680 comm="syz.0.709" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  301.921132][ T8685] netlink: 'syz.3.710': attribute type 1 has an invalid length.
[  301.951071][ T8685] netlink: 28 bytes leftover after parsing attributes in process `syz.3.710'.
[  301.962867][ T8685] 8021q: adding VLAN 0 to HW filter on device bond4
[  302.265543][   T30] audit: type=1326 audit(302.222:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8664 comm="syz.2.705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe09b18f749 code=0x7fc00000
[  302.558312][   T30] audit: type=1400 audit(302.252:504): avc:  denied  { create } for  pid=8671 comm="syz.4.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  302.578990][   T30] audit: type=1400 audit(302.252:505): avc:  denied  { ioctl } for  pid=8671 comm="syz.4.707" path="socket:[21589]" dev="sockfs" ino=21589 ioctlcmd=0x4947 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  303.028775][ T8700] netlink: 200 bytes leftover after parsing attributes in process `syz.2.713'.
[  303.076323][ T8707] netlink: 'syz.0.716': attribute type 4 has an invalid length.
[  303.099384][ T8707] netlink: 'syz.0.716': attribute type 4 has an invalid length.
[  303.113243][ T7064] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  303.263059][ T7064] usb 5-1: device descriptor read/64, error -71
[  303.285408][ T5822] em28xx 2-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  303.293685][ T5822] em28xx 2-1:0.89: board has no eeprom
[  303.353075][ T5822] em28xx 2-1:0.89: Identified as Terratec Grabby (card=67)
[  303.360521][ T5822] em28xx 2-1:0.89: analog set to bulk mode.
[  303.366921][   T24] em28xx 2-1:0.89: Registering V4L2 extension
[  303.373251][ T2151] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  303.419531][   T24] em28xx 2-1:0.89: reading from i2c device at 0x4a failed (error=-5)
[  303.429259][   T24] em28xx 2-1:0.89: reading from i2c device at 0x48 failed (error=-5)
[  303.438482][   T24] em28xx 2-1:0.89: reading from i2c device at 0x42 failed (error=-5)
[  303.448159][   T24] em28xx 2-1:0.89: reading from i2c device at 0x40 failed (error=-5)
[  303.458207][   T24] em28xx 2-1:0.89: Config register raw data: 0xfffffffb
[  303.466191][   T24] em28xx 2-1:0.89: AC97 chip type couldn't be determined
[  303.469655][ T5891] usb 2-1: USB disconnect, device number 18
[  303.474163][   T24] em28xx 2-1:0.89: No AC97 audio processor
[  303.492770][ T5891] em28xx 2-1:0.89: Disconnecting em28xx
[  303.498900][   T24] usb 2-1: Decoder not found
[  303.504701][ T7064] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  303.516423][   T24] em28xx 2-1:0.89: failed to create media graph
[  303.527830][   T24] em28xx 2-1:0.89: V4L2 device video103 deregistered
[  303.542180][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.554152][   T24] em28xx 2-1:0.89: Registering snapshot button...
[  303.569949][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.585636][   T24] input: em28xx snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.89/input/input9
[  303.619887][ T2151] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  303.631011][ T2151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.641168][   T24] em28xx 2-1:0.89: Remote control support is not available for this card.
[  303.657091][ T5891] em28xx 2-1:0.89: Closing input extension
[  303.663574][ T7064] usb 5-1: device descriptor read/64, error -71
[  303.685687][ T5891] em28xx 2-1:0.89: Deregistering snapshot button
[  303.693776][ T2151] usb 1-1: config 0 descriptor??
[  303.727607][ T5891] em28xx 2-1:0.89: Freeing device
[  303.773350][ T7064] usb usb5-port1: attempt power cycle
[  304.539388][ T2151] hid-steam 0003:28DE:1142.0005: unknown main item tag 0x0
[  304.547484][ T2151] hid-steam 0003:28DE:1142.0005: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  304.599420][ T7064] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  304.614812][ T2151] hid-steam 0003:28DE:1142.0005: Steam wireless receiver connected
[  304.626584][ T7064] usb 5-1: device descriptor read/8, error -71
[  304.632023][   T30] audit: type=1400 audit(304.592:506): avc:  denied  { mount } for  pid=8727 comm="syz.0.722" name="/" dev="configfs" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  304.654627][ T2151] hid-steam 0003:28DE:1142.0005: No HID_FEATURE_REPORT submitted -  nothing to read
[  304.658460][ T2151] hid-steam 0003:28DE:1142.0006: unknown main item tag 0x0
[  304.677642][ T2151] hid-steam 0003:28DE:1142.0006: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  304.699576][ T2151] usb 1-1: USB disconnect, device number 15
[  304.709984][ T2151] hid-steam 0003:28DE:1142.0005: Steam wireless receiver disconnected
[  304.732650][   T30] audit: type=1400 audit(304.692:507): avc:  denied  { search } for  pid=8727 comm="syz.0.722" name="/" dev="configfs" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  304.754308][   T30] audit: type=1400 audit(304.692:508): avc:  denied  { search } for  pid=8727 comm="syz.0.722" name="/" dev="configfs" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  304.794793][ T8731] netlink: 28 bytes leftover after parsing attributes in process `syz.2.723'.
[  304.843216][   T30] audit: type=1400 audit(304.722:509): avc:  denied  { read open } for  pid=8727 comm="syz.0.722" path="/" dev="configfs" ino=27 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  304.883991][ T7064] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  304.922532][ T7064] usb 5-1: device descriptor read/8, error -71
[  304.926625][ T8729] fido_id[8729]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  304.957763][ T8736] netlink: 24 bytes leftover after parsing attributes in process `syz.2.724'.
[  305.015016][   T30] audit: type=1400 audit(304.982:510): avc:  denied  { map } for  pid=8734 comm="syz.2.724" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  305.043728][ T7064] usb usb5-port1: unable to enumerate USB device
[  305.064588][   T30] audit: type=1400 audit(304.982:511): avc:  denied  { execute } for  pid=8734 comm="syz.2.724" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  305.087589][   T30] audit: type=1400 audit(305.022:512): avc:  denied  { write } for  pid=8734 comm="syz.2.724" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  305.104788][ T8745] netlink: 'syz.3.727': attribute type 10 has an invalid length.
[  305.117844][   T30] audit: type=1400 audit(305.022:513): avc:  denied  { open } for  pid=8734 comm="syz.2.724" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  305.150950][ T8745] team0: Device veth1_vlan failed to register rx_handler
[  305.268130][ T8748] netlink: 200 bytes leftover after parsing attributes in process `syz.2.728'.
[  305.583136][ T5891] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  305.733040][ T5891] usb 1-1: Using ep0 maxpacket: 8
[  305.742258][ T5891] usb 1-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b
[  305.752679][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.761002][ T5891] usb 1-1: Product: syz
[  305.815838][ T5891] usb 1-1: Manufacturer: syz
[  305.820615][ T5891] usb 1-1: SerialNumber: syz
[  305.828393][ T5891] usb 1-1: config 0 descriptor??
[  305.839427][ T5891] option 1-1:0.0: GSM modem (1-port) converter detected
[  306.620290][ T8759] netlink: 'syz.2.732': attribute type 1 has an invalid length.
[  306.650239][ T8762] FAULT_INJECTION: forcing a failure.
[  306.650239][ T8762] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  306.653748][ T8759] netlink: 28 bytes leftover after parsing attributes in process `syz.2.732'.
[  306.664713][ T8762] CPU: 1 UID: 0 PID: 8762 Comm: syz.4.733 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  306.664741][ T8762] Tainted: [L]=SOFTLOCKUP
[  306.664746][ T8762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  306.664756][ T8762] Call Trace:
[  306.664761][ T8762]  <TASK>
[  306.664767][ T8762]  dump_stack_lvl+0x16c/0x1f0
[  306.664811][ T8762]  should_fail_ex+0x512/0x640
[  306.664838][ T8762]  _copy_from_user+0x2e/0xd0
[  306.664867][ T8762]  snd_pcm_oss_write2+0x1c2/0x410
[  306.664891][ T8762]  ? __pfx_snd_pcm_oss_write2+0x10/0x10
[  306.664912][ T8762]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[  306.664933][ T8762]  snd_pcm_oss_write+0x710/0xa10
[  306.664957][ T8762]  ? security_file_permission+0x71/0x210
[  306.664983][ T8762]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[  306.665004][ T8762]  vfs_write+0x2a0/0x11d0
[  306.665029][ T8762]  ? __pfx_vfs_write+0x10/0x10
[  306.665047][ T8762]  ? find_held_lock+0x2b/0x80
[  306.665071][ T8762]  ? __fget_files+0x204/0x3c0
[  306.665096][ T8762]  ? __fget_files+0x20e/0x3c0
[  306.665127][ T8762]  ksys_write+0x12a/0x250
[  306.665147][ T8762]  ? __pfx_ksys_write+0x10/0x10
[  306.665172][ T8762]  do_syscall_64+0xcd/0xf80
[  306.665194][ T8762]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.665210][ T8762] RIP: 0033:0x7f9c58b8f749
[  306.665222][ T8762] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.665237][ T8762] RSP: 002b:00007f9c599ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  306.665253][ T8762] RAX: ffffffffffffffda RBX: 00007f9c58de5fa0 RCX: 00007f9c58b8f749
[  306.665264][ T8762] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000003
[  306.665273][ T8762] RBP: 00007f9c599ae090 R08: 0000000000000000 R09: 0000000000000000
[  306.665283][ T8762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  306.665292][ T8762] R13: 00007f9c58de6038 R14: 00007f9c58de5fa0 R15: 00007ffc90d0bed8
[  306.665314][ T8762]  </TASK>
[  306.728466][ T7064] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  306.738373][ T8759] 8021q: adding VLAN 0 to HW filter on device bond2
[  306.903101][ T7064] usb 4-1: Using ep0 maxpacket: 16
[  306.917992][ T7064] usb 4-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01
[  306.930852][ T7064] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.941570][ T7064] usb 4-1: Product: syz
[  306.944485][ T8766] FAULT_INJECTION: forcing a failure.
[  306.944485][ T8766] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  306.948362][ T7064] usb 4-1: Manufacturer: syz
[  306.960519][ T8766] CPU: 0 UID: 0 PID: 8766 Comm: syz.2.735 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  306.960547][ T8766] Tainted: [L]=SOFTLOCKUP
[  306.960552][ T8766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  306.960561][ T8766] Call Trace:
[  306.960567][ T8766]  <TASK>
[  306.960573][ T8766]  dump_stack_lvl+0x16c/0x1f0
[  306.960598][ T8766]  should_fail_ex+0x512/0x640
[  306.960625][ T8766]  _copy_from_iter+0x2a4/0x16c0
[  306.960652][ T8766]  ? __alloc_skb+0x220/0x410
[  306.960674][ T8766]  ? __alloc_skb+0x35d/0x410
[  306.960697][ T8766]  ? __pfx__copy_from_iter+0x10/0x10
[  306.960720][ T8766]  ? netlink_autobind.isra.0+0x158/0x370
[  306.960747][ T8766]  netlink_sendmsg+0x820/0xdd0
[  306.960770][ T8766]  ? __pfx_netlink_sendmsg+0x10/0x10
[  306.960797][ T8766]  ____sys_sendmsg+0xa5d/0xc30
[  306.960819][ T8766]  ? copy_msghdr_from_user+0x10a/0x160
[  306.960835][ T8766]  ? __pfx_____sys_sendmsg+0x10/0x10
[  306.960864][ T8766]  ___sys_sendmsg+0x134/0x1d0
[  306.960881][ T8766]  ? __pfx____sys_sendmsg+0x10/0x10
[  306.960921][ T8766]  __sys_sendmsg+0x16d/0x220
[  306.960938][ T8766]  ? __pfx___sys_sendmsg+0x10/0x10
[  306.960967][ T8766]  do_syscall_64+0xcd/0xf80
[  306.960989][ T8766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.961005][ T8766] RIP: 0033:0x7fe09b18f749
[  306.961018][ T8766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.961033][ T8766] RSP: 002b:00007fe09bfeb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  306.961049][ T8766] RAX: ffffffffffffffda RBX: 00007fe09b3e5fa0 RCX: 00007fe09b18f749
[  306.961060][ T8766] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  306.961069][ T8766] RBP: 00007fe09bfeb090 R08: 0000000000000000 R09: 0000000000000000
[  306.961078][ T8766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  306.961088][ T8766] R13: 00007fe09b3e6038 R14: 00007fe09b3e5fa0 R15: 00007fff7d6a2a58
[  306.961119][ T8766]  </TASK>
[  307.127141][   T30] audit: type=1400 audit(307.102:514): avc:  denied  { create } for  pid=8763 comm="syz.4.734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  307.134445][ T7064] usb 4-1: SerialNumber: syz
[  307.136284][ T7064] usb 4-1: config 0 descriptor??
[  307.199100][ T7064] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected.
