last executing test programs:

4m0.466299488s ago: executing program 1 (id=55):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x970b)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xd}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x3, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010300, @local}, @info_reply={0xd, 0x0, 0x0, 0xfffe, 0x9}}}}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4e23, 0xffffff81, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}}, 0x0, 0x0, 0x2a, 0x0, "b25dd300350731437df94f0a338977934d6951cdd6c61e31cc7172c856b141e3f4e87e6ab615ea379a12c5a6f5c6e8b30138f5f3570909f89f3e47f8090000c30a1c48cdff030000fad4624800"}, 0xd8)
bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={0x2a940, 0x1ca, 0x11}, 0x18)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000100)=@name={0x1e, 0x2, 0x2, {{0x41, 0x1}, 0x3}}, 0x10)
r5 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000180), 0x1, 0x0)
write$binfmt_register(r5, &(0x7f0000000040)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x9, 0x3a, 'M', 0x3a, '^', 0x3a, './file0', 0x3a, [0x46]}, 0x2a)
openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x200, 0x42)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}, 0x3}, 0x1c)

4m0.178039723s ago: executing program 1 (id=56):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000700)={'veth0\x00', <r2=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x1d, r2}, 0x10, &(0x7f00000003c0)={0x0, 0x10}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0x1, 0x58, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r3=>0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r4 = socket$inet(0x2, 0x1, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="640000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b03000000800000300012800b00010067656e657665000020000280080005000000000014000700000000000000000500000000000000011400350067656e65766531"], 0x64}}, 0x0)
unshare(0x28000600)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8b05, &(0x7f0000000000)={'wlan0\x00'})
bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x16}}, 0x10)

3m59.711619185s ago: executing program 1 (id=61):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=@newtfilter={0x50, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x20, 0x2, [@TCA_BASIC_EMATCHES={0x1c, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x4}}}]}]}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x200410c0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffefffc}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8, 0x1, 0x1, 0x0, 0xfffff274}]}}}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x78}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0x70}}}}}}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000380)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x11, 0x0, 0x3, {[@sack_perm={0x4, 0x2}]}}}}}}}}, 0x0)

3m59.507558298s ago: executing program 1 (id=64):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000080)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000100)=0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c0000", @ANYRES16=r1, @ANYBLOB="a90303000000000000003200000008004001", @ANYRES32=0x0, @ANYBLOB="92f700d93b54b25b8fb508c12e7eceee859f18601740c9988249adfd767940bd0b3252fef99b7b23b581b46c05d36a227990a074321017ad997699bd740ad202ad9160a4196256b5110af6beef2c42510153fabf734df16f3589670014eb0ad7ae48c4bd"], 0x1c}}, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x80)
r2 = msgget$private(0x0, 0x3ac)
msgsnd(r2, &(0x7f00000001c0)=ANY=[], 0x8, 0x800)
msgsnd(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="0200"], 0x8, 0x800)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r5, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226)
move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r5, &(0x7f00000003c0)='./file0\x00', 0x231)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0), 0x0}, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000c00)={0x44, &(0x7f0000000580)=ANY=[@ANYBLOB="000301"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000200)={'stack ', '.#,\x00'}, 0xa)
ioctl$HIDIOCSFLAG(r6, 0x4004480f, &(0x7f0000000000)=0x3)
ioctl$HIDIOCGUSAGE(r6, 0xc018480b, 0x0)
readv(r6, &(0x7f0000000180)=[{&(0x7f0000000140)=""/49, 0x31}, {0x0}], 0x2)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
close(r7)
syz_clone(0x80001000, 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNGETDEVNETNS(r7, 0xff05, 0x0)

3m57.785632359s ago: executing program 1 (id=71):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff})
ioctl$int_in(r3, 0x5452, &(0x7f0000b28000)=0x20000000000000ff)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x42001, 0x0)
r5 = signalfd4(r4, &(0x7f0000000040)={[0xb888]}, 0x8, 0x80800)
ioctl$HDIO_GETGEO(r5, 0x301, &(0x7f00000000c0))
r6 = openat$6lowpan_enable(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read(r6, 0x0, 0x0)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc8902, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000d40)=ANY=[@ANYBLOB="5800000010000ffffefffffff7dbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000000006000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="c8000000052a0000080004"], 0x58}, 0x1, 0x0, 0x0, 0x60820}, 0x4008000)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSPASS(r7, 0x40107447, &(0x7f0000000000)={0x0, 0x0})
r9 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r10 = dup(r9)
r11 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0xeeee0000, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0, 0x42}], 0xffff, 0x61, 0x0, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$BLKIOMIN(r5, 0x1278, &(0x7f0000000100))
ioctl$BTRFS_IOC_RM_DEV(r10, 0x5000940b, &(0x7f0000000a80)={{r4}, "fad7b9428d93038f63c4dafa1da7e07527fe756bde6d960d81bfd34ba5cca803ad5bdebe227152d43a607faa0dc407fc189b0d7e7468ab55f146ff0337aed82849987da5e1ab963dda992d377e4eacce0e342581ab9962694df4a98aef6d7813fb8b796948ff95415e9d71a47ede207b1794f624b034487af5832e243034017f4f93e15abf71e2dc1e26f97de375b5a1f1a24f98467d2d07d33c06c55c3f89c8d5282a18faedb7595cdedc33c345c89deca5b925cf8467200094111705e71154b451ed8407d1c89255b27d9b243d3a333b099595c33db04682ac22a418c49f5c39a0918c015e8393d2cb7c20feb2c54c82b6387812412e3237e938369453e1e8030d49fcd1c91bf36f2422d1a72f49b31ec3889ebc0d28c929b0c6736f00b53b9ccfd3934a7d933a8202fd2bdb2a8b0d58d6180c1a69b7fb41255ce92795786d10a8c7d9e4f680517f4e34b1e8f884e81e09bd5ec5ecf38b7b8f1637afb0aee0e708c4074eec24e3141b9e12ced6b4beaedec6d55dbae69d5a63142b3e81997458d7151a84d0d7cd4ebd25d24f3d2a3b4c403ab707fe38aa61cab1b070d4730625f76dc37f201e8698204637fe62fe52ed11ae0d8f98f69d4f92762bcba03b8b42feeca7a9fa9300ca4759ff9d7e9162479f954b1316775fcbfc6640b91dd1cb976ceaf2f9f28040ecfdc0e28bb9705a1b985274c7d08bd96aacd6a00f865f3a22f86ef2ace146c4f40bb20798e0bc2db4ce62f0873c09a85e7892729489a7b9c8c9a2939812595942b1ca2d3260315bc723ac2edf24d88f0f49d586a8065817ad936dc8161e438eb5b845df96b2c9a56eb7535ee9e255f41def5d9e9720857fbfd84b4bf1c97c574f568933df8f25d6df5d74a374e4f9a6a2e76644df77da621a8c9ce947af8f20feda0e22ef467eb210665589823025c9144ec05d80276574d3cae61c639d3b12438e012ffe1ca3823b4b79185ce1896b7a41aa36a47776fade667af70c25d9543bc036f40aec1c521f39239cdbf2748883f86b89349ffee1f528f955bdf6f29686c57a49b66ebfc26ee604316f27f9547cf3c21c221581458246b04d627e29e8b846e099e5d8234ce0db1d3e77130147580622b8eeaa34707ea25369c250ce5f5adc14b7afcfbce3c25e5e65d04858dc056456e2f2d2bd6afb59afae8d63b7ab5b8b6ad3386d52dbcee60c7f0945517a77edeeda33789acdb3b7b3242704d6c51940c004cde1d3a342477607581a92a50716caf93495cbc1a6b2f1be20081f7ba8a013416e6b8433383299b752feabd1455bc336b868b38f5ad73f397f0381a51748ffa8550510837d9128ab095629b7a159c6b0dfadfd8a8bff53c80481c59d861954790c593524d8a53cd8b2f2c234b850ec7576a46074293453a86cb3c0c346a8cbbac65eda4a2130e00053f5a054603776ea1d2975e4badbaa83518dad9274c22ac17f20686f56315340e5581c787a2f71ab3a2063664bcc82c7380a13cc8eb106c036800c7b0f14ed667f39af9a5cc01dcdd5809b534fad505858508845d9c547e19c632cd8024ecd777e193c2258312b7a5998a875d33dd8b861500946852af487bbefa54e9b16a83b6131ac343eacb2558e759a9b6ce5db0f1ab173d457d144fd5a65f092e553e1d0e3f9972ec57d27bb48c78332c7a6fab0d5958c61898b3a5ae8810e2246ae36291cd5f79f9475e697c9da84d05cc8dc197485ad790d2a8da5400583dce8ffa3c8adfe276884ed5d33f0e7bc4fb1748e83884213c10ec673dbbbf55670da7fbdd6d8927cd41106064ce22cd2ae14084c439e8f07e4e261667507c0acb03033f30665dbf928d31ff9cf38f61a46d6d1286065bfad5839b0247c975673839f6f685ebaad9396c5f93b3a5f346202a40969ab5c72d0355fd609d33b9443093a53dfbf8052a405389ce269f71da8ae1fb39b30f6a701f56838ca11527de58850f17b4fcc6397614da8e2e331f06024f1ee7f6a8b2f910711526361244a585dfacb4bab57738d7938adb436cf17cfeceb95016e339aa5f2ba30515f289ba35118d32504f52710044e78666dd2834fc2d9fad35e2df29b10e0557ab4789c7dc718d2d03434062bb58fd824c13a0bc6298ed9bdc3d0cc79d008972fcc9f751af4824b2be0823313581cd2fd2b436f84b14719b93dd95a38941c11af5b51f3b0503f3db3569ac847a93ea9124622044b37b083fcf8882a788041289905296e1bf2eb12aadb5228f366a925269a20f7ca9db7f317d5117a70d93f90b402993a7f84328409bda0fdc6306dd5c126fdb179fde4e4d7314d2ee419c8635e62895f8dffdf73f38188121f7b24dae40531b6e43054d3b9b459df2f2613536819643e6b7038de55ffa43bc9edc72e2038e2bf9da70a4a24a3fce0b8673f7f8f5099fcf0d23ab90c7f8770bdfd23e6aaabf7d110768ff08c8754ff6d962e43ff215d78d2ebd882353490da27dabd92ab08291338eaacf3e1ebe6a7da8286d3d57e272b9eac7c70a9a1bd67fb3f4e3052779422a7e19b7cfb01760f949ce4562ce5ad5292cb607e42d513d1facd0903a87836d5c30c181b5728db474154d3cb4e524ba5e03336534ca9f6b093fd6d9e5b89ede5becc677996321d65e9022d1c00e2907767a51c75c9f0688e4e82e045dc972e6be8948c7fc8a84ca8e1a992d44ac8e7a962a931d8eb3d0c4756b838c1339758a4a563d108d35940366b582c48567b5ca539839fbd327361ed76f4204f8ec84ec6401079a189b271747129c3d0025ccc25c9d7fbea0aa4f6a0e5f10422e9866e42ab0f86d6e9022688652536eef7fd28dc5961670a4058eaec61ba3e11273111be9cc3da57edc16321e1382d20f4cf52827032b5f79e395e742113303b0aa595f7188a417ddfdc3b6259b56f9f8f7b133774bfb5c181f1288713e3144ac4ff69fc146cc633dc70c8aee1da2384b72115b49cdbdfe9508b2e06fcd02df78d895e12cf6f0cf4171c7570809b949c6bfbff07da4018935a186630be06d42a4844521428afbed6b3a34aa0226a948fa12e8bdfbb27d13fd5627093511f52a51a6dcd33e0122d2dd1736885c797e1d1c65c06739790767be42582349c147d52e377732742f176b79243edd2c6b585d5512702ce4a7395835e2ab038a5deff84f7ff0d4622aebcd31c58d2dbbaad54638473e5fb428b827a577215460489001af429b40d0dae3521be9a381913740ea72a8b707d2ed4a12f5791fc2d0ea9674d59d68ff02a7b7dda9b9a1917db6093bf8ba4a186c952434dfd664cf9607d9b194b874c24ad03b04148d6f1951d4127146b22783be7eceefc686c4bef899e6cce8ce1344e9e49cfc0d43633098983a40276b4b4fcbe4ce0b695d58471afcfcce714ff1da6e975bd1494d127fbcda25c0110f596e4e0882e01acc674446d2c6e3d08d8034eebd4432968b1aab2e825eba0f76612ae6617667ad6c823fb8234363d5bb341c440fe0a0cad018b6c36ca317e3473eedbcc5f6740a7fad23b55a6fb626d8093ea62d6f35d2babd391e138b24a4ddfa86fef5487a710289f2994f36e87fadd178a5e139455d398a8809e30d2569650ceee90ad6b68942087ae0e33c49c6f7952b08da8762be2c9066e56d27a69a926fc58c82565877e913bff08e0827c45f9e74c964f282d5023efb21e976b93177464a686150ef09a32c352505c534e467ce014fec144dbbdcc8e2d28b6bf619ddf63a48054406dfa33aa541cb9beafa70cabcd8600cabf93d138de261f6f5b63273691669e363e06bc583bdee1ed210179f2ab50a6bc0a727475551e90b0265e1e8ca02acabe93b596b7a782151d792a5679e21e730b7e964c38a49717d0a1385bbb1b0459916424133149720bf47ac38687178a8b351ae3f29bf4a6ea369c90f85f4f123416c8c09c3f25b133ddcdb71b1289821d81581b78ae66c075c535e30151ae1bd48e787b55cc45951c83b5ce097711df0764feab81f24d63940915c471479c24222bd5569201ac4c56577168b76c1f0684f981df516cf5ac5d4307ef2bf429d818c9809f6669f43b1eb160bdcb817154bc36cd8bd24cd6c75e037edab6fa0fe9a0f19b6dbaf99dd68f0318382ccf8d20fe2fdc08134a86b5b0794a534992751fca4ec726dfca985cc239bae2b04ce49416e07e14f752767d05f6584479b5da973fa22477be64fef48b5f3c07936c2be9fa8b92c9e8a0412a2718932edf53382efe2aa1531bbde87363fee5a15501a490c16d26354c0ffeeccf0d05705a6b68a0b88de1e15736092014273f7494474a24555e7e7a6b4e274a9dd4d534cac979a0e99758203f74309af7b221e925c592ad25e13c7907c1030fc79bb728bce4437047470cf97ebc48f45ef67695585caa73178057802a24e3e4fea0a55111275c738d2b09aa7e7a00e91be43ee507b6533c6c6e9d1848e708240d7547b08bb9121fc024caed12805a0a8bfb72f72c6787b760ccd3657328507050f8ad3e348597b38685ad6d44125266382dbf433a9628c548f89eea1691e92fc755502e4656d2faa2077ab1d749a3d2d0543cd5248db49cdb1a60f006ec8cb5b3ecfc1b6b38ed802a6885c6733dbdfbe9d6c0a0daacda38f9bdbd728bfae407e2be620cd8e66743c70073e38e87ede0daf00e7e6205bc0f5cc3ff5657ad559ad13a865d01357215e2e813153212d13d6817ff2badace7edac682ea459e30b476b98ea7ca540c9ec3f8a0550ab51340e04425e3eb0d36fcfa6612bfe947263322afb876ef4a86edf8adf41f4bf4fd617c2cc57c0639baa79f4e6468258e53b76ae51c83f37b6d128cbe4eaf3e58e7d24a7c24451289c991984bed04ce060e4ee13a0c0e43fc98baae2352366672075a6c8c26165aa538b1bac0765ffda39bfafaa401cea38646e418fc99704540acd08e128121bb0b8ab8e316f924cfdae1002d54e2ef3cf3477558d77881beaa3c31cb9cc2429eaf858ebaf06709910faf26d7433290a3250cca586c0e49c3d2456a6409da11259bc7b7e2345146a360404f3d7333487343d9dfbb2813bbeba56a1e1f90d421aca2d1e6ca075b1fcb5733df856fc45de7fe5dbe6174ebc4a6241576e46503a3f7e4ad18b5965c0525faa3d031b09b2b9aa1874285c874382359e93775a69701bb63fccc33d095aac42e79a74ec9700218add3c93114c0686f6897f3228cf3bee05ca63f709075df1b5e89e44c05feb00356c0de06190b84e09285443e58a361840e93da22a3ab64d8a4a0474466d13738c07c71847b6b2e47adb22db94e92524a08ca0dbb02de2e0eb5c2edb7e29d89ed5c2d76bb2fc5da5cd57b89bfd47465b5a57ebd72261ddfb443a141415670a59ae82acde715d73b4ab62602b9a347764a05a15159d25abfa2e26531efc90cce8692bb61d859ef6ecb4d9d6d44813085915e8d97916127241aa470b55cdf629ad52b7ad48d4253b2539726f26cf169c208a591ed4a3d4c0474446493a2da85d1226e58d988bcd484ed94d8b18f3298815be6627d1eb5bde9a2f8a3864b2e0c772502854afab501e8cbf1425028bebc3aece71cae8fc40f1606902d0ebcb124be02fcfb6a2810f580942e9f6a2871f9e9bd4a43bb3428c8e4cc16c5b7f3f6cf92bc0aec8c7826c2e759d6062c7409e2e770e3780bbff8e390bc9b551d12c5d295dda72b46cbf9a20c76f6881d69ec27a003b6edb5b2983483d06b246cc3cbd2c8524e601ce0d45c7441bb9e1dcd676ccb5ac3a9e59e6d65c4eee6b120b6bb71eafc80f9ca5de3529ff04fc2f3546"})
unlinkat$binderfs_device(0xffffffffffffff9c, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3m57.520418674s ago: executing program 1 (id=72):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x20402)
prctl$PR_MCE_KILL(0x41555856, 0x0, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = dup(r0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000080)={0x0, 0x8, [0x8, 0x4]})
ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, &(0x7f0000000000)={0x5, 0x1})

3m57.284488993s ago: executing program 32 (id=72):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x20402)
prctl$PR_MCE_KILL(0x41555856, 0x0, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = dup(r0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000080)={0x0, 0x8, [0x8, 0x4]})
ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, &(0x7f0000000000)={0x5, 0x1})

11.470292307s ago: executing program 2 (id=1013):
r0 = socket(0x840000000002, 0x3, 0xfa)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000004000000000000000000000000edcaabdd101c848ba7cdd8efd1660d0f215c6f40c65f602259bae35cbbd95c01b99d96d0f5c0375e21eb2fd39ac52f35a5488634cc5c18db55a53674138907c889d2273edb46b4085614ad31826cc142454fe943fa3f2292bb"], 0x48)
r2 = socket(0xa, 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=ANY=[@ANYBLOB="5c0000001e25bd7000fcdbdf250a0101fcffffffffffffff0000000000000004d500003c00e000000100000000000000000000000005000000ff34000010000a002bbd70002df5958d2cd96366350000000000001000000000000000000000007dc3940234e9bc3e6799fab51eedef4635b24f1695c447f7860783a6305a44fd1b7208df9626b8d98fd105c6153b3d53ca7f7623870e9c2a2fb9a8ff89260f953460f013fb660c22467d41a4d8384a6b193c402ab0366af231a3e1956995324f1794d9d3e45222931e15288030cb256f3d9143befc85a67b"], 0x5c}, 0x1, 0x0, 0x0, 0x850}, 0x20004810)
connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4c61, 0x3, @mcast1, 0x2000004}, 0x1b)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0x2000000000000030, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x80, 0x34325241, 0x3, [0x2], [0x80ffff, 0x0, 0x3a13, 0xfffffffc], [0x0, 0x0, 0x1000000, 0xffffffff], [0x3, 0xf6]})
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

11.202390483s ago: executing program 2 (id=1014):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r2, 0x0, 0x4004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mknod$loop(&(0x7f0000000080)='./bus\x00', 0x1, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
bpf$PROG_LOAD(0x5, 0x0, 0x0)
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001020000082505a1a44000010203010902"], 0xfffffffffffffffc)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r6, 0x4c00, r5)

9.299920707s ago: executing program 3 (id=1018):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x8080, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000400), 0x1090c2, 0x0)
mknodat(r1, &(0x7f00000000c0)='./file0\x00', 0x0, 0x4) (async)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) (async)
ioctl$HIDIOCGFEATURE(r0, 0xc0404807, &(0x7f0000000040)={0x2, "30f215dc159fbce93dc9594e749787fff6da8fa5b0bb48602b5b4369505ead2e010d654e3bbafb3e332c162146efbe6e2d6ac7d561f554456f9b170c929cab7a"})

