last executing test programs:

9.090324716s ago: executing program 2 (id=1404):
openat$vicodec1(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000005c0)={0xe, @meta={0x53465052, 0x1655c096, 0x36d0, 0x963a, 0x5e9973e}})
file_setattr(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x1ba8, 0xd9, 0x3, 0x1000c, 0x3f91}, 0x18, 0x1000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, 0x0, 0x4000000)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@abs={0x0, 0x0, 0x4e23}, 0x5b)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
lseek(0xffffffffffffffff, 0xfffffffffffffff5, 0x1)
r3 = syz_io_uring_setup(0x10b, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x800}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000300)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000540)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185500, 0x12345})
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
io_uring_enter(r3, 0x7277, 0xfffffffd, 0x0, 0x0, 0x0)
socket$kcm(0x11, 0x3, 0x0)
r6 = syz_open_dev$vim2m(&(0x7f00000002c0), 0xfffffffffffffff6, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r6, 0xc02c564a, &(0x7f0000000080)={0x0, 0x1012, 0x1, @discrete={0xfffffffe, 0x7fff}})
r7 = socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r7, 0x89f3, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000100)={'ip6gre0\x00', <r8=>0x0, 0x4, 0x87, 0x0, 0x0, 0x2a, @remote, @mcast2, 0x700, 0x88, 0x4, 0x2}})
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@deltfilter={0x54, 0x2d, 0x400, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r8, {0xa, 0x2}, {0x4, 0xfffb}, {0xb, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0x26}, @TCA_CHAIN={0x8, 0xb, 0x5}, @TCA_RATE={0x6, 0x5, {0x0, 0x8}}, @TCA_RATE={0x6, 0x5, {0xff, 0x6}}, @TCA_CHAIN={0x8, 0xb, 0x4d}, @TCA_CHAIN={0x8, 0xb, 0x2400}]}, 0x54}, 0x1, 0x0, 0x0, 0x20041090}, 0x810)
r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r10=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000071000100000000000000000007000000", @ANYRES32=r10, @ANYBLOB="0c000180080001000300010020"], 0x44}}, 0x0)
r11 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r11, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0x6, &(0x7f0000000100)}], 0x492492492492642, 0x0)

7.856086748s ago: executing program 2 (id=1409):
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f0000000100)={0x79, 0x0, 0xf71})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r4)
sendmsg$NL80211_CMD_SET_PMK(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000400)={&(0x7f00000005c0)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010026bd7000fcdbdf257b0000000a000600ffffffffffff00001400fe00225757ced880715f9e5d8d29cc5bb20614000201ab303e3ad10651457fc178f666b031f41400fe00c37203e114699a8573f6a5532f3504821400020192190f96ff3dc121ad1631446f0e5e1cf0fab7603c39148ebf0f582913928e2b605b3b59c3558ceef0321a7c0c765f8e39ebca1d0f68888cd0742e63a70f313ee42e0fe27bd20a19040095a8a4fb00a58e38b981e6074949bad0ca73b4830fe1081c9f0902e994bae69cf8688f084cb08252d8362235ca2eaa6da2be022ac0bdabd2baf913e12e78da470a79c56cba05c8816cc51a07ce23bb28aec81d55c06f762fe2874791fc5dfc364b8194ffb08287b3143ed480159f8633711f7d788200cfd1c84116c9b115c2dc4c"], 0x70}, 0x1, 0x0, 0x0, 0x200088c0}, 0x20000000)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000001080)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x41, 0x0, @multicast2}, 0x20020003}}, 0x2e)
syz_io_uring_setup(0x579, &(0x7f00000002c0)={0x0, 0x922e, 0x8000, 0x3, 0x33c}, &(0x7f00000000c0), &(0x7f0000000180))
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58)

7.615072708s ago: executing program 1 (id=1411):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x80, &(0x7f0000000000)='\x00\x00\x00\x00\t\x00\x00\x00', 0x8)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f000043b000/0x1000)=nil, 0xfffffffffffffdb5, &(0x7f0000000080)='\x00\xc9\xf5\x00\x00\x00\x00\x00\x00\x00+\x1ct\xc6\fr\xbaU\xc1\xb2\xd2\xde\xbfk\xc0\x18\x94\xc5&\xec\x03\xa0w\"E\xc9\xf2,K4\x10\xc8\x8cuj\xd3\xf0\xb3\xa9f\xf7\xb7\x17\xdf\xca\xac\x8b\x81K\t\x14^\xc3\xb7<\xa1\x15\v4\xd0\xbe\xa8\x01\x00<:-Y\n<\x1d\xb2\xe0kU\xc0\xc1\x14')
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000080)={r2, @in={{0x2, 0x4e21, @multicast1}}}, 0x84)
r3 = landlock_create_ruleset(&(0x7f0000000080)={0x10}, 0x10, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x4)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
landlock_restrict_self(r3, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./bus\x00', 0x0, 0x8}, 0x18)
openat$vsock(0xffffffffffffff9c, 0x0, 0x2c0c2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x20000001}, 0x8000002)
setitimer(0x2, 0x0, 0x0)
bpf$OBJ_GET_MAP(0x11, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200))
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000800000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4dd4f204e345c65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340bdc8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69c584146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69239500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181070000005e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8504000000000000004fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3d99e3568c51cd1eab8a26b232ac46bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d89f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef0a96e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5cc98d992f3de7d1cdfb24384b9f10f615c87c441dc970ec896a5af6bf69b50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246bae0b04bec8e30b6772b8950f32e87beda060f9af2a0ccd4a8eab8e395ee3628eb976b7fff835e6c1bdc4a6e00acd0fe63ba8425b21845db903b38c80148e6aa497dbf0e2baf938d3ecbd433527602d89f10aca419ff54e47354194f75e343d4c75227448530b0d8d59b9f94a3fa0ca9210177926c58ef46dcd09e79c343d35aa954d12f89410c47ac29c881f8a6bda8dd40df0d1e5881338d2c5a01bf1ee6b28169fef18df13c759e767d3442ae6598106496f42b73074bb804e8763915c3e04400ad44e9f3130e904062d204d385c026722a094255db1572d66e7a4917bba2a0f6a1a57482cdb4070d"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)