[  307.404238][   T30] audit: type=1400 audit(307.372:515): avc:  denied  { module_load } for  pid=8753 comm="syz.3.730" path="/141/bus" dev="tmpfs" ino=756 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  307.405272][ T8754] Invalid ELF header len 8
[  307.449202][ T7064] pwc: Warning: more than 1 configuration available.
[  307.456577][ T7064] pwc: Failed to set LED on/off time (-71)
[  307.462635][ T7064] pwc: send_video_command error -71
[  307.468203][ T7064] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  307.476131][ T7064] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  307.496700][ T7064] usb 4-1: USB disconnect, device number 21
[  308.419935][ T5947] usb 1-1: USB disconnect, device number 16
[  308.427862][ T5947] option 1-1:0.0: device disconnected
[  308.471406][ T8788] FAULT_INJECTION: forcing a failure.
[  308.471406][ T8788] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  308.484604][ T8788] CPU: 1 UID: 0 PID: 8788 Comm: syz.2.741 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  308.484633][ T8788] Tainted: [L]=SOFTLOCKUP
[  308.484639][ T8788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  308.484650][ T8788] Call Trace:
[  308.484656][ T8788]  <TASK>
[  308.484662][ T8788]  dump_stack_lvl+0x16c/0x1f0
[  308.484689][ T8788]  should_fail_ex+0x512/0x640
[  308.484720][ T8788]  _copy_to_user+0x32/0xd0
[  308.484748][ T8788]  simple_read_from_buffer+0xcb/0x170
[  308.484794][ T8788]  proc_fail_nth_read+0x197/0x240
[  308.484813][ T8788]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  308.484832][ T8788]  ? rw_verify_area+0xcf/0x6c0
[  308.484851][ T8788]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  308.484869][ T8788]  vfs_read+0x1e4/0xcf0
[  308.484892][ T8788]  ? __pfx___mutex_lock+0x10/0x10
[  308.484916][ T8788]  ? __pfx_vfs_read+0x10/0x10
[  308.484944][ T8788]  ? __fget_files+0x20e/0x3c0
[  308.484974][ T8788]  ksys_read+0x12a/0x250
[  308.484994][ T8788]  ? __pfx_ksys_read+0x10/0x10
[  308.485014][ T8788]  ? fput+0x70/0xf0
[  308.485032][ T8788]  do_syscall_64+0xcd/0xf80
[  308.485063][ T8788]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.485081][ T8788] RIP: 0033:0x7fe09b18e15c
[  308.485094][ T8788] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  308.485111][ T8788] RSP: 002b:00007fe09bfca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  308.485129][ T8788] RAX: ffffffffffffffda RBX: 00007fe09b3e6090 RCX: 00007fe09b18e15c
[  308.485141][ T8788] RDX: 000000000000000f RSI: 00007fe09bfca0a0 RDI: 0000000000000005
[  308.485152][ T8788] RBP: 00007fe09bfca090 R08: 0000000000000000 R09: 0000000000000000
[  308.485162][ T8788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.485173][ T8788] R13: 00007fe09b3e6128 R14: 00007fe09b3e6090 R15: 00007fff7d6a2a58
[  308.485198][ T8788]  </TASK>
[  309.257080][ T8804] netlink: 'syz.3.746': attribute type 1 has an invalid length.
[  309.321371][ T8808] netlink: 28 bytes leftover after parsing attributes in process `syz.3.746'.
[  309.354695][ T8808] 8021q: adding VLAN 0 to HW filter on device bond5
[  309.397489][ T8810] FAULT_INJECTION: forcing a failure.
[  309.397489][ T8810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.410566][ T8810] CPU: 1 UID: 0 PID: 8810 Comm: syz.2.748 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  309.410584][ T8810] Tainted: [L]=SOFTLOCKUP
[  309.410588][ T8810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  309.410595][ T8810] Call Trace:
[  309.410600][ T8810]  <TASK>
[  309.410605][ T8810]  dump_stack_lvl+0x16c/0x1f0
[  309.410624][ T8810]  should_fail_ex+0x512/0x640
[  309.410644][ T8810]  _copy_to_user+0x32/0xd0
[  309.410662][ T8810]  simple_read_from_buffer+0xcb/0x170
[  309.410678][ T8810]  proc_fail_nth_read+0x197/0x240
[  309.410690][ T8810]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.410703][ T8810]  ? rw_verify_area+0xcf/0x6c0
[  309.410715][ T8810]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  309.410726][ T8810]  vfs_read+0x1e4/0xcf0
[  309.410740][ T8810]  ? __pfx___mutex_lock+0x10/0x10
[  309.410756][ T8810]  ? __pfx_vfs_read+0x10/0x10
[  309.410777][ T8810]  ? __fget_files+0x20e/0x3c0
[  309.410796][ T8810]  ksys_read+0x12a/0x250
[  309.410810][ T8810]  ? __pfx_ksys_read+0x10/0x10
[  309.410826][ T8810]  do_syscall_64+0xcd/0xf80
[  309.410842][ T8810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.410854][ T8810] RIP: 0033:0x7fe09b18e15c
[  309.410863][ T8810] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  309.410874][ T8810] RSP: 002b:00007fe09bfeb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  309.410884][ T8810] RAX: ffffffffffffffda RBX: 00007fe09b3e5fa0 RCX: 00007fe09b18e15c
[  309.410891][ T8810] RDX: 000000000000000f RSI: 00007fe09bfeb0a0 RDI: 0000000000000006
[  309.410897][ T8810] RBP: 00007fe09bfeb090 R08: 0000000000000000 R09: 0000000000000000
[  309.410904][ T8810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  309.410910][ T8810] R13: 00007fe09b3e6038 R14: 00007fe09b3e5fa0 R15: 00007fff7d6a2a58
[  309.410923][ T8810]  </TASK>
[  309.622187][ T8812] netlink: 32 bytes leftover after parsing attributes in process `syz.2.749'.
[  309.632162][ T8812] netlink: 32 bytes leftover after parsing attributes in process `syz.2.749'.
[  309.745359][ T8815] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8)
[  309.751894][ T8815] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  309.760859][ T8815] vhci_hcd vhci_hcd.0: Device attached
[  309.815147][ T8816] vhci_hcd: connection closed
[  309.820544][   T33] vhci_hcd vhci_hcd.2: stop threads
[  309.831032][   T33] vhci_hcd vhci_hcd.2: release socket
[  309.842049][   T33] vhci_hcd vhci_hcd.2: disconnect device
[  310.140448][ T8821] FAULT_INJECTION: forcing a failure.
[  310.140448][ T8821] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  310.169857][ T8821] CPU: 1 UID: 0 PID: 8821 Comm: syz.4.751 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  310.169887][ T8821] Tainted: [L]=SOFTLOCKUP
[  310.169894][ T8821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  310.169904][ T8821] Call Trace:
[  310.169910][ T8821]  <TASK>
[  310.169917][ T8821]  dump_stack_lvl+0x16c/0x1f0
[  310.169944][ T8821]  should_fail_ex+0x512/0x640
[  310.169975][ T8821]  _copy_from_user+0x2e/0xd0
[  310.170001][ T8821]  do_tcp_getsockopt+0x1d67/0x2b20
[  310.170026][ T8821]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  310.170045][ T8821]  ? __kernel_text_address+0xd/0x40
[  310.170070][ T8821]  ? arch_stack_walk+0xa6/0x100
[  310.170100][ T8821]  ? __lock_acquire+0x436/0x2890
[  310.170134][ T8821]  ? find_held_lock+0x2b/0x80
[  310.170161][ T8821]  ? avc_has_perm_noaudit+0x117/0x3b0
[  310.170194][ T8821]  ? avc_has_perm_noaudit+0x149/0x3b0
[  310.170225][ T8821]  ? avc_has_perm+0x144/0x1f0
[  310.170242][ T8821]  ? __pfx_avc_has_perm+0x10/0x10
[  310.170273][ T8821]  ? __lock_acquire+0x436/0x2890
[  310.170297][ T8821]  ? sock_has_perm+0x258/0x2f0
[  310.170323][ T8821]  ? find_held_lock+0x2b/0x80
[  310.170349][ T8821]  ? __might_fault+0xe3/0x190
[  310.170365][ T8821]  ? __might_fault+0xe3/0x190
[  310.170381][ T8821]  ? __might_fault+0x13b/0x190
[  310.170401][ T8821]  tcp_getsockopt+0xdf/0x100
[  310.170423][ T8821]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  310.170446][ T8821]  do_sock_getsockopt+0x324/0x410
[  310.170469][ T8821]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  310.170490][ T8821]  ? __fget_files+0x204/0x3c0
[  310.170524][ T8821]  __sys_getsockopt+0x12f/0x260
[  310.170546][ T8821]  __x64_sys_getsockopt+0xbd/0x160
[  310.170563][ T8821]  ? do_syscall_64+0x91/0xf80
[  310.170585][ T8821]  ? lockdep_hardirqs_on+0x7c/0x110
[  310.170604][ T8821]  do_syscall_64+0xcd/0xf80
[  310.170623][ T8821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.170638][ T8821] RIP: 0033:0x7f9c58b8f749
[  310.170651][ T8821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.170665][ T8821] RSP: 002b:00007f9c599ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  310.170680][ T8821] RAX: ffffffffffffffda RBX: 00007f9c58de5fa0 RCX: 00007f9c58b8f749
[  310.170690][ T8821] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000004
[  310.170698][ T8821] RBP: 00007f9c599ae090 R08: 0000200000000180 R09: 0000000000000000
[  310.170707][ T8821] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.170716][ T8821] R13: 00007f9c58de6038 R14: 00007f9c58de5fa0 R15: 00007ffc90d0bed8
[  310.170735][ T8821]  </TASK>
[  310.491230][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  310.491246][   T30] audit: type=1400 audit(310.452:518): avc:  denied  { write } for  pid=8822 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  310.590529][   T30] audit: type=1400 audit(310.452:519): avc:  denied  { bind } for  pid=8822 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  310.592232][ T8837] netlink: 8 bytes leftover after parsing attributes in process `syz.0.757'.
[  310.609680][   T30] audit: type=1400 audit(310.452:520): avc:  denied  { listen } for  pid=8822 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  310.609722][   T30] audit: type=1400 audit(310.452:521): avc:  denied  { write } for  pid=8822 comm="syz.2.753" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  310.959577][ T8846] netlink: 'syz.2.760': attribute type 1 has an invalid length.
[  310.978961][ T8846] netlink: 28 bytes leftover after parsing attributes in process `syz.2.760'.
[  310.993271][ T5947] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  311.287785][ T8846] 8021q: adding VLAN 0 to HW filter on device bond3
[  311.356165][ T5947] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  311.371615][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.456880][ T5947] usb 5-1: Product: syz
[  311.465150][ T5947] usb 5-1: Manufacturer: syz
[  311.474467][ T5947] usb 5-1: SerialNumber: syz
[  311.492103][ T5947] usb 5-1: config 0 descriptor??
[  311.513546][ T5947] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 014
[  311.550470][ T8853] netlink: 200 bytes leftover after parsing attributes in process `syz.2.761'.
[  311.799360][ T8864] netlink: 'syz.0.764': attribute type 16 has an invalid length.
[  311.807207][ T8864] netlink: 'syz.0.764': attribute type 2 has an invalid length.
[  311.814863][ T8864] netlink: 64086 bytes leftover after parsing attributes in process `syz.0.764'.
[  312.475803][ T8871] netlink: 'syz.3.763': attribute type 4 has an invalid length.
[  312.554832][ T8871] netlink: 'syz.3.763': attribute type 4 has an invalid length.
[  312.596682][ T8873] netlink: 48 bytes leftover after parsing attributes in process `syz.2.765'.
[  312.762943][   T30] audit: type=1400 audit(312.722:522): avc:  denied  { getopt } for  pid=8875 comm="syz.0.767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  313.402385][ T8886] ip6gre1: entered promiscuous mode
[  313.485678][ T8888] netlink: 32 bytes leftover after parsing attributes in process `syz.2.770'.
[  313.666592][ T8890] netlink: 48 bytes leftover after parsing attributes in process `syz.2.771'.
[  313.760104][ T8892] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  313.769106][ T5947]  (null): failure reading functionality
[  313.785011][ T5947] i2c i2c-1: failure reading functionality
[  313.803790][ T5947] i2c i2c-1: connected i2c-tiny-usb device
[  313.811677][   T30] audit: type=1400 audit(313.772:523): avc:  denied  { setattr } for  pid=8895 comm="syz.2.773" name="SCTPv6" dev="sockfs" ino=21182 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  314.577555][   T30] audit: type=1400 audit(314.542:524): avc:  denied  { ioctl } for  pid=8911 comm="syz-executor" path="socket:[22151]" dev="sockfs" ino=22151 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  314.578067][ T5819] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  315.106195][ T5819] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  315.114636][ T5819] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  315.122385][ T5819] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  315.133528][ T5819] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  315.148119][ T5140] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  315.155445][ T5140] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  315.162670][ T5140] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  315.170634][ T5140] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  315.178188][ T5140] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  315.280785][ T2151] usb 5-1: USB disconnect, device number 14
[  315.435638][   T30] audit: type=1400 audit(315.402:525): avc:  denied  { getopt } for  pid=8919 comm="syz.2.780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  315.475568][ T8925] FAULT_INJECTION: forcing a failure.