9.195934848s ago: executing program 3 (id=1019):
openat$audio1(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r6, &(0x7f0000004100)={0x2020}, 0x2020)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)
recvfrom$inet6(r4, &(0x7f00000000c0)=""/3, 0x3, 0x0, 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)=<r8=>0x0)
timer_settime(r8, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
splice(r4, 0x0, r3, 0x0, 0x10000008ebc, 0x0)
socket$inet6(0xa, 0x2, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x951a, 0x3010, 0x1}, &(0x7f0000000040)=<r9=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socket(0x10, 0x3, 0x0)

8.220646718s ago: executing program 0 (id=1023):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@setlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4280}, [@IFLA_IFNAME={0x14, 0x3, 'veth0_to_bond\x00'}, @IFLA_MASTER={0x8, 0x3a}, @IFLA_GSO_MAX_SEGS={0x8}]}, 0x44}}, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fcntl$notify(r2, 0x402, 0x26)
fcntl$notify(r2, 0x402, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[], 0xb8}, 0x1, 0x0, 0x0, 0x20}, 0x0)

7.98956757s ago: executing program 4 (id=1025):
r0 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r0, &(0x7f0000000600)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYRES8=r0], 0x3c}}, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e25, 0x10001, @local, 0xb}}}, 0x30)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c000000100003052dbd70000007000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000100000140012800800010067726500080002800400120008000a00", @ANYRES32=r1, @ANYBLOB="2fa6d50084b200cb10d84738179f84ab378fc07b4fd4067c3d7c128e1be89345d13b18006f1fe8128f30cc5b45368d487a99fc9b99d6c73830dcd90fb679bbd7012437b83b94ba66acb6bd91a70f26c744861aec747e3ab0c4879d75a694ddc159533c3a2442f340a9d47e0e43730366ae7deaf8dee1c3bef479cc7ecd9435e45dbf2bfeb8"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x2000000)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x77, 0x2, 0x3, 0xa, 0xb, 0x4}, 0x20)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000040)=@urb_type_interrupt={0x1, {0x1, 0x1}, 0x4, 0x25, 0x0, 0x0, 0x800, 0x6, 0x0, 0x0, 0xb5, 0x0})
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="440000001a00010000000000fdffffff0a000000", @ANYRES32=0x0, @ANYBLOB="00001f0014000300070000000000000200000000fdff070014000100000000ed"], 0x44}}, 0xd0)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x3f, 0x0, 0x0)
setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000000040)=0x6, 0x4)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0x8, 0x40000720, 0x0, 0x0)

7.983964741s ago: executing program 3 (id=1026):
socket$inet_tcp(0x2, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000880)={0x0, 0x0, 0x0}, 0xc0008e0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x2007, @fd, 0x0, 0x20000000, 0x801e, 0x0, 0x1, {0x1}})
r3 = syz_open_dev$sg(&(0x7f00000001c0), 0x400000000, 0x248081)
ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000))
syz_open_dev$video(&(0x7f00000002c0), 0x20000000005, 0x8100)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000240), r2)
sendmsg$TIPC_CMD_SHOW_PORTS(r2, &(0x7f0000000800)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x1c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x20000010)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xe, &(0x7f0000000080)=0x800002, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x0)
sendmsg$alg(r6, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmsg$unix(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)=""/47, 0x2f}], 0x1}, 0x1100000000000000)

7.864206496s ago: executing program 0 (id=1027):
openat$audio1(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r6, &(0x7f0000004100)={0x2020}, 0x2020)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)
recvfrom$inet6(r4, &(0x7f00000000c0)=""/3, 0x3, 0x0, 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
splice(r4, 0x0, r3, 0x0, 0x10000008ebc, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x951a, 0x3010, 0x1}, &(0x7f0000000040)=<r8=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socket(0x10, 0x3, 0x0)

7.034923649s ago: executing program 2 (id=1028):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000040)={0x80, 0x40000105, 0x0, 0x0, 0xfffffd30}) (async)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f000905", @ANYRES32], 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000006800010003000400fdffff7f00000000000000000400020004000b000600030001000000"], 0x28}, 0x1, 0x0, 0x0, 0x4008018}, 0x0) (async)
syz_usb_control_io$hid(r3, 0x0, 0x0) (async)
syz_usb_control_io(r3, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r5, 0x4018480c, &(0x7f0000000080)={0x2, 0xffffffff, 0x10000})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
close_range(r6, r8, 0x0) (async)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r8, 0x4068aea3, &(0x7f0000000140))
r9 = dup(r2)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="000b003ce0009f9cb2040000", @ANYRESOCT=0x0, @ANYRES8=r2])

7.027405312s ago: executing program 4 (id=1029):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x2c, r3, 0x1, 0x1, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x2c}}, 0x8000)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x10, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x7fffffff}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
r6 = eventfd(0x1)
write$eventfd(r6, &(0x7f0000000000)=0xffffffffffffffff, 0x8)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000080)='-6', 0x2}], 0x1)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r8, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f000001fc40)=[@textreal={0x8, &(0x7f0000000180)="640fc7b8255266b9800000c00f326635000800000f3066b9940300000f32660fc7b008000f00da66b9e70000000f32b8c7028ee0ba400066ed660f2a6f002e660f7d5004", 0x44}], 0x1, 0x1, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c00000015000100000000000000000005000000080001"], 0x1c}}, 0x0)
r11 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r11, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r12=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r11, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r12, 0x0, <r13=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r11, 0x3ba0, &(0x7f0000000280)={0x48, 0x12, r13, 0x0, r12})

6.631565965s ago: executing program 2 (id=1030):
r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x38)
connect$unix(r3, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r4, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = syz_open_procfs(0x0, 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000140), 0x180fffc, 0x208000)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r6, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f00003e9000/0x3000)=nil, 0x3000, 0x100000e, 0x12, r6, 0x100000000)
r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$VIDIOC_G_FMT(r8, 0xc0d05604, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0)
sendmsg$NL80211_CMD_GET_PROTOCOL_FEATURES(r5, 0x0, 0x1)
syz_usb_disconnect(r0)
r9 = fsopen(&(0x7f00000000c0)='tracefs\x00', 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)

6.284357954s ago: executing program 0 (id=1031):
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x2)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000000)={0x80, 0x6, 0x2fd, 0xfffe, 0x0, 0x0, 0x0})

6.200253927s ago: executing program 0 (id=1032):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x5, @loopback, 0x3}], 0x1c)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x106, &(0x7f00000008c0)=ANY=[@ANYRES8=r2], &(0x7f0000000880)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x110, 0xe, 0x1, 0x7, 0x8, 0x8}, 0x5, &(0x7f0000000300)={0x5, 0xf, 0xfffffffffffffd1f}, 0x1, [{0xe4, &(0x7f0000000340)=@string={0xe4, 0x3, "e8b7a842e24749aace42728d720b53041537f24e2b7fb09527a713790f62379ca603f534342a9c5aa45dfa3f2cd5b2e06fe96c81ff7941a1c5ee87d372447d6b3abd8b3cd679961eab5a93a7977943883afa5d9e144ef561c60a79430753eb37641a5db296263fbfedf894a38a01a902032c1a8c5d44c8040448f4d76215e0b16273799b496317a27a6e77a92c606f678bf25cc3e6340262493e21540798e169cd9be123ac4cecf29b21bbec409b4a8eb79c9c24b783da210326aa88b70395cfa51de5edb85cf29ea2f886e0e99c5f7dd356f718628fc164e011f86c0eeba691f724"}}]})
sendmsg$inet6(r2, &(0x7f0000000000)={&(0x7f0000000080)={0xa, 0x4c24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f0000000140)="4ef91d4a779cba76f8103d16d6bef2ce48457d9ae12c04ab1b6c42fa3b62be20ec227d89b4fb4e1b396682257d77e1d877a633625f6109bdbe5c9591dbcc9d410cf059b2", 0x44}], 0x1}, 0x4048043)
write$P9_RSETATTR(r1, &(0x7f0000000300)={0x7, 0x1b, 0x1}, 0x7)
write$binfmt_format(r1, &(0x7f0000000100)='-1\x00', 0x3)
r3 = dup(r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8103, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c)

5.562711424s ago: executing program 3 (id=1033):
r0 = syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x56a, 0xd2, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x70, 0x4, [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x4, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xee, 0x5, 0x1}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0xff, 0x3, 0x18}}]}}}]}}]}}, 0x0) (async)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x0, 0x25dfdbfe, {{@in6=@empty, @in6=@remote, 0x0, 0x33, 0x0, 0x0, 0xa, 0x60, 0x30}, {0x0, 0x7f, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x200, 0xfeffffffffffffff}, {0x3, 0x0, 0x0, 0x1}, 0x6, 0x0, 0x1}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f00000005c0)={0x84, &(0x7f0000000340)=ANY=[@ANYBLOB='@\t\f'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000a00)={0x44, &(0x7f0000000100)={0x40, 0xf, 0x28, "5fabfab987ec41df1a64addfd14d734c668363bfa8d322cd04b625d20ae74277cefc366d9326fa41"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000380)={0x20, 0x8, 0x4, "f6f1899c"}, 0x0, 0x0}) (async)
syz_usb_connect$lan78xx(0x2, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@updpolicy={0xc4, 0x19, 0x1, 0xfffffffc, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x23}, @in6=@local, 0x4e22, 0x0, 0x4e24, 0x0, 0xa, 0x0, 0x60, 0x0, 0x0, 0xee01}, {0x0, 0x1000000000000401, 0x0, 0x40000000, 0x0, 0x1a, 0x1, 0xfffffffffffffffe}, {0x77, 0x3, 0x0, 0x100000000007fff}, 0x0, 0x6e6bb1, 0x1, 0x0, 0x3}, [@mark={0xc, 0x15, {0x35075b, 0x7}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x20044080}, 0x0) (async)
sendto$inet6(r2, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000d40)={0x2c, &(0x7f0000000b00)={0x0, 0x31, 0x26, {0x26, 0x3, "9665f5747ad6f037670dfd8d227ce9ee2ad403af82465c3369a5905173f1e9434b928603"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
r5 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r5, 0x4068aea3, &(0x7f0000000480)={0xc9, 0x0, 0xc})

5.387106558s ago: executing program 3 (id=1034):
r0 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @hyper}, 0x10, 0x80800)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x200, 0xfffffffd}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0x3, 0x1}, 0x10)
close(0xffffffffffffffff)
r2 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20000800}, 0x4)
recvmmsg(r0, 0x0, 0xffffffffffffff60, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000300)={0x3, @output={0x0, 0x1, {0x1, 0x2}, 0x4, 0x7}})
socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000004000000e27f000001"], 0x50)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r3, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r3, 0xc0045009, &(0x7f0000000040)=0x2fff)
r5 = syz_io_uring_setup(0xbdc, &(0x7f0000000280)={0x0, 0xec25, 0x400, 0x1, 0x138}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000240))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r5, 0x847ba, 0x4, 0xe, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)
close(r7)

5.2061632s ago: executing program 4 (id=1035):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r1, 0x2)
r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r2, 0x6)
r3 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x19, 0x14, "ffb3d741dd17c1ac0d38ef0200000000000000000000000000000000000000000000000000fe00", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xffffffffffffbffe, 0x53e]}})
syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114db, 0x0, 0x1, 0x89}, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, 0x94)
syz_io_uring_setup(0x10d2, &(0x7f0000002100)={0x0, 0x7a8d, 0x80, 0x0, 0x351}, &(0x7f00000000c0)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x4, 0x2ac, 0x0, 0x0, 0x15, 0x19, "8975301576b0cf0900245518580ce0c8bf604cca41f31c108938fcfa393edb69e0bcff0f0000000000000900000000000000d0f08e8ad896ba67a00973defa00", "8b609009aaa722681a1e2513d754f688a9e306ee1dba533f02e1b69da6e26ec889fee41b80000827cc7d24fdc26f2395d702020000e4b8fb1703e47463b969e4", "ca1bf5ff2b4a000000000000008218040000db00", [0xc, 0xfffffffffffffffd]})

4.995377857s ago: executing program 4 (id=1036):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = socket(0x1d, 0x2, 0x6)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x6a, 0x2, 0x0, &(0x7f00000000c0)=0xfffffffffffffd27)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_clone3(&(0x7f0000000200)={0x4001000, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r2, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x1})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@text32={0x20, 0x0}], 0x1, 0x6c, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008604"])
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000500)={{0xd, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELTABLE={0x0, 0x2, 0xa, 0x401, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_TABLE_USERDATA={0x0, 0x6, "d40a78ea46a07ea8eb685c2a76e03f9f3b4c492fb67ca6a1a53efde507ed187d5ab01b7edffcf353a010e945d1b8289d7c53a3667adffa6361527ed3646d4d6bc336578c83012d2a211e95ce1ed1cd487fe481f682967492ed72eaff054f73c0273b6ec620ae04d9a538739c692f902494a1784a9b5bc8ca30e345caaa95303f142690e6f86e3076e9497499f4739bb88661ef3498cc2bb4a6fa8b5134a14e5a4818425ee4ccc08612953bf16d49be11c923e3dbd91669d7b1f14f7d2127544e47b472672c5e3721c447d56fb46b3d69201f65ea3d6e6bc162c349365972b4f2c33229fa056dd0"}, @NFTA_TABLE_NAME={0x0, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x0, 0x6, "8de30caeb82a5951ed38f79a469fc483fc314ea4d016812f3a5f25cebd70ca8e22f5c686a2f92a104e"}, @NFTA_TABLE_FLAGS, @NFTA_TABLE_HANDLE={0x0, 0x4, 0x1, 0x0, 0x4}, @NFTA_TABLE_NAME={0x0, 0x1, 'syz0\x00'}, @NFTA_TABLE_USERDATA={0x0, 0x6, "1569304bf078f4"}, @NFTA_TABLE_USERDATA={0x0, 0x6, "993b3b7bf779a2ac343b5443693c3a8630b6ac5552295d1d53aff9839c95328de3319692ec663ecdc098207a35eb2d29204a57c67fb5da8f817d0ff569d650ee"}, @NFTA_TABLE_NAME={0x0, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb0}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000480)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r6, @ANYBLOB="080026006c09000008009f000500000008002600e015000004008e000500190109000000050019010700000008009f00060000000009"], 0x70}}, 0x40)

4.8160085s ago: executing program 5 (id=1037):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000001a80)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000004c0)="5b7c7022089422b3859a2e670600a3cf41adeb8a7d6d51d4f14bf38421b0c723a9f4d3d0d1f37154c82f", 0x2a}, {&(0x7f0000001580)="a7480453712a40c60ed3f9c11b9a50278807d0a4ce1f610666ce627817260c81a72b64da3e96398e61ec916f3433f4353c5da1fb3940b60f55be39324c2fc5c0e0f0e33de4f9cf34a24d27df78781327d724910ef642576dfff367498cf15adb9a91b8474b9818", 0x67}, {&(0x7f0000001600)="485eb0cfc122f8b376af751617a048d5b4f2d5cf020fba2c733d108cffa67b2d38d8242e717862742fa11685392800c2d797286f7ff748322354f67bd911feb205b73482b05ea76189192f87385f3ba1fb448f945b98abbf990b3117bbdba909d66b61deb7681828191854e52107f3d405b72a08533365fe0201c590152098517911161dbe560d36e3973ff8219c63abc7d8cc542992a7c9fccd00cb1f8299020fdec69e9eb3eabbbc24fd7cf29a748f1f23753b989f295d8b4e706b1ba95b06984188a0c57bef24b9f6d888d70626", 0xcf}], 0x3, &(0x7f0000001a40)=[@rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r1]}}], 0x20, 0x8010}}], 0x1, 0x4004851) (async)
sendmmsg$unix(r4, &(0x7f0000001a80)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000004c0)="5b7c7022089422b3859a2e670600a3cf41adeb8a7d6d51d4f14bf38421b0c723a9f4d3d0d1f37154c82f", 0x2a}, {&(0x7f0000001580)="a7480453712a40c60ed3f9c11b9a50278807d0a4ce1f610666ce627817260c81a72b64da3e96398e61ec916f3433f4353c5da1fb3940b60f55be39324c2fc5c0e0f0e33de4f9cf34a24d27df78781327d724910ef642576dfff367498cf15adb9a91b8474b9818", 0x67}, {&(0x7f0000001600)="485eb0cfc122f8b376af751617a048d5b4f2d5cf020fba2c733d108cffa67b2d38d8242e717862742fa11685392800c2d797286f7ff748322354f67bd911feb205b73482b05ea76189192f87385f3ba1fb448f945b98abbf990b3117bbdba909d66b61deb7681828191854e52107f3d405b72a08533365fe0201c590152098517911161dbe560d36e3973ff8219c63abc7d8cc542992a7c9fccd00cb1f8299020fdec69e9eb3eabbbc24fd7cf29a748f1f23753b989f295d8b4e706b1ba95b06984188a0c57bef24b9f6d888d70626", 0xcf}], 0x3, &(0x7f0000001a40)=[@rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r1]}}], 0x20, 0x8010}}], 0x1, 0x4004851)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r2, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x3, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x3, 0x0, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r5, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000280)=ANY=[@ANYRESOCT=r2], 0x64}, 0x1, 0x0, 0x0, 0x8089e4be65376c1b}, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) (async)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
r7 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r7, &(0x7f00000032c0), 0x0, 0x0) (async)
sendmmsg$inet_sctp(r7, &(0x7f00000032c0), 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0xb8, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @enter_looper, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x1100}, @fda={0x66646185, 0x5, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x24}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x400}, @register_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x2, 0x2, 0x18}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/209, 0xd1, 0x1, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/4096, 0x1000, 0x0, 0x28}}, &(0x7f0000000340)={0x0, 0x20, 0x48}}, 0x40}], 0x7, 0x0, &(0x7f0000000440)="553fc696f4b1a1"}) (async)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0xb8, 0x0, &(0x7f0000000380)=[@request_death={0x400c630e, 0x1}, @enter_looper, @acquire, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x60, 0x18, &(0x7f00000000c0)={@flat=@binder={0x73622a85, 0x1100}, @fda={0x66646185, 0x5, 0x2}, @ptr={0x70742a85, 0x0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x24}}, &(0x7f0000000180)={0x0, 0x18, 0x38}}, 0x400}, @register_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f00000002c0)={@fda={0x66646185, 0x2, 0x2, 0x18}, @ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/209, 0xd1, 0x1, 0x40}, @ptr={0x70742a85, 0x1, &(0x7f0000000540)=""/4096, 0x1000, 0x0, 0x28}}, &(0x7f0000000340)={0x0, 0x20, 0x48}}, 0x40}], 0x7, 0x0, &(0x7f0000000440)="553fc696f4b1a1"})
syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) (async)
r8 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r8, 0x0, 0x0)
syz_usb_control_io$printer(r8, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x2, 0x80000000, 0x91d8}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r9 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000000c0))
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$UFFDIO_ZEROPAGE(r9, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}}) (async)
ioctl$UFFDIO_ZEROPAGE(r9, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}})
syz_usb_control_io$cdc_ecm(r8, 0x0, 0x0)

4.626307773s ago: executing program 5 (id=1038):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
mlock2(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000740)={0xf0, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@crypto_settings=[@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac0d}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x9}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_SAE_PASSWORD={0x7b, 0x115, "fd853a0e1639641fe0fa49bfe0de17ef3edeef61ce442d0007f803bb2f1cbc8c4ea3d16aaba73a8e948e004438ce85ca74bda803ad35244e7cdce18abbd9427c9472fafa1a3a97e4a73885631e760bd706f9ad0041c96a34e3eb6839ca408a1a591b70da7eb203cf93d2c1cbb6cec0a0aad9b2bfc9dfb9"}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x6}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}]}, 0xf0}}, 0x2000800)

4.599449584s ago: executing program 4 (id=1039):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000900)={0x44, &(0x7f0000000140)=ANY=[@ANYBLOB="fd85d5b120a96d83a49867bd3cb5a69ba64559ef9f9f1e957ab27fe4d07eca185817e70e9a8918689738676baa77d3c7470598a9882ad85b137206ab9062734b74c33e9d78747ad7313b4e8b4e8744030d3fae5719167cdbeb194633cf37a2a94f753504a47527bca6c91687a10e50b44fc1489e626633394a4d43fc8e73cb55c4dc36148e22855cdacb292bd1f8999ea0406cbb397286f579fd357f44b0debda1ee5a24b75d43736401f459079c5a7a80c18671e674f6553734c9b9dd580786bdcd03bd8a95fa6b2b8202dd5e31168006c275038b58569f5c2d62916d036bc65bb5fdf3ad44"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) (async)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
renameat2(r1, &(0x7f0000000380)='./cgroup\x00', r1, 0x0, 0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r2, 0x0)
ftruncate(r2, 0x200c17a)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) (async)
setsockopt$XDP_UMEM_REG(r6, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, 0x0, 0x0) (async)
setsockopt$XDP_TX_RING(r6, 0x11b, 0x3, 0x0, 0x0)
bind$xdp(r6, &(0x7f0000000100), 0x10)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, 0x0, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_NEW(r5, 0x0, 0x0)
r7 = syz_io_uring_setup(0x88f, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x20, 0x0, @fd_index=0x6}) (async)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x20, 0x0, @fd_index=0x6})
io_uring_enter(r7, 0x47f6, 0x0, 0x2, 0x0, 0x0)