6.479527199s ago: executing program 0 (id=1414):
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b000000000000000008000000200013b5380c4b81fd400000000022bfcbbb28d41e911544514974d8303a758e4723a1b1d7b97fed12a649a520a257248e3ebe20d0291d4015579433b69f334f1245da56509d2b892862b3dd10e4e6afeea27dea4cbd3224401a80237f371fb75a64bdab371372a34c1b330755a2205d9d851ebd068d35d879ffba30ae488c049f4461ca89b99839ed1017d74c5d27e5be194b67ba0c7f02ab6d", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r1 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_restrict_self(r1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
landlock_restrict_self(r1, 0x8)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x3cc85000)
mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil)
socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = socket(0x10, 0x3, 0x0)
sendto$inet6(r3, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04020506056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008000800000000000000e218d1ddf66ed538f2523250", 0x78, 0x4804, 0x0, 0x0)

6.477620269s ago: executing program 2 (id=1415):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x41000, 0x66, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_DISABLE_QUIRKS(r3, 0x4068aea3, &(0x7f0000000200)={0x74, 0x0, 0x10}) (async)
ioctl$KVM_CAP_DISABLE_QUIRKS(r3, 0x4068aea3, &(0x7f0000000200)={0x74, 0x0, 0x10})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002004e220000000000001400020002000000e000000200000000000000000f0001010000703a73797a3200000000"], 0x54}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="54ec0000", @ANYRES16=r6, @ANYBLOB="0100000000000000000017000000400006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989"], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={0x0, 0x68}}, 0x0)
sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004) (async)
sendmsg$TIPC_NL_KEY_SET(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x54, r8, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_NODE={0x40, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "e3de3d7b4cd07ec3ee777de774fc7987cca41989"}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000e40), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000000)={0x60, r9, 0x1, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x15}}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x200000c0}, 0x0)
setfsuid(0xffffffffffffffff)

6.273618754s ago: executing program 0 (id=1416):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800008080b63428e900"/20, @ANYBLOB="0000000000000000b702000014000000b70200000000000085"], 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
r0 = socket(0x22, 0x2, 0x3)
getpeername$packet(r0, 0x0, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x5, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r3, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

6.128805929s ago: executing program 0 (id=1417):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
unshare(0x26020480)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x8cffffff, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
umount2(&(0x7f0000000100)='./file0\x00', 0x0)

6.075468003s ago: executing program 1 (id=1418):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000200)={0x1, 'netdevsim0\x00'}, 0x18)
syz_emit_ethernet(0xbe, &(0x7f0000000440)={@random="8775695716c6", @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0xf7, 0x0, {0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x23}, {[@cipso={0x86, 0x77, 0x0, [{0x0, 0xc, "e2ffb28c599d1681fb52"}, {0x0, 0x9, "789607671442eb"}, {0x0, 0xe, "7434954373561de584b703c8"}, {0x0, 0x9, "e706d30bd224f8"}, {0x0, 0x7, "cfa11cab1a"}, {0x0, 0x10, "0af0615d7d19a18b05a0dc91e5c6"}, {0x1, 0xa, "6580a5e97612fe86"}, {0x0, 0x12, "2400110003009c000000000000000000"}, {0x0, 0xc, "c8f46976e79e56c7a95e"}, {0x0, 0x6, "51a0eedb"}]}, @cipso={0x86, 0x6, 0x3}]}}}}}}}, 0x0)

5.903343788s ago: executing program 1 (id=1419):
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
syz_open_dev$dvb_demux(&(0x7f0000000000), 0x0, 0x480)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x5, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000600000004"], 0x50)
epoll_create1(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x2, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400ea0010001d0025bd7000fadbdf2500000000", @ANYRES32=r2, @ANYBLOB="138000002b9201002400128009000100626f6e6400000000140002800800", @ANYRES16=r0], 0x44}, 0x1, 0x0, 0x0, 0x240448e0}, 0x0)

5.894880908s ago: executing program 2 (id=1420):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
readv(r0, &(0x7f00000007c0)=[{&(0x7f0000000080)=""/149, 0x95}], 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r4)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={0x60, r5, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xe87e, @private1, 0x2}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x60}}, 0x0)
timer_getoverrun(r1)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_GUEST_DEBUG_x86(r6, 0x4048ae9b, &(0x7f0000000240)={0x40000, 0x0, {[0x2, 0x5, 0x0, 0xffffffff80000004, 0x2, 0x8, 0x20000000, 0x5]}})