[  315.475568][ T8925] name failslab, interval 1, probability 0, space 0, times 0
[  315.608256][ T8925] CPU: 1 UID: 0 PID: 8925 Comm: syz.3.778 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  315.608288][ T8925] Tainted: [L]=SOFTLOCKUP
[  315.608295][ T8925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  315.608306][ T8925] Call Trace:
[  315.608312][ T8925]  <TASK>
[  315.608319][ T8925]  dump_stack_lvl+0x16c/0x1f0
[  315.608347][ T8925]  should_fail_ex+0x512/0x640
[  315.608373][ T8925]  ? kmem_cache_alloc_lru_noprof+0x66/0x770
[  315.608396][ T8925]  should_failslab+0xc2/0x120
[  315.608421][ T8925]  kmem_cache_alloc_lru_noprof+0x87/0x770
[  315.608441][ T8925]  ? sock_alloc_inode+0x25/0x1c0
[  315.608468][ T8925]  ? __pfx_sock_alloc_inode+0x10/0x10
[  315.608488][ T8925]  ? sock_alloc_inode+0x25/0x1c0
[  315.608509][ T8925]  sock_alloc_inode+0x25/0x1c0
[  315.608529][ T8925]  alloc_inode+0x64/0x240
[  315.608551][ T8925]  sock_alloc+0x40/0x280
[  315.608571][ T8925]  do_accept+0xf7/0x530
[  315.608596][ T8925]  ? do_raw_spin_lock+0x12c/0x2b0
[  315.608624][ T8925]  ? __pfx_do_accept+0x10/0x10
[  315.608664][ T8925]  __sys_accept4_file+0xcd/0x210
[  315.608689][ T8925]  ? __pfx___sys_accept4_file+0x10/0x10
[  315.608722][ T8925]  __x64_sys_accept+0xb0/0x140
[  315.608747][ T8925]  do_syscall_64+0xcd/0xf80
[  315.608769][ T8925]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  315.608784][ T8925] RIP: 0033:0x7fcef298f749
[  315.608798][ T8925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  315.608812][ T8925] RSP: 002b:00007fcef38ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b
[  315.608829][ T8925] RAX: ffffffffffffffda RBX: 00007fcef2be6090 RCX: 00007fcef298f749
[  315.608839][ T8925] RDX: 0000200000000280 RSI: 0000200000000200 RDI: 0000000000000003
[  315.608848][ T8925] RBP: 00007fcef38ef090 R08: 0000000000000000 R09: 0000000000000000
[  315.608857][ T8925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  315.608867][ T8925] R13: 00007fcef2be6128 R14: 00007fcef2be6090 R15: 00007fffefa29fb8
[  315.608886][ T8925]  </TASK>
[  315.944485][ T8911] chnl_net:caif_netlink_parms(): no params data found
[  316.555742][ T8937] binder: 8935:8937 ioctl c0306201 200000000640 returned -22
[  316.605662][   T30] audit: type=1400 audit(316.572:526): avc:  denied  { ioctl } for  pid=8935 comm="syz.3.782" path="socket:[22220]" dev="sockfs" ino=22220 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  316.647155][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  316.654084][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  316.672477][   T30] audit: type=1400 audit(316.612:527): avc:  denied  { read } for  pid=8941 comm="syz.4.784" path="socket:[22217]" dev="sockfs" ino=22217 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  316.714769][ T8911] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.732534][ T8911] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.763290][ T8911] bridge_slave_0: entered allmulticast mode
[  316.770539][ T8911] bridge_slave_0: entered promiscuous mode
[  316.806656][ T8911] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.814670][ T8911] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.821881][ T8911] bridge_slave_1: entered allmulticast mode
[  316.859797][ T8911] bridge_slave_1: entered promiscuous mode
[  316.910174][ T8911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  316.927165][ T8911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  316.978099][ T8911] team0: Port device team_slave_0 added
[  316.999172][ T8911] team0: Port device team_slave_1 added
[  317.048217][ T8911] batman_adv: batadv0: Adding interface: batadv_slave_0
[  317.066260][ T8911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  317.094242][ T8911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  317.110437][ T8911] batman_adv: batadv0: Adding interface: batadv_slave_1
[  317.117810][ T8911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  317.145740][ T8911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  317.197222][ T8911] hsr_slave_0: entered promiscuous mode
[  317.203578][ T5140] Bluetooth: hci5: command tx timeout
[  317.223781][ T8911] hsr_slave_1: entered promiscuous mode
[  317.230804][ T8911] debugfs: 'hsr0' already exists in 'hsr'
[  317.244320][ T8911] Cannot create hsr debugfs directory
[  317.588715][ T8911] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  317.633483][ T8911] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  317.648700][ T8911] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  318.175050][ T8911] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  318.337142][ T8911] 8021q: adding VLAN 0 to HW filter on device bond0
[  318.390190][ T8911] 8021q: adding VLAN 0 to HW filter on device team0
[  318.407094][ T4099] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.414248][ T4099] bridge0: port 1(bridge_slave_0) entered forwarding state
[  318.467460][ T1329] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.474622][ T1329] bridge0: port 2(bridge_slave_1) entered forwarding state
[  318.735577][ T8911] 8021q: adding VLAN 0 to HW filter on device batadv0
[  318.795564][   T30] audit: type=1400 audit(318.762:528): avc:  denied  { getopt } for  pid=9004 comm="syz.3.800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  318.967188][ T8911] veth0_vlan: entered promiscuous mode
[  318.978125][ T8911] veth1_vlan: entered promiscuous mode
[  318.997403][ T8911] veth0_macvtap: entered promiscuous mode
[  319.003691][ T6028] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  319.017264][ T8911] veth1_macvtap: entered promiscuous mode
[  319.031095][ T8911] batman_adv: batadv0: Interface activated: batadv_slave_0
[  319.045973][ T8911] batman_adv: batadv0: Interface activated: batadv_slave_1
[  319.065653][ T6265] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  319.076132][ T6265] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  319.086838][ T6265] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  319.095600][ T6265] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  319.158113][ T4099] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.170414][ T6028] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  319.181578][ T4099] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.190643][ T6028] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.202462][ T6028] usb 5-1: config 0 descriptor??
[  319.211332][ T6028] gspca_main: cpia1-2.14.0 probing 0813:0001
[  319.283271][ T5140] Bluetooth: hci5: command tx timeout
[  319.292490][ T1329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  319.313852][ T1329] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  319.335716][   T30] audit: type=1400 audit(319.302:529): avc:  denied  { mounton } for  pid=8911 comm="syz-executor" path="/root/syzkaller.1cSToC/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  319.430388][   T30] audit: type=1400 audit(319.302:530): avc:  denied  { mounton } for  pid=8911 comm="syz-executor" path="/root/syzkaller.1cSToC/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  319.530522][ T9025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  319.530676][   T30] audit: type=1400 audit(319.302:531): avc:  denied  { mounton } for  pid=8911 comm="syz-executor" path="/root/syzkaller.1cSToC/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=23631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  319.583369][ T9025] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  319.641863][   T30] audit: type=1400 audit(319.342:532): avc:  denied  { mounton } for  pid=8911 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  319.682295][ T9025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  319.730906][   T30] audit: type=1400 audit(319.692:533): avc:  denied  { link } for  pid=9018 comm="syz.3.803" name="#c" dev="tmpfs" ino=850 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  319.865809][   T30] audit: type=1400 audit(319.692:534): avc:  denied  { rename } for  pid=9018 comm="syz.3.803" name="#d" dev="tmpfs" ino=850 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  319.911411][ T9025] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  320.511766][ T6028] gspca_cpia1: usb_control_msg 05, error -110
[  320.524057][ T6028] gspca_cpia1: usb_control_msg 01, error -32
[  320.530947][ T6028] gspca_cpia1: usb_control_msg 01, error -32
[  320.538110][ T6028] gspca_cpia1: usb_control_msg 01, error -32
[  320.544706][ T6028] gspca_cpia1: usb_control_msg 01, error -32
[  320.550701][ T6028] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  321.371970][ T5140] Bluetooth: hci5: command tx timeout
[  321.806560][ T9054] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  321.825172][ T6257] usb 5-1: USB disconnect, device number 15
[  321.975590][ T9060] faux_driver vkms: [drm] Unknown color mode 8388614; guessing buffer size.
[  322.397920][ T9069] FAULT_INJECTION: forcing a failure.
[  322.397920][ T9069] name failslab, interval 1, probability 0, space 0, times 0
[  322.424355][ T9069] CPU: 0 UID: 0 PID: 9069 Comm: syz.4.814 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  322.424386][ T9069] Tainted: [L]=SOFTLOCKUP
[  322.424392][ T9069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  322.424402][ T9069] Call Trace:
[  322.424407][ T9069]  <TASK>
[  322.424414][ T9069]  dump_stack_lvl+0x16c/0x1f0
[  322.424441][ T9069]  should_fail_ex+0x512/0x640
[  322.424465][ T9069]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[  322.424485][ T9069]  should_failslab+0xc2/0x120
[  322.424508][ T9069]  kmem_cache_alloc_node_noprof+0x86/0x800
[  322.424524][ T9069]  ? __alloc_skb+0x156/0x410
[  322.424548][ T9069]  ? __alloc_skb+0x35d/0x410
[  322.424575][ T9069]  ? __alloc_skb+0x156/0x410
[  322.424598][ T9069]  __alloc_skb+0x156/0x410
[  322.424622][ T9069]  ? __alloc_skb+0x35d/0x410
[  322.424645][ T9069]  ? __pfx___alloc_skb+0x10/0x10
[  322.424698][ T9069]  alloc_skb_with_frags+0xe0/0x860
[  322.424717][ T9069]  ? __might_fault+0xe3/0x190
[  322.424732][ T9069]  ? __might_fault+0x13b/0x190
[  322.424757][ T9069]  sock_alloc_send_pskb+0x7f9/0x980
[  322.424782][ T9069]  ? _copy_from_iter+0x161/0x16c0
[  322.424812][ T9069]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  322.424837][ T9069]  ? __lock_acquire+0x436/0x2890
[  322.424854][ T9069]  ? _parse_integer_limit+0x17f/0x1d0
[  322.424876][ T9069]  ? iov_iter_advance+0x7d/0x6c0
[  322.424902][ T9069]  tun_get_user+0x7e2/0x3cc0
[  322.424937][ T9069]  ? __pfx_tun_get_user+0x10/0x10
[  322.424962][ T9069]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  322.424985][ T9069]  ? find_held_lock+0x2b/0x80
[  322.425010][ T9069]  ? tun_get+0x191/0x370
[  322.425036][ T9069]  tun_chr_write_iter+0xdc/0x210
[  322.425061][ T9069]  vfs_write+0x7d3/0x11d0
[  322.425083][ T9069]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  322.425109][ T9069]  ? __pfx_vfs_write+0x10/0x10
[  322.425127][ T9069]  ? find_held_lock+0x2b/0x80
[  322.425165][ T9069]  ksys_write+0x12a/0x250
[  322.425185][ T9069]  ? __pfx_ksys_write+0x10/0x10
[  322.425211][ T9069]  do_syscall_64+0xcd/0xf80
[  322.425234][ T9069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.425250][ T9069] RIP: 0033:0x7f9c58b8f749
[  322.425264][ T9069] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.425281][ T9069] RSP: 002b:00007f9c599ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  322.425298][ T9069] RAX: ffffffffffffffda RBX: 00007f9c58de5fa0 RCX: 00007f9c58b8f749
[  322.425309][ T9069] RDX: 000000000000004e RSI: 0000200000000280 RDI: 0000000000000003
[  322.425319][ T9069] RBP: 00007f9c599ae090 R08: 0000000000000000 R09: 0000000000000000
[  322.425329][ T9069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.425339][ T9069] R13: 00007f9c58de6038 R14: 00007f9c58de5fa0 R15: 00007ffc90d0bed8
[  322.425362][ T9069]  </TASK>
[  322.802785][   T30] audit: type=1400 audit(322.762:535): avc:  denied  { mount } for  pid=9075 comm="syz.3.818" name="/" dev="autofs" ino=23793 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  323.211619][   T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  323.252613][   T30] audit: type=1400 audit(323.212:536): avc:  denied  { unmount } for  pid=5816 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  323.473267][ T5140] Bluetooth: hci5: command tx timeout
[  323.475954][   T24] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  323.572391][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.695699][   T24] usb 1-1: Product: syz
[  323.703928][   T24] usb 1-1: Manufacturer: syz
[  323.727812][   T24] usb 1-1: SerialNumber: syz
[  323.740968][   T24] usb 1-1: config 0 descriptor??
[  323.842377][ T9092] binder: 9089:9092 ioctl 89f3 200000000800 returned -22
[  323.852264][ T9092] binder: transaction release 59 bad handle 1, ret = -22
[  323.860561][   T24] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 017
[  323.870040][ T9092] binder: 9089:9092 ioctl 8903 200000000000 returned -22
[  323.940284][   T30] audit: type=1400 audit(323.902:537): avc:  denied  { bind } for  pid=9093 comm="syz.2.822" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  323.993534][   T30] audit: type=1400 audit(323.962:538): avc:  denied  { ioctl } for  pid=9093 comm="syz.2.822" path="socket:[23821]" dev="sockfs" ino=23821 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  324.325702][   T30] audit: type=1400 audit(324.292:539): avc:  denied  { getopt } for  pid=9098 comm="syz.5.824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  324.493691][ T6257] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  325.156774][ T6257] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  325.169873][ T6257] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.192085][ T6257] usb 5-1: Product: syz
[  325.207028][ T6257] usb 5-1: Manufacturer: syz
[  325.224152][ T6257] usb 5-1: SerialNumber: syz
[  325.285154][ T6257] usb 5-1: config 0 descriptor??
[  325.306677][ T6257] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 016
[  326.360788][   T24]  (null): failure reading functionality
[  326.361639][   T24] i2c i2c-1: failure reading functionality
[  326.365596][   T24] i2c i2c-1: connected i2c-tiny-usb device
[  326.469486][ T9128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.830'.
[  326.482228][ T9128] netlink: 12 bytes leftover after parsing attributes in process `syz.3.830'.
[  326.584224][   T30] audit: type=1400 audit(325.682:540): avc:  denied  { bind } for  pid=9117 comm="syz.5.829" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  327.108553][ T6257] i2c i2c-2: failure reading functionality
[  327.132573][ T6257] i2c i2c-2: connected i2c-tiny-usb device
[  327.233251][   T30] audit: type=1400 audit(325.682:541): avc:  denied  { name_bind } for  pid=9117 comm="syz.5.829" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  327.237058][ T6257] usb 5-1: USB disconnect, device number 16
[  327.289425][   T30] audit: type=1400 audit(325.682:542): avc:  denied  { node_bind } for  pid=9117 comm="syz.5.829" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  327.477792][ T9139] sch_fq: defrate 4294967295 ignored.
[  327.743075][ T2151] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  327.854263][ T9155] comedi comedi4: bad chanlist[0]=0x00000009 chan=9 range length=2
[  327.905202][ T2151] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  327.939039][ T2151] usb 6-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  327.961338][ T7573] usb 1-1: USB disconnect, device number 17
[  327.988879][ T2151] usb 6-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  328.023983][ T2151] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.284225][ T9166] syz_tun: entered allmulticast mode
[  328.350943][ T2151] aiptek 6-1:17.0: Aiptek using 400 ms programming speed
[  328.368478][   T30] audit: type=1400 audit(328.332:543): avc:  denied  { setopt } for  pid=9162 comm="syz.0.840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  328.374712][ T2151] input: Aiptek as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:17.0/input/input10
[  328.398108][ T2151] input: failed to attach handler kbd to device input10, error: -5
[  328.407724][ T9167] netlink: ct family unspecified
[  328.412753][ T9167] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  328.426982][   T30] audit: type=1400 audit(328.332:544): avc:  denied  { write } for  pid=9162 comm="syz.0.840" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  328.451359][ T2151] usb 6-1: USB disconnect, device number 2
[  331.018631][ T2151] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  332.358201][ T9211] trusted_key: encrypted_key: key trusted:syz not found
[  332.365974][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.853'.
[  332.376485][ T2151] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  332.392127][ T9211] IPv6: NLM_F_CREATE should be specified when creating new route
[  332.413076][ T2151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.436324][ T2151] usb 4-1: Product: syz
[  332.441972][ T2151] usb 4-1: Manufacturer: syz
[  332.446911][ T2151] usb 4-1: SerialNumber: syz
[  332.454998][ T2151] usb 4-1: config 0 descriptor??
[  332.518173][ T6257] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  332.524826][ T2151] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 022
[  332.543160][ T7573] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  332.779594][ T7573] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  332.799359][ T7573] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.808024][ T7573] usb 1-1: Product: syz
[  332.812207][ T7573] usb 1-1: Manufacturer: syz
[  332.817775][ T7573] usb 1-1: SerialNumber: syz
[  332.831892][ T2151]  (null): failure setting delay to 10us
[  332.843183][ T6257] usb 6-1: Using ep0 maxpacket: 8
[  332.844139][ T7573] usb 1-1: config 0 descriptor??
[  332.860933][ T2151] i2c-tiny-usb 4-1:0.0: probe with driver i2c-tiny-usb failed with error -5
[  332.874091][ T6257] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  332.885834][ T7573] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 018
[  332.908849][ T2151] usb 4-1: USB disconnect, device number 22
[  332.921250][ T6257] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  332.933191][ T6257] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  332.946181][ T6257] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  332.966327][ T6257] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  332.977855][ T6257] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  332.988283][ T6257] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.255364][ T6257] usb 6-1: config 0 descriptor??
[  333.298406][ T9197] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  333.423197][ T5967] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  333.548184][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.557158][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.573149][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.580080][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.586951][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.593927][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.603243][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.610129][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.618103][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.625040][ T5819] Bluetooth: hci6: Received unexpected HCI Event 0x00
[  333.666657][ T5967] usb 5-1: config 0 interface 0 has no altsetting 0
[  333.708503][ T5967] usb 5-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  334.078466][ T2151] usb 6-1: USB disconnect, device number 3
[  334.094664][ T5140] Bluetooth: hci6: Opcode 0x0c03 failed: -71
[  334.122784][ T5967] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.266463][ T5967] usb 5-1: config 0 descriptor??
[  334.498261][ T5967]  (null): keene_cmd_main failed (-71)
[  334.558583][ T5967] video4linux radio48: keene_cmd_main failed (-71)
[  334.573120][ T5967] radio-keene 5-1:0.0: V4L2 device registered as radio48
[  334.574636][ T7573]  (null): failure reading functionality
[  334.644758][ T7573] i2c i2c-1: failure reading functionality
[  334.652609][ T7573] i2c i2c-1: connected i2c-tiny-usb device
[  334.667145][ T7573] usb 1-1: USB disconnect, device number 18
[  334.705142][ T5967] usb 5-1: USB disconnect, device number 17
[  334.916873][ T9233] binder: 9232:9233 ioctl 89f3 200000000800 returned -22
[  334.932443][ T9233] binder: transaction release 69 bad handle 1, ret = -22
[  334.943134][ T9233] binder: 9232:9233 ioctl 8903 200000000000 returned -22
[  336.343058][ T6266] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  336.493049][ T6266] usb 6-1: Using ep0 maxpacket: 32
[  336.499759][ T6266] usb 6-1: config 1 interface 0 altsetting 6 bulk endpoint 0x1 has invalid maxpacket 1023
[  336.553478][ T6266] usb 6-1: config 1 interface 0 altsetting 6 bulk endpoint 0x82 has invalid maxpacket 64
[  336.589792][ T6266] usb 6-1: config 1 interface 0 has no altsetting 0
[  336.604429][ T6266] usb 6-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40
[  336.617669][ T6266] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.627471][ T6266] usb 6-1: Product: ဍ杀낯鷁穾蛱蒢ꄚ殧⡟乳㘀淿⛸뇮꭯掓阀ꉋᱧ⮂쩚꼀煿ヺ㞡Ꜿ왾홠떐鑛ঽ◎蘯驌䥪똚稙㱍ꈦ듎ꕉ鰆䭛櫊ⷧ㶳髷䮻渊綈
[  336.648485][ T6266] usb 6-1: Manufacturer: 珔쬡᠇受䢺웏灳恬Țꥲ▉旿瑎蜐㶽밧㴄庥뙓諟鵘嗟䈪䑀╶쫅꺹巄욀撊帠岙鴉掟ﺂ㪾갔銭퍵᪩ᮥꕁ퍱ꕀ⏞굽ဒ勃㻑촗㑦縭쫣芣茾즐䦕䪕⃻猬㺭℥䐓铁蒜쩿ꣃ퇁鞷秫侰
[  336.690962][ T6266] usb 6-1: SerialNumber: ＿檒獜㮷饄桡ⴀ竧ྺ棦圑搴䞀箭翰ꀴ䳸썼㗷疾甕ွ巻쫋ᡯ刨⓽謧벃䁖뫠⢍䲲ჼ
[  336.732143][ T9260] loop7: detected capacity change from 0 to 524255232
[  336.739608][ T9250] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  336.753852][ T9250] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  336.852499][ T9267] netlink: 16 bytes leftover after parsing attributes in process `syz.3.873'.
[  336.874021][ T5967] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  336.970281][ T9250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  336.970519][ T9270] geneve3: entered promiscuous mode
[  336.990809][ T9250] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  337.024713][ T9275] netlink: 24 bytes leftover after parsing attributes in process `syz.3.874'.
[  337.034636][ T6266] usblp 6-1:1.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 6 proto 3 vid 0x04B8 pid 0x0202
[  337.049780][ T5967] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  337.068056][ T5967] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  337.076949][ T6266] usb 6-1: USB disconnect, device number 4
[  337.096278][ T5967] usb 5-1: Product: syz
[  337.104284][ T6266] usblp0: removed
[  337.112797][ T5967] usb 5-1: Manufacturer: syz
[  337.135210][ T5967] usb 5-1: SerialNumber: syz
[  337.142559][ T5967] usb 5-1: config 0 descriptor??
[  337.193695][ T5967] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 018
[  337.935082][ T5967] i2c i2c-1: failure reading functionality
[  337.942703][ T5967] i2c i2c-1: connected i2c-tiny-usb device
[  337.965304][ T5967] usb 5-1: USB disconnect, device number 18
[  338.343114][ T6266] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  338.831556][   T30] audit: type=1400 audit(338.792:545): avc:  denied  { read } for  pid=9281 comm="syz.0.877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  338.850089][ T6266] usb 6-1: Using ep0 maxpacket: 32
[  338.856636][ T6266] usb 6-1: config 16 has an invalid interface number: 38 but max is 0
[  338.866346][ T6266] usb 6-1: config 16 has an invalid interface number: 234 but max is 0
[  338.874842][ T6266] usb 6-1: config 16 has 2 interfaces, different from the descriptor's value: 1
[  338.887453][ T6266] usb 6-1: config 16 has no interface number 0
[  338.895173][ T6266] usb 6-1: config 16 has no interface number 1
[  338.901361][ T6266] usb 6-1: config 16 interface 38 altsetting 3 endpoint 0xE has invalid maxpacket 1024, setting to 64
[  338.912365][ T6266] usb 6-1: config 16 interface 38 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  338.925619][ T6266] usb 6-1: config 16 interface 234 altsetting 62 bulk endpoint 0xD has invalid maxpacket 8
[  338.935715][ T6266] usb 6-1: config 16 interface 234 altsetting 62 bulk endpoint 0x9 has invalid maxpacket 64
[  338.945866][ T6266] usb 6-1: config 16 interface 234 altsetting 62 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  338.959451][ T6266] usb 6-1: config 16 interface 38 has no altsetting 0
[  338.967329][ T6266] usb 6-1: config 16 interface 234 has no altsetting 0
[  338.976460][ T6266] usb 6-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=f5.ec
[  339.012373][ T6266] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.027705][ T6266] usb 6-1: Product: syz
[  339.093215][ T6266] usb 6-1: Manufacturer: syz
[  339.106573][ T6266] usb 6-1: SerialNumber: syz
[  339.145490][ T6266] comedi comedi5: Wrong number of endpoints
[  339.151528][ T6266] ni6501 6-1:16.38: driver 'ni6501' failed to auto-configure device.
[  339.159845][ T9305] netlink: 16 bytes leftover after parsing attributes in process `syz.3.884'.
[  339.271182][   T30] audit: type=1400 audit(339.232:546): avc:  denied  { create } for  pid=9307 comm="syz.3.886" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  339.466755][   T30] audit: type=1400 audit(339.342:547): avc:  denied  { read } for  pid=9307 comm="syz.3.886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  339.486007][ T6266] ni6501 6-1:16.234: driver 'ni6501' failed to auto-configure device.
[  339.534251][   T30] audit: type=1400 audit(339.472:548): avc:  denied  { unlink } for  pid=5816 comm="syz-executor" name="file0" dev="tmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  339.546113][ T6266] usb 6-1: USB disconnect, device number 5
[  339.625362][   T30] audit: type=1400 audit(339.592:549): avc:  denied  { lock } for  pid=9318 comm="syz.3.887" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  339.667427][   T30] audit: type=1400 audit(339.592:550): avc:  denied  { map } for  pid=9318 comm="syz.3.887" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  339.692640][   T30] audit: type=1400 audit(339.592:551): avc:  denied  { execute } for  pid=9318 comm="syz.3.887" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  339.730350][ T9323] netlink: 4 bytes leftover after parsing attributes in process `syz.3.888'.
[  339.740835][ T9322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.888'.
[  341.622519][ T9345] netlink: 'syz.3.895': attribute type 83 has an invalid length.
[  342.712388][ T9365] FAULT_INJECTION: forcing a failure.
[  342.712388][ T9365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  342.786771][ T9365] CPU: 0 UID: 0 PID: 9365 Comm: syz.3.899 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  342.786805][ T9365] Tainted: [L]=SOFTLOCKUP
[  342.786812][ T9365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  342.786824][ T9365] Call Trace:
[  342.786830][ T9365]  <TASK>
[  342.786838][ T9365]  dump_stack_lvl+0x16c/0x1f0
[  342.786867][ T9365]  should_fail_ex+0x512/0x640
[  342.786900][ T9365]  _copy_from_user+0x2e/0xd0
[  342.786929][ T9365]  memdup_user+0x6b/0xe0
[  342.786949][ T9365]  strndup_user+0x78/0xe0
[  342.786970][ T9365]  bpf_uprobe_multi_link_attach+0x3b2/0x12e0
[  342.786999][ T9365]  ? find_held_lock+0x2b/0x80
[  342.787035][ T9365]  ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10
[  342.787060][ T9365]  ? __fget_files+0x20e/0x3c0
[  342.787092][ T9365]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  342.787120][ T9365]  __sys_bpf+0x3862/0x4980
[  342.787152][ T9365]  ? __pfx___sys_bpf+0x10/0x10
[  342.787177][ T9365]  ? find_held_lock+0x2b/0x80
[  342.787211][ T9365]  ? find_held_lock+0x2b/0x80
[  342.787246][ T9365]  ? __mutex_unlock_slowpath+0x161/0x790
[  342.787289][ T9365]  ? fput+0x70/0xf0
[  342.787306][ T9365]  ? ksys_write+0x1ac/0x250
[  342.787330][ T9365]  ? __pfx_ksys_write+0x10/0x10
[  342.787358][ T9365]  __x64_sys_bpf+0x78/0xc0
[  342.787384][ T9365]  ? lockdep_hardirqs_on+0x7c/0x110
[  342.787404][ T9365]  do_syscall_64+0xcd/0xf80
[  342.787429][ T9365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.787446][ T9365] RIP: 0033:0x7fcef298f749
[  342.787461][ T9365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.787480][ T9365] RSP: 002b:00007fcef3910038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  342.787499][ T9365] RAX: ffffffffffffffda RBX: 00007fcef2be5fa0 RCX: 00007fcef298f749
[  342.787512][ T9365] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c
[  342.787523][ T9365] RBP: 00007fcef3910090 R08: 0000000000000000 R09: 0000000000000000
[  342.787534][ T9365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.787545][ T9365] R13: 00007fcef2be6038 R14: 00007fcef2be5fa0 R15: 00007fffefa29fb8
[  342.787572][ T9365]  </TASK>
[  343.011354][ T9370] FAULT_INJECTION: forcing a failure.
[  343.011354][ T9370] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.024599][ T9370] CPU: 1 UID: 0 PID: 9370 Comm: syz.4.902 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  343.024626][ T9370] Tainted: [L]=SOFTLOCKUP
[  343.024631][ T9370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  343.024641][ T9370] Call Trace:
[  343.024647][ T9370]  <TASK>
[  343.024653][ T9370]  dump_stack_lvl+0x16c/0x1f0
[  343.024679][ T9370]  should_fail_ex+0x512/0x640
[  343.024706][ T9370]  _copy_to_user+0x32/0xd0
[  343.024733][ T9370]  simple_read_from_buffer+0xcb/0x170
[  343.024758][ T9370]  proc_fail_nth_read+0x197/0x240
[  343.024776][ T9370]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  343.024795][ T9370]  ? rw_verify_area+0xcf/0x6c0
[  343.024813][ T9370]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  343.024830][ T9370]  vfs_read+0x1e4/0xcf0
[  343.024853][ T9370]  ? __pfx___mutex_lock+0x10/0x10
[  343.024884][ T9370]  ? __pfx_vfs_read+0x10/0x10
[  343.024910][ T9370]  ? __fget_files+0x20e/0x3c0
[  343.024941][ T9370]  ksys_read+0x12a/0x250
[  343.024961][ T9370]  ? __pfx_ksys_read+0x10/0x10
[  343.024988][ T9370]  do_syscall_64+0xcd/0xf80
[  343.025012][ T9370]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.025029][ T9370] RIP: 0033:0x7f9c58b8e15c
[  343.025044][ T9370] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  343.025061][ T9370] RSP: 002b:00007f9c5998d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  343.025079][ T9370] RAX: ffffffffffffffda RBX: 00007f9c58de6090 RCX: 00007f9c58b8e15c
[  343.025091][ T9370] RDX: 000000000000000f RSI: 00007f9c5998d0a0 RDI: 0000000000000007
[  343.025101][ T9370] RBP: 00007f9c5998d090 R08: 0000000000000000 R09: 0000000000000000
[  343.025112][ T9370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.025123][ T9370] R13: 00007f9c58de6128 R14: 00007f9c58de6090 R15: 00007ffc90d0bed8
[  343.025148][ T9370]  </TASK>
[  343.286127][ T2151] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  343.470309][ T9381] binder: 9380:9381 ioctl 89f3 200000000800 returned -22
[  344.039133][ T2151] usb 1-1: Using ep0 maxpacket: 8
[  344.049765][ T9390] binder: transaction release 77 bad handle 1, ret = -22
[  344.064610][ T9381] binder: 9380:9381 ioctl 8903 200000000000 returned -22
[  344.221185][ T2151] usb 1-1: device descriptor read/all, error -71
[  344.368227][ T9396] qnx6: unable to read the first superblock
[  344.406045][ T9396] qnx6: unable to read the first superblock
[  344.422151][ T9396] qnx6: unable to read the first superblock
[  344.593578][ T9392] team0: Port device team_slave_0 removed
[  345.287235][ T9408] lo speed is unknown, defaulting to 1000
[  345.318783][ T9408] lo speed is unknown, defaulting to 1000
[  345.345109][ T9408] lo speed is unknown, defaulting to 1000
[  345.417854][ T9408] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  345.506099][ T9408] lo speed is unknown, defaulting to 1000
[  345.513642][ T9408] lo speed is unknown, defaulting to 1000
[  345.530076][ T9408] lo speed is unknown, defaulting to 1000
[  345.549256][ T9408] lo speed is unknown, defaulting to 1000
[  345.569634][ T9408] lo speed is unknown, defaulting to 1000
[  345.577720][ T9408] lo speed is unknown, defaulting to 1000
[  346.344782][ T9417] sctp: [Deprecated]: syz.4.915 (pid 9417) Use of struct sctp_assoc_value in delayed_ack socket option.
[  346.344782][ T9417] Use struct sctp_sack_info instead
[  346.611374][ T9425] binder: 9424:9425 ioctl 89f3 200000000800 returned -22
[  346.653375][ T6257] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  346.664852][ T9428] binder: transaction release 85 bad handle 1, ret = -22
[  346.694051][ T9428] binder: 9424:9428 ioctl 8903 200000000000 returned -22
[  346.844627][ T6257] usb 4-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  346.867381][ T6257] usb 4-1: config 0 interface 0 has no altsetting 0
[  346.879357][ T6257] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  346.903166][ T6257] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.919926][ T6257] usb 4-1: config 0 descriptor??
[  346.931580][ T9420] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  347.223081][ T2151] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  347.374344][ T2151] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  347.386121][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  347.398053][ T2151] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  347.409667][ T2151] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  347.425146][ T2151] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  347.425714][ T6257] ryos 0003:1E7D:3138.0007: hidraw0: USB HID v0.04 Device [HID 1e7d:3138] on usb-dummy_hcd.3-1/input0
[  347.434327][ T2151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.436333][ T2151] usb 1-1: config 0 descriptor??
[  347.519745][ T9434] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  347.616381][ T6257] usb 4-1: USB disconnect, device number 23
[  347.698599][ T9439] fido_id[9439]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  348.403773][ T5819] Bluetooth: hci6: command 0x1003 tx timeout
[  348.442393][ T5140] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  348.459125][ T2151] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  348.470643][   T24] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  348.478511][ T2151] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  348.486102][ T2151] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  348.496606][ T2151] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  348.504639][ T2151] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  348.891911][ T2151] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  348.917939][ T2151] usb 1-1: USB disconnect, device number 21
[  348.966879][ T9455] fido_id[9455]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  349.004627][   T24] usb 6-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  349.022354][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.046610][   T24] usb 6-1: config 0 descriptor??
[  349.067504][   T24] gspca_main: cpia1-2.14.0 probing 0813:0001
[  349.564623][ T9466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  349.726578][ T9466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  349.747293][ T9466] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  349.768936][ T9448] lo speed is unknown, defaulting to 1000
[  349.803469][ T9466] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  350.073527][   T24] cpia1 6-1:0.0: unexpected state after lo power cmd: 01
[  350.139535][ T9484] fuse: Unknown parameter 'user'
[  350.288835][   T24] gspca_cpia1: usb_control_msg 01, error -71
[  350.301240][   T24] cpia1 6-1:0.0: only firmware version 1 is supported (got: 0)
[  350.311194][   T24] usb 6-1: USB disconnect, device number 6
[  350.403056][ T5924] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  350.593984][ T5924] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  350.604319][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.615036][ T5924] usb 1-1: config 0 descriptor??
[  350.627154][ T5924] gspca_main: cpia1-2.14.0 probing 0813:0001
[  351.041883][ T5924] gspca_cpia1: usb_control_msg 03, error -32
[  351.854974][ T9495] FAULT_INJECTION: forcing a failure.
[  351.854974][ T9495] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.875639][ T9495] CPU: 1 UID: 0 PID: 9495 Comm: syz.4.934 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  351.875659][ T9495] Tainted: [L]=SOFTLOCKUP
[  351.875663][ T9495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  351.875670][ T9495] Call Trace:
[  351.875674][ T9495]  <TASK>
[  351.875679][ T9495]  dump_stack_lvl+0x16c/0x1f0
[  351.875697][ T9495]  should_fail_ex+0x512/0x640
[  351.875717][ T9495]  _copy_from_user+0x2e/0xd0
[  351.875734][ T9495]  do_tcp_getsockopt+0x1d67/0x2b20
[  351.875749][ T9495]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  351.875761][ T9495]  ? __kernel_text_address+0xd/0x40
[  351.875777][ T9495]  ? arch_stack_walk+0xa6/0x100
[  351.875795][ T9495]  ? __lock_acquire+0x436/0x2890
[  351.875815][ T9495]  ? find_held_lock+0x2b/0x80
[  351.875832][ T9495]  ? avc_has_perm_noaudit+0x117/0x3b0
[  351.875852][ T9495]  ? avc_has_perm_noaudit+0x149/0x3b0
[  351.875871][ T9495]  ? avc_has_perm+0x144/0x1f0
[  351.875881][ T9495]  ? __pfx_avc_has_perm+0x10/0x10
[  351.875900][ T9495]  ? __lock_acquire+0x436/0x2890
[  351.875914][ T9495]  ? sock_has_perm+0x258/0x2f0
[  351.875929][ T9495]  ? find_held_lock+0x2b/0x80
[  351.875944][ T9495]  ? __might_fault+0xe3/0x190
[  351.875955][ T9495]  ? __might_fault+0xe3/0x190
[  351.875964][ T9495]  ? __might_fault+0x13b/0x190
[  351.875976][ T9495]  tcp_getsockopt+0xdf/0x100
[  351.875989][ T9495]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  351.876004][ T9495]  do_sock_getsockopt+0x324/0x410
[  351.876019][ T9495]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  351.876031][ T9495]  ? __fget_files+0x204/0x3c0
[  351.876053][ T9495]  __sys_getsockopt+0x12f/0x260
[  351.876066][ T9495]  __x64_sys_getsockopt+0xbd/0x160
[  351.876076][ T9495]  ? do_syscall_64+0x91/0xf80
[  351.876090][ T9495]  ? lockdep_hardirqs_on+0x7c/0x110
[  351.876103][ T9495]  do_syscall_64+0xcd/0xf80
[  351.876118][ T9495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.876129][ T9495] RIP: 0033:0x7f9c58b8f749
[  351.876139][ T9495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.876149][ T9495] RSP: 002b:00007f9c5998d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  351.876160][ T9495] RAX: ffffffffffffffda RBX: 00007f9c58de6090 RCX: 00007f9c58b8f749
[  351.876167][ T9495] RDX: 0000000000000023 RSI: 0000000000000006 RDI: 0000000000000003
[  351.876174][ T9495] RBP: 00007f9c5998d090 R08: 0000200000000200 R09: 0000000000000000
[  351.876180][ T9495] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  351.876186][ T9495] R13: 00007f9c58de6128 R14: 00007f9c58de6090 R15: 00007ffc90d0bed8
[  351.876200][ T9495]  </TASK>
[  352.142866][ T5924] gspca_cpia1: usb_control_msg 03, error -110
[  352.164698][ T5924] gspca_cpia1: usb_control_msg 01, error -32
[  352.171098][ T5924] gspca_cpia1: usb_control_msg 01, error -32
[  352.177852][ T5924] gspca_cpia1: usb_control_msg 01, error -32
[  352.184127][ T5924] gspca_cpia1: usb_control_msg 01, error -32
[  352.190161][ T5924] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[  352.497115][ T5869] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  352.513178][ T5869] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  352.544524][ T5869] usb 3-1: USB disconnect, device number 16
[  352.691854][ T9513] FAULT_INJECTION: forcing a failure.
[  352.691854][ T9513] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  352.707726][ T9513] CPU: 0 UID: 0 PID: 9513 Comm: syz.4.941 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  352.707757][ T9513] Tainted: [L]=SOFTLOCKUP
[  352.707763][ T9513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  352.707779][ T9513] Call Trace:
[  352.707785][ T9513]  <TASK>
[  352.707792][ T9513]  dump_stack_lvl+0x16c/0x1f0
[  352.707820][ T9513]  should_fail_ex+0x512/0x640
[  352.707850][ T9513]  _copy_from_user+0x2e/0xd0
[  352.707878][ T9513]  do_sock_getsockopt+0x3a1/0x410
[  352.707902][ T9513]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  352.707923][ T9513]  ? __fget_files+0x204/0x3c0
[  352.707960][ T9513]  __sys_getsockopt+0x12f/0x260
[  352.707983][ T9513]  __x64_sys_getsockopt+0xbd/0x160
[  352.707999][ T9513]  ? do_syscall_64+0x91/0xf80
[  352.708021][ T9513]  ? lockdep_hardirqs_on+0x7c/0x110
[  352.708043][ T9513]  do_syscall_64+0xcd/0xf80
[  352.708067][ T9513]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.708084][ T9513] RIP: 0033:0x7f9c58b8f749
[  352.708099][ T9513] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.708117][ T9513] RSP: 002b:00007f9c599ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  352.708134][ T9513] RAX: ffffffffffffffda RBX: 00007f9c58de5fa0 RCX: 00007f9c58b8f749
[  352.708146][ T9513] RDX: 0000000000000004 RSI: 0000000000000084 RDI: 0000000000000003
[  352.708156][ T9513] RBP: 00007f9c599ae090 R08: 0000200000000080 R09: 0000000000000000
[  352.708167][ T9513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.708177][ T9513] R13: 00007f9c58de6038 R14: 00007f9c58de5fa0 R15: 00007ffc90d0bed8
[  352.708202][ T9513]  </TASK>
[  353.013965][ T5869] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  353.043418][ T5967] usb 1-1: USB disconnect, device number 22
[  353.163570][ T5869] usb 3-1: Using ep0 maxpacket: 32
[  353.170248][ T5869] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[  353.180628][ T5869] usb 3-1: config 0 has no interface number 0
[  353.187039][ T5869] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  353.203088][ T5869] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  353.212477][ T5869] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.229258][ T5869] usb 3-1: Product: syz
[  353.234319][ T5869] usb 3-1: Manufacturer: syz
[  353.238998][ T5869] usb 3-1: SerialNumber: syz
[  353.245920][ T5869] usb 3-1: config 0 descriptor??
[  353.253437][ T5869] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  353.263393][ T5869] em28xx 3-1:0.132: Video interface 132 found:
[  353.283137][   T44] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  353.519023][   T44] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  353.647980][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.678934][   T44] usb 5-1: config 0 descriptor??
[  353.679693][ T9523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.945'.
[  353.689830][ T1329] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.703774][   T30] audit: type=1400 audit(353.642:552): avc:  denied  { ioctl } for  pid=9522 comm="syz.3.945" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  353.730301][ T1329] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  353.732208][ T9523] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=11602 sclass=netlink_route_socket pid=9523 comm=syz.3.945
[  353.743245][   T44] gspca_main: cpia1-2.14.0 probing 0813:0001
[  353.762316][ T9523] fuse: Unknown parameter 'fe'
[  353.769465][ T9523] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.945'.
[  353.795901][   T30] audit: type=1400 audit(353.762:553): avc:  denied  { read } for  pid=5485 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  353.840202][ T5967] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  353.859379][ T5869] em28xx 3-1:0.132: chip ID is em2710/2820
[  353.886155][ T1329] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.896830][ T1329] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  354.037290][ T5967] usb 1-1: config 0 has no interfaces?
[  354.060873][ T5967] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  354.126658][ T9528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  354.143069][ T5967] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.145194][ T9528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  354.188782][ T1329] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.199744][ T1329] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  354.301176][ T5967] usb 1-1: config 0 descriptor??
[  354.505527][ T9528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  354.591220][ T1329] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode
[  354.627010][ T9528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  354.637273][ T1329] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.664402][ T1329] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0
[  354.681356][ T2151] usb 1-1: USB disconnect, device number 23
[  354.732786][ T9515] lo speed is unknown, defaulting to 1000
[  354.889694][ T9499] netlink: 60 bytes leftover after parsing attributes in process `syz.2.936'.
[  355.021576][ T1329] bridge_slave_1: left allmulticast mode
[  355.028349][   T44] cpia1 5-1:0.0: unexpected state after lo power cmd: 01
[  355.066141][ T1329] bridge_slave_1: left promiscuous mode
[  355.093896][ T1329] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.218999][   T44] gspca_cpia1: usb_control_msg 01, error -71
[  355.365046][   T44] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0)
[  355.490457][ T9499] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  355.527834][ T1329] bridge_slave_0: left allmulticast mode
[  355.541700][   T44] usb 5-1: USB disconnect, device number 19
[  355.543348][ T1329] bridge_slave_0: left promiscuous mode
[  355.553571][ T9499] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  355.593222][ T1329] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.356658][ T5869] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  356.358410][   T30] audit: type=1400 audit(356.172:554): avc:  denied  { accept } for  pid=9565 comm="syz.0.954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  356.384204][ T5869] em28xx 3-1:0.132: board has no eeprom
[  356.443048][ T5869] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  356.453030][   T30] audit: type=1400 audit(356.222:555): avc:  denied  { mount } for  pid=9556 comm="syz.5.952" name="/" dev="hugetlbfs" ino=25150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  356.453282][ T5869] em28xx 3-1:0.132: analog set to bulk mode.
[  356.903224][ T2151] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  357.133445][ T2151] usb 4-1: Using ep0 maxpacket: 8
[  357.223083][   T30] audit: type=1400 audit(356.232:556): avc:  denied  { create } for  pid=9556 comm="syz.5.952" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=chr_file permissive=1
[  357.229172][   T44] em28xx 3-1:0.132: Registering V4L2 extension
[  357.263047][   T30] audit: type=1400 audit(356.232:557): avc:  denied  { read } for  pid=9565 comm="syz.0.954" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  357.282911][ T2151] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  357.314525][ T5869] usb 3-1: USB disconnect, device number 17
[  357.327388][ T5869] em28xx 3-1:0.132: Disconnecting em28xx
[  357.336956][ T2151] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  357.357183][ T2151] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  357.446376][ T2151] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  357.497919][ T2151] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  357.529615][ T2151] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  357.566180][   T30] audit: type=1400 audit(357.482:558): avc:  denied  { ioctl } for  pid=9584 comm="syz.2.957" path="socket:[25979]" dev="sockfs" ino=25979 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  357.653274][ T2151] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.737277][ T2151] usb 4-1: config 0 descriptor??
[  357.787022][ T9564] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  357.868832][   T44] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[  357.876048][   T44] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[  357.907100][   T44] em28xx 3-1:0.132: No AC97 audio processor
[  357.945486][   T44] usb 3-1: Decoder not found
[  357.955851][   T44] em28xx 3-1:0.132: failed to create media graph
[  357.983489][   T44] em28xx 3-1:0.132: V4L2 device video103 deregistered
[  358.109857][   T44] em28xx 3-1:0.132: Remote control support is not available for this card.
[  358.119635][ T5869] em28xx 3-1:0.132: Closing input extension
[  358.133917][ T5869] em28xx 3-1:0.132: Freeing device
[  358.169589][ T9598] binder: 9596:9598 ioctl 89f3 200000000800 returned -22
[  358.180892][ T1329] bond1 (unregistering): (slave geneve2): Releasing active interface
[  358.319744][ T9601] binder: transaction release 94 bad handle 1, ret = -22
[  358.339623][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.347594][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.357166][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.366890][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.373761][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.380576][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.754810][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.761745][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.768613][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.775465][ T5819] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  358.783621][ T9598] binder: 9596:9598 ioctl 8903 200000000000 returned -22
[  359.465185][ T5869] usb 4-1: USB disconnect, device number 24
[  359.476051][ T5140] Bluetooth: hci3: Opcode 0x0c03 failed: -71
[  359.613139][  T869] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  359.699946][ T1329] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  359.710981][ T1329] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  359.720951][ T1329] bond0 (unregistering): Released all slaves
[  359.731379][ T1329] bond1 (unregistering): Released all slaves
[  359.748555][ T9574] geneve0: entered promiscuous mode
[  359.838318][  T869] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  359.877506][  T869] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7
[  359.922680][  T869] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  359.923776][ T9613] FAULT_INJECTION: forcing a failure.
[  359.923776][ T9613] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  359.952261][  T869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.978353][  T869] usb 6-1: Product: syz
[  359.982554][  T869] usb 6-1: Manufacturer: syz
[  359.998834][  T869] usb 6-1: SerialNumber: syz
[  360.019804][ T9613] CPU: 1 UID: 0 PID: 9613 Comm: syz.4.960 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  360.019835][ T9613] Tainted: [L]=SOFTLOCKUP
[  360.019841][ T9613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  360.019853][ T9613] Call Trace:
[  360.019859][ T9613]  <TASK>
[  360.019866][ T9613]  dump_stack_lvl+0x16c/0x1f0
[  360.019900][ T9613]  should_fail_ex+0x512/0x640
[  360.019932][ T9613]  _copy_from_user+0x2e/0xd0
[  360.019960][ T9613]  copy_msghdr_from_user+0x98/0x160
[  360.019980][ T9613]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  360.020011][ T9613]  ___sys_sendmsg+0xfe/0x1d0
[  360.020036][ T9613]  ? __pfx____sys_sendmsg+0x10/0x10
[  360.020084][ T9613]  __sys_sendmsg+0x16d/0x220
[  360.020103][ T9613]  ? __pfx___sys_sendmsg+0x10/0x10
[  360.020138][ T9613]  do_syscall_64+0xcd/0xf80
[  360.020163][ T9613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.020181][ T9613] RIP: 0033:0x7f9c58b8f749
[  360.020196][ T9613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.020213][ T9613] RSP: 002b:00007f9c599ae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  360.020231][ T9613] RAX: ffffffffffffffda RBX: 00007f9c58de5fa0 RCX: 00007f9c58b8f749
[  360.020243][ T9613] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[  360.020254][ T9613] RBP: 00007f9c599ae090 R08: 0000000000000000 R09: 0000000000000000
[  360.020265][ T9613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  360.020275][ T9613] R13: 00007f9c58de6038 R14: 00007f9c58de5fa0 R15: 00007ffc90d0bed8
[  360.020299][ T9613]  </TASK>
[  360.024854][  T869] usb 6-1: config 0 descriptor??
[  360.522666][ T9626] netlink: 'syz.4.963': attribute type 4 has an invalid length.
[  360.530450][ T9626] netlink: 17 bytes leftover after parsing attributes in process `syz.4.963'.
[  361.343084][ T2151] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  361.808163][  T869] usb 6-1: can't set config #0, error -71
[  361.850795][  T869] usb 6-1: USB disconnect, device number 7
[  361.890601][ T2151] usb 1-1: config 0 has no interfaces?
[  361.910020][ T2151] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  361.954834][ T2151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.980089][ T1329] hsr_slave_0: left promiscuous mode
[  362.009747][ T2151] usb 1-1: config 0 descriptor??
[  362.009969][ T1329] hsr_slave_1: left promiscuous mode
[  362.022541][ T1329] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  362.053180][   T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  362.102527][ T1329] batman_adv: batadv0: Removing interface: batadv_slave_0
[  362.122160][ T1329] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  362.130288][ T1329] batman_adv: batadv0: Removing interface: batadv_slave_1
[  362.204302][ T1329] veth1_macvtap: left promiscuous mode
[  362.213432][   T24] usb 5-1: Using ep0 maxpacket: 32
[  362.221458][   T24] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  362.243155][   T24] usb 5-1: config 0 has no interface number 0
[  362.253050][  T869] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  362.275683][ T1329] veth0_macvtap: left promiscuous mode
[  362.304399][   T24] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  362.335147][ T1329] veth1_vlan: left promiscuous mode
[  362.347878][ T1329] veth0_vlan: left promiscuous mode
[  362.394037][ T5947] usb 1-1: USB disconnect, device number 24
[  362.428454][   T24] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  362.438055][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.448250][   T24] usb 5-1: Product: syz
[  362.453006][   T24] usb 5-1: Manufacturer: syz
[  362.464074][   T24] usb 5-1: SerialNumber: syz
[  362.473178][  T869] usb 6-1: Using ep0 maxpacket: 16
[  362.488960][  T869] usb 6-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  362.522487][  T869] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.524844][   T24] usb 5-1: config 0 descriptor??
[  362.541686][  T869] usb 6-1: Product: syz
[  362.562080][  T869] usb 6-1: Manufacturer: syz
[  362.577657][   T24] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  362.595328][  T869] usb 6-1: SerialNumber: syz
[  362.600396][   T24] em28xx 5-1:0.132: Video interface 132 found:
[  362.616058][  T869] usb 6-1: config 0 descriptor??
[  362.634517][  T869] visor 6-1:0.0: Sony Clie 3.5 converter detected
[  362.697843][ T1329] pim6reg (unregistering): left allmulticast mode
[  362.924068][ T9647] netlink: 4 bytes leftover after parsing attributes in process `syz.5.966'.
[  362.983143][   T24] em28xx 5-1:0.132: chip ID is em2710/2820
[  362.983621][ T9648] netlink: 4 bytes leftover after parsing attributes in process `syz.5.966'.
[  363.252809][ T9637] SELinux: failed to load policy
[  363.325157][ T5947] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  363.483062][ T5947] usb 1-1: Using ep0 maxpacket: 32
[  363.500300][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.512730][ T5947] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  363.675163][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.813501][ T5947] usb 1-1: config 0 descriptor??
[  363.827758][ T5947] usbhid 1-1:0.0: fixing wrong optional hid class descriptors count
[  363.931886][ T1329] team0 (unregistering): Port device team_slave_1 removed
[  364.440698][ T9653] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=37152 sclass=netlink_route_socket pid=9653 comm=syz.0.967
[  364.468226][   T24] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  364.477741][   T24] em28xx 5-1:0.132: board has no eeprom
[  364.543034][   T24] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  364.611629][   T24] em28xx 5-1:0.132: analog set to bulk mode.
[  364.619911][ T1329] team0 (unregistering): Port device team_slave_0 removed
[  364.627431][ T2151] em28xx 5-1:0.132: Registering V4L2 extension
[  364.778408][ T9665] netlink: 60 bytes leftover after parsing attributes in process `syz.4.965'.
[  365.209023][ T9674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  365.272843][ T9674] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  365.707404][  T869] usb 6-1: clie_3_5_startup: get config number failed: -110
[  365.723891][  T869] visor 6-1:0.0: probe with driver visor failed with error -110
[  365.873284][ T5967] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  365.904895][ T5869] infiniband syz1: ib_query_port failed (-19)
[  365.948386][ T9647] bridge0: entered promiscuous mode
[  365.962927][ T9647] macvtap1: entered promiscuous mode
[  365.970302][ T9647] macvtap1: entered allmulticast mode
[  365.976324][ T9647] bridge0: entered allmulticast mode
[  365.986610][ T9650] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  366.000709][ T9648] bridge0: left allmulticast mode
[  366.020871][ T9648] bridge0: left promiscuous mode
[  366.033129][ T5967] usb 3-1: Using ep0 maxpacket: 32
[  366.139550][ T5967] usb 3-1: config 0 has an invalid interface number: 49 but max is 0
[  366.235316][ T5967] usb 3-1: config 0 has no interface number 0
[  366.319509][ T5967] usb 3-1: too many endpoints for config 0 interface 49 altsetting 56: 52, using maximum allowed: 30
[  366.357823][ T2151] em28xx 5-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  366.371248][ T2151] em28xx 5-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  366.380376][ T2151] em28xx 5-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  366.419054][ T5967] usb 3-1: config 0 interface 49 altsetting 56 has 0 endpoint descriptors, different from the interface descriptor's value: 52
[  366.447800][ T5947] usbhid 1-1:0.0: can't add hid device: -71
[  366.503143][ T5967] usb 3-1: config 0 interface 49 has no altsetting 0
[  366.512060][ T5947] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  366.528494][ T5967] usb 3-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  366.539996][ T2151] em28xx 5-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  366.553359][ T5869] usb 5-1: USB disconnect, device number 20
[  366.560187][ T5869] em28xx 5-1:0.132: Disconnecting em28xx
[  366.583354][ T5947] usb 1-1: USB disconnect, device number 25
[  366.600161][ T5967] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.611031][   T24] usb 6-1: USB disconnect, device number 8
[  366.638112][ T5967] usb 3-1: config 0 descriptor??
[  366.737588][ T9691] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  366.843338][ T2151] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[  366.852585][ T2151] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  366.869850][ T9677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  366.883384][ T9677] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  366.898402][ T2151] em28xx 5-1:0.132: No AC97 audio processor
[  366.921088][ T2151] usb 5-1: Decoder not found
[  366.937267][ T2151] em28xx 5-1:0.132: failed to create media graph
[  366.961067][ T2151] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  366.968969][ T5967] usb 3-1: string descriptor 0 read error: -71
[  366.992160][ T9708] netlink: 'syz.3.980': attribute type 1 has an invalid length.
[  367.007031][ T2151] em28xx 5-1:0.132: Remote control support is not available for this card.
[  367.016461][ T5967] as10x_usb: device has been detected
[  367.042284][ T5869] em28xx 5-1:0.132: Closing input extension
[  367.051385][ T5967] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  367.059400][ T9711] netlink: 76 bytes leftover after parsing attributes in process `syz.3.980'.
[  367.076233][ T5869] em28xx 5-1:0.132: Freeing device
[  367.109794][ T5967] usb 3-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  367.133097][ T9716] netlink: 28 bytes leftover after parsing attributes in process `syz.3.980'.
[  367.222612][   T30] audit: type=1400 audit(367.182:559): avc:  denied  { firmware_load } for  pid=5967 comm="kworker/0:8" path="/lib/firmware/as102_data1_st.hex" dev="sda1" ino=297 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  367.233934][ T9716] 8021q: adding VLAN 0 to HW filter on device bond6
[  367.267819][ T5967] as10x_usb: error during firmware upload part1
[  367.281143][ T5967] Registered device nBox DVB-T Dongle
[  367.291744][ T5967] usb 3-1: USB disconnect, device number 18
[  367.376728][ T5967] Unregistered device nBox DVB-T Dongle
[  367.380129][ T5967] as10x_usb: device has been disconnected
[  367.428428][ T5869] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  367.671129][ T5869] usb 5-1: config 0 has no interfaces?
[  367.676707][ T5869] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  367.688628][ T5869] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  367.747348][ T5869] usb 5-1: config 0 descriptor??
[  367.841504][ T9741] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(8)
[  367.848019][ T9741] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  367.872226][ T9741] vhci_hcd vhci_hcd.0: Device attached
[  367.924864][ T9730] netlink: 200 bytes leftover after parsing attributes in process `syz.2.982'.
[  367.951571][ T9746] vhci_hcd: connection closed
[  367.953714][ T1329] vhci_hcd vhci_hcd.0: stop threads
[  367.968043][ T1329] vhci_hcd vhci_hcd.0: release socket
[  367.975030][ T1329] vhci_hcd vhci_hcd.0: disconnect device
[  368.012432][   T44] usb 5-1: USB disconnect, device number 21
[  368.045066][ T5947] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  368.081541][ T5967] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  368.243288][ T5967] usb 4-1: Using ep0 maxpacket: 32
[  368.266742][ T5967] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  368.276195][ T5967] usb 4-1: config 0 has no interface number 0
[  368.282287][ T5967] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  368.298332][ T5967] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  368.315678][ T5967] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.333247][ T5967] usb 4-1: Product: syz
[  368.338431][ T5967] usb 4-1: Manufacturer: syz
[  368.350429][ T5967] usb 4-1: SerialNumber: syz
[  368.357354][ T5967] usb 4-1: config 0 descriptor??
[  368.372101][ T5967] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  368.386551][ T5967] em28xx 4-1:0.132: Video interface 132 found:
[  368.782622][ T5967] em28xx 4-1:0.132: chip ID is em2710/2820
[  369.650988][ T9774] netlink: 12 bytes leftover after parsing attributes in process `syz.5.990'.
[  369.675782][   T30] audit: type=1800 audit(369.532:560): pid=9771 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.989" name="bus" dev="overlay" ino=1073 res=0 errno=0
[  370.453219][ T5967] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  370.482805][ T5967] em28xx 4-1:0.132: board has no eeprom
[  370.490314][ T9783] netlink: 8 bytes leftover after parsing attributes in process `syz.5.992'.
[  370.523138][ T9783] netlink: 8 bytes leftover after parsing attributes in process `syz.5.992'.
[  370.553567][ T5967] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  370.596867][ T5967] em28xx 4-1:0.132: analog set to bulk mode.
[  370.620979][ T5947] em28xx 4-1:0.132: Registering V4L2 extension
[  370.705712][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  370.722300][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  370.748684][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  370.758280][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  370.873347][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  370.885694][ T9794] netlink: 60 bytes leftover after parsing attributes in process `syz.3.986'.
[  370.903431][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  370.931245][ T9798] netlink: 'syz.2.996': attribute type 1 has an invalid length.
[  370.942697][ T9794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  370.954375][  T869] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  370.973408][ T9794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.014058][ T9798] netlink: 28 bytes leftover after parsing attributes in process `syz.2.996'.
[  371.123033][  T869] usb 1-1: Using ep0 maxpacket: 8
[  371.129557][  T869] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  371.253083][  T869] usb 1-1: config 0 has no interface number 0
[  371.259228][  T869] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  371.282653][  T869] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  371.299801][  T869] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  371.320423][  T869] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  371.349197][  T869] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  371.375932][  T869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.399593][  T869] usb 1-1: config 0 descriptor??
[  371.422141][  T869] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  371.513150][   T24] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  371.664395][   T24] usb 3-1: config 0 has no interfaces?
[  371.681582][   T24] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.80
[  371.716557][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.757015][   T24] usb 3-1: config 0 descriptor??
[  371.760812][  T869] usb 1-1: USB disconnect, device number 26
[  371.762112][    C1] ldusb 1-1:0.55: usb_submit_urb failed (-19)
[  371.817657][  T869] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  371.835454][ T9791] ldusb: No device or device unplugged -19
[  372.003435][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  372.024042][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  373.014445][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[  373.023518][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[  373.034049][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[  373.046345][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[  373.071877][ T5947] em28xx 4-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[  373.128229][  T869] usb 4-1: USB disconnect, device number 25
[  373.135519][ T5947] em28xx 4-1:0.132: Config register raw data: 0xfffffffb
[  373.142605][ T5947] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  373.159327][ T6257] usb 3-1: USB disconnect, device number 19
[  373.181041][ T5947] em28xx 4-1:0.132: No AC97 audio processor
[  373.189867][  T869] em28xx 4-1:0.132: Disconnecting em28xx
[  373.226121][ T5947] usb 4-1: Decoder not found
[  373.251048][ T5947] em28xx 4-1:0.132: failed to create media graph
[  373.272508][   T30] audit: type=1400 audit(373.232:561): avc:  denied  { getopt } for  pid=9821 comm="syz.5.1002" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  373.297064][ T5947] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  373.452942][ T5947] em28xx 4-1:0.132: Remote control support is not available for this card.
[  373.461995][  T869] em28xx 4-1:0.132: Closing input extension
[  373.468149][  T869] ==================================================================
[  373.476208][  T869] BUG: KASAN: slab-use-after-free in media_device_unregister+0x530/0x5e0
[  373.484635][  T869] Read of size 8 at addr ffff888035294210 by task kworker/0:2/869
[  373.492434][  T869] 
[  373.494750][  T869] CPU: 0 UID: 0 PID: 869 Comm: kworker/0:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  373.494771][  T869] Tainted: [L]=SOFTLOCKUP
[  373.494777][  T869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  373.494787][  T869] Workqueue: usb_hub_wq hub_event
[  373.494813][  T869] Call Trace:
[  373.494819][  T869]  <TASK>
[  373.494824][  T869]  dump_stack_lvl+0x116/0x1f0
[  373.494845][  T869]  print_report+0xcd/0x630
[  373.494865][  T869]  ? __virt_addr_valid+0x81/0x610
[  373.494879][  T869]  ? __phys_addr+0xe8/0x180
[  373.494894][  T869]  ? media_device_unregister+0x530/0x5e0
[  373.494915][  T869]  kasan_report+0xe0/0x110
[  373.494935][  T869]  ? media_device_unregister+0x530/0x5e0
[  373.494956][  T869]  media_device_unregister+0x530/0x5e0
[  373.494976][  T869]  em28xx_release_resources+0xb2/0x2d0
[  373.494993][  T869]  em28xx_usb_disconnect+0x1de/0x610
[  373.495008][  T869]  usb_unbind_interface+0x1dd/0x9e0
[  373.495024][  T869]  ? kernfs_remove_by_name_ns+0xbe/0x100
[  373.495046][  T869]  ? __pfx_usb_unbind_interface+0x10/0x10
[  373.495061][  T869]  device_remove+0x125/0x170
[  373.495083][  T869]  device_release_driver_internal+0x44b/0x620
[  373.495101][  T869]  bus_remove_device+0x22f/0x450
[  373.495123][  T869]  device_del+0x396/0x9f0
[  373.495146][  T869]  ? __pfx_device_del+0x10/0x10
[  373.495166][  T869]  ? kobject_put+0x218/0x6f0
[  373.495188][  T869]  usb_disable_device+0x355/0x820
[  373.495211][  T869]  usb_disconnect+0x2e1/0x9e0
[  373.495234][  T869]  hub_event+0x1d84/0x52f0
[  373.495261][  T869]  ? __lock_acquire+0x436/0x2890
[  373.495278][  T869]  ? do_raw_spin_unlock+0x172/0x230
[  373.495298][  T869]  ? __pfx_hub_event+0x10/0x10
[  373.495319][  T869]  ? free_object_list.isra.0+0x90/0x2a0
[  373.495343][  T869]  ? rcu_is_watching+0x12/0xc0
[  373.495359][  T869]  process_one_work+0x9ba/0x1b20
[  373.495380][  T869]  ? __pfx_release_one_tty+0x10/0x10
[  373.495397][  T869]  ? __pfx_process_one_work+0x10/0x10
[  373.495426][  T869]  ? assign_work+0x1a0/0x250
[  373.495444][  T869]  worker_thread+0x6c8/0xf10
[  373.495466][  T869]  ? __pfx_worker_thread+0x10/0x10
[  373.495485][  T869]  kthread+0x3c5/0x780
[  373.495503][  T869]  ? __pfx_kthread+0x10/0x10
[  373.495521][  T869]  ? rcu_is_watching+0x12/0xc0
[  373.495535][  T869]  ? __pfx_kthread+0x10/0x10
[  373.495553][  T869]  ret_from_fork+0x983/0xb10
[  373.495571][  T869]  ? __pfx_ret_from_fork+0x10/0x10
[  373.495587][  T869]  ? __switch_to+0x7af/0x10d0
[  373.495606][  T869]  ? __pfx_kthread+0x10/0x10
[  373.495623][  T869]  ret_from_fork_asm+0x1a/0x30
[  373.495649][  T869]  </TASK>
[  373.495655][  T869] 
[  373.742995][  T869] Allocated by task 5947:
[  373.747299][  T869]  kasan_save_stack+0x33/0x60
[  373.751964][  T869]  kasan_save_track+0x14/0x30
[  373.756622][  T869]  __kasan_kmalloc+0xaa/0xb0
[  373.761191][  T869]  em28xx_v4l2_init+0x114/0x4080
[  373.766113][  T869]  em28xx_init_extension+0x13a/0x200
[  373.771387][  T869]  request_module_async+0x61/0x70
[  373.776391][  T869]  process_one_work+0x9ba/0x1b20
[  373.781319][  T869]  worker_thread+0x6c8/0xf10
[  373.785902][  T869]  kthread+0x3c5/0x780
[  373.789956][  T869]  ret_from_fork+0x983/0xb10
[  373.794526][  T869]  ret_from_fork_asm+0x1a/0x30
[  373.799277][  T869] 
[  373.801579][  T869] Freed by task 5947:
[  373.805533][  T869]  kasan_save_stack+0x33/0x60
[  373.810189][  T869]  kasan_save_track+0x14/0x30
[  373.814847][  T869]  kasan_save_free_info+0x3b/0x60
[  373.819849][  T869]  __kasan_slab_free+0x5f/0x80
[  373.824596][  T869]  kfree+0x2f8/0x6e0
[  373.828466][  T869]  em28xx_v4l2_init+0x22b5/0x4080
[  373.833473][  T869]  em28xx_init_extension+0x13a/0x200
[  373.838742][  T869]  request_module_async+0x61/0x70
[  373.843742][  T869]  process_one_work+0x9ba/0x1b20
[  373.848661][  T869]  worker_thread+0x6c8/0xf10
[  373.853232][  T869]  kthread+0x3c5/0x780
[  373.857285][  T869]  ret_from_fork+0x983/0xb10
[  373.861852][  T869]  ret_from_fork_asm+0x1a/0x30
[  373.866601][  T869] 
[  373.868905][  T869] The buggy address belongs to the object at ffff888035294000
[  373.868905][  T869]  which belongs to the cache kmalloc-8k of size 8192
[  373.882933][  T869] The buggy address is located 528 bytes inside of
[  373.882933][  T869]  freed 8192-byte region [ffff888035294000, ffff888035296000)
[  373.896796][  T869] 
[  373.899097][  T869] The buggy address belongs to the physical page:
[  373.905483][  T869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35290
[  373.914218][  T869] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  373.922692][  T869] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  373.930212][  T869] page_type: f5(slab)
[  373.934171][  T869] raw: 00fff00000000040 ffff88813ff27280 ffffea0000dbb000 dead000000000004
[  373.942731][  T869] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  373.951293][  T869] head: 00fff00000000040 ffff88813ff27280 ffffea0000dbb000 dead000000000004
[  373.959943][  T869] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  373.968590][  T869] head: 00fff00000000003 ffffea0000d4a401 00000000ffffffff 00000000ffffffff
[  373.977237][  T869] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  373.985880][  T869] page dumped because: kasan: bad access detected
[  373.992264][  T869] page_owner tracks the page as allocated
[  373.997954][  T869] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8404, tgid 8396 (syz.2.624), ts 284969922519, free_ts 284964179210
[  374.019204][  T869]  post_alloc_hook+0x1af/0x220
[  374.023962][  T869]  get_page_from_freelist+0xd0b/0x31a0
[  374.029400][  T869]  __alloc_frozen_pages_noprof+0x25f/0x2430
[  374.035275][  T869]  alloc_pages_mpol+0x1fb/0x550
[  374.040109][  T869]  new_slab+0x2c3/0x430
[  374.044250][  T869]  ___slab_alloc+0xe18/0x1c90
[  374.048914][  T869]  __slab_alloc.constprop.0+0x63/0x110
[  374.054361][  T869]  __kmalloc_cache_noprof+0x485/0x800
[  374.059724][  T869]  audit_log_d_path+0xed/0x200
[  374.064465][  T869]  audit_log_d_path_exe+0x46/0x70
[  374.069466][  T869]  audit_log_task+0x31d/0x3f0
[  374.074123][  T869]  audit_seccomp+0x79/0x290
[  374.078609][  T869]  __seccomp_filter+0xa91/0x11f0
[  374.083530][  T869]  __secure_computing+0x287/0x3b0
[  374.088539][  T869]  syscall_trace_enter+0x89/0x220
[  374.093585][  T869]  do_syscall_64+0x42b/0xf80
[  374.098160][  T869] page last free pid 8404 tgid 8396 stack trace:
[  374.104459][  T869]  __free_frozen_pages+0x7df/0x1170
[  374.109642][  T869]  __put_partials+0x130/0x170
[  374.114294][  T869]  qlist_free_all+0x4c/0xf0
[  374.118775][  T869]  kasan_quarantine_reduce+0x195/0x1e0
[  374.124214][  T869]  __kasan_slab_alloc+0x69/0x90
[  374.129047][  T869]  kmem_cache_alloc_lru_noprof+0x262/0x770
[  374.134829][  T869]  shmem_alloc_inode+0x25/0x50
[  374.139572][  T869]  alloc_inode+0x64/0x240
[  374.143879][  T869]  new_inode+0x22/0x1c0
[  374.148012][  T869]  shmem_get_inode+0x19a/0xfb0
[  374.152757][  T869]  shmem_mknod+0x1a2/0x3b0
[  374.157159][  T869]  lookup_open.isra.0+0x12dc/0x1780
[  374.162335][  T869]  path_openat+0xa95/0x3140
[  374.166822][  T869]  do_filp_open+0x20b/0x470
[  374.171306][  T869]  do_sys_openat2+0x121/0x290
[  374.175961][  T869]  __x64_sys_openat+0x174/0x210
[  374.180790][  T869] 
[  374.183093][  T869] Memory state around the buggy address:
[  374.188698][  T869]  ffff888035294100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.196737][  T869]  ffff888035294180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.204774][  T869] >ffff888035294200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.212808][  T869]                          ^
[  374.217371][  T869]  ffff888035294280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.225412][  T869]  ffff888035294300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  374.233449][  T869] ==================================================================
[  374.263521][  T869] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  374.270751][  T869] CPU: 0 UID: 0 PID: 869 Comm: kworker/0:2 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  374.281589][  T869] Tainted: [L]=SOFTLOCKUP
[  374.285895][  T869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  374.295934][  T869] Workqueue: usb_hub_wq hub_event
[  374.300952][  T869] Call Trace:
[  374.304210][  T869]  <TASK>
[  374.307126][  T869]  dump_stack_lvl+0x3d/0x1f0
[  374.311702][  T869]  vpanic+0x640/0x6f0
[  374.315666][  T869]  panic+0xca/0xd0
[  374.319368][  T869]  ? __pfx_panic+0x10/0x10
[  374.323767][  T869]  ? media_device_unregister+0x530/0x5e0
[  374.329387][  T869]  ? preempt_schedule_common+0x44/0xc0
[  374.334833][  T869]  ? preempt_schedule_thunk+0x16/0x30
[  374.340184][  T869]  check_panic_on_warn+0xab/0xb0
[  374.345103][  T869]  end_report+0x107/0x160
[  374.349418][  T869]  kasan_report+0xee/0x110
[  374.353819][  T869]  ? media_device_unregister+0x530/0x5e0
[  374.359439][  T869]  media_device_unregister+0x530/0x5e0
[  374.364885][  T869]  em28xx_release_resources+0xb2/0x2d0
[  374.370325][  T869]  em28xx_usb_disconnect+0x1de/0x610
[  374.375590][  T869]  usb_unbind_interface+0x1dd/0x9e0
[  374.380771][  T869]  ? kernfs_remove_by_name_ns+0xbe/0x100
[  374.386392][  T869]  ? __pfx_usb_unbind_interface+0x10/0x10
[  374.392096][  T869]  device_remove+0x125/0x170
[  374.396677][  T869]  device_release_driver_internal+0x44b/0x620
[  374.402726][  T869]  bus_remove_device+0x22f/0x450
[  374.407654][  T869]  device_del+0x396/0x9f0
[  374.411975][  T869]  ? __pfx_device_del+0x10/0x10
[  374.416812][  T869]  ? kobject_put+0x218/0x6f0
[  374.421392][  T869]  usb_disable_device+0x355/0x820
[  374.426416][  T869]  usb_disconnect+0x2e1/0x9e0
[  374.431092][  T869]  hub_event+0x1d84/0x52f0
[  374.435517][  T869]  ? __lock_acquire+0x436/0x2890
[  374.440443][  T869]  ? do_raw_spin_unlock+0x172/0x230
[  374.445625][  T869]  ? __pfx_hub_event+0x10/0x10
[  374.450380][  T869]  ? free_object_list.isra.0+0x90/0x2a0
[  374.455916][  T869]  ? rcu_is_watching+0x12/0xc0
[  374.460659][  T869]  process_one_work+0x9ba/0x1b20
[  374.465584][  T869]  ? __pfx_release_one_tty+0x10/0x10
[  374.470848][  T869]  ? __pfx_process_one_work+0x10/0x10
[  374.476209][  T869]  ? assign_work+0x1a0/0x250
[  374.480784][  T869]  worker_thread+0x6c8/0xf10
[  374.485361][  T869]  ? __pfx_worker_thread+0x10/0x10
[  374.490458][  T869]  kthread+0x3c5/0x780
[  374.494508][  T869]  ? __pfx_kthread+0x10/0x10
[  374.499080][  T869]  ? rcu_is_watching+0x12/0xc0
[  374.503824][  T869]  ? __pfx_kthread+0x10/0x10
[  374.508400][  T869]  ret_from_fork+0x983/0xb10
[  374.512975][  T869]  ? __pfx_ret_from_fork+0x10/0x10
[  374.518067][  T869]  ? __switch_to+0x7af/0x10d0
[  374.522727][  T869]  ? __pfx_kthread+0x10/0x10
[  374.527299][  T869]  ret_from_fork_asm+0x1a/0x30
[  374.532060][  T869]  </TASK>
[  374.535317][  T869] Kernel Offset: disabled
[  374.539616][  T869] Rebooting in 86400 seconds..