3.991288849s ago: executing program 5 (id=1040):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_pressure(r0, &(0x7f0000000040)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r1, &(0x7f0000000340)={'some', 0x20, 0x7, 0x20, 0xff}, 0x2f)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000000000000000000000000000000000000000000000000055aaffff", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}})

3.71379651s ago: executing program 5 (id=1041):
fsopen(&(0x7f0000000300)='iso9660\x00', 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r0 = socket(0x10, 0x803, 0x0) (async, rerun: 32)
write(0xffffffffffffffff, &(0x7f0000000080), 0x0) (rerun: 32)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r1, &(0x7f0000002fc0)=[{{&(0x7f0000000540)=@x25, 0x80, &(0x7f00000006c0)=[{&(0x7f00000005c0)=""/29, 0x1d}, {&(0x7f0000000880)=""/129, 0x81}, {&(0x7f0000000a00)=""/132, 0x84}, {&(0x7f0000000ac0)=""/230, 0xe6}, {&(0x7f0000000bc0)=""/159, 0x9f}], 0x5, &(0x7f0000000c80)=""/126, 0x7e}, 0x4d}, {{&(0x7f0000000d00)=@nl, 0x80, &(0x7f00000020c0)=[{&(0x7f0000000d80)=""/202, 0xca}, {&(0x7f0000000e80)=""/147, 0x1f}, {&(0x7f0000000f40)=""/91, 0x5b}, {&(0x7f0000001fc0)=""/123, 0x7b}, {&(0x7f0000002040)=""/86, 0x56}, {&(0x7f0000000780)=""/38, 0x26}], 0x6, &(0x7f0000000940)=""/23, 0x17}, 0x2}, {{&(0x7f0000002140)=@rc={0x1f, @fixed}, 0x80, &(0x7f0000002340)=[{&(0x7f00000021c0)=""/102, 0x66}, {&(0x7f0000002240)=""/88, 0x58}, {&(0x7f00000022c0)=""/105, 0x69}], 0x3, &(0x7f0000002380)=""/128, 0x80}, 0x7}, {{&(0x7f0000002400)=@pppol2tpin6, 0x80, &(0x7f0000002780)=[{&(0x7f0000002480)=""/107, 0x6b}, {&(0x7f0000002500)=""/105, 0x69}, {&(0x7f0000002580)=""/154, 0x9a}, {&(0x7f0000002640)=""/62, 0x3e}, {&(0x7f0000002680)=""/219, 0xdb}], 0x5, &(0x7f0000002800)}, 0x9}, {{&(0x7f0000002840)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000002c40)=[{&(0x7f0000003400)=""/250, 0xf1}, {&(0x7f00000029c0)=""/205, 0xcd}, {&(0x7f0000002ac0)=""/67, 0x43}, {&(0x7f0000002b40)=""/124, 0x7c}, {&(0x7f0000002bc0)=""/118, 0x76}], 0x5}, 0xfffffffc}, {{&(0x7f0000003380)=@tipc=@name, 0x80, &(0x7f0000002f40)=[{&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000002d40)}, {&(0x7f0000002d80)=""/88, 0x58}, {&(0x7f0000002e00)=""/3, 0x3}, {&(0x7f0000002e40)=""/107, 0x6b}, {&(0x7f0000002ec0)=""/98, 0x62}], 0x6, &(0x7f0000004800)=""/4096, 0x1000}, 0x4}], 0x6, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x60, 0x0, 0xfffffffd, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRESHEX, @ANYRES32, @ANYBLOB="0000002fdac1555600"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
mmap(&(0x7f00005e8000/0x1000)=nil, 0x1000, 0x3000003, 0x2010, r4, 0xffff8000) (async)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x8910, 0x0, 0x0) (async)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) (async, rerun: 32)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (rerun: 32)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000003180)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYBLOB="c4c5be9a18b398597732422d9a5c2deb7127ceae2a7ac88d6eeee410910d19addf9b7ba1e5df0ff447a800b02f9c23dc9697f3a39900a02a0dd17bfff82444b24d885738f0c860f986c83bfabba7b46f57e8de380b8b6595e590c9ed021d704ac18cf35f56889a35fc31bc8742129bbbe22b58f10498c843fbed661d09c67b352d2ab76809360ecd45aab5181df7f67c8adf5926ecacc879df24148e082334d15d0d18f8b600267663398fa280a8a383cbfb4f97d713e0f428f6009845cf3b21aa2f9c97c864bd2e351c291eb97617890976581e2855251768769627f6bb7424e30de0aecc", @ANYRESDEC=0x0, @ANYRES64], 0x4c}}, 0x0) (async, rerun: 32)
r6 = syz_open_dev$vbi(&(0x7f0000000480), 0x0, 0x2) (rerun: 32)
ioctl$VIDIOC_S_INPUT(r6, 0xc0045627, 0x0) (async, rerun: 64)
r7 = landlock_create_ruleset(&(0x7f0000000280)={0x2050, 0x0, 0x1}, 0x18, 0x0) (rerun: 64)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r7, 0x1, &(0x7f0000000340)={0x2000}, 0x0)
socket$alg(0x26, 0x5, 0x0)
syz_open_dev$radio(&(0x7f0000000040), 0x1, 0x2) (async, rerun: 32)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) (async, rerun: 32)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0x34000}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})
r8 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0)
syz_usb_control_io$cdc_ecm(r8, 0x0, &(0x7f0000000280)={0x1c, &(0x7f00000032c0)=ANY=[@ANYBLOB="00000000a30494d5149342acdb1f0ce78ae57547d07da529b94f0d5743c0ab7296476e301a2ec43650c9efe96cf8a9bb47544e9a8e1b890d202bb8a9a4174eb2b0b69928cc341493687a805fcfaa6b76cd84c5805df89ed52db9aa121840ddbe1f340c6d5139abbf2d4f5f366da4226fdb60461a0ee2a16ac7002356b95912b8d52cd2bdfba122671f088629001b9e6f21fca35ffacbf94a037b89571d044045"], 0x0, 0x0})

3.68746304s ago: executing program 5 (id=1042):
openat$audio1(0xffffffffffffff9c, 0x0, 0x40000, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r6, &(0x7f0000004100)={0x2020}, 0x2020)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)
recvfrom$inet6(r4, &(0x7f00000000c0)=""/3, 0x3, 0x0, 0x0, 0x0)
r7 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc))
splice(r4, 0x0, r3, 0x0, 0x10000008ebc, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x951a, 0x3010, 0x1}, &(0x7f0000000040)=<r8=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
socket(0x10, 0x3, 0x0)

3.102362589s ago: executing program 0 (id=1043):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="f400000000010104110000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c0002800500010000000000080007400000000090000d8014000400fc00000000000000000000000000000008000100ac1e0001080001006401010008000200e000000208000200ac1414bb08000200ac1e01011400050000000000000000000000ffffac1e010108000200ffffffff34000380060001004e240000000002004e230000060002004e240000060002004e220000060001004e230000060001004e220000e3997a1045f077babb40cd8477314c768ea450ebbb57adb381e1cac8a8c8c62f"], 0xf4}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000480)={'ip6gre0\x00', &(0x7f0000000400)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @empty, 0x700, 0x20}})
r2 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000040)={0x0, 0x0, '\x00', @bt={0x2fc, 0x6, 0x1, 0x8, 0x5, 0x1, 0x1a, 0xf}})
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/fs/bpf', 0x0, 0x0)
openat$cgroup_freezer_state(r3, &(0x7f00000000c0), 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000080)={0x2a, 0xfffffffffffffffc, 0x4001}, 0xc)
r4 = openat$cgroup_pressure(0xffffffffffffffff, &(0x7f00000000c0)='memory.pressure\x00', 0x2, 0x0)
preadv(r4, &(0x7f0000000540)=[{&(0x7f0000000100)=""/171, 0xab}, {&(0x7f00000001c0)=""/153, 0x99}, {&(0x7f0000000280)=""/221, 0xdd}, {&(0x7f0000000380)=""/51, 0x33}, {&(0x7f00000004c0)=""/85, 0x55}], 0x5, 0x4e20, 0x1ff)

2.820302697s ago: executing program 0 (id=1044):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12011f00abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) (async, rerun: 64)
r1 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) (rerun: 64)
ioctl$PAGEMAP_SCAN(r1, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000c68000/0x3000)=nil, 0x7fffffff, 0x0, 0x0, 0x6, 0x0, 0xe}) (async)
syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') (async)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="20100600000006"], 0x0, 0x0, 0x0, 0x0}, 0x0)

2.646173458s ago: executing program 2 (id=1045):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
r2 = socket(0x1d, 0x2, 0x6)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r3 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r3, 0xc040565f, &(0x7f0000000040)={0x9, 0x1, 0x1, {0xffffffff, 0xbde, 0xb, 0x1}})
r4 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r4, &(0x7f0000000240)=[{0x0}], 0x1, 0x7000, 0x0, 0x3)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00')
syz_emit_ethernet(0x4e, &(0x7f0000000380)=ANY=[@ANYBLOB="ffaaaaaaaaaaffffffffffff86dd604dd31800180600fe800000000000000000000000000029fe8000000000000000000000000000aa0000400177e56e047e5edf93b9cf5793fdf2fb95020a656ada5442e7b1308c4426d400545fae47cd298351414e729d2b553fe540fd0354962c04a42143e45ed1edf52f5cd45b30b8e059cc61fe579b822621dd90c12bfd67bd9679f740812572d5acd84f1afcee4b2f944b91a2916017a765aff3e25ff85437a7d255ca84797a32a22ec78e3c", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600200009078000022020000"], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_MCE_KILL(0x35, 0x1, 0x8)
prctl$PR_MCE_KILL(0x35, 0x1, 0x2)
r6 = io_uring_setup(0x598, &(0x7f0000000300)={0x0, 0x77ae, 0x400, 0x8000002, 0x3d7})
r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @sliced={0xcf97, [0x7, 0x1, 0x6, 0x5, 0xfff, 0x0, 0x3, 0x42, 0x200, 0x1, 0x1, 0x73c, 0x1, 0x6, 0x8001, 0x6000, 0x6, 0x8, 0x2, 0x7, 0x7fff, 0x3ff, 0x6, 0x4, 0x2, 0x200, 0x1, 0x7, 0x0, 0xbee, 0x8, 0x4, 0x33eb, 0xf6d8, 0x7, 0x14, 0x5, 0x950, 0x8, 0x4, 0x7, 0x800, 0x8, 0x7, 0x0, 0xfffc, 0x0, 0x9], 0x9}}, 0x4})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20000824}, 0x20004000)
ioctl$VIDIOC_QBUF(r7, 0xc058565d, &(0x7f0000000200)=@multiplanar_fd={0x0, 0x7, 0x4, 0x400, 0x4, {0x77359400}, {0x1, 0x0, 0x9, 0x3, 0x2, 0x3, "e4b3f3a5"}, 0x8, 0x4, {&(0x7f0000000140)=[{0x5f26, 0x9a03, {}, 0x2}, {0x3, 0x4, {r0}, 0x7e}]}})
close_range(r6, 0xffffffffffffffff, 0x0)
r8 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}}, 0x0)
r9 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x200, 0x0)
ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000100)=0x3)
recvmmsg$unix(r8, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

2.274965701s ago: executing program 3 (id=1046):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)={0x2c, r3, 0x1, 0x1, 0x25dfdbfd, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}]}]}, 0x2c}}, 0x8000)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x10, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x7fffffff}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840)
r6 = eventfd(0x1)
write$eventfd(r6, &(0x7f0000000000)=0xffffffffffffffff, 0x8)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000080)='-6', 0x2}], 0x1)
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r8, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f000001fc40)=[@textreal={0x8, &(0x7f0000000180)="640fc7b8255266b9800000c00f326635000800000f3066b9940300000f32660fc7b008000f00da66b9e70000000f32b8c7028ee0ba400066ed660f2a6f002e660f7d5004", 0x44}], 0x1, 0x1, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c00000015000100000000000000000005000000080001"], 0x1c}}, 0x0)
r11 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r11, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r12=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r11, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r11, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r12, 0x0, <r13=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r11, 0x3ba0, &(0x7f0000000280)={0x48, 0x12, r13, 0x0, r12})

723.44864ms ago: executing program 2 (id=1047):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@getchain={0x24, 0x66, 0xfcd66a900070b359, 0x70fd2c, 0xfffffffc, {0x0, 0x0, 0x0, r1, {0x4}, {}, {0xb, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x85}, 0x40020) (fail_nth: 4)

626.619075ms ago: executing program 5 (id=1048):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r0, 0x0, r3, 0x0, 0x39000, 0x0)
unshare(0x40600)
r4 = memfd_create(&(0x7f0000000100)='Q\xa3\x99\xed\xe0\xf6\xbc', 0x1)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r5=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
unshare(0x8010000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r5, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
flistxattr(r7, 0x0, 0x0)
splice(r2, 0x0, r4, 0x0, 0x408cd, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[], 0xfffffe3e)
syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYRES32=r1], 0x0)

0s ago: executing program 4 (id=1049):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000540)="b6"}, {&(0x7f0000000580)="b1cdc0a92435041e6be063329729ef5e76ad3fe345f5049c645eea4edf3eac61ac6125c4382bea15999372651c0bedb101c6de3cefe71b3c94b24b07b8aafdf4bdcc2569b869280ee381d3e45f30dbd8e28014119a6036cb506f7a2b2a5039de729d400860c16bc46bebeacfb205403097943553bbef64d6a817d60ca21b7944848733b0e4e78d36219fe86bf2274f10f977fa07fbc307484bc1feaf02343682711f9e4f55c773e427969ba85891fcf67bd340694e5cb9d5c00f376b9c56c24a7515286a8f0955784b81819d216b26cb77c27d976c9faeba5c250cac", 0xdc}, {&(0x7f00000007c0)="67a9692bdd01faed906c6411d8c3a7e0037340873e5a1f6e59dd24d02cac6a000e0000000000000000c5157b4b67317e2e9d65f6f94b47bb606a3b5972a27beec2880dae2aaf9fdf76039f47a0e9956f24bb4a2d94a5a46c4bcc8731b57e2dd876b270bfc262781bfefe470234d1af7089438b0300a46e3098df7afc754445be4f47dfc5548d483f2c9f1608e91ee2050fbbc9ab46e0fddf55f35049c188aaf606ec39f8e96e680d1c0e65", 0xffffff41}, {&(0x7f0000000680)="3568ced1970359734f553b38b7e823cd3e4b260c303ab8f70591545b2a2b14963069f94c3ca955f4bb502b1aeb095ad4c1b37b6b3b62288dfdd4c0b492978a19052e6e96eda0c016236e84100e5f5575853b502832362059529b4c31113a6c6befe743f70b26074f05cb699444c998bd9ed5b1765520c1581b18941abd3d3bd35902afb1637275c1924c35613d7c627f9478b466be188e7ca7b352919595291d82e87bc3127bc04a8575397369098197bc477a5f71b6e53cf90a926505375904", 0xc0}, {&(0x7f0000000980)="f6545097a63ebe15d5737ab18a96e1610c0e5ff3e2fa407deb36687fb2602605e834abaf439404961546ece396cd6a0f9c7b71ce566bd45e9da08989200a2f0abcbd5008f368565da7775d22c301128e94c536f8662eb4945d87595449ff995b777b3ddc888cee5e6605174fb237a4c88d335db0c1f5bd61f15432d379738371abd5f2f8debfe56c38590b2c9b51ceaab05b3910df0c546980044e17fcc89820142611a169dae227326b36e82f26a2d4eef23c37504b5310762e1174f3fc7281ed5ae9d83f630634bc00d434bb5ae958d77b94f3a2ca14aa54244479d04efa61071cb24ca08888acfdb15516fec5a0a9fcd208b6c7683a8a8f72fa9aee442f46bc4dff0c84a39b34d58230ee86c369997e3b6339faff3c8bcb2c803dffc19414db25c677139126fb38ddcab85e07518c032ca549ef67685687db08f09e1694c08789c85992f7953125ef8a940201ae314edd5b6016e91730586f021a9ecf74d2cfe184bf7444d368bed8bcfd8bab42362d926bb6b47cf20e5746a4c97ab73198461f4fa48375a146784795914b96e7c3b8c33f335a51b5affe5a90cd2f365b13f5373645f1c3aedc043e9bfa00718f7cc6585b7a5dcd347f1a685b52cf2865b70b9c407695c831ad080238b160547cfdebcf9b5871d9682bd4effca32a98f50fa749dea570e9feef9cd88d15e97c436a95819d05878a662100", 0x51}], 0x5, 0x0, 0x0, 0x20040890}, 0x2404c800)
accept(r1, 0x0, 0x0)
accept4(r1, 0x0, 0x0, 0x80000)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x61980, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000200)='kfree\x00', r2, 0x0, 0x80}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socket$netlink(0x10, 0x3, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000300), 0x4)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x2, &(0x7f0000000100)=[{&(0x7f0000000180)="5c00000013006bcd9e3fe3dc4e48aa31086b8703410000004000000000000000040014000d000a00100000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000003c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r7, @ANYBLOB="140004006e696376663000000000000000000000080005000a"], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x2400c890)

kernel console output (not intermixed with test programs):

eset the device
[  222.162283][   T24] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  222.210653][   T24] usb 6-1: USB disconnect, device number 21
[  222.274577][ T8282] loop2: detected capacity change from 0 to 7
[  222.293985][ T8282] Dev loop2: unable to read RDB block 7
[  222.301794][ T8282]  loop2: AHDI p1 p2 p3
[  222.305978][ T8282] loop2: partition table partially beyond EOD, truncated
[  222.313542][ T8282] loop2: p1 start 1601398130 is beyond EOD, truncated
[  222.328829][ T8282] loop2: p2 start 1702059890 is beyond EOD, truncated
[  222.365777][ T5898] usb 3-1: USB disconnect, device number 23
[  222.455457][ T8284] vlan2: entered promiscuous mode
[  222.460647][ T8284] bridge0: entered promiscuous mode
[  222.466242][ T8284] vlan2: entered allmulticast mode
[  222.471709][ T8284] bridge0: entered allmulticast mode
[  222.591605][ T8294] netlink: 'syz.2.617': attribute type 9 has an invalid length.
[  223.037444][ T5898] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  223.189030][   T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  223.207464][ T5898] usb 3-1: Using ep0 maxpacket: 32
[  223.214610][ T5898] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  223.233648][ T5898] usb 3-1: config 0 has no interface number 0
[  223.258719][ T5898] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  223.269160][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.291873][ T5898] usb 3-1: Product: syz
[  223.296142][ T5898] usb 3-1: Manufacturer: syz
[  223.313991][ T5898] usb 3-1: SerialNumber: syz
[  223.365195][   T10] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  223.379109][ T5898] usb 3-1: config 0 descriptor??
[  223.384641][   T10] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  223.396359][ T5898] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  223.407133][   T10] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  223.421488][ T8323] netlink: 148 bytes leftover after parsing attributes in process `syz.3.623'.
[  223.432100][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.520706][ T8326] IPv6: Can't replace route, no match found
[  223.738064][ T5898] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  223.913358][ T5898] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  223.922747][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  223.999913][ T5898] usb 3-1: USB disconnect, device number 24
[  224.038041][   T10] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  224.056226][ T5898] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  224.110674][ T5898] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  224.142272][ T5898] quatech2 3-1:0.51: device disconnected
[  224.227501][   T10] usb 1-1: config index 0 descriptor too short (expected 69, got 36)
[  224.235790][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  224.253195][   T10] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  224.262679][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.270811][   T10] usb 1-1: Product: syz
[  224.279525][   T10] usb 1-1: Manufacturer: syz
[  224.290757][   T10] usb 1-1: SerialNumber: syz
[  224.314409][   T10] usb 1-1: config 0 descriptor??
[  224.324560][   T10] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  224.538191][ T8331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.548482][ T8331] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  224.736023][   T10] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71
[  224.751194][   T10] gspca_pac7302 1-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  224.763900][   T10] usb 1-1: USB disconnect, device number 31
[  225.296589][ T8323] syz.3.623 (8323): drop_caches: 2
[  225.992996][ T8351] fuse: Unknown parameter 'mGN‡8o«ad'
[  226.193886][ T5898] usb 5-1: USB disconnect, device number 22
[  226.311528][   T10] IPVS: starting estimator thread 0...
[  226.508425][ T8354] IPVS: using max 49 ests per chain, 117600 per kthread
[  226.597447][   T43] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  226.838671][   T43] usb 3-1: Using ep0 maxpacket: 8
[  226.851791][   T43] usb 3-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  226.861822][   T43] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  226.877460][   T43] usb 3-1: Product: syz
[  226.881750][   T43] usb 3-1: Manufacturer: syz
[  226.903981][   T43] usb 3-1: SerialNumber: syz
[  226.908797][   T24] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  226.925304][   T43] usb 3-1: config 0 descriptor??
[  227.017465][ T5142] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  227.067409][   T24] usb 5-1: Using ep0 maxpacket: 16
[  227.074179][   T24] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  227.082651][   T24] usb 5-1: config 0 has no interface number 0
[  227.088947][   T24] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  227.100933][   T24] usb 5-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  227.111285][   T24] usb 5-1: config 0 interface 41 has no altsetting 0
[  227.120531][   T24] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  227.199407][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.208381][   T24] usb 5-1: Product: syz
[  227.212590][   T24] usb 5-1: Manufacturer: syz
[  227.217244][   T24] usb 5-1: SerialNumber: syz
[  227.233706][ T5142] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  227.243969][ T5142] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.259102][   T24] usb 5-1: config 0 descriptor??
[  227.264954][ T8363] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  227.376173][ T8378] netlink: 8 bytes leftover after parsing attributes in process `syz.0.636'.
[  227.385274][ T8363] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  227.400435][ T8378] netlink: 4 bytes leftover after parsing attributes in process `syz.0.636'.
[  227.431127][ T8379] netlink: 60 bytes leftover after parsing attributes in process `syz.3.635'.
[  227.481454][ T8378] netlink: 'syz.0.636': attribute type 7 has an invalid length.
[  227.514806][ T5142] usb 6-1: config 0 descriptor??
[  227.524321][ T8378] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  227.544519][ T5142] cp210x 6-1:0.0: cp210x converter detected
[  227.693142][ T8363] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  227.701297][ T8363] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  228.135070][ T8367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.152060][ T5898] usb 3-1: USB disconnect, device number 25
[  228.152426][ T8367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.195327][ T8367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.217091][ T8367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.430981][ T5142] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32
[  228.504013][ T5142] usb 6-1: cp210x converter now attached to ttyUSB0
[  228.600266][   T24] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  228.897974][ T8389] bond0: (slave bond_slave_1): Releasing backup interface
[  228.955924][ T5142] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  229.138169][ T5142] usb 3-1: Using ep0 maxpacket: 8
[  229.144015][ T8396] veth0_to_team: entered promiscuous mode
[  229.172525][ T8396] netlink: 60 bytes leftover after parsing attributes in process `syz.0.639'.
[  229.189080][ T8396] bridge0: port 3(macsec0) entered blocking state
[  229.198902][ T8396] bridge0: port 3(macsec0) entered disabled state
[  229.207821][ T8396] macsec0: entered allmulticast mode
[  229.213310][ T8396] veth1_macvtap: entered allmulticast mode
[  229.228295][ T5142] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  229.237754][ T5142] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  229.245951][ T5142] usb 3-1: Product: syz
[  229.246064][ T8396] macsec0: entered promiscuous mode
[  229.256044][ T5142] usb 3-1: Manufacturer: syz
[  229.261517][ T8396] bridge0: port 3(macsec0) entered blocking state
[  229.265057][ T5142] usb 3-1: SerialNumber: syz
[  229.268227][ T8396] bridge0: port 3(macsec0) entered forwarding state
[  229.275965][ T5142] usb 3-1: config 0 descriptor??
[  229.569338][ T5142] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  229.936590][ T5922] usb 6-1: USB disconnect, device number 22
[  229.950505][ T5922] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  230.018336][ T8406] FAULT_INJECTION: forcing a failure.
[  230.018336][ T8406] name failslab, interval 1, probability 0, space 0, times 0
[  230.048442][ T5922] cp210x 6-1:0.0: device disconnected
[  230.057518][ T8406] CPU: 0 UID: 0 PID: 8406 Comm: syz.5.643 Not tainted syzkaller #0 PREEMPT(full) 
[  230.057545][ T8406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  230.057557][ T8406] Call Trace:
[  230.057566][ T8406]  <TASK>
[  230.057574][ T8406]  dump_stack_lvl+0x189/0x250
[  230.057601][ T8406]  ? __pfx____ratelimit+0x10/0x10
[  230.057625][ T8406]  ? __pfx_dump_stack_lvl+0x10/0x10
[  230.057646][ T8406]  ? __pfx__printk+0x10/0x10
[  230.057672][ T8406]  ? __pfx___might_resched+0x10/0x10
[  230.057698][ T8406]  should_fail_ex+0x414/0x560
[  230.057726][ T8406]  should_failslab+0xa8/0x100
[  230.057747][ T8406]  __kmalloc_noprof+0xcb/0x7f0
[  230.057771][ T8406]  ? kfree+0x4d/0x6d0
[  230.057791][ T8406]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  230.057826][ T8406]  tomoyo_realpath_from_path+0xe3/0x5d0
[  230.057856][ T8406]  ? tomoyo_domain+0xd9/0x130
[  230.057891][ T8406]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  230.057915][ T8406]  tomoyo_path_number_perm+0x1e8/0x5a0
[  230.057942][ T8406]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  230.058005][ T8406]  ? __fget_files+0x2a/0x420
[  230.058028][ T8406]  ? __fget_files+0x3a0/0x420
[  230.058045][ T8406]  ? __fget_files+0x2a/0x420
[  230.058067][ T8406]  security_file_ioctl+0xcb/0x2d0
[  230.058091][ T8406]  __se_sys_ioctl+0x47/0x170
[  230.058117][ T8406]  do_syscall_64+0xfa/0xfa0
[  230.058141][ T8406]  ? lockdep_hardirqs_on+0x9c/0x150
[  230.058164][ T8406]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.058183][ T8406]  ? clear_bhb_loop+0x60/0xb0
[  230.058206][ T8406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  230.058224][ T8406] RIP: 0033:0x7f19b9f8eec9
[  230.058242][ T8406] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  230.058259][ T8406] RSP: 002b:00007f19bad53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  230.058280][ T8406] RAX: ffffffffffffffda RBX: 00007f19ba1e5fa0 RCX: 00007f19b9f8eec9
[  230.058295][ T8406] RDX: 0000200000000040 RSI: 00000000c2604110 RDI: 0000000000000003
[  230.058307][ T8406] RBP: 00007f19bad53090 R08: 0000000000000000 R09: 0000000000000000
[  230.058319][ T8406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.058329][ T8406] R13: 00007f19ba1e6038 R14: 00007f19ba1e5fa0 R15: 00007f19ba30fa28
[  230.058367][ T8406]  </TASK>
[  230.058447][ T8406] ERROR: Out of memory at tomoyo_realpath_from_path.
[  230.438258][   T24] CoreChips 5-1:0.41 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0000:ffffffb9
[  230.456628][   T24] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  230.475792][   T24] usb 5-1: USB disconnect, device number 23
[  230.961368][ T8410] loop6: detected capacity change from 0 to 7
[  230.972696][ T8410] Dev loop6: unable to read RDB block 7
[  230.980426][ T8410]  loop6: unable to read partition table
[  231.019936][ T8410] loop6: partition table beyond EOD, truncated
[  231.029088][ T8410] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  231.423075][   T30] kauditd_printk_skb: 39 callbacks suppressed
[  231.423095][   T30] audit: type=1326 audit(1760161802.306:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.451610][    C1] vkms_vblank_simulate: vblank timer overrun
[  231.673309][   T30] audit: type=1326 audit(1760161802.346:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.723724][   T30] audit: type=1326 audit(1760161802.346:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.747070][   T30] audit: type=1326 audit(1760161802.346:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.769261][    C1] vkms_vblank_simulate: vblank timer overrun
[  231.811759][   T30] audit: type=1326 audit(1760161802.346:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.834098][    C1] vkms_vblank_simulate: vblank timer overrun
[  231.849227][   T30] audit: type=1326 audit(1760161802.346:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.873268][   T30] audit: type=1326 audit(1760161802.346:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.899714][   T30] audit: type=1326 audit(1760161802.346:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.967361][   T30] audit: type=1326 audit(1760161802.346:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  231.991416][   T30] audit: type=1326 audit(1760161802.346:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8417 comm="syz.3.649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f86f2b8eec9 code=0x7ffc0000
[  232.071053][ T8435] syzkaller1: entered promiscuous mode
[  232.076608][ T8435] syzkaller1: entered allmulticast mode
[  232.146199][ T8438] netlink: 'syz.0.656': attribute type 1 has an invalid length.
[  232.162665][ T8438] netlink: 16 bytes leftover after parsing attributes in process `syz.0.656'.
[  232.265738][ T8443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.279387][ T8443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.327469][   T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  232.438592][ T5142] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  232.482403][   T10] usb 5-1: config 0 has no interfaces?
[  232.488363][   T10] usb 5-1: New USB device found, idVendor=056a, idProduct=0045, bcdDevice= 0.00
[  232.516225][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.530529][ T8449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.658'.
[  232.539635][ T8449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.658'.
[  232.548513][ T8449] netlink: 'syz.0.658': attribute type 7 has an invalid length.
[  232.605345][ T8449] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  232.664389][   T10] usb 5-1: config 0 descriptor??
[  232.882075][ T8435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  232.894468][ T8435] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  232.908177][ T5898] usb 5-1: USB disconnect, device number 24
[  233.335422][ T8457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.659'.
[  233.344745][ T8457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.659'.
[  233.353797][ T8457] netlink: 'syz.2.659': attribute type 7 has an invalid length.
[  233.448843][ T8457] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  233.537422][  T983] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  233.545159][ T5898] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  233.777714][  T983] usb 5-1: Using ep0 maxpacket: 8
[  233.782779][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  233.791731][  T983] usb 5-1: config index 0 descriptor too short (expected 72, got 36)
[  233.827029][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short
[  233.837533][  T983] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  233.851103][ T5898] usb 4-1: config 4 interface 0 has no altsetting 0
[  233.868978][ T5898] usb 4-1: string descriptor 0 read error: -22
[  233.875449][ T5898] usb 4-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  233.906749][ T5898] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  233.973520][  T983] usb 5-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice= 1.08
[  233.987503][  T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.003899][  T983] usb 5-1: Product: syz
[  234.011108][ T5898] usb 4-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  234.018880][  T983] usb 5-1: Manufacturer: syz
[  234.033847][  T983] usb 5-1: SerialNumber: syz
[  234.039581][ T5898] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  234.078332][ T5898] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  234.115767][ T5898] usb 4-1: media controller created
[  234.283768][ T5898] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  234.374080][  T983] usb 5-1: USB disconnect, device number 25
[  235.236536][ T5898] zl10353_read_register: readreg error (reg=127, ret==0)
[  235.392821][ T8475] netlink: 'syz.4.663': attribute type 8 has an invalid length.
[  235.542117][ T8482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.576123][ T8482] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.622001][ T8479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.633077][ T8479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.727578][ T5898] usb 4-1: USB disconnect, device number 27
[  236.137596][ T5898] IPVS: starting estimator thread 0...
[  236.815923][ T8494] IPVS: using max 27 ests per chain, 64800 per kthread
[  236.911040][ T8498] Cannot find add_set index 1 as target
[  237.584722][   T24] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  237.717488][ T5142] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  237.765932][   T24] usb 4-1: too many configurations: 17, using maximum allowed: 8
[  237.805702][   T24] usb 4-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  237.817758][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.827062][   T24] usb 4-1: Product: syz
[  237.833864][   T24] usb 4-1: Manufacturer: syz
[  237.838999][   T24] usb 4-1: SerialNumber: syz
[  237.845471][   T24] usb 4-1: config 0 descriptor??
[  237.862846][   T24] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  237.875206][ T5142] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  237.888247][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  237.898909][ T5142] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  237.908982][ T5913] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  237.938825][   T24] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  237.948423][   T24] usb 4-1: media controller created
[  237.958897][ T5142] usb 6-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  237.978061][ T5142] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.986116][ T5142] usb 6-1: Product: syz
[  238.000193][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  238.008843][ T5142] usb 6-1: Manufacturer: syz
[  238.013456][ T5142] usb 6-1: SerialNumber: syz
[  238.036789][ T5142] usb 6-1: config 0 descriptor??
[  238.043147][ T8516] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  238.051130][ T8516] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  238.067391][ T5913] usb 5-1: Using ep0 maxpacket: 16
[  238.085266][ T5913] usb 5-1: config index 0 descriptor too short (expected 12336, got 36)
[  238.099755][ T5913] usb 5-1: config 48 has too many interfaces: 48, using maximum allowed: 32
[  238.109028][   T24] DVB: Unable to find symbol mt352_attach()
[  238.115300][ T5913] usb 5-1: config 48 has an invalid descriptor of length 48, skipping remainder of the config
[  238.146771][ T5913] usb 5-1: config 48 has 0 interfaces, different from the descriptor's value: 48
[  238.165148][ T5913] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  238.206561][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.225145][   T24] DVB: Unable to find symbol nxt6000_attach()
[  238.247956][   T24] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  238.261464][ T8516] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  238.283085][ T8516] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22
[  238.284311][   T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input19
[  238.408775][ T8535] digitv: more than 2 i2c messages at a time is not handled yet. TODO.
[  238.418571][ T8535] dvb-usb: bulk message failed: -22 (7/0)
[  238.452056][   T30] kauditd_printk_skb: 67 callbacks suppressed
[  238.452075][   T30] audit: type=1326 audit(1760161809.336:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8521 comm="syz.4.677" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7febda78eec9 code=0x0
[  238.489345][   T24] dvb-usb: schedule remote query interval to 1000 msecs.
[  238.640112][ T5142] Error reading MAC address
[  238.729790][   T24] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  238.755059][   T24] dvb-usb: bulk message failed: -22 (7/0)
[  238.767563][   T24] dvb-usb: bulk message failed: -22 (7/0)
[  239.019216][  T983] usb 6-1: USB disconnect, device number 23
[  239.463959][ T8553] netlink: 28 bytes leftover after parsing attributes in process `syz.2.683'.
[  239.618619][ T8556] tipc: Started in network mode
[  239.624608][ T8556] tipc: Node identity ea0b11ebab9, cluster identity 4711
[  239.632013][ T8556] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  239.645304][ T8556] syzkaller0: entered promiscuous mode
[  239.651189][ T8556] syzkaller0: entered allmulticast mode
[  239.767987][ T5142] dvb-usb: bulk message failed: -22 (7/0)
[  239.773893][ T5142] dvb-usb: error while querying for an remote control event.
[  239.918969][   T24] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  240.077435][   T24] usb 6-1: Using ep0 maxpacket: 8
[  240.084586][   T24] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  240.093175][   T24] usb 6-1: config 0 has no interface number 0
[  240.099555][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  240.110770][   T24] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  240.123582][   T24] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  240.150042][   T24] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  240.163446][   T24] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  240.172729][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.187852][   T24] usb 6-1: config 0 descriptor??
[  240.210390][   T24] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  240.420467][ T8556] tipc: Resetting bearer <eth:syzkaller0>
[  240.431137][ T8555] tipc: Resetting bearer <eth:syzkaller0>
[  240.431990][   T24] usb 6-1: USB disconnect, device number 24
[  240.454679][   T24] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  240.481814][ T8555] tipc: Disabling bearer <eth:syzkaller0>
[  240.631008][ T8564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  240.644298][ T8564] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  240.679944][   T24] usb 4-1: USB disconnect, device number 28
[  240.797209][ T8568] netlink: 20 bytes leftover after parsing attributes in process `syz.3.689'.
[  240.812097][ T8568] netlink: 24 bytes leftover after parsing attributes in process `syz.3.689'.
[  240.846308][   T24] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  240.899935][ T8568] bond1: Removing last arp target with arp_interval on
[  240.906868][ T8568] bond1: option primary: mode dependency failed, not supported in mode balance-rr(0)
[  240.991095][ T5913] usb 5-1: string descriptor 0 read error: -71
[  241.016095][ T8568] bond1 (unregistering): Released all slaves
[  241.026363][ T5913] usb 5-1: USB disconnect, device number 26
[  241.145657][ T8564] syzkaller1: entered promiscuous mode
[  241.187474][ T8564] syzkaller1: entered allmulticast mode
[  241.347720][ T8578] netlink: 'syz.5.691': attribute type 12 has an invalid length.
[  241.385013][ T8585] fuse: Bad value for 'user_id'
[  241.405460][ T8585] fuse: Bad value for 'user_id'
[  241.547417][   T24] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  241.828502][   T24] usb 4-1: Using ep0 maxpacket: 32
[  241.895544][   T24] usb 4-1: config 0 has an invalid interface number: 184 but max is 11
[  241.916168][   T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 12
[  241.939663][   T24] usb 4-1: config 0 has no interface number 0
[  241.945977][   T24] usb 4-1: config 0 interface 184 has no altsetting 0
[  241.960772][   T24] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  241.987070][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.996473][   T24] usb 4-1: Product: syz
[  242.001173][   T24] usb 4-1: Manufacturer: syz
[  242.013014][ T8592] netlink: 100 bytes leftover after parsing attributes in process `syz.5.694'.
[  242.022289][   T24] usb 4-1: SerialNumber: syz
[  242.031170][   T24] usb 4-1: config 0 descriptor??
[  242.043172][   T24] smsc75xx v1.0.0
[  242.350672][ T8599] netlink: 8 bytes leftover after parsing attributes in process `syz.4.695'.
[  242.359871][ T8599] netlink: 4 bytes leftover after parsing attributes in process `syz.4.695'.
[  242.368752][ T8599] netlink: 'syz.4.695': attribute type 7 has an invalid length.
[  242.461097][ T8602] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  242.689648][   T24] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  242.706364][   T24] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  243.416046][ T8615] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  243.427452][ T5913] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  243.647475][ T5913] usb 1-1: Using ep0 maxpacket: 32
[  243.684504][ T5913] usb 1-1: config 0 has an invalid interface number: 83 but max is 0
[  243.728272][ T5913] usb 1-1: config 0 has no interface number 0
[  243.765238][ T5913] usb 1-1: New USB device found, idVendor=0c62, idProduct=000d, bcdDevice=92.f7
[  243.774740][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  243.783423][ T5913] usb 1-1: Product: syz
[  243.788090][ T5913] usb 1-1: Manufacturer: syz
[  243.797353][ T5913] usb 1-1: SerialNumber: syz
[  243.813952][ T5913] usb 1-1: config 0 descriptor??
[  244.199483][   T24] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  244.211394][   T24] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  244.229220][   T24] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  244.241448][   T24] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  244.280192][   T24] usb 4-1: USB disconnect, device number 29
[  244.768654][  T983] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  244.930014][  T983] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  244.947021][  T983] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  244.947080][  T983] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  244.947106][  T983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.173733][  T983] usb 5-1: GET_CAPABILITIES returned 0
[  245.173780][  T983] usbtmc 5-1:16.0: can't read capabilities
[  245.291609][   T10] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  245.353952][ T8658] netlink: 668 bytes leftover after parsing attributes in process `syz.3.711'.
[  245.353985][ T8658] netlink: 668 bytes leftover after parsing attributes in process `syz.3.711'.
[  245.451878][ T8660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  245.452257][ T8660] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  245.550384][   T10] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  245.550415][   T10] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  245.550437][   T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  245.550457][   T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  245.550478][   T10] usb 6-1: config 1 has no interface number 0
[  245.550523][   T10] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  245.550546][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.582447][   T10] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  245.651800][ T5920] usb 1-1: USB disconnect, device number 32
[  245.918396][   T24] usb 5-1: USB disconnect, device number 27
[  245.934425][   T10] snd_usb_pod 6-1:1.1: endpoint not available, using fallback values
[  245.934910][   T10] snd_usb_pod 6-1:1.1: invalid control EP
[  245.934927][   T10] snd_usb_pod 6-1:1.1: cannot start listening: -22
[  245.935125][   T10] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  245.944443][   T10] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[  246.346237][ T8675] loop2: detected capacity change from 0 to 7
[  246.348835][ T8675] Dev loop2: unable to read RDB block 7
[  246.348866][ T8675]  loop2: AHDI p1 p2 p3
[  246.348904][ T8675] loop2: partition table partially beyond EOD, truncated
[  246.349071][ T8675] loop2: p1 start 1601398130 is beyond EOD, truncated
[  246.349092][ T8675] loop2: p2 start 1702059890 is beyond EOD, truncated
[  247.167859][   T24] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  247.409438][   T24] usb 1-1: Using ep0 maxpacket: 8
[  247.413094][   T24] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  247.426930][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.426959][   T24] usb 1-1: Product: syz
[  247.426976][   T24] usb 1-1: Manufacturer: syz
[  247.426992][   T24] usb 1-1: SerialNumber: syz
[  247.430317][   T24] usb 1-1: config 0 descriptor??
[  247.460688][   T24] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  247.557416][  T983] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  247.617417][   T10] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  247.717245][  T983] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024
[  247.717368][  T983] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  247.717412][  T983] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  247.717437][  T983] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.731873][  T983] usb 4-1: config 0 descriptor??
[  247.766143][ T8693] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  247.787450][   T10] usb 5-1: Using ep0 maxpacket: 32
[  247.790418][   T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  247.812425][   T10] usb 5-1: config 0 has no interface number 0
[  247.820937][   T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  247.820957][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.820968][   T10] usb 5-1: Product: syz
[  247.820977][   T10] usb 5-1: Manufacturer: syz
[  247.820986][   T10] usb 5-1: SerialNumber: syz
[  247.848496][   T10] usb 5-1: config 0 descriptor??
[  247.856140][   T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  248.016248][ T5920] usb 6-1: USB disconnect, device number 25
[  248.427628][ T8702] xt_policy: output policy not valid in PREROUTING and INPUT
[  248.947091][ T8713] fuse: Bad value for 'user_id'
[  248.953351][ T8713] fuse: Bad value for 'user_id'
[  249.137489][ T5920] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  249.357467][ T5920] usb 6-1: Using ep0 maxpacket: 16
[  249.390971][ T5920] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  249.421424][ T5920] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  249.456908][ T5920] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  249.539368][ T5920] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.551557][ T5920] usb 6-1: Product: syz
[  249.555899][ T5920] usb 6-1: Manufacturer: syz
[  249.561309][ T5920] usb 6-1: SerialNumber: syz
[  249.578219][ T5920] usb 6-1: config 0 descriptor??
[  249.751749][ T5920] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  249.779202][ T5920] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  250.063859][ T8687] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.086495][  T983] ath6kl: Failed to submit usb control message: -71
[  250.091877][ T8687] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.113677][   T24] gspca_sonixj: reg_w1 err -71
[  250.122446][  T983] ath6kl: unable to send the bmi data to the device: -71
[  250.155004][  T983] ath6kl: Unable to send get target info: -71
[  250.167685][   T24] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  250.179270][  T983] ath6kl: Failed to init ath6kl core: -71
[  250.197385][   T24] usb 1-1: USB disconnect, device number 33
[  250.208938][  T983] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  250.337793][  T983] usb 4-1: USB disconnect, device number 30
[  250.355665][ T8725] netlink: 28 bytes leftover after parsing attributes in process `syz.3.731'.
[  250.431666][ T8725] netlink: 28 bytes leftover after parsing attributes in process `syz.3.731'.
[  250.441579][ T8725] netlink: 'syz.3.731': attribute type 6 has an invalid length.
[  250.454649][ T5920] em28xx 6-1:0.0: chip ID is em2870
[  250.475877][   T10] usb 5-1: qt2_attach - failed to power on unit: -71
[  250.530014][   T10] quatech2 5-1:0.51: probe with driver quatech2 failed with error -71
[  250.546527][   T10] usb 5-1: USB disconnect, device number 28
[  250.893209][ T8734] netlink: 12 bytes leftover after parsing attributes in process `syz.4.734'.
[  251.397484][ T5986] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  251.547550][ T5986] usb 4-1: Using ep0 maxpacket: 16
[  251.836064][ T5986] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  251.847817][ T5986] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  251.869425][ T5986] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  252.403706][ T5986] usb 4-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  252.432481][ T5986] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.462070][ T5986] usb 4-1: config 0 descriptor??
[  252.574106][   T24] usb 6-1: USB disconnect, device number 26
[  252.581308][   T24] em28xx 6-1:0.0: Disconnecting em28xx
[  252.638577][   T24] em28xx 6-1:0.0: Freeing device
[  252.906293][ T8741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  252.906634][ T8741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  252.907061][ T8741] random: crng reseeded on system resumption
[  252.918000][ T5986] hid (null): global environment stack underflow
[  252.920944][ T5986] shield 0003:0955:7214.000A: global environment stack underflow
[  252.920959][ T5986] shield 0003:0955:7214.000A: item 0 2 1 11 parsing failed
[  252.921377][ T5986] shield 0003:0955:7214.000A: Parse failed
[  252.921416][ T5986] shield 0003:0955:7214.000A: probe with driver shield failed with error -22
[  253.042182][ T8760] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.042505][ T8760] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.128740][  T983] usb 4-1: USB disconnect, device number 31
[  253.500254][   T30] audit: type=1326 audit(1760161824.386:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  253.547467][   T30] audit: type=1326 audit(1760161824.386:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  253.576133][   T30] audit: type=1326 audit(1760161824.386:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  253.635934][   T30] audit: type=1326 audit(1760161824.386:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  253.753300][ T8770] loop9: detected capacity change from 0 to 7
[  253.753510][ T8771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  253.783912][ T8770] Dev loop9: unable to read RDB block 7
[  253.843129][   T30] audit: type=1326 audit(1760161824.386:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  253.847248][ T8771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  253.873138][    C1] vkms_vblank_simulate: vblank timer overrun
[  253.893644][ T8770]  loop9: AHDI p1 p2
[  253.906113][ T8770] loop9: partition table partially beyond EOD, truncated
[  253.913725][   T30] audit: type=1326 audit(1760161824.386:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  253.937131][ T8770] loop9: p1 size 4227858431 extends beyond EOD, truncated
[  254.307723][   T30] audit: type=1326 audit(1760161824.386:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  254.641815][ T5839] udevd[5839]: inotify_add_watch(7, /dev/loop9p1, 10) failed: No such file or directory
[  254.688946][   T30] audit: type=1326 audit(1760161824.386:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  254.848296][   T30] audit: type=1326 audit(1760161824.386:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  254.921321][   T30] audit: type=1326 audit(1760161824.386:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8755 comm="syz.5.739" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19b9f8eec9 code=0x7fc00000
[  255.073073][ T8790] netlink: 8 bytes leftover after parsing attributes in process `syz.4.747'.
[  255.082114][ T8790] netlink: 4 bytes leftover after parsing attributes in process `syz.4.747'.
[  255.091059][ T8790] netlink: 'syz.4.747': attribute type 7 has an invalid length.
[  255.114962][ T8790] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  255.710507][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  255.719577][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  256.418134][ T5922] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  256.615371][ T5922] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  256.646003][ T5922] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  256.678564][ T5922] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  256.701791][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.718144][ T8812] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  256.730177][ T5922] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  257.119781][ T5986] usb 4-1: USB disconnect, device number 32
[  257.264214][ T8841] netlink: 'syz.5.755': attribute type 10 has an invalid length.
[  257.329363][ T8841] macvlan0: entered promiscuous mode
[  257.340521][ T8841] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  258.139953][ T8856] netlink: 100 bytes leftover after parsing attributes in process `syz.3.756'.
[  258.697504][   T10] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  258.986514][   T10] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  259.019721][   T10] usb 1-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=da.8e
[  259.062673][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.084233][   T10] usb 1-1: Product: syz
[  259.096662][   T10] usb 1-1: Manufacturer: syz
[  259.143387][   T10] usb 1-1: SerialNumber: syz
[  259.144066][ T8871] netlink: 28 bytes leftover after parsing attributes in process `syz.2.760'.
[  259.188816][ T8871] binfmt_misc: register: failed to install interpreter file ./file0
[  259.202690][   T10] usb 1-1: config 0 descriptor??
[  259.434435][ T8875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.443366][ T8875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.463012][   T24] usb 1-1: USB disconnect, device number 34
[  260.027397][   T10] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  260.277528][  T983] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  260.311608][   T10] usb 6-1: too many configurations: 17, using maximum allowed: 8
[  260.344533][   T10] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  260.377134][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.408532][   T10] usb 6-1: Product: syz
[  260.412750][   T10] usb 6-1: Manufacturer: syz
[  260.423877][   T10] usb 6-1: SerialNumber: syz
[  260.463717][   T10] usb 6-1: config 0 descriptor??
[  260.498873][   T10] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  260.517733][  T983] usb 5-1: config 0 has an invalid interface number: 32 but max is 0
[  260.525886][  T983] usb 5-1: config 0 has no interface number 0
[  260.549013][   T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  260.560584][ T8868] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  260.574005][  T983] usb 5-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  260.583220][  T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.602787][   T10] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  260.617196][  T983] usb 5-1: Product: syz
[  260.621581][  T983] usb 5-1: Manufacturer: syz
[  260.626187][  T983] usb 5-1: SerialNumber: syz
[  260.634523][   T10] usb 6-1: media controller created
[  260.658024][  T983] usb 5-1: config 0 descriptor??
[  260.669598][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  260.720945][ T8874] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.730322][ T8874] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.740514][ T8874] digitv: more than 2 i2c messages at a time is not handled yet. TODO.
[  260.752590][ T8874] dvb-usb: bulk message failed: -22 (7/0)
[  261.426528][   T10] DVB: Unable to find symbol mt352_attach()
[  261.824812][   T10] DVB: Unable to find symbol nxt6000_attach()
[  261.847419][   T10] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  261.915754][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input22
[  261.969170][  T983] asix 5-1:0.32 (unnamed net_device) (uninitialized): invalid hw address, using random
[  262.008528][   T10] dvb-usb: schedule remote query interval to 1000 msecs.
[  262.018348][   T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  262.043725][   T10] dvb-usb: bulk message failed: -22 (7/0)
[  262.099161][   T10] dvb-usb: bulk message failed: -22 (7/0)
[  262.158466][ T8918] netlink: 'syz.2.770': attribute type 32 has an invalid length.
[  262.166645][ T8918] netlink: 40 bytes leftover after parsing attributes in process `syz.2.770'.
[  262.187504][   T10] usb 6-1: USB disconnect, device number 27
[  262.546721][   T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  263.167517][ T5986] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  263.282919][  T983] asix 5-1:0.32 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  263.333587][ T5986] usb 1-1: Using ep0 maxpacket: 32
[  263.377565][  T983] asix 5-1:0.32 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  263.421423][ T5986] usb 1-1: unable to get BOS descriptor or descriptor too short
[  263.438335][  T983] asix 5-1:0.32: probe with driver asix failed with error -71
[  263.446661][ T5986] usb 1-1: config 7 has an invalid interface number: 128 but max is 0
[  263.456866][ T5986] usb 1-1: config 7 contains an unexpected descriptor of type 0x1, skipping
[  263.481136][  T983] usb 5-1: USB disconnect, device number 29
[  263.511939][ T5986] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  263.562707][ T5986] usb 1-1: config 7 has no interface number 0
[  263.563343][ T8930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  263.591054][ T5986] usb 1-1: config 7 interface 128 altsetting 2 has an endpoint descriptor with address 0x17, changing to 0x7
[  263.597034][ T8930] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  263.627990][ T5986] usb 1-1: config 7 interface 128 altsetting 2 bulk endpoint 0x7 has invalid maxpacket 32
[  263.638773][ T5986] usb 1-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11
[  263.646923][ T8930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  263.651582][ T5986] usb 1-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6
[  263.669406][ T8930] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  263.681407][ T5986] usb 1-1: config 7 interface 128 has no altsetting 0
[  263.692220][ T8930] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  263.703575][ T8930] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  263.715339][ T5986] usb 1-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13
[  263.727686][ T5986] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.736447][ T5986] usb 1-1: Product: syz
[  263.740938][ T5986] usb 1-1: Manufacturer: syz
[  263.745570][ T5986] usb 1-1: SerialNumber: syz
[  263.753228][ T8925] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  263.787391][ T5922] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  263.848055][  T983] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  263.959626][ T5922] usb 4-1: not running at top speed; connect to a high speed hub
[  263.977036][ T5922] usb 4-1: config 1 has an invalid interface number: 74 but max is 0
[  263.988219][ T5986] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  263.991231][ T5922] usb 4-1: config 1 has no interface number 0
[  264.003940][ T5986] usb 1-1: MIDIStreaming interface descriptor not found
[  264.011717][ T5922] usb 4-1: config 1 interface 74 has no altsetting 0
[  264.014149][ T5922] usb 4-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice=22.be
[  264.014217][ T5922] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.044002][  T983] usb 5-1: config 0 interface 0 altsetting 251 has an invalid descriptor for endpoint zero, skipping
[  264.055498][  T983] usb 5-1: config 0 interface 0 has no altsetting 0
[  264.064539][ T5922] usb 4-1: Product: syz
[  264.069566][  T983] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  264.079029][  T983] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  264.079210][ T5922] usb 4-1: Manufacturer: syz
[  264.087561][  T983] usb 5-1: Product: syz
[  264.097455][ T5922] usb 4-1: SerialNumber: syz
[  264.098668][  T983] usb 5-1: Manufacturer: syz
[  264.107706][  T983] usb 5-1: SerialNumber: syz
[  264.154329][ T5986] usb 1-1: USB disconnect, device number 35
[  264.161025][  T983] usb 5-1: config 0 descriptor??
[  264.203584][  T983] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22
[  264.291901][ T5851] udevd[5851]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  264.322089][ T5922] usb 4-1: unknown interface protocol 0x55, assuming v1
[  264.331138][ T5922] usb 4-1: cannot find UAC_HEADER
[  264.405728][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:7.128/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  264.415997][ T8927] input: syz0 as /devices/virtual/input/input23
[  264.454577][   T24] usb 5-1: USB disconnect, device number 30
[  264.472243][ T5922] snd-usb-audio 4-1:1.74: probe with driver snd-usb-audio failed with error -22
[  264.536409][ T5922] usb 4-1: USB disconnect, device number 33
[  264.705621][ T7359] udevd[7359]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.74/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  264.953372][ T8951] loop6: detected capacity change from 0 to 7
[  264.982807][ T5839] Dev loop6: unable to read RDB block 7
[  264.993506][ T5839]  loop6: unable to read partition table
[  265.003755][ T5839] loop6: partition table beyond EOD, truncated
[  265.014614][ T8951] Dev loop6: unable to read RDB block 7
[  265.027499][ T8951]  loop6: unable to read partition table
[  265.037484][ T8951] loop6: partition table beyond EOD, truncated
[  265.037539][   T24] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  265.044896][ T8951] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  265.212294][   T24] usb 1-1: Using ep0 maxpacket: 8
[  265.225363][   T24] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  265.244441][   T24] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  265.263918][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.279009][   T24] usb 1-1: Product: syz
[  265.293472][   T24] usb 1-1: Manufacturer: syz
[  265.307511][   T24] usb 1-1: SerialNumber: syz
[  265.336121][   T24] usb 1-1: config 0 descriptor??
[  265.376287][   T24] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  265.385228][   T24] usb 1-1: setting power ON
[  265.390909][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  265.403938][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  265.427818][ T5922] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  265.440628][   T24] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  265.465879][   T24] usb 1-1: media controller created
[  265.472049][ T8969] netlink: 28 bytes leftover after parsing attributes in process `syz.4.787'.
[  265.585570][ T8944] dvb-usb: bulk message failed: -22 (3/0)
[  265.592610][ T8944] cxusb: i2c wr: len=306 is too big!
[  265.592610][ T8944] 
[  265.632929][ T5922] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  265.683676][ T5922] usb 4-1: New USB device found, idVendor=0458, idProduct=501b, bcdDevice= 0.00
[  265.703184][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  265.722342][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  265.750186][ T5922] usb 4-1: config 0 descriptor??
[  265.852654][   T24] usb 1-1: selecting invalid altsetting 6
[  265.979438][   T24] usb 1-1: digital interface selection failed (-22)
[  266.220952][ T5922] kye 0003:0458:501B.000B: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  266.238169][   T24] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  266.305136][   T24] usb 1-1: setting power OFF
[  266.317407][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  266.354248][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  266.377398][ T5922] kye 0003:0458:501B.000B: hidraw0: USB HID v0.00 Device [HID 0458:501b] on usb-dummy_hcd.3-1/input0
[  266.428449][ T8985] netlink: 'syz.4.789': attribute type 298 has an invalid length.
[  266.428682][   T24] (NULL device *): no alternate interface
[  266.449349][ T5922] kye 0003:0458:501B.000B: tablet-enabling feature report not found
[  266.497424][ T5922] kye 0003:0458:501B.000B: tablet enabling failed
[  266.760687][ T5922] usb 4-1: USB disconnect, device number 34
[  266.882929][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  266.902815][   T24] usb 1-1: USB disconnect, device number 36
[  266.935209][ T8991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.027046][ T8991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.062166][ T8991] fuse: Bad value for 'user_id'
[  267.067183][ T8991] fuse: Bad value for 'user_id'
[  267.272801][   T24] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  267.311023][ T8999] netlink: 'syz.5.794': attribute type 12 has an invalid length.
[  267.395010][ T9002] loop6: detected capacity change from 0 to 7
[  267.402271][ T9002] Dev loop6: unable to read RDB block 7
[  267.422680][ T9002]  loop6: unable to read partition table
[  267.448102][ T9002] loop6: partition table beyond EOD, truncated
[  267.454981][ T9002] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  267.465129][   T24] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  267.517172][   T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 128, changing to 11
[  267.585087][   T24] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  267.631508][ T9007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  267.660060][   T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  267.692396][ T9007] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  267.729772][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.777505][   T24] usb 1-1: Product: syz
[  267.787634][   T24] usb 1-1: Manufacturer: syz
[  267.792348][   T24] usb 1-1: SerialNumber: syz
[  268.227400][ T5986] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  268.459068][ T5986] usb 5-1: Using ep0 maxpacket: 32
[  268.469871][ T5986] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  268.527649][ T5986] usb 5-1: config 0 has no interface number 0
[  268.549732][ T5986] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  268.561828][ T5986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.572606][ T5986] usb 5-1: Product: syz
[  268.577139][ T5986] usb 5-1: Manufacturer: syz
[  268.583354][ T5986] usb 5-1: SerialNumber: syz
[  268.606744][ T5986] usb 5-1: config 0 descriptor??
[  268.639363][ T5986] smsc95xx v2.0.0
[  269.033938][ T9039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  269.104458][ T9039] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  270.258194][ T5986] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  270.281112][ T5986] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  270.359616][ T9042] netlink: 'syz.3.805': attribute type 4 has an invalid length.
[  270.377458][   T24] cdc_ncm 1-1:1.0: bind() failure
[  270.439917][   T24] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  270.452399][ T9052] loop6: detected capacity change from 0 to 7
[  270.474483][   T24] usb 1-1: USB disconnect, device number 37
[  270.511966][ T9052] Dev loop6: unable to read RDB block 7
[  270.585223][ T9052]  loop6: unable to read partition table
[  270.604606][ T9052] loop6: partition table beyond EOD, truncated
[  270.640752][ T9052] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  270.887879][ T5906] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  271.057793][ T5906] usb 4-1: Using ep0 maxpacket: 32
[  271.068735][ T5906] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  271.078485][ T5906] usb 4-1: config 0 has no interface number 0
[  271.088205][ T5906] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  271.101897][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.116917][ T5906] usb 4-1: Product: syz
[  271.123114][ T5906] usb 4-1: Manufacturer: syz
[  271.133347][ T5906] usb 4-1: SerialNumber: syz
[  271.184429][ T5906] usb 4-1: config 0 descriptor??
[  271.239670][ T9064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  271.256232][ T9064] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.271781][ T5906] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  271.286709][ T5906] usb 4-1: selecting invalid altsetting 1
[  271.296414][ T5906] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  271.314940][ T5906] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  271.331478][ T5906] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  271.342110][ T5906] usb 4-1: media controller created
[  271.363801][ T5906] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  272.574285][ T5906] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  272.597397][ T5906] zl10353_read_register: readreg error (reg=127, ret==-110)
[  272.617158][ T5906] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  272.686383][ T5906] usb 4-1: USB disconnect, device number 35
[  273.504230][ T5986] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  273.523984][ T5986] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  273.556415][ T5986] usb 5-1: USB disconnect, device number 31
[  275.002530][ T9109] netlink: 4 bytes leftover after parsing attributes in process `syz.2.822'.
[  275.777505][ T5986] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  276.189068][ T5986] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  276.204623][ T5986] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  276.204673][ T5986] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  276.204699][ T5986] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.231313][ T5986] usb 1-1: config 0 descriptor??
[  276.343596][ T9134] netlink: 28 bytes leftover after parsing attributes in process `syz.4.830'.
[  276.777513][   T24] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  277.060202][   T24] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  277.089213][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.143980][ T9146] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(14)
[  277.150941][ T9146] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  277.157347][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.199514][   T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  277.203800][ T9146] vhci_hcd vhci_hcd.0: Device attached
[  277.247705][ T9125] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(17)
[  277.251494][   T24] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  277.254361][ T9125] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  277.273400][ T9125] vhci_hcd vhci_hcd.0: Device attached
[  277.273663][ T9151] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(20)
[  277.285667][ T9151] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  277.290731][ T9157] netlink: 40 bytes leftover after parsing attributes in process `syz.4.836'.
[  277.324020][   T24] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  277.356967][   T24] usb 6-1: Manufacturer: syz
[  277.366397][ T9151] vhci_hcd vhci_hcd.0: Device attached
[  277.377521][ T5906] vhci_hcd: vhci_device speed not set
[  277.377992][   T24] usb 6-1: config 0 descriptor??
[  277.414734][ T9152] vhci_hcd: connection closed
[  277.420092][   T36] vhci_hcd: stop threads
[  277.438030][ T9147] vhci_hcd: connection closed
[  277.467467][ T5906] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  277.468576][   T36] vhci_hcd: release socket
[  277.473497][ T9148] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  277.540748][   T36] vhci_hcd: disconnect device
[  277.575459][ T9154] vhci_hcd: connection closed
[  277.576441][   T36] vhci_hcd: stop threads
[  277.599839][ T5986] usbhid 1-1:0.0: can't add hid device: -71
[  277.605892][ T5986] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  277.620522][   T36] vhci_hcd: release socket
[  277.625083][   T36] vhci_hcd: disconnect device
[  277.632409][   T36] vhci_hcd: stop threads
[  277.636701][   T36] vhci_hcd: release socket
[  277.644209][   T36] vhci_hcd: disconnect device
[  277.657272][ T5986] usb 1-1: USB disconnect, device number 38
[  277.679877][ T9168] netlink: 'syz.2.837': attribute type 12 has an invalid length.
[  277.863921][   T24] hid_parser_main: 5 callbacks suppressed
[  277.863946][   T24] appleir 0003:05AC:8243.000C: unknown main item tag 0x0
[  277.967130][   T24] appleir 0003:05AC:8243.000C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  278.574180][ T9181] netlink: 'syz.0.841': attribute type 1 has an invalid length.
[  279.006174][   T24] usb 6-1: USB disconnect, device number 28
[  279.257396][   T30] kauditd_printk_skb: 43 callbacks suppressed
[  279.257414][   T30] audit: type=1800 audit(1760161850.136:260): pid=9189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.843" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  279.299962][ T5922] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  279.313919][ T9182] bond1: entered promiscuous mode
[  279.329900][ T9182] bond1: entered allmulticast mode
[  279.621869][ T9182] 8021q: adding VLAN 0 to HW filter on device bond1
[  279.706837][ T9183] bridge2: entered promiscuous mode
[  279.728552][ T9183] bridge2: entered allmulticast mode
[  279.754362][ T5922] usb 5-1: Using ep0 maxpacket: 32
[  279.760505][ T9183] bond1: (slave bridge2): Enslaving as a backup interface with an up link
[  279.773064][   T13] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  279.868207][ T5922] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  279.907517][ T5922] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  279.916173][ T5922] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  279.946550][ T3429] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  280.094501][ T5922] usb 5-1: config 1 has no interface number 0
[  280.110265][ T5922] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  280.264228][ T5922] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 10229, setting to 1024
[  280.296133][ T5922] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  280.367449][ T5922] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  280.413668][ T5922] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.913090][ T9185] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  280.947697][ T5922] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  281.096988][   T30] audit: type=1326 audit(1760161851.976:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  281.152761][ T9185] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  281.235283][ T5922] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  281.236990][   T30] audit: type=1326 audit(1760161851.976:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  281.277913][ T9210] sctp: [Deprecated]: syz.3.847 (pid 9210) Use of struct sctp_assoc_value in delayed_ack socket option.
[  281.277913][ T9210] Use struct sctp_sack_info instead
[  281.334002][   T30] audit: type=1326 audit(1760161851.976:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  281.356690][    C0] vkms_vblank_simulate: vblank timer overrun
[  281.453142][ T9208] pim6reg: entered allmulticast mode
[  281.540778][   T30] audit: type=1326 audit(1760161851.976:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  281.579175][ T9217] netlink: 'syz.4.842': attribute type 15 has an invalid length.
[  281.587104][ T9217] netlink: 24 bytes leftover after parsing attributes in process `syz.4.842'.
[  281.633443][   T30] audit: type=1326 audit(1760161851.976:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  281.655695][    C0] vkms_vblank_simulate: vblank timer overrun
[  281.816751][   T30] audit: type=1326 audit(1760161851.976:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  281.839121][    C0] vkms_vblank_simulate: vblank timer overrun
[  282.077568][   T30] audit: type=1326 audit(1760161851.976:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  282.191905][   T30] audit: type=1326 audit(1760161851.976:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  282.249251][   T24] snd_usb_pod 5-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  282.287744][   T30] audit: type=1326 audit(1760161851.976:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9205 comm="syz.0.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f675ed8eec9 code=0x7ffc0000
[  282.637481][ T5906] vhci_hcd: vhci_device speed not set
[  282.668142][   T24] usb 5-1: USB disconnect, device number 32
[  282.686435][   T24] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  283.248827][ T5922] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  283.411491][ T5922] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  283.421506][ T5922] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  283.473099][ T5922] usb 5-1: config 0 interface 0 has no altsetting 0
[  283.494780][ T5922] usb 5-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  283.504181][ T5922] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.520099][ T5922] usb 5-1: Product: syz
[  283.653091][ T5922] usb 5-1: Manufacturer: syz
[  283.797236][ T5922] usb 5-1: SerialNumber: syz
[  283.824712][ T5922] usb 5-1: config 0 descriptor??
[  284.317718][ T5986] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  284.509558][ T5986] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  284.522838][ T9257] netlink: 20 bytes leftover after parsing attributes in process `syz.3.858'.
[  284.542198][ T5986] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  284.552920][ T9258] netlink: 20 bytes leftover after parsing attributes in process `syz.3.858'.
[  284.572624][ T5986] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  284.663575][ T5986] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  284.679281][ T5986] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.689449][ T5986] usb 6-1: Product: syz
[  284.696439][ T5986] usb 6-1: Manufacturer: syz
[  284.706058][ T5986] usb 6-1: SerialNumber: syz
[  284.736845][ T5986] hub 6-1:1.0: bad descriptor, ignoring hub
[  284.767033][ T5986] hub 6-1:1.0: probe with driver hub failed with error -5
[  285.120465][ T5986] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 29 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  286.010930][ T5922] usb 5-1: USB disconnect, device number 33
[  286.684502][ T9291] mmap: syz.3.865 (9291) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  286.720501][ T9293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  286.740503][ T9293] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  286.836963][ T9298] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  286.957713][   T10] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  287.097514][ T5922] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  287.117459][   T10] usb 4-1: Using ep0 maxpacket: 32
[  287.117777][   T24] usb 6-1: USB disconnect, device number 29
[  287.126675][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  287.134271][   T24] usblp0: removed
[  287.145188][   T10] usb 4-1: config 128 has an invalid interface number: 127 but max is 3
[  287.159130][   T10] usb 4-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  287.164000][ T9302] netlink: 36 bytes leftover after parsing attributes in process `syz.5.869'.
[  287.170465][   T10] usb 4-1: config 128 has 1 interface, different from the descriptor's value: 4
[  287.188954][   T10] usb 4-1: config 128 has no interface number 0
[  287.195240][   T10] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  287.206871][   T10] usb 4-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[  287.218547][   T10] usb 4-1: config 128 interface 127 has no altsetting 0
[  287.244782][   T10] usb 4-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[  287.256643][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.272276][ T5922] usb 1-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  287.282025][ T5922] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.286905][   T10] usb 4-1: Product: syz
[  287.296242][ T5922] usb 1-1: Product: syz
[  287.312159][   T10] usb 4-1: Manufacturer: syz
[  287.316798][   T10] usb 4-1: SerialNumber: syz
[  287.444776][ T9311] xt_ecn: cannot match TCP bits for non-tcp packets
[  287.451744][ T5922] usb 1-1: Manufacturer: syz
[  287.456668][ T5922] usb 1-1: SerialNumber: syz
[  287.470358][ T5922] usb 1-1: config 0 descriptor??
[  287.485474][ T5922] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  287.508308][ T5922] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  287.540098][ T5922] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19)
[  287.666534][   T10] usb 4-1: USB disconnect, device number 36
[  287.968841][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  287.996737][ T9326] FAULT_INJECTION: forcing a failure.
[  287.996737][ T9326] name failslab, interval 1, probability 0, space 0, times 0
[  288.018376][ T9326] CPU: 1 UID: 0 PID: 9326 Comm: syz.4.875 Not tainted syzkaller #0 PREEMPT(full) 
[  288.018402][ T9326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  288.018415][ T9326] Call Trace:
[  288.018423][ T9326]  <TASK>
[  288.018431][ T9326]  dump_stack_lvl+0x189/0x250
[  288.018449][ T9326]  ? __pfx____ratelimit+0x10/0x10
[  288.018463][ T9326]  ? __pfx_dump_stack_lvl+0x10/0x10
[  288.018474][ T9326]  ? __pfx__printk+0x10/0x10
[  288.018487][ T9326]  ? __pfx___might_resched+0x10/0x10
[  288.018502][ T9326]  should_fail_ex+0x414/0x560
[  288.018518][ T9326]  should_failslab+0xa8/0x100
[  288.018530][ T9326]  __kmalloc_noprof+0xcb/0x7f0
[  288.018544][ T9326]  ? vb2_core_reqbufs+0x904/0x1420
[  288.018562][ T9326]  vb2_core_reqbufs+0x904/0x1420
[  288.018584][ T9326]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  288.018600][ T9326]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[  288.018614][ T9326]  ? rcu_is_watching+0x15/0xb0
[  288.018626][ T9326]  ? __vb2_init_fileio+0x1e8/0xff0
[  288.018642][ T9326]  ? trace_contention_end+0x39/0x120
[  288.018658][ T9326]  __vb2_init_fileio+0x318/0xff0
[  288.018674][ T9326]  ? __lock_acquire+0xab9/0xd20
[  288.018690][ T9326]  __vb2_perform_fileio+0x284/0x1600
[  288.018714][ T9326]  vb2_fop_write+0x22f/0x340
[  288.018731][ T9326]  v4l2_write+0x19c/0x2c0
[  288.018745][ T9326]  ? __pfx_v4l2_write+0x10/0x10
[  288.018759][ T9326]  vfs_write+0x27e/0xb30
[  288.018778][ T9326]  ? __pfx_vfs_write+0x10/0x10
[  288.018793][ T9326]  ? __fget_files+0x2a/0x420
[  288.018804][ T9326]  ? __fget_files+0x2a/0x420
[  288.018813][ T9326]  ? __fget_files+0x3a0/0x420
[  288.018821][ T9326]  ? __fget_files+0x2a/0x420
[  288.018834][ T9326]  ksys_write+0x145/0x250
[  288.018850][ T9326]  ? __pfx_ksys_write+0x10/0x10
[  288.018866][ T9326]  ? do_syscall_64+0xbe/0xfa0
[  288.018881][ T9326]  do_syscall_64+0xfa/0xfa0
[  288.018893][ T9326]  ? lockdep_hardirqs_on+0x9c/0x150
[  288.018906][ T9326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.018916][ T9326]  ? clear_bhb_loop+0x60/0xb0
[  288.018929][ T9326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  288.018939][ T9326] RIP: 0033:0x7febda78eec9
[  288.018950][ T9326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  288.018959][ T9326] RSP: 002b:00007febdb61d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  288.018971][ T9326] RAX: ffffffffffffffda RBX: 00007febda9e5fa0 RCX: 00007febda78eec9
[  288.018978][ T9326] RDX: 00000000fffffd9d RSI: 0000200000000100 RDI: 0000000000000005
[  288.018985][ T9326] RBP: 00007febdb61d090 R08: 0000000000000000 R09: 0000000000000000
[  288.018991][ T9326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  288.018998][ T9326] R13: 00007febda9e6038 R14: 00007febda9e5fa0 R15: 00007febdab0fa28
[  288.019015][ T9326]  </TASK>
[  288.302496][    C1] vkms_vblank_simulate: vblank timer overrun
[  289.564739][ T9351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.595881][ T9351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.614759][ T9351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.646889][ T9354] kvm: vcpu 0: requested 1664 ns lapic timer period limited to 200000 ns
[  289.677778][ T9351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.755104][ T5986] usb 1-1: USB disconnect, device number 39
[  290.175807][ T9372] netlink: 'syz.2.888': attribute type 12 has an invalid length.
[  290.322765][ T5986] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  290.527631][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  290.536046][ T5986] usb 5-1: no configurations
[  290.541006][ T5986] usb 5-1: can't read configurations, error -22
[  290.580589][ T9384] netlink: 60 bytes leftover after parsing attributes in process `syz.5.890'.
[  290.599589][ T9384] bridge0: port 1(macsec0) entered blocking state
[  290.607612][ T9384] bridge0: port 1(macsec0) entered disabled state
[  290.617592][ T9384] macsec0: entered allmulticast mode
[  290.623264][ T9384] veth1_macvtap: entered allmulticast mode
[  290.659674][ T9384] macsec0: entered promiscuous mode
[  290.671362][ T9384] bridge0: port 1(macsec0) entered blocking state
[  290.678018][ T9384] bridge0: port 1(macsec0) entered forwarding state
[  290.690262][ T5986] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  290.798337][ T9386] kvm: requested 19276 ns i8254 timer period limited to 200000 ns
[  290.859796][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  290.866595][ T5986] usb 5-1: no configurations
[  290.876285][ T5986] usb 5-1: can't read configurations, error -22
[  290.964782][ T5986] usb usb5-port1: attempt power cycle
[  291.709134][ T5986] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  291.785420][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  291.803457][ T5986] usb 5-1: no configurations
[  292.071149][ T5986] usb 5-1: can't read configurations, error -22
[  292.207511][ T5986] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  292.247957][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  292.253675][ T5986] usb 5-1: no configurations
[  292.267497][ T5986] usb 5-1: can't read configurations, error -22
[  292.277922][ T5986] usb usb5-port1: unable to enumerate USB device
[  292.699229][ T9413] netlink: 104 bytes leftover after parsing attributes in process `syz.2.899'.
[  292.757546][ T9414] netlink: 104 bytes leftover after parsing attributes in process `syz.2.899'.
[  292.964793][ T9424] netlink: 12 bytes leftover after parsing attributes in process `syz.3.902'.
[  293.224743][ T9430] input: syz1 as /devices/virtual/input/input24
[  294.111938][ T9440] netlink: 8 bytes leftover after parsing attributes in process `syz.5.906'.
[  294.127572][ T9440] netlink: 4 bytes leftover after parsing attributes in process `syz.5.906'.
[  294.140571][ T9440] netlink: 'syz.5.906': attribute type 7 has an invalid length.
[  294.194846][ T9440] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  295.036470][ T9452] netlink: 60 bytes leftover after parsing attributes in process `syz.3.910'.
[  295.796164][ T5922] usb 1-1: new full-speed USB device number 40 using dummy_hcd
[  295.818205][ T5986] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  295.969420][ T5922] usb 1-1: config 0 has no interfaces?
[  295.975086][ T5922] usb 1-1: New USB device found, idVendor=0b48, idProduct=1004, bcdDevice=8c.1e
[  295.987830][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  296.000290][ T5986] usb 5-1: unable to read config index 0 descriptor/start: -61
[  296.012035][ T5986] usb 5-1: can't read configurations, error -61
[  296.065875][ T5922] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.147527][ T5986] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  296.191669][ T5922] usb 1-1: config 0 descriptor??
[  296.317401][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  296.329121][ T5986] usb 5-1: unable to read config index 0 descriptor/start: -61
[  296.336956][ T5986] usb 5-1: can't read configurations, error -61
[  296.344752][ T5986] usb usb5-port1: attempt power cycle
[  296.404389][ T9465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  296.413271][ T9465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  296.687513][ T5986] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  296.708939][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  296.719767][ T5986] usb 5-1: unable to read config index 0 descriptor/start: -61
[  296.728000][ T5986] usb 5-1: can't read configurations, error -61
[  296.817426][ T5922] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  296.867415][ T5986] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  296.888688][ T5986] usb 5-1: Using ep0 maxpacket: 16
[  296.898796][ T5986] usb 5-1: unable to read config index 0 descriptor/start: -61
[  296.906698][ T5986] usb 5-1: can't read configurations, error -61
[  296.915211][ T5986] usb usb5-port1: unable to enumerate USB device
[  297.166303][ T5922] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  297.196270][ T5922] usb 6-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  297.235891][ T5922] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  297.254405][ T5922] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.479794][ T9487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  297.553981][ T9487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  297.562606][ T5922] IPVS: starting estimator thread 0...
[  297.729567][ T9488] IPVS: using max 49 ests per chain, 117600 per kthread
[  298.557516][ T5922] usb 1-1: USB disconnect, device number 40
[  299.421139][ T9510] binder: 9509:9510 ioctl c0306201 200000000400 returned -14
[  299.667497][ T5906] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  299.897548][ T5906] usb 5-1: Using ep0 maxpacket: 32
[  300.023736][ T5906] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  300.047203][ T5906] usb 5-1: config 0 has no interface number 0
[  300.067893][ T5906] usb 5-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  300.083899][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.106915][ T5906] usb 5-1: Product: syz
[  300.129001][ T5906] usb 5-1: Manufacturer: syz
[  300.211246][ T5906] usb 5-1: SerialNumber: syz
[  300.226557][ T5906] usb 5-1: config 0 descriptor??
[  300.236040][ T5906] hub 5-1:0.89: bad descriptor, ignoring hub
[  300.246379][ T5906] hub 5-1:0.89: probe with driver hub failed with error -5
[  300.351135][ T5906] option 5-1:0.89: GSM modem (1-port) converter detected
[  300.377006][ T5986] usb 6-1: USB disconnect, device number 30
[  300.394174][ T9473] delete_channel: no stack
[  300.402030][ T5906] usb 5-1: GSM modem (1-port) converter now attached to ttyUSB0
[  300.448341][ T5906] usb 5-1: USB disconnect, device number 42
[  300.495877][ T5906] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  300.568957][ T5906] option 5-1:0.89: device disconnected
[  300.817594][ T5986] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  301.023654][ T5986] usb 6-1: Using ep0 maxpacket: 32
[  301.056813][ T9534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.066780][ T5986] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  301.080368][ T5986] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  301.090623][ T9537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.107558][ T9534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.136882][ T5986] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  301.146447][ T9537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.158658][ T5986] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  301.175864][ T5986] usb 6-1: config 0 interface 0 has no altsetting 0
[  301.206377][ T5986] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  301.233922][ T5986] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  301.301767][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  301.301786][   T30] audit: type=1326 audit(1760161872.156:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.330396][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.340230][   T30] audit: type=1326 audit(1760161872.156:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.362484][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.369498][ T5986] usb 6-1: Product: syz
[  301.396435][   T30] audit: type=1326 audit(1760161872.166:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.402923][ T5986] usb 6-1: Manufacturer: syz
[  301.420524][   T30] audit: type=1326 audit(1760161872.166:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.445670][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.448766][ T5986] usb 6-1: SerialNumber: syz
[  301.476077][ T5986] usb 6-1: config 0 descriptor??
[  301.482692][   T30] audit: type=1326 audit(1760161872.166:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.512330][ T5986] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  301.523444][ T5986] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  301.551238][   T30] audit: type=1326 audit(1760161872.166:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.568704][ T3429] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.609295][   T30] audit: type=1326 audit(1760161872.166:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.637083][   T30] audit: type=1326 audit(1760161872.166:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.685446][   T30] audit: type=1326 audit(1760161872.166:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  301.802380][   T30] audit: type=1326 audit(1760161872.166:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9538 comm="syz.4.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7febda78eec9 code=0x7ffc0000
[  302.444164][ T9563] netlink: 28 bytes leftover after parsing attributes in process `syz.3.940'.
[  302.494919][ T9565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  302.530913][ T9565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  302.725317][ T9573] loop2: detected capacity change from 0 to 7
[  302.743365][ T5839] Dev loop2: unable to read RDB block 7
[  302.750428][ T5839]  loop2: AHDI p1 p2 p3
[  302.754760][ T5839] loop2: partition table partially beyond EOD, truncated
[  302.777123][ T5839] loop2: p1 start 1601398130 is beyond EOD, truncated
[  302.800520][ T5839] loop2: p2 start 1702059890 is beyond EOD, truncated
[  302.817438][ T9573] Dev loop2: unable to read RDB block 7
[  302.838519][ T9573]  loop2: AHDI p1 p2 p3
[  302.842818][ T9573] loop2: partition table partially beyond EOD, truncated
[  302.853250][ T9573] loop2: p1 start 1601398130 is beyond EOD, truncated
[  302.863575][ T9573] loop2: p2 start 1702059890 is beyond EOD, truncated
[  302.873864][ T9577] bond0: option arp_interval: invalid value (18446744073709551615)
[  302.915371][ T9577] bond0: option arp_interval: allowed values 0 - 2147483647
[  303.019338][ T9582] ipip0: entered promiscuous mode
[  303.056790][ T9582] ipip0: entered allmulticast mode
[  303.177697][ T5906] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  303.204291][ T9583] kvm: user requested TSC rate below hardware speed
[  303.257666][ T9588] fuse: Unknown parameter ''
[  303.265925][ T9588] fuse: Unknown parameter ''
[  303.276358][ T9588] fuse: Unknown parameter ''
[  303.281752][ T9588] fuse: Unknown parameter ''
[  303.287099][ T9588] fuse: Unknown parameter ''
[  303.369741][ T5906] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  303.382243][ T9594] netlink: 24 bytes leftover after parsing attributes in process `syz.2.948'.
[  303.459992][ T9586] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  303.469018][ T9586] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  303.500200][ T5906] usb 5-1: config 0 has no interface number 0
[  303.506857][ T5906] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.522757][ T5906] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.533037][ T5906] usb 5-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  303.551477][ T5906] usb 5-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  303.562573][ T5906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.574368][ T5906] usb 5-1: config 0 descriptor??
[  303.717489][ T5922] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  303.847665][ T5922] usb 1-1: device descriptor read/64, error -71
[  304.043843][ T9577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.077543][ T9577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.127428][ T5922] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  304.287478][ T5922] usb 1-1: device descriptor read/64, error -71
[  304.292291][ T9606] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.304186][ T9606] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.310221][ T5906] input: HID 28bd:0042 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:28BD:0042.000D/input/input25
[  304.400423][ T5922] usb usb1-port1: attempt power cycle
[  304.402856][ T5986] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  304.421353][ T5906] uclogic 0003:28BD:0042.000D: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.4-1/input1
[  304.516227][ T5906] usb 5-1: USB disconnect, device number 43
[  304.589337][ T5986] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  304.598220][ T5986] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  304.611829][ T5986] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.624185][ T5986] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  304.634101][ T5986] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[  304.644111][ T5986] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  304.658117][ T5986] usb 4-1: config 1 interface 1 has no altsetting 0
[  304.669236][ T5986] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  304.678528][ T5986] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.686730][ T5986] usb 4-1: Product: syz
[  304.691092][ T5986] usb 4-1: Manufacturer: syz
[  304.695717][ T5986] usb 4-1: SerialNumber: syz
[  304.706638][ T5986] cdc_ncm 4-1:1.0: skipping garbage
[  304.712199][ T5986] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing
[  304.720805][ T5986] cdc_ncm 4-1:1.0: bind() failure
[  304.747519][ T5922] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  304.768907][ T5922] usb 1-1: device descriptor read/8, error -71
[  305.007691][ T5922] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  305.046964][ T5922] usb 1-1: device descriptor read/8, error -71
[  305.132879][ T9616] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  305.166145][ T5922] usb usb1-port1: unable to enumerate USB device
[  305.180899][ T5922] usb 4-1: USB disconnect, device number 37
[  305.289607][ T9619] netlink: 60 bytes leftover after parsing attributes in process `syz.4.957'.
[  306.041242][ T9624] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  306.052304][ T9623] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  306.297232][ T9630] x_tables: ip6_tables: mh match: only valid for protocol 135
[  306.823682][ T9522] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -110
[  307.257189][ T5922] usb 6-1: USB disconnect, device number 31
[  307.274306][ T5922] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  307.550678][ T9649] netlink: 212160 bytes leftover after parsing attributes in process `syz.5.963'.
[  307.591543][ T9649] openvswitch: netlink: Message has 512 unknown bytes.
[  308.346167][ T9664] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  308.353504][ T9664] IPv6: NLM_F_CREATE should be set when creating new route
[  308.360993][ T9664] IPv6: NLM_F_CREATE should be set when creating new route
[  308.704628][ T9675] loop6: detected capacity change from 0 to 7
[  308.714143][ T5839] Dev loop6: unable to read RDB block 7
[  308.733589][ T5839]  loop6: unable to read partition table
[  308.752537][ T5839] loop6: partition table beyond EOD, truncated
[  308.797790][ T9675] Dev loop6: unable to read RDB block 7
[  308.803572][ T9675]  loop6: unable to read partition table
[  308.814650][ T9675] loop6: partition table beyond EOD, truncated
[  308.832674][ T9675] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  309.066928][ T9681] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  309.213719][ T9685] netlink: 60 bytes leftover after parsing attributes in process `syz.0.972'.
[  309.353571][   T30] kauditd_printk_skb: 37 callbacks suppressed
[  309.353588][   T30] audit: type=1326 audit(1760161880.236:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  309.872182][   T30] audit: type=1326 audit(1760161880.276:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  309.919932][   T30] audit: type=1326 audit(1760161880.276:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  309.979385][   T30] audit: type=1326 audit(1760161880.276:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc15538d710 code=0x7ffc0000
[  310.026385][   T30] audit: type=1326 audit(1760161880.276:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  310.343747][   T30] audit: type=1326 audit(1760161880.276:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  310.521499][   T30] audit: type=1326 audit(1760161880.276:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  310.802017][   T30] audit: type=1326 audit(1760161880.276:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  310.884893][   T30] audit: type=1326 audit(1760161880.276:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  311.009861][ T9711] delete_channel: no stack
[  311.206609][   T30] audit: type=1326 audit(1760161880.276:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9684 comm="syz.2.973" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc15538eec9 code=0x7ffc0000
[  312.377675][ T9724] loop6: detected capacity change from 0 to 7
[  312.390927][ T5839] Dev loop6: unable to read RDB block 7
[  312.414915][ T5839]  loop6: unable to read partition table
[  312.464343][ T5839] loop6: partition table beyond EOD, truncated
[  312.495929][ T9724] Dev loop6: unable to read RDB block 7
[  312.507494][ T9724]  loop6: unable to read partition table
[  312.513581][ T9724] loop6: partition table beyond EOD, truncated
[  312.550037][ T9724] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  312.657423][ T5142] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  312.797012][ T9727] 8021q: VLANs not supported on ip6gre0
[  312.820079][ T5142] usb 4-1: Using ep0 maxpacket: 8
[  312.836062][ T5142] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  312.862813][ T9730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  312.877448][ T5142] usb 4-1: config 0 has no interface number 0
[  312.894079][ T9730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  312.907596][ T5142] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  312.925748][ T9731] tipc: Started in network mode
[  312.931082][ T9731] tipc: Node identity f6297e2801ac, cluster identity 4711
[  312.943148][ T5142] usb 4-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  312.944228][ T9731] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  312.989124][ T9731] syzkaller0: entered promiscuous mode
[  312.990594][ T5142] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  312.994632][ T9731] syzkaller0: entered allmulticast mode
[  313.036369][ T5142] usb 4-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  313.054088][ T5142] usb 4-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  313.148924][ T5142] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  313.171323][ T9731] tipc: Resetting bearer <eth:syzkaller0>
[  313.190504][ T5142] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.214095][ T5142] usb 4-1: Product: syz
[  313.218765][ T5142] usb 4-1: Manufacturer: syz
[  313.223467][ T5142] usb 4-1: SerialNumber: syz
[  313.262573][ T5142] usb 4-1: config 0 descriptor??
[  313.467511][ T5913] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  313.551863][ T5142] iowarrior 4-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  313.575737][ T5142] usb 4-1: USB disconnect, device number 38
[  313.637434][ T5913] usb 1-1: Using ep0 maxpacket: 16
[  313.644511][ T5913] usb 1-1: config index 0 descriptor too short (expected 42, got 18)
[  313.656413][ T5913] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 219, using maximum allowed: 30
[  313.673492][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 219
[  313.723227][ T5913] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice= 7.06
[  313.736233][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  313.746680][ T5913] usb 1-1: Product: syz
[  313.763626][ T5913] usb 1-1: SerialNumber: syz
[  313.850188][ T5913] r8152-cfgselector 1-1: Unknown version 0x0000
[  313.856686][ T5913] r8152-cfgselector 1-1: config 0 descriptor??
[  313.891818][ T5913] hub 1-1:0.0: bad descriptor, ignoring hub
[  313.898259][ T5913] hub 1-1:0.0: probe with driver hub failed with error -5
[  314.029272][ T5913] tipc: Node number set to 4152720936
[  314.128065][ T9731] tipc: Resetting bearer <eth:syzkaller0>
[  314.185719][ T9743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.232020][ T9743] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.316055][ T9731] tipc: Disabling bearer <eth:syzkaller0>
[  314.537506][ T5913] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  314.545247][ T5906] r8152-cfgselector 1-1: USB disconnect, device number 45
[  314.549352][ T9792] loop6: detected capacity change from 0 to 524279808
[  314.772605][ T9793] vivid-007: =================  START STATUS  =================
[  314.780687][ T9793] vivid-007: Enable Output Cropping: true
[  314.787707][ T9793] vivid-007: Enable Output Composing: true
[  314.793564][ T9793] vivid-007: Enable Output Scaler: true
[  314.799410][ T9793] vivid-007: Tx RGB Quantization Range: Automatic
[  314.806014][ T9793] vivid-007: Transmit Mode: HDMI
[  314.811235][ T9793] vivid-007: Hotplug Present: 0x00000000
[  314.816906][ T9793] vivid-007: RxSense Present: 0x00000000
[  314.824117][ T9793] vivid-007: EDID Present: 0x00000000
[  314.829609][ T9793] vivid-007: ==================  END STATUS  ==================
[  314.982320][ T9792] loop6: detected capacity change from 524279808 to 1
[  315.011301][ T7359] Dev loop6: unable to read RDB block 1
[  315.017040][ T7359]  loop6: unable to read partition table
[  315.023297][ T7359] loop6: partition table beyond EOD, truncated
[  315.042741][ T9792] Dev loop6: unable to read RDB block 1
[  315.054269][ T9792]  loop6: unable to read partition table
[  315.060623][ T9792] loop6: partition table beyond EOD, truncated
[  315.070531][ T9792] loop_reread_partitions: partition scan of loop6 (‰u0v°Ï	) failed (rc=-5)
[  315.081244][ T5913] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  315.094113][ T5201] Dev loop6: unable to read RDB block 1
[  315.102371][ T5913] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  315.112529][ T5201]  loop6: unable to read partition table
[  315.127707][ T5201] loop6: partition table beyond EOD, truncated
[  315.164110][ T5913] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  315.207938][   T24] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  315.223190][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  315.268480][ T5913] usb 4-1: SerialNumber: syz
[  315.369325][   T24] usb 5-1: config 0 has no interfaces?
[  315.379453][   T24] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  315.389352][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.407429][   T24] usb 5-1: Product: syz
[  315.411808][   T24] usb 5-1: Manufacturer: syz
[  315.417589][   T24] usb 5-1: SerialNumber: syz
[  315.438132][   T24] usb 5-1: config 0 descriptor??
[  315.489989][ T5913] usb 4-1: 0:2 : does not exist
[  315.536967][ T5913] usb 4-1: USB disconnect, device number 39
[  315.635675][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  315.755646][ T9862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  315.782710][ T9862] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  315.937583][ T9857] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  316.019056][ T9838] bridge0: port 3(macsec0) entered disabled state
[  316.025851][ T9838] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.033368][ T9838] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.097936][ T9857] usb 1-1: Using ep0 maxpacket: 32
[  316.110529][ T9857] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  316.133303][ T9857] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  316.154411][ T9857] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  316.166167][ T9857] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  316.177015][ T9857] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  316.187652][ T9857] usb 1-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  316.197591][ T5142] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  316.214062][ T9857] usb 1-1: New USB device found, idVendor=072f, idProduct=2200, bcdDevice=3f.bf
[  316.225935][ T9857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.237208][ T9857] usb 1-1: Product: syz
[  316.242007][ T9857] usb 1-1: Manufacturer: syz
[  316.246909][ T9857] usb 1-1: SerialNumber: syz
[  316.261379][ T9857] usb 1-1: config 0 descriptor??
[  316.273336][ T9846] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  316.286257][ T9857] pn533_usb 1-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  316.359095][ T5142] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.380957][ T5142] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.399909][ T5142] usb 6-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  316.409118][ T5142] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.421982][ T5142] usb 6-1: config 0 descriptor??
[  316.462701][ T9838] veth0_to_team: left promiscuous mode
[  316.489835][ T9838] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  316.502664][ T9846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.518940][ T9846] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.553844][ T9838] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  316.594865][ T9888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.625390][ T9888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.643553][ T9867] netlink: 312 bytes leftover after parsing attributes in process `syz.5.1004'.
[  316.703490][ T9838] veth1_macvtap: left allmulticast mode
[  316.863437][ T9838] bridge1: left allmulticast mode
[  316.880436][ T9838] bond1: left promiscuous mode
[  316.885477][ T9838] bridge2: left promiscuous mode
[  316.893237][ T9838] bond1: left allmulticast mode
[  316.899525][ T9838] bridge2: left allmulticast mode
[  316.916030][ T9838] ipip0: left promiscuous mode
[  316.921153][ T9838] ipip0: left allmulticast mode
[  316.930257][ T3589] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  316.945211][ T5142] usbhid 6-1:0.0: can't add hid device: -71
[  316.963050][ T5142] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  316.978604][   T24] usb 1-1: USB disconnect, device number 46
[  316.995880][ T3589] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.026016][ T5142] usb 6-1: USB disconnect, device number 32
[  317.039456][ T3589] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.053048][ T3589] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  317.134589][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  317.141307][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  317.656012][ T9926] binder: 9925:9926 ioctl c0306201 200000000640 returned -22
[  317.779440][ T5987] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  317.877534][ T9898] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  317.953339][ T5987] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  317.982296][ T5987] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.001657][ T5142] usb 5-1: USB disconnect, device number 44
[  318.004786][ T5987] usb 1-1: config 0 descriptor??
[  318.058690][ T9898] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  318.089085][ T9898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.123943][ T5987] cp210x 1-1:0.0: cp210x converter detected
[  318.133899][ T9898] usb 4-1: config 0 descriptor??
[  318.152587][ T9898] cp210x 4-1:0.0: cp210x converter detected
[  318.493807][ T5987] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[  318.504009][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  318.504025][   T30] audit: type=1326 audit(1760161889.386:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9920 comm="syz.0.1006" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f675ed8eec9 code=0x0
[  318.537576][   T24] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  318.547072][ T9898] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  318.557210][ T9898] cp210x 4-1:0.0: failed to get vendor val 0x3711 size 2: -121
[  318.569674][ T5987] usb 1-1: cp210x converter now attached to ttyUSB0
[  318.577234][ T9898] cp210x 4-1:0.0: GPIO initialisation failed: -121
[  318.617573][ T9898] usb 4-1: cp210x converter now attached to ttyUSB1
[  318.690083][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  318.709027][   T24] usb 5-1: not running at top speed; connect to a high speed hub
[  318.717982][   T24] usb 5-1: config 11 has an invalid interface number: 3 but max is 1
[  318.726080][   T24] usb 5-1: config 11 has an invalid descriptor of length 0, skipping remainder of the config
[  318.756612][   T24] usb 5-1: config 11 has 1 interface, different from the descriptor's value: 2
[  318.781754][ T9929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  318.790915][   T24] usb 5-1: config 11 has no interface number 0
[  318.798833][ T9929] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.810193][   T24] usb 5-1: New USB device found, idVendor=0582, idProduct=0120, bcdDevice=9c.cd
[  318.820406][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.829182][   T24] usb 5-1: Product: syz
[  318.833616][   T24] usb 5-1: Manufacturer: syz
[  318.838430][   T24] usb 5-1: SerialNumber: syz
[  318.869520][ T9987] syz_tun: entered promiscuous mode
[  318.875171][ T9987] vlan2: entered promiscuous mode
[  318.947553][ T5142] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  319.074827][   T24] usb 5-1: USB disconnect, device number 45
[  319.109393][ T5142] usb 6-1: Using ep0 maxpacket: 8
[  319.119942][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:11.3/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  319.192091][ T5142] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  319.205383][ T5142] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.230154][T10019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  319.239354][T10019] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  319.240423][ T5142] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  319.258526][ T5142] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  319.269000][ T5142] usb 6-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  319.284679][ T5142] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= 0.40
[  319.296357][ T5142] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  319.307251][ T5142] usb 6-1: SerialNumber: syz
[  319.322454][ T5142] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  319.339131][ T5142] usbtest 6-1:1.0: Linux gadget zero
[  319.346740][ T5142] usbtest 6-1:1.0: high-speed {control in/out bulk-in int-in} tests (+alt)
[  319.531108][ T5142] usb 6-1: USB disconnect, device number 33
[  319.542031][ T9976] netem: incorrect gi model size
[  319.550910][ T9976] netem: change failed
[  320.561389][ T5142] usb 1-1: USB disconnect, device number 47
[  320.577749][ T5142] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  320.610724][ T5142] cp210x 1-1:0.0: device disconnected
[  320.649306][   T24] usb 4-1: USB disconnect, device number 40
[  320.659630][   T24] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1
[  320.681746][   T24] cp210x 4-1:0.0: device disconnected
[  321.249658][T10079] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1020'.
[  322.099808][T10092] kvm: user requested TSC rate below hardware speed
[  322.112323][T10096] veth0_to_bond: entered allmulticast mode
[  322.112345][ T5201] Dev loop6: unable to read RDB block 1
[  322.112385][ T5201]  loop6: unable to read partition table
[  322.140954][ T5201] loop6: partition table beyond EOD, truncated
[  322.400407][T10122] usb usb8: usbfs: process 10122 (syz.4.1025) did not claim interface 0 before use
[  322.589984][T10103] netlink: 'syz.4.1025': attribute type 3 has an invalid length.
[  322.884412][ T5987] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  323.075528][ T5987] usb 6-1: device descriptor read/64, error -71
[  323.357379][ T5987] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  323.429901][T10142] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1029'.
[  323.439328][T10142] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1029'.
[  323.459120][T10142] netlink: 'syz.4.1029': attribute type 7 has an invalid length.
[  323.479966][T10140] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  323.491574][T10140] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  323.578931][T10150] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  323.607822][ T5987] usb 6-1: device descriptor read/64, error -71
[  323.779438][T10156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  323.788362][ T5987] usb usb6-port1: attempt power cycle
[  323.819482][T10156] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  324.167813][ T5987] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  324.232685][ T5142] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  324.506463][ T5142] usb 1-1: device descriptor read/64, error -71
[  324.542247][ T5987] usb 6-1: device descriptor read/8, error -71
[  324.769112][T10176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  324.781363][T10176] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  324.793374][ T5142] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  324.807522][ T5987] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  324.878513][ T5987] usb 6-1: device descriptor read/8, error -71
[  324.927583][ T5142] usb 1-1: device descriptor read/64, error -71
[  324.987641][ T5987] usb usb6-port1: unable to enumerate USB device
[  325.037861][ T5142] usb usb1-port1: attempt power cycle
[  325.139502][T10195] loop6: detected capacity change from 1 to 524288000
[  325.387791][ T5142] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  325.428520][ T9881] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  325.438698][ T5142] usb 1-1: device descriptor read/8, error -71
[  325.629559][ T9881] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  325.659842][ T9881] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  325.705417][ T9881] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  325.717580][ T5142] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  325.744283][ T9881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.753480][ T5142] usb 1-1: device descriptor read/8, error -71
[  325.784283][T10196] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[  325.801541][ T9881] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  325.878515][ T5142] usb usb1-port1: unable to enumerate USB device
[  326.007598][ T9885] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  326.197571][ T9885] usb 5-1: Using ep0 maxpacket: 32
[  326.204431][ T9885] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  326.240264][ T9885] usb 5-1: config 0 has no interface number 0
[  326.254551][ T9885] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  326.271070][ T9885] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  326.280687][T10243] loop2: detected capacity change from 0 to 7
[  326.280878][ T9885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.298532][ T9885] usb 5-1: Product: syz
[  326.299455][ T5839] Dev loop2: unable to read RDB block 7
[  326.308773][ T5839]  loop2: AHDI p1 p2 p3
[  326.313232][ T5839] loop2: partition table partially beyond EOD, truncated
[  326.313515][ T9885] usb 5-1: Manufacturer: syz
[  326.320777][ T5839] loop2: p1 start 1601398130 is beyond EOD, 
[  326.326619][ T9885] usb 5-1: SerialNumber: syz
[  326.327224][ T5839] truncated
[  326.342106][ T5839] loop2: p2 start 1702059890 is beyond EOD, truncated
[  326.346778][ T9885] usb 5-1: config 0 descriptor??
[  326.361680][T10243] Dev loop2: unable to read RDB block 7
[  326.363341][ T9885] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  326.380353][ T9885] em28xx 5-1:0.132: Video interface 132 found:
[  326.380428][T10243]  loop2: AHDI p1 p2 p3
[  326.393975][T10243] loop2: partition table partially beyond EOD, truncated
[  326.401820][T10243] loop2: p1 start 1601398130 is beyond EOD, truncated
[  326.409535][T10243] loop2: p2 start 1702059890 is beyond EOD, truncated
[  326.608215][ T9885] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[  326.816240][ T9885] em28xx 5-1:0.132: failed to get i2c transfer status from bridge register (error=-5)
[  326.828451][ T9885] em28xx 5-1:0.132: board has no eeprom
[  326.907477][ T9885] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  326.922983][ T9885] em28xx 5-1:0.132: analog set to bulk mode.
[  326.934673][ T5142] em28xx 5-1:0.132: Registering V4L2 extension
[  327.253999][ T5142] em28xx 5-1:0.132: reading from i2c device at 0x4a failed: couldn't get the received message from the bridge (error=0)
[  327.317865][T10277] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1043'.
[  327.813629][ T9885] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  328.095920][ T9901] usb 4-1: USB disconnect, device number 41
[  328.359744][T10299] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1046'.
[  328.368805][T10299] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1046'.
[  328.377841][T10299] netlink: 'syz.3.1046': attribute type 7 has an invalid length.
[  328.496932][ T5142] em28xx 5-1:0.132: reading from i2c device at 0x48 failed: couldn't get the received message from the bridge (error=-5)
[  328.534641][ T9885] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  328.547905][T10299] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  328.561446][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  328.578496][ T9885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.590168][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  328.850240][ T9885] usb 1-1: config 0 descriptor??
[  328.969981][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  328.979612][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0x86 (error=-5)
[  329.007500][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0x94 (error=-5)
[  329.037013][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0x96 (error=-5)
[  329.257829][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0xc0 (error=-5)
[  329.318176][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0xc2 (error=-5)
[  329.357532][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0xc4 (error=-5)
[  329.423107][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0xc6 (error=-5)
[  329.463736][ T5142] em28xx 5-1:0.132: failed to trigger read from i2c address 0xc8 (error=-5)
[  329.513216][ T5142] em28xx 5-1:0.132: Config register raw data: 0xfffffffb
[  329.530073][ T5142] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  329.550615][ T5142] em28xx 5-1:0.132: No AC97 audio processor
[  329.660907][T10329] FAULT_INJECTION: forcing a failure.
[  329.660907][T10329] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  329.694670][ T5142] usb 5-1: Decoder not found
[  329.704685][ T5142] em28xx 5-1:0.132: failed to create media graph
[  329.718170][T10329] CPU: 1 UID: 0 PID: 10329 Comm: syz.2.1047 Not tainted syzkaller #0 PREEMPT(full) 
[  329.718196][T10329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  329.718220][T10329] Call Trace:
[  329.718228][T10329]  <TASK>
[  329.718235][T10329]  dump_stack_lvl+0x189/0x250
[  329.718262][T10329]  ? __pfx____ratelimit+0x10/0x10
[  329.718286][T10329]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.718306][T10329]  ? __pfx__printk+0x10/0x10
[  329.718327][T10329]  ? __might_fault+0xb0/0x130
[  329.718363][T10329]  should_fail_ex+0x414/0x560
[  329.718392][T10329]  _copy_from_iter+0x1de/0x1790
[  329.718425][T10329]  ? rcu_is_watching+0x15/0xb0
[  329.718450][T10329]  ? kmalloc_reserve+0xbd/0x290
[  329.718472][T10329]  ? __pfx__copy_from_iter+0x10/0x10
[  329.718500][T10329]  ? __build_skb_around+0x262/0x3f0
[  329.718523][T10329]  ? netlink_sendmsg+0x642/0xb30
[  329.718543][T10329]  ? skb_put+0x11b/0x210
[  329.718567][T10329]  netlink_sendmsg+0x6b2/0xb30
[  329.718598][T10329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.718621][T10329]  ? aa_sock_msg_perm+0xf1/0x1d0
[  329.718649][T10329]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  329.718673][T10329]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.718696][T10329]  __sock_sendmsg+0x21c/0x270
[  329.718727][T10329]  ____sys_sendmsg+0x505/0x830
[  329.718757][T10329]  ? __pfx_____sys_sendmsg+0x10/0x10
[  329.718789][T10329]  ? import_iovec+0x74/0xa0
[  329.718811][T10329]  ___sys_sendmsg+0x21f/0x2a0
[  329.718838][T10329]  ? __pfx____sys_sendmsg+0x10/0x10
[  329.718896][T10329]  ? __fget_files+0x2a/0x420
[  329.718913][T10329]  ? __fget_files+0x3a0/0x420
[  329.718940][T10329]  __x64_sys_sendmsg+0x19b/0x260
[  329.718967][T10329]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  329.718999][T10329]  ? __pfx_ksys_write+0x10/0x10
[  329.719029][T10329]  ? do_syscall_64+0xbe/0xfa0
[  329.719054][T10329]  do_syscall_64+0xfa/0xfa0
[  329.719079][T10329]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.719098][T10329]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  329.719117][T10329]  ? clear_bhb_loop+0x60/0xb0
[  329.719140][T10329]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.719159][T10329] RIP: 0033:0x7fc15538eec9
[  329.719176][T10329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.719193][T10329] RSP: 002b:00007fc1562ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  329.719214][T10329] RAX: ffffffffffffffda RBX: 00007fc1555e5fa0 RCX: 00007fc15538eec9
[  329.719229][T10329] RDX: 0000000000040020 RSI: 0000200000000280 RDI: 0000000000000003
[  329.719242][T10329] RBP: 00007fc1562ff090 R08: 0000000000000000 R09: 0000000000000000
[  329.719255][T10329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.719267][T10329] R13: 00007fc1555e6038 R14: 00007fc1555e5fa0 R15: 00007fc15570fa28
[  329.719299][T10329]  </TASK>
[  330.132155][ T9881] usb 5-1: USB disconnect, device number 46
[  330.139085][ T9881] em28xx 5-1:0.132: Disconnecting em28xx
[  330.157420][ T5142] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  330.168544][T10333] ==================================================================
[  330.176644][T10333] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[  330.184108][T10333] Read of size 8 at addr ffff888053e9c740 by task v4l_id/10333
[  330.191647][T10333] 
[  330.193959][T10333] CPU: 1 UID: 0 PID: 10333 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  330.193974][T10333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  330.193982][T10333] Call Trace:
[  330.193988][T10333]  <TASK>
[  330.193992][T10333]  dump_stack_lvl+0x189/0x250
[  330.194008][T10333]  ? __virt_addr_valid+0x1c8/0x5c0
[  330.194022][T10333]  ? rcu_is_watching+0x15/0xb0
[  330.194034][T10333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  330.194044][T10333]  ? rcu_is_watching+0x15/0xb0
[  330.194055][T10333]  ? lock_release+0x4b/0x3e0
[  330.194065][T10333]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  330.194078][T10333]  ? __virt_addr_valid+0x1c8/0x5c0
[  330.194091][T10333]  ? __virt_addr_valid+0x4a5/0x5c0
[  330.194104][T10333]  print_report+0xca/0x240
[  330.194116][T10333]  ? v4l2_fh_open+0xac/0x420
[  330.194128][T10333]  kasan_report+0x118/0x150
[  330.194138][T10333]  ? v4l2_fh_open+0xac/0x420
[  330.194151][T10333]  v4l2_fh_open+0xac/0x420
[  330.194163][T10333]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  330.194179][T10333]  em28xx_v4l2_open+0x157/0x9a0
[  330.194193][T10333]  v4l2_open+0x1bc/0x3a0
[  330.194207][T10333]  chrdev_open+0x4c9/0x5e0
[  330.194217][T10333]  ? __pfx_chrdev_open+0x10/0x10
[  330.194226][T10333]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  330.194238][T10333]  ? __pfx_chrdev_open+0x10/0x10
[  330.194246][T10333]  do_dentry_open+0x950/0x13f0
[  330.194260][T10333]  vfs_open+0x3b/0x340
[  330.194269][T10333]  ? path_openat+0x2ecd/0x3830
[  330.194289][T10333]  path_openat+0x2ee5/0x3830
[  330.194312][T10333]  ? __pfx_path_openat+0x10/0x10
[  330.194327][T10333]  do_filp_open+0x1fa/0x410
[  330.194339][T10333]  ? __lock_acquire+0xab9/0xd20
[  330.194353][T10333]  ? __pfx_do_filp_open+0x10/0x10
[  330.194370][T10333]  ? _raw_spin_unlock+0x28/0x50
[  330.194380][T10333]  ? alloc_fd+0x64c/0x6c0
[  330.194397][T10333]  do_sys_openat2+0x121/0x1c0
[  330.194409][T10333]  ? __pfx_do_sys_openat2+0x10/0x10
[  330.194420][T10333]  ? exc_page_fault+0x82/0x100
[  330.194434][T10333]  ? do_user_addr_fault+0xc85/0x1380
[  330.194444][T10333]  __x64_sys_openat+0x138/0x170
[  330.194456][T10333]  do_syscall_64+0xfa/0xfa0
[  330.194469][T10333]  ? lockdep_hardirqs_on+0x9c/0x150
[  330.194481][T10333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.194491][T10333]  ? clear_bhb_loop+0x60/0xb0
[  330.194502][T10333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.194512][T10333] RIP: 0033:0x7fb49b0a7407
[  330.194523][T10333] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  330.194532][T10333] RSP: 002b:00007ffd369a7200 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  330.194544][T10333] RAX: ffffffffffffffda RBX: 00007fb49b7db880 RCX: 00007fb49b0a7407
[  330.194552][T10333] RDX: 0000000000000000 RSI: 00007ffd369a7f1b RDI: ffffffffffffff9c
[  330.194559][T10333] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  330.194565][T10333] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  330.194571][T10333] R13: 00007ffd369a7450 R14: 00007fb49b942000 R15: 00005630c0d144d8
[  330.194582][T10333]  </TASK>
[  330.194586][T10333] 
[  330.498060][T10333] Allocated by task 5142:
[  330.502383][T10333]  kasan_save_track+0x3e/0x80
[  330.507059][T10333]  __kasan_kmalloc+0x93/0xb0
[  330.511641][T10333]  __kmalloc_cache_noprof+0x3d5/0x6f0
[  330.517088][T10333]  em28xx_v4l2_init+0x10b/0x2e70
[  330.522099][T10333]  em28xx_init_extension+0x11d/0x1c0
[  330.527378][T10333]  process_scheduled_works+0xae1/0x17b0
[  330.532909][T10333]  worker_thread+0x8a0/0xda0
[  330.537488][T10333]  kthread+0x711/0x8a0
[  330.541545][T10333]  ret_from_fork+0x4bc/0x870
[  330.546118][T10333]  ret_from_fork_asm+0x1a/0x30
[  330.550975][T10333] 
[  330.553284][T10333] Freed by task 5142:
[  330.557254][T10333]  kasan_save_track+0x3e/0x80
[  330.561923][T10333]  __kasan_save_free_info+0x46/0x50
[  330.567303][T10333]  __kasan_slab_free+0x5c/0x80
[  330.572081][T10333]  kfree+0x19a/0x6d0
[  330.575977][T10333]  em28xx_v4l2_init+0x1683/0x2e70
[  330.580993][T10333]  em28xx_init_extension+0x11d/0x1c0
[  330.586363][T10333]  process_scheduled_works+0xae1/0x17b0
[  330.591895][T10333]  worker_thread+0x8a0/0xda0
[  330.596475][T10333]  kthread+0x711/0x8a0
[  330.600535][T10333]  ret_from_fork+0x4bc/0x870
[  330.605120][T10333]  ret_from_fork_asm+0x1a/0x30
[  330.610131][T10333] 
[  330.612446][T10333] The buggy address belongs to the object at ffff888053e9c000
[  330.612446][T10333]  which belongs to the cache kmalloc-8k of size 8192
[  330.626483][T10333] The buggy address is located 1856 bytes inside of
[  330.626483][T10333]  freed 8192-byte region [ffff888053e9c000, ffff888053e9e000)
[  330.640442][T10333] 
[  330.642754][T10333] The buggy address belongs to the physical page:
[  330.649149][T10333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x53e98
[  330.657904][T10333] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  330.666401][T10333] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  330.674365][T10333] page_type: f5(slab)
[  330.678360][T10333] raw: 00fff00000000040 ffff88813ffa7280 ffffea0001465c00 0000000000000005
[  330.686929][T10333] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  330.695500][T10333] head: 00fff00000000040 ffff88813ffa7280 ffffea0001465c00 0000000000000005
[  330.704157][T10333] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  330.712813][T10333] head: 00fff00000000003 ffffea00014fa601 00000000ffffffff 00000000ffffffff
[  330.721470][T10333] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  330.730134][T10333] page dumped because: kasan: bad access detected
[  330.736543][T10333] page_owner tracks the page as allocated
[  330.742255][T10333] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 8823, tgid 8820 (syz.2.752), ts 256621585836, free_ts 256530180298
[  330.763538][T10333]  post_alloc_hook+0x240/0x2a0
[  330.768308][T10333]  get_page_from_freelist+0x2365/0x2440
[  330.773857][T10333]  __alloc_frozen_pages_noprof+0x181/0x370
[  330.779685][T10333]  alloc_pages_mpol+0x232/0x4a0
[  330.784534][T10333]  allocate_slab+0x96/0x3a0
[  330.789028][T10333]  ___slab_alloc+0xe94/0x18a0
[  330.793691][T10333]  __slab_alloc+0x65/0x100
[  330.798181][T10333]  __kmalloc_node_track_caller_noprof+0x5c7/0x800
[  330.804599][T10333]  kmemdup_noprof+0x2b/0x70
[  330.809090][T10333]  ipv4_sysctl_init_net+0x47/0x3f0
[  330.814201][T10333]  ops_init+0x35c/0x5c0
[  330.818439][T10333]  setup_net+0xfe/0x320
[  330.822633][T10333]  copy_net_ns+0x34e/0x4e0
[  330.827055][T10333]  create_new_namespaces+0x3f3/0x720
[  330.832342][T10333]  unshare_nsproxy_namespaces+0x11c/0x170
[  330.838063][T10333]  ksys_unshare+0x4c8/0x8c0
[  330.842560][T10333] page last free pid 5839 tgid 5839 stack trace:
[  330.848872][T10333]  __free_frozen_pages+0xbc4/0xd30
[  330.853981][T10333]  __put_partials+0x146/0x170
[  330.858656][T10333]  put_cpu_partial+0x1f2/0x2e0
[  330.863407][T10333]  __slab_free+0x2b9/0x390
[  330.867810][T10333]  qlist_free_all+0x97/0x140
[  330.872405][T10333]  kasan_quarantine_reduce+0x148/0x160
[  330.877871][T10333]  __kasan_slab_alloc+0x22/0x80
[  330.882739][T10333]  kmem_cache_alloc_lru_noprof+0x35d/0x6d0
[  330.888561][T10333]  shmem_alloc_inode+0x28/0x40
[  330.893336][T10333]  alloc_inode+0x67/0x1b0
[  330.897670][T10333]  new_inode+0x22/0x170
[  330.901816][T10333]  shmem_get_inode+0x346/0xe90
[  330.906581][T10333]  shmem_mknod+0x18c/0x3e0
[  330.910993][T10333]  path_openat+0x14f4/0x3830
[  330.915577][T10333]  do_filp_open+0x1fa/0x410
[  330.920070][T10333]  do_sys_openat2+0x121/0x1c0
[  330.924850][T10333] 
[  330.927175][T10333] Memory state around the buggy address:
[  330.932798][T10333]  ffff888053e9c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  330.940851][T10333]  ffff888053e9c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  330.948900][T10333] >ffff888053e9c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  330.956949][T10333]                                            ^
[  330.963086][T10333]  ffff888053e9c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  330.971129][T10333]  ffff888053e9c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  330.979184][T10333] ==================================================================
[  330.988200][ T5142] em28xx 5-1:0.132: Remote control support is not available for this card.
[  331.036292][ T9881] em28xx 5-1:0.132: Closing input extension
[  331.055369][ T9885] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor
[  331.065414][T10333] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  331.072636][T10333] CPU: 0 UID: 0 PID: 10333 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  331.081678][T10333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  331.091737][T10333] Call Trace:
[  331.095024][T10333]  <TASK>
[  331.097958][T10333]  dump_stack_lvl+0x99/0x250
[  331.102644][T10333]  ? __asan_memcpy+0x40/0x70
[  331.107266][T10333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.112480][T10333]  ? __pfx__printk+0x10/0x10
[  331.117093][T10333]  vpanic+0x237/0x6d0
[  331.121093][T10333]  ? __pfx_vpanic+0x10/0x10
[  331.125611][T10333]  ? preempt_schedule+0xae/0xc0
[  331.130476][T10333]  ? __pfx_preempt_schedule+0x10/0x10
[  331.135863][T10333]  panic+0xb9/0xc0
[  331.139602][T10333]  ? __pfx_panic+0x10/0x10
[  331.144040][T10333]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  331.149956][T10333]  ? is_module_address+0x17/0xf0
[  331.154912][T10333]  ? v4l2_fh_open+0xac/0x420
[  331.159511][T10333]  check_panic_on_warn+0x89/0xb0
[  331.164445][T10333]  ? v4l2_fh_open+0xac/0x420
[  331.169019][T10333]  end_report+0x78/0x160
[  331.173240][T10333]  kasan_report+0x129/0x150
[  331.177722][T10333]  ? v4l2_fh_open+0xac/0x420
[  331.182391][T10333]  v4l2_fh_open+0xac/0x420
[  331.186804][T10333]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  331.192780][T10333]  em28xx_v4l2_open+0x157/0x9a0
[  331.197621][T10333]  v4l2_open+0x1bc/0x3a0
[  331.201860][T10333]  chrdev_open+0x4c9/0x5e0
[  331.206267][T10333]  ? __pfx_chrdev_open+0x10/0x10
[  331.211194][T10333]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[  331.217514][T10333]  ? __pfx_chrdev_open+0x10/0x10
[  331.222438][T10333]  do_dentry_open+0x950/0x13f0
[  331.227306][T10333]  vfs_open+0x3b/0x340
[  331.231389][T10333]  ? path_openat+0x2ecd/0x3830
[  331.236230][T10333]  path_openat+0x2ee5/0x3830
[  331.240809][T10333]  ? __pfx_path_openat+0x10/0x10
[  331.245736][T10333]  do_filp_open+0x1fa/0x410
[  331.250222][T10333]  ? __lock_acquire+0xab9/0xd20
[  331.255056][T10333]  ? __pfx_do_filp_open+0x10/0x10
[  331.260069][T10333]  ? _raw_spin_unlock+0x28/0x50
[  331.264907][T10333]  ? alloc_fd+0x64c/0x6c0
[  331.269226][T10333]  do_sys_openat2+0x121/0x1c0
[  331.273893][T10333]  ? __pfx_do_sys_openat2+0x10/0x10
[  331.279075][T10333]  ? exc_page_fault+0x82/0x100
[  331.283825][T10333]  ? do_user_addr_fault+0xc85/0x1380
[  331.289092][T10333]  __x64_sys_openat+0x138/0x170
[  331.293934][T10333]  do_syscall_64+0xfa/0xfa0
[  331.298425][T10333]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.303610][T10333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.309668][T10333]  ? clear_bhb_loop+0x60/0xb0
[  331.314360][T10333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.320265][T10333] RIP: 0033:0x7fb49b0a7407
[  331.324666][T10333] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  331.344368][T10333] RSP: 002b:00007ffd369a7200 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  331.352770][T10333] RAX: ffffffffffffffda RBX: 00007fb49b7db880 RCX: 00007fb49b0a7407
[  331.360737][T10333] RDX: 0000000000000000 RSI: 00007ffd369a7f1b RDI: ffffffffffffff9c
[  331.368706][T10333] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  331.376658][T10333] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  331.384609][T10333] R13: 00007ffd369a7450 R14: 00007fb49b942000 R15: 00005630c0d144d8
[  331.392585][T10333]  </TASK>
[  331.395894][T10333] Kernel Offset: disabled
[  331.400206][T10333] Rebooting in 86400 seconds..