5.849521462s ago: executing program 1 (id=1421):
unshare(0x20000400)
unshare(0x2000080)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt(r0, 0x111, 0x1, 0x0, &(0x7f0000000080))
r1 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(r0, 0x4048587b, &(0x7f0000001700)={{<r2=>r1, &(0x7f0000000040)='\x00', 0x72041, &(0x7f0000000140)={@align, {0x6, 0x0, 0x7fffffff, 0x8000000000000001}}, 0x2beabd96, &(0x7f0000000200), &(0x7f0000000240)=0xfffffffb}, 0x5, &(0x7f0000001640)=[{0x3, 0x6, &(0x7f00000002c0)='\\#--)\x00', &(0x7f0000000300)="12342013dfc5c4d0be84b55e14fb4c75af05c8a9c4c7", 0x16}, {0x3, 0x0, &(0x7f0000000340)='-@\x00', &(0x7f0000000380)="620f3a38f81f45aea5a3067bca15131f7d814c53ae6f5420a6f50d0565c0fdf651f2405c47c9110f3dd5dd8ef8561c7269ed2e94edbbb5da4c222defb6bee3bd612c054489b661d0c6643da0425cd04f6bb9d3e4d0e74aa7f25869f5a33c629605f85923642f69a8ebf5dce3b6c483d2d8bf121efc268d3a5bbb948e73d4", 0x7e, 0x2a}, {0x3, 0x9, &(0x7f0000000400)='\x00', &(0x7f0000000500)="4c0a3c228396cd2128e7abc23db516c5ca6cdb2fa9a46cdf0e2fd8340ecca3e340f4cb7a120900f02f857c1f9f63132a9ff615126132d2bbb33d26aed24055cbc1732892e5968068767f13d8cccf41b4bb6deeab9062f1171d2ee794ec5a81f72c1d1c12b214b98f4a1387dde19965877ff8b48ece5b291ca0f1397be0b3e450ad62be2dab9d3208c772976efb446b91a22f936c3800041029fae8af2adcef136e9ef8e8427f820f53702961e2f232cbff16326c4b115553c8dff70abd76b07d483e30888c76776f4ed3c971049da6173474fece45c292ec30e5a9fade2a8a0be3c3f3357a13350fb2c80b1fee1e2f9ec100d73832681777e0b3f851ee992b9e0a3d31db9ef23ea7bb3c32f62522b07eb37843af393db3c8d3f1f597720005ba6790015d3fa27876c277fac83f7cf9d4ad7ee4725cf2514a0fd2c9a0b0e4945643f155614f93d115338df0c7758c895e52a4f31d45439fc9099064c849478da95e62d28fb7112e3c1286a88c32e53205c5d151301a87a269d7ad391852f6793966f48a0ab5a2d55dfa3a144979d175fdd57609f8d1a397481afb92aa4ec1093c5026e5f281344c79c02fc29274f1e2dadc853c70f9df2e0ebabc32d803ba7f0acf7995957b85494e720d8e9daec4f27b925c5ead0ad8ca26dfa3f46f6711a30bd7316a4fc1851ed9b642f4e6cfbbb98362ff355c22a9a722ca68a357411c0ee55ca4be386537ada12e4183bfb62b396dfbda8c9c9472d70e8e06e3254e8f1753ba160e49a8926117f83c99e18d4fe4bb7eea62d91c52c1749d4fb25683d40b6ca8155ebb32bdfdbe5dfde913158a390d0f2ea9f1ccf4d00b108d4610a22fb5d6688fc776b31264c7b0b552a17e5f0c571639917b3323f13c6beabab659d5c972fa904c643a1a78d1ef54cdd87c662018307c06eb3c875e899b21e8e78ace9c3671fe08ef8e520c0ec82ed45f7a8f75c4aa3fd27554734c6aa7a7c3afecf6e80ef8f898ee84b36f7821419914726841ff02830763f0a4a1e93fab896f5093159fdd50890a4b3ce191987611f0b4d2a3453b6b9ea24fc59648d49ef21ec3bfcf27225ae778dca5b8fa93f3ca854a74e80dfc8f100949ba8a7581254c413566a882ac2b6319130ce126e25777e8c2f5a64bc7b9e4540b3a7f92fda136780b185bc77f7220ddec5261733da96fa174b372cc6c7f4e90234935dd71564ed8ac4128444b400947e40a9b8b4743836c3252ad694fac3e00b466db37b9a64cc5a2831a74e81797d11eab9ab3b465b3fa3353a976f1de03a9578b6587a4b9f57dbd10bc630a86dd557e0e9c92168ce95d74142ceedb641b4e322e1b159e2cf71da70739d4277cce898782af5ef05034f5951ffbaee04929b276261c46255b5aec0aeba2a7f38d8ebc06c6029c2453f50340c591eb15e7495baee284fc8d2b215fb1bd0ff46c205d20d79c3f567797316710a599abad5ecae1570ab373b6c5cccd3fc97fb78691248c8e9308fc820fc2fb0528e13bde0bd86ef2dd32c1c9d7c6defa65007d7d3209a6d92a1435d4f2870633c49bbdc6b5cf428694752bdce000b0bd8298cf702ab7b3c7d0ea631ff5150503e6af231fd8dd9eb9bc192a912b68d2fb4aa5687f5ef5e793157ed3745387da15863f995f4bf0b323e01f380266bc37ce3ebf528c4f993566544ac3848ecc0a07f71ecc92b378aa494e1aad1f5d9c8c8c29ea957da2dbce6096f5cbcaf1ce767cb45f4f0eb9f802ad78bf1a48ab068dcb5e91f53f2dad64cceef80b9af234d7522a03d324f978cb4464509dbd0c3b80d2dcfc02e91ed7d8adbaf14c2a618a9cef2782b9333f96b1942306e7fd3b461d5df9b491a4454d4f94c682d5b550d93e3681c8813a8ef51530307d48a80c7f128e1ac7bf8c681624aad46eca38dbc77ab19eab3ce91cd5596c7073e8d4c7114bc502ecbe18ae2dabe73f8e081fa6654a25a58f945e8134016e52456c896b364b6bac685c4e83f1f0ab9be3fc8109132bc7a1956d2164b2012112a77b74aacb92f3704ebf0b7f29dd0685535ce1710830ea400a2cd1dae0bd7f9c31bc19d366794c303b690d9bfa5cb4e5da61f0a3c9cfde3a933941bca28f353bceaf7217b771f997294866a58a16ae482b7380fca53ae075d583d442d604f032769cc58f70f1e70e8e0d59014ff7d9e0f66729a66aaf94fecbd767056d0906c8d08f79227f32a328fcaa3502c91e344381f7373130dc3c58a795dbcef7c375b10ca830103ce42ad929bb0ec94bfbdc32cca19c9e10bfd81f05dda7d5c4c4072ed0fcf6593b7938c092185d463cacf5abc6ea7f052e21f05fae9a1ce39084b69bb345cdec73a514a45d1626830dc294774fc87c4b673b734de7466727f1e4cedd5dacd348e70d91c81f139f2a0a8c2c36487c6dfcb1fe578f2e1574dac1b0717bb02f3de222c6b382107b57898ea88d6a0051b12fd8695ffb535b41ea39b419ce0f6c8d5876c41984a2139737a335a4b30f4202f9f2cdf8393088935759aef6ce802eda3c337478a0c761d36d773d593af5fa2a919a77e806da20c1d1ab9945f38d15c4c633f7d97f94487a42d3cda0fc949b814898fce603780a632d057696f35ecaa33ebffb3ace4ee6c28932c4b26ebda79b64e78f0e2eac4db587948f5f2cd089add71ee29cd522effc7eae717ff87bfb5d80f52aa1bb7ac657f4f8d0cffc93c325c6238c1aa5f053df6932244b38706896a72ba926dc2698a41c983ef211bff7d5fb5ef5563b0d73af7d4c9bb83ca895889bc399ab3c05082f758376fc9f1e1c437f477601444d46c3a286a9ef0083d0d6a22c486c43176efd8b8afcfad3d689bde77a4415c757a2de33dbe550fcca9175a0843d65aff2c3774a38c5484c2f83edcd8ce63d46f83b07bc3560334a2a61a0e26d1db583cd983cb32af6d98af60fce910ae7a72470e8bcbb2e607f20557db98e9512316cb9d5051cd209096eab06b338b991930f4bdeb0ee44b3bec267dfc64878a07110512228998d22f6280b82370b55cf9d9d3c064f057e6e6f5694f9301886b3e167ad89f46a87b43a4f87f41dddb399539d65b0c920122c1450f3cbf556a260e4c13acc21d62da8d558e1a078d28b55834f983561f0177471bfb25b96e5bb37145c19b449734253ca89399eeec314fb5a3e55624e6b217922c28a9d2272a038d6b0de6a2a54263c44a24651bc494841ecc9593ef10b4e1f74499c52d42423ed92fc0ebfcacf18a9c2ada89ed95dae150684c292ee82d665fb91c89d7f9ecce3756c5b6c16c96ca7dbe47a6843c3a921a0c5ff2422ca5bb860dadca83ea7fa69e2fb7fb2d2f670472f8e8ce2d62f53af96d37f510ca85277bc18b1ae00a505b2cbc398df350a9d3b813ff1411cf9bdf14038722490a0d6e65dec233613d2833ed678befdd8fb9fc462fd6b59c0630f5f3375b027ccc83728b1cfeb093cb6d9999dcba8c9dece96a920731a9609b452dc2f33a8fd55549be01792ff7d0560619a832f9d4ebcf57f77a141496032b5c7580d364b1632f7e5c14b4584971fe4edb6b7d404ac56463cf075b586b06346febbddc703bed45c787275b50bdcf8e7f36f1e1361fe5a8a4941313341714d331a7929a070bd3d166bd1e66b4230399df659520b8cf10771f9d2051aae0c1cc715ce28c2b31f0e9d735ca75fb5500b700c1564b733fdafadc7568b3663998fb8ec10303a9e5ee6addbc043f92002835a6db95e8996f79b456e9bc3ec9c9f7c8c8c43f8c3ffa09c6a6ad085aca09224891772750dd1aed8bb96b07154fbf2c71eb92b6246607ab8065b1ee4b77b25e7557640cbec4ab5449ed141975cd69e42f6486ca9e8a958b72282556c8752e1df8254c3ed8156d096e3779208221537885b30ff38c036ec543b63efcd353b7978b968a9c0bbc04080baab1f11d33aa274d27e40531c84cecc6973514168807b0705a6e37d1793259501054eca565684af843c76bfb748c3ef72feba00e48fd757096a2ed54254b9317f69355a1f0a31f34e995097a76ddb5d29eb1b958fb7d07ebdffeb7f072ddd7335d9b8ffeeb0719a53b1f8dfbef62508fdcd3b9f288838beb2a67f0d3ffa682dfe579d6dec97f95f3170733e201b857972aa6a2c8c8a1b3d487001b054301669091146b50014e456cdabb7377432f4783473f78a4efc3999c2879c27e2f93370294e8bad719a51543a040c134b3d575e96158e5a480bd64448a8133042c8df63555e04955ec96edb9c7495fc5fa5e7706dcad47e2c5928090c990678f6bd0ee7f3ffc5ed398efbdd87189b1e70e28c08b8e25ceffcdc76584d6c1b0bfce6639c631394c45cff8a3059e2d5172514e87930e21ce1cad35be4111fc0a65c0505b86eeaa0fc4945c28c1f617765215887b11641b57adfb62915e10450249c53c421991960d11c401b167d78dcb382c5013aeca84e6d0acaa9598ec2cf0c41bd50af513ffe6fe199d66bd82ccf1f7dfd377f99cf3d09af1dd197558ac27ecb1123f77245af84da98a6e2531798c463743fb3dc65b9a56a50205562e30f6f6a72e2a1408aff2deee88bf285d2b8d7c540dfe14be99184cd731eacc1f36296aa42d99ccc32d97af7e78762d08ba0d62fe2644acd26e3b036f0edf8f20ee9a3ce0d7ea2071e3c28791e2146c338fc4dd97076144312e47d685f765153c7e4886926272bdafa79b9c59a1e6ca0b91604b5549e861fb97f1c163dde0d851dd0576df5abccf0c2ea3ff6015cb714115780dc485a411c5eb7d637c3bd7bf5c821322661d8415c365288b4822afc9421586da96a202e95ea5bc952984821bd60f5f446a85a033f3b72a5c48e7a2e950481875504acc3ae0c3fe2feb8f1e0d607011273372eb7e9ce2a5c13e0111f30a5226aeca66f4ce28eda3f3caa1763e23f96a0f141e8758c9564a856dcea73065bc2ce65907adf6e7b2928b626a63e9904dff7d12e6ede38e9567e1cc7d24f1d353183b22fbb4b46365e65041325d0d2d13cf506464b6d5c13dbe3c51a47baa3aa465ed5c286b216fea88a25b3b7e3ce605fde460de19f62cec05518bab3b15660db30c5c084be416854c2c49cdf6615b4e958cd94b8f3e4234edee585187b811a1a2ffc54661896c54016981f0b69501b894d3eea304d40e24bf16533a1459391e79215b36a9124b9264e642bda7768b02d54530c07844129afb7c8ddc8a10493771a092f218be55b1d3c791f728b4d56abde8c5bbd1aad4e098927c14510414d6d226afbe845f89e4909133df6f22380cabebeb1c808664260f68058c195dcbff21966f37bd51ddb026e7200357836d667038bb63fcc1f6ceb0ac18d917e6a68245df409ad07ae76f3069bed5e27dadfb4fc95d5262e90f6ba38feabf578e76b96a06a46f928d315b84634e56fa99eb31ab1d0b763c63c162c9772b0a53db58637241f26ee2d88f4538dc8366675a5b9f785729f5c51f01ae34ca94bfeaff2b68a193a31df8519c8d485cfd27d0a8a6abee83d7bf76d36d3eeba35b966cfa14d6863beb4ff74602460b450db85f40d781950b83dde448b9d73ebe982987b317eb5e3a9f192263dc145c5f4a7ea4dbfd4eae510b5fb124ed09a143ed6d7879ca5d78826e69cda796424404ce53c3bd863809384433c457c4a26fe8b3d3a8b147cee7429dfe05df3c10bb28fc8797ff5d1b338c1c1f6ba108f81c6fdec2ecb7db85dbd073779edd95e4feac3b36d67856c7b979423c097d6d8d207e7ac0d8ecdfd4aa0a3042208bc6b36f7e3160fd8b87e0b87e152bb86bd38bd0f231f59760460817f414b97", 0x1000, 0x8}, {0x1, 0x9, &(0x7f0000001a00)='-\\\x00', &(0x7f0000001500)="2eeba3884e80e85fcf1cd1812eab9160859f3b99f5ab9a9f168d21b5d0c994aac42d0e6cdf5e136dec9c342f012caf70a05462432079796e048ddb55e8a8de103dfc1face05f3787c8e9ad2f1bd7827761e477498c9f2b4a0c236c68d904e73a77cd92d78ee73333493f27a325f315735734dcbcc5568974ed2bd0ccbff69646eed461ffa2998a2a66b5a33b42d0418130632287a278d48f576a7e126decbd68e34cdc162eccfae66f787c222996ea18c552263ce2", 0xb5, 0x20}, {0x3, 0x40, &(0x7f0000000480)='%{\x00', &(0x7f00000015c0)="1c62b64fa5abeb97aa97717a5c27d862c0a6300f5997904d6c640c368017b63f2d7100704f975aa866f273120195b39e0ae50e5eb3c260635ed4d17fdb5d7c9943877f935547033d17ce15", 0x4b, 0x10}]})
connect$qrtr(r2, &(0x7f0000001780)={0x2d, 0x7}, 0xc)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f00000019c0)={'syz_tun\x00', 0x3})
setsockopt$inet_sctp6_SCTP_INITMSG(r3, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r3, &(0x7f00000004c0)='W', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x8, @loopback, 0x8}, 0x1c)
setsockopt$inet6_buf(r3, 0x29, 0x22, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010004b0422000000000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800150000000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f00000017c0), r2)
getsockopt$packet_int(r2, 0x107, 0x16, &(0x7f0000001800), &(0x7f0000001840)=0x4)
ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000080)={0x0, 0x0, 0x3})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
close(r7)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1, 0x9}]}, &(0x7f00000002c0)=0x10)
r9 = syz_io_uring_setup(0x37f7, &(0x7f0000001880)={0x0, 0x3d5b, 0x3c0307d601688dfb, 0x3, 0x153}, &(0x7f0000001900), &(0x7f0000001940))
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r9, 0x1e, &(0x7f0000001980), 0x1)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r10=>0x0}, &(0x7f00000004c0)=0x8)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f0000000100)={r10, 0x3}, &(0x7f00000001c0)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000100)={0x9, 0xff, 0x20d, 0x10000, 0x4, 0x595, 0x2, 0x80000000}, 0x20)

5.037553171s ago: executing program 1 (id=1423):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='cubic', 0x5)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22, 0x0, @private2, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002200)=[{{0x0, 0xf5, 0x0}}], 0x40000000000027f, 0x0)

5.037214199s ago: executing program 0 (id=1424):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000640)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd26, 0x25dfdc00, {0x0, 0x0, 0x0, r9, {0x0, 0x4}, {}, {0x8, 0xfff2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x7cff, 0xbd, 0x5, 0x6, 0x1ff}, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8004}, 0x20000000)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r6, &(0x7f0000000280)={&(0x7f0000000440)=@xdp={0x2c, 0x0, r10, 0x3e}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000180)="27030200000214000e00002fb96dffff1144ee163cddcb000000800000827600000000000000", 0x26}], 0x1}, 0x5)

4.776763684s ago: executing program 2 (id=1425):
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x40ead000)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000100)={0x79, 0x0, 0xf71})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r5)
sendmsg$NL80211_CMD_SET_PMK(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000400)={&(0x7f00000005c0)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010026bd7000fcdbdf257b0000000a000600ffffffffffff00001400fe00225757ced880715f9e5d8d29cc5bb20614000201ab303e3ad10651457fc178f666b031f41400fe00c37203e114699a8573f6a5532f3504821400020192190f96ff3dc121ad1631446f0e5e1cf0fab7603c39148ebf0f582913928e2b605b3b59c3558ceef0321a7c0c765f8e39ebca1d0f68888cd0742e63a70f313ee42e0fe27bd20a19040095a8a4fb00a58e38b981e6074949bad0ca73b4830fe1081c9f0902e994bae69cf8688f084cb08252d8362235ca2eaa6da2be022ac0bdabd2baf913e12e78da470a79c56cba05c8816cc51a07ce23bb28aec81d55c06f762fe2874791fc5dfc364b8194ffb08287b3143ed480159f8633711f7d788200cfd1c84116c9b115c2dc4c"], 0x70}, 0x1, 0x0, 0x0, 0x200088c0}, 0x20000000)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r6, &(0x7f0000001080)=@pppol2tpv3={0x18, 0x1, {0x3, r8, {0x41, 0x0, @multicast2}, 0x20020003}}, 0x2e)
syz_io_uring_setup(0x579, &(0x7f00000002c0)={0x0, 0x922e, 0x8000, 0x3, 0x33c}, &(0x7f00000000c0), &(0x7f0000000180))
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
syz_clone3(&(0x7f00000001c0)={0x2000000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0}, 0x58)

4.547471304s ago: executing program 0 (id=1427):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = syz_io_uring_setup(0x495, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x7, 0x288}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd=r2, 0x4, 0x0})
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000040)={0x7fff, 0x8})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = dup(r6)
ioctl$TCSETSF(r7, 0x5404, &(0x7f0000000000)={0x0, 0xfffffffb, 0x0, 0x515f3157, 0xd, "78e1141009f593233bce41f20613341f43d01f"})
write$UHID_INPUT(r7, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
socket$tipc(0x1e, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r8 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmsg$inet6(r8, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="b005000000000000290000003600000000b2"], 0x5b0}, 0x20008001)
sendmsg$inet6(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000340)="ef38df273fc935b005d380e9f6696d255b9514052a1b756b91083e499f7bb421796c44b950615f6f7d41", 0x2a}, {&(0x7f0000000600)="7e2f13319f5ba68052aecbc9e8faf501d6f209417f73bd29f751b420bf51f813683947e8e63f1888593969adf3913a215e5e150d309dbfd15334631756e76059d86e0d42c918f0bcb4cbc28a3d71a52285fd9045e3853cd3c0cfc76f71de7f2474c4c4bb6c201b43d80a509c9d0f1365b026ab41e2140695903b86e1d5a27a27fced6360709c662712c37ba3dd86d3a8ace3ffeeb108497f87b94cafd91d50956ba86714090c6bb902e9187a201fdf2b7034cc064d3bf4e40876b9acab7687258f6407e1d8613b8be94684f68cb76f202873fff97008614b2c110eebc8f4090480fbfe0361e1e65b97f19d6078ea6ec03c5ee3aaf8f0cc5300895134ab81087cc55161abc527331c03ecfa01ac01319d9ba949d4519c2b46a7dcaa9e87cc2b28181a9549b5bdc7192cb2a9398720ed1f01509561767f2d11ed4f52cbc6012dca85fbc6739a54562ede8ff2886adc1ba78363ba4528223e0e4977c5471383c8748e0afd2a4e65dd9584cbb7adc0678404c1e9c15e37c25ad4d5c9ddffabe101eb82321b79c36329e5ef9d783afb0add226b74a1e39b6d2cce3504411513e89e94612db022606db2af33b387bea85b317f803bf18e3ae361890ad1fabdb03d4e942d1dd623b649ced2c518e6a906f3c5c176fcb6cb7439a88fe77d828944edf63ca179412f7d91d636b69e0147cbf033d2393100d2844bd84fc8bc4d32757d158935a7efebe8419048082103be7864d16adc35cfa3b25d5bf6889f16b94e5745e24626ae4bea76684f93420ef4243d6ac80ef86088da3f59c64d776659fc4fedaccc02f51dc05db81e387c18766bd5dd3fe703d6a91f12406388e990e8c919f49ad7969459a0cfa291bd1440ae4208849e67984c7d9e0c8ed5e639eb77feb87bed3d08d2a89d504ab40e3f76d090e602604a973f4b1683347d1a53b4ce215b63b69079b76afc8b2ae199f88f7f87b90b2392f27293a79c40737ffa23f99c2880a64445f65dae56263a945a6e98ccc4a3febbd85fb837bdde5e0d4bf9bc4c801ac2afda5c2668da61ba526321600f1795a31fa067f337c7115eef024edb641c859f7ba1460adeef04da39e1376d5255a885bd01ae3c27dd2699bfc1ceae35008a61cee317a704eee9443d0d95a371be776e5646201e544bc19561a22ed7e82d41eac30dfbc26ac19af1b7ead8de446a0f290aafaced0d8db1b9a88ab0c3f77352a39149ae9bd1532f435083eb3deafbb78f43216be6f5cc164a6d67b2c87b6d319db9fce2023b6525ba888f727398ecd77c3dd36a4828cb613803600a3dd2beb0885b100bda9f6db1130c0cdc1faa3d03e6194abfe08d3b9a73585f40a2024f2e9a2e901dc1f88532c43e36a7e361212c419006a42e20092afc03715a1979ceaf2530d651231b61a2cefc8585f4c629a2853750bdf79495a896bf94793549aeacf6d0d0c2c860e976451177c0f736969b06da6c2f80ed40790fac339ee8aba0e9d6a394246486f5b0ebb1a66bd4a2fac1015e84af8be1ad7dd1c2bf96da9067fb18e798759eb02a81773462eaf9c71c007b1cc4df7f0e421063ad041c4d5b59f444d0fa9a952f9ed5b9dbab482928c9dd2ed960ed61f92c4ab7e3673c3a9430defdb6f16d555c5e1baa8d7c5bd705e53640951a84bc41942b7232eee96ec28599a37e32f02aa6e1e99ab41bd77613b0fd988b32ba2aecdfd03afc9df5a5389ed7db7cada460b02fcc5788990d82ab87ed95337b0dbbcd875a19fd2aaea69bdc0e6a4a62ae417e6abd393b7a42ebff7c2ef9bd702168a64fdebd22b154a75029e033ffeebbba83bf76428f4e1400ee54d13ee842646965a15cf63f34705d1fb63ddf4bd1caded6147b0d6a1acc6bac4e9ea4ae024d5c226554be37ab62b754bcbd71dbbaab17664267d035e31fa6f1260b1bb94f8bad65c289717a833d4e164dbc7c1d62cfbd6e121d4944e4716ea304dfb2457f36c2725537947ba9597d29b22bac11f008f24fe37187c4780aaef80b9e3444d610c1a01ef37c4dbc53440547d0f94d90ddef7ddc86e35c0bcc2dd9d2aea4532b20feb8579a922464dfcfe965538ee13ace8c7e1b2321bde8dae0a0ef2e1bfce793992cc67a39be3b6189f0dc24a791157d4821f242e2a9709d469272584b3db4abd60ce0a2c09a46b715aab0048a0ac84ac0d55763ebcafed1ffe45310f97ebecf48f61e33cfa1cff0164f1def00ce05045dee97669b2de718d17e4cf8cee5f000eae701117f7fc43445395b73cf7a002568bdc5345143bda028e0f742f4c299b23fac0ed92665ae1968549d1cdbeb7c17eb96dc079be83a7a74e5b15497e94de3bdfee822ca7de3cd1d0e8cda82476ae4bdb72341e93be67efb78ebb38930c07ce99fccb433465b539b16f32486ccb975c0ec219528df37b61b6105c3ecbe2c0feb328e4034e778592887ce167f9eeec04f9c8d11753d6d8e0798c7932cefcf9bc7b8c9d30688fa226e107eede50d6a3ceff7477107b61a12676e261cb9c216d2bfdd4c6475d192df60cc2c16d77e2ddf51b7f67b57dc71bccbc6a84890bcc5f337a0a6915f88bfa40a9dbc2f8ca7221e7f78c375bb68af519b9d3db2227bdcc1d1e449b164c5db8db3ae8db6423194317e55a43b4df9c2b034c26855303f9c68ccb89c8256029864f052c02b41e27d5336ff2350697579ae08bd25dc051e50e67c8df3d247cf59979a2b2291a069b32bbad17af58ce5494f796bad30898594c606220ce178949d9dd2b8355d8e43dbd7e22c069de917660244c1210fded55766da83759310ab1c86cc691d82e04f8dea7efe50d8841959e7fc2d66805cfed5b033a5d3228c1f97ebb8bac373a41df7c1eaaa2a50987f93a81a7aafb331bc1d2bdd0eebc4bec4095e17af3e206a499f054f9c632fc1809ec0b8327bd069039e2b97a951889fbcbc40a63019362aca8a517153c4c74f47629f45faccd72b743abc4a46f3fd34f6ca384278c2e44337f824e2c4272c5ad46322202606d8f4f7dc6a3e5ff865d593b1d75ae4c7f260f98a5d3e231b884c55d497494462baa9ffb2c64a5432f2f238658ffd25ac26ab0b22add514f38fff2ee82b16e623f17690699e12bce3f974511a8f89d5df7cab89abfc84cb565d253535c67ecafb291f27f61b84f1062d029831ce56e2defcfb5aed43fdb68a107b4a25916b7dbdb56b2e324be966201a5668e676f68808e8c7c6e2926857e6bd5d729d9364a46e4ca4659ae160b65f5d97f3d22ebe0e9f357feb31de17ffa313a3f67a25c01d722ade96598a37dedc97173ad9c7478748fa6e57c3edc825bac7c60d4ac4d96ec34626f965510a3b26ca4f4969d1b0c3e8b1e495b12ab392b7fbb34f0932a768957ba6590ab8022f299cfdecb3c3ee4c3cde5722d62e2235da4f4146507d9e022d57ae25ecc1fde4b57b100cfade350673ee61cc1e313f0dcaed5aa18a012d3ad7cea187cdf4921ec55755dbbc9bd9a39d66220bc1e8f4b6f730f337014e52f12a10bc47f277b5214dad60bd9925183ef53c0c9c7b2c1aa7416fa27b46398b7cbee31a4b416ad0f189d2e0d5e2bfbd8e0e5e1e1f59ec1c635cac00a0b75fe2a3b9916e5c8de9b574385e51fb10704b9901fd90803d7d0e67544975fdf516f0df1d7d0bd7520b618d92b3bfc07c468edd9f53796c80d78987b761b07021d5f4ad07a5f94307f7939c4747e65df8037e9ce268641dba4ffc348bbe4ae3f1844c5f761a6d02c18e389f5776bfbcae20e2e588ffc5465f5954665fea1c9cac6cf5691ca6e1f54e6dd774be7a0bfe87f6adb839572138765e14c2ab04c373ab3fd801dd9f639c886977320affe425dacc7aef1f1b069aacb0b9b94b202bb8fddcc2e07c925dfe750047ec1bccc3a50e5c3319e38b0946a4309bd1a99a033454e36a7af99f3cbf63c6804c9933a8080b445e38a269ef3cf8167ec4818800c800f8a6e17f85ee87bd6ca8005cd1fe1a304034c11f641b195811b40bd15d9386c18e3a47c32025869bc16e149456e1a6cc4cf9cedc18d8f81b50c2ec9e0efee451e8c44c920a81acb7693ea9a20dc996e7185dfd96cf6bdcd66f4e7959a5ba83f05ca7ece986cdfffe1a065b9223b21c11b093eb95f6", 0xb5f}], 0x2}, 0x20008004)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60)

4.547207148s ago: executing program 1 (id=1428):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x1, 0x2})
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f0000000180)={0x0, 0x0, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000400)={0x100, 0x1, &(0x7f0000000200)=[r1], &(0x7f0000000300)=[0x7fff, 0x4, 0x3, 0x6], &(0x7f0000000340), &(0x7f00000003c0)=[0x6, 0xf13], 0x0, 0x5})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x4})
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x4048aecb, &(0x7f0000000000))
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0500000004000000040000000900800000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x4, 0x4, 0xffffffff, 0x7020, r7, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x50)
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000a80)={0x1, 0x0, @pic={0x1, 0x9, 0x4, 0x80, 0x9, 0xa, 0x4, 0x7, 0x81, 0x39, 0x8, 0x8, 0xfd, 0xff, 0x0, 0x81}})
r8 = syz_usb_connect(0x0, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000022546940fa0ae803d0990102030109023600010000000009047500038cbb2a0009050a001000010000090588"], 0x0)
syz_usb_control_io$uac1(r8, 0x0, &(0x7f0000000080)={0x44, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000540)={0x0, 0x0, @pic={0x6, 0xfc, 0x1, 0x9, 0x1, 0x7, 0x9, 0x9, 0x1, 0x3, 0x9, 0x1, 0x9b, 0x9, 0x2, 0x7}})
unshare(0x6020400)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r9, 0x6, 0x23, &(0x7f00000008c0)={&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x100000}, &(0x7f0000000b40)=0x40)
r10 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r11=>0x0})
sendto$packet(r10, 0x0, 0xffffff34, 0x40000, &(0x7f0000000240)={0x11, 0xf7, r11, 0x1, 0x20, 0x6, @random="f56f657f0716"}, 0x14)
epoll_create1(0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a07020000000000000000030000000900010073797a300000000044000000030a01020000000000000000030000000900030073797a31000000000900010073797a3000000000140004800800024000000000080001400000000004000880140000001100010000000000000000000000000a83892c775367"], 0x8c}, 0x1, 0x0, 0x0, 0x4010}, 0x8000)
setsockopt$sock_int(r10, 0x1, 0x29, &(0x7f0000000080)=0x7, 0x4)
r12 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_IO(r12, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000280)="ad3513000000", 0x0, 0x0, 0x30520cf7f25f0c64, 0x0, 0x0})

4.46106147s ago: executing program 4 (id=1429):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd2d, 0x0, {{@in6=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x407ffffffffffe, 0x800000000000002}, 0x0, 0x0, 0x1, 0x0, 0x6}, [@tmpl={0x44, 0x5, [{{@in6=@dev={0xfe, 0x80, '\x00', 0x2d}, 0x0, 0x3c}, 0x2, @in=@rand_addr=0x64010102, 0x6, 0x4, 0x3, 0x0, 0x0, 0x80000}]}]}, 0xfc}}, 0x0) (async, rerun: 64)
r1 = socket$kcm(0xf, 0x3, 0x2) (rerun: 64)
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="0207000902000000e4a17c45c8d260c9", 0x10}], 0x1}, 0x8000)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
r3 = syz_open_dev$vim2m(&(0x7f0000000380), 0x800000003, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000003c0)={0x1, @pix_mp={0xffffffff, 0x7fff, 0x3432564e, 0x5, 0x2, [{0x7, 0x3}, {0x8}, {0x8, 0x21}, {0xc91, 0x80000000}, {0x6, 0x9}, {0x4, 0x9}, {0x2, 0x2}, {0xfffffffe}], 0xb, 0x5, 0x7, 0x0, 0x5}}) (async)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x87}, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}, [@mark={0xc, 0x15, {0x35075b, 0x81}}]}, 0xc4}}, 0x2c000010) (async, rerun: 64)
sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b800000015000501"], 0xb8}, 0x1, 0x0, 0x0, 0x810}, 0x0) (rerun: 64)
r5 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

3.709958188s ago: executing program 4 (id=1430):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000003000)={0x3c, r0, 0x801, 0x0, 0xfffffffe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "1d9d000600"}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac09}]}]}, 0x3c}}, 0x0) (fail_nth: 7)

3.53528784s ago: executing program 4 (id=1431):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000160a030200000000000000000200000009"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000040000000000a40000000160a0108000000000000000002000000090002007379"], 0x68}}, 0x0)
getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c00003f1000010400eeffffffff00f687000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)

3.284194592s ago: executing program 4 (id=1432):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56fa8ef1", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'dummy0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x400, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x1c, 0x2, [@TCA_PIE_ALPHA={0x8, 0x4, 0x3}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x9}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x3f61}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001780)=@newqdisc={0x24, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0x3}, {0xffe0}, {0x2, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008091}, 0x4000000)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

3.182137363s ago: executing program 4 (id=1433):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000f00)=@nat={'nat\x00', 0x670, 0x5, 0x4f0, 0x2c8, 0x1b8, 0xffffffff, 0x0, 0x2c8, 0x458, 0x458, 0xffffffff, 0x458, 0x458, 0x5, 0x0, {[{{@uncond, 0x0, 0x180, 0x1b8, 0x48, {}, [@common=@unspec=@conntrack3={{0xc8}, {{@ipv4=@rand_addr=0x64010102, [0xffffff00, 0xff, 0xffffffff, 0xff000000], @ipv4=@rand_addr=0x64010100, [0xffffffff, 0x0, 0xffffff00, 0xffffff00], @ipv6=@local, [0xff, 0xff, 0xffffffff, 0xffffffff], @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffffff, 0xff, 0xffffffff, 0xff000000], 0xc9, 0x4, 0x0, 0x4e24, 0x4e24, 0x4e21, 0x4e22, 0x1800, 0x100}, 0x40, 0x800, 0x4e24, 0x4e24, 0x4e23, 0x4e22}}, @common=@unspec=@helper={{0x48}, {0x0, 'tftp-20000\x00'}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x19, @multicast2, @loopback, @icmp_id=0x66, @port=0x4e24}}}}, {{@ip={@broadcast, @remote, 0xff, 0xff, 'nicvf0\x00', 'ipvlan1\x00', {0xff}, {}, 0xc, 0x0, 0x30}, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gre0\x00', {0x8, 0x5, 0xfffffffc, 0x8, 0x8, 0x51f2, 0x6dc0}, {0xff}}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x11, @ipv6=@mcast1, @ipv4=@loopback, @icmp_id=0x64, @port=0x4e23}}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'team_slave_0\x00'}, 0x0, 0xa0, 0xe8, 0x0, {}, [@common=@addrtype={{0x30}, {0x890, 0x218, 0x0, 0x1}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @gre_key}}}, {{@ip={@broadcast, @rand_addr=0x1, 0x0, 0x0, 'nicvf0\x00', 'pim6reg\x00', {}, {0xff}, 0x1}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x21, @broadcast, @dev={0xac, 0x14, 0x14, 0x1c}, @gre_key=0x40, @port=0x4e23}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x550)
r1 = syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d05020027230102030109024840020000000009047d04031d5abf0009050400005539000009050b00000000000009050200000005000009047d01013481af0009a00e00230000690009047dbe"], 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000340)={0x40, 0x15, 0x3, "153c14"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r1, &(0x7f0000000200)={0x24, &(0x7f0000000000)={0x20, 0x31, 0xc2, {0xc2, 0x24, "bc1836f587d87bf4ac15d9d0428741a9dfb1fb35f00fec3be919fc3935bb4fea02c323d99c3e34fae64e4eeb4c37b53cca8529bea3b3c7a807f42dd13c9c473d8e1a59190520e30fea78805ce39807bcf94e868540ae81bb59b2e885495340f5b5664116ebaef501c8e76c530b42765ca3956af30968aaef0c2b7e6d6c1dad46072af8aea17cd9e09102727534f7161328dda95404e862f9048fad8d91382c76d9f58ef88de68b1edf49c41edb1853e0bdafc0728358eafc476f40ea5e54b9b5"}}, &(0x7f0000000100)={0x0, 0x3, 0xfffffffffffffcf9, @string={0x5e, 0x3, "2cc343919528dec74fbd4d46687b36655902a4c36df7b6517ce042d2b4ab4727b5f9241191fdbfeff522f464d08bcdf05923d971280b250c82694339be70cf1d3a43819f590809950d6bb0cee1b68900223dbd9b44246dfe76c54c14"}}, &(0x7f00000003c0)={0x0, 0x22, 0x9, {[@main=@item_012={0x1, 0x0, 0xa, "98"}, @global=@item_4={0x3, 0x1, 0x7, "1be83e64"}, @local=@item_4={0x3, 0x2, 0x9, "6f5e1423"}]}}, &(0x7f00000001c0)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4008, 0x0, 0x1, {0x22, 0x107}}}}, &(0x7f0000000480)={0x2c, &(0x7f0000000240)={0x40, 0x18, 0xce, "8aef875076671e92dc2f1cf679b2e383f62a99205568f32305fe33522884370c0ee304926216dbc9dd76f247a246f91997d6c3bbd5d7c33fc0c8bfabda80b1013fbca05be84b89853e10002210ddaa7cafc9a938e453f88a4f3e89e6208315df620a81cf12e27c78797db7113b4f980867b61ee902240bcb4ecab0a5b25c3537795dce5bf53406bcb7813b01cff3aca79017e55d87d106b8ed8c8c6d7c00c3c314f9ea45064eb941f536269ab5ebebb48e96e00378b16b3c000e756f50434ccbfc47e5919cff90f2114120a3cc11"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0xd}, &(0x7f0000000380)={0x0, 0x8, 0x1}, &(0x7f00000004c0)={0x20, 0x1, 0x74, "28b7dbdf14ea9a4fef5d2e114727230b8eba98e656c55ef31d488b6be905ea6d1c90fd958a9f0d5945a53986c33d81a32d22a18525776062a308abd96852b1c89de5461903365e8963da7254e97f8adec0029137a2a7452abfe3bd0a472fe3ea848833f0efc9dcb8e7adb84024a344e23daa4fc5"}, &(0x7f0000000440)={0x20, 0x3, 0x1, 0xe}})

2.20842103s ago: executing program 3 (id=1434):
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x2afc0, 0x1c1, 0x6}, 0x18)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000200)=@abs={0x1}, 0x6e)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000500)={0x9, 0x1, 0x2, "3bd9d3fe337649c318d3b5710fe89a0d9ec9b50e98bc2e00", 0x32315241})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8101, 0x0, 0x7, 0x0, 0x3ff, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000000)=0x1)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_buf(r4, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000300)=0x18000, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000100)=0x8, 0x4)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
getsockopt(r2, 0x200000000114, 0x7, &(0x7f0000002180)=""/102390, &(0x7f0000000100)=0x18ff6)
getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x32, 0x0, &(0x7f0000002140))
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000140), 0x84502)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r5)

1.763203146s ago: executing program 2 (id=1435):
bpf$PROG_LOAD(0x5, 0x0, 0xfe3f)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x0, 0x1000000, 0x5e, 0x200000000000, 0x100000000000006})
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000002200)=@newtaction={0x7c, 0x1c, 0x1, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x1300}, [{0x68, 0x1, [@m_csum={0x34, 0xd, 0x0, 0x0, {{0x9}, {0x4}, {0x6, 0x6, "940b"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x4}}}}, @m_ctinfo={0x30, 0x11, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x2400c845}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
sendfile(r2, r2, 0x0, 0x40008)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000140), 0x2, 0x141101)
dup(r3)
syz_io_uring_setup(0x118d, &(0x7f00000000c0)={0x0, 0xd00d, 0x0, 0xffffffff, 0x25e}, &(0x7f00000003c0), &(0x7f0000000200))
r4 = syz_usb_connect(0x5, 0x239, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e388d640697a01006ba8010203010902270201020010000904"], 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x103a, 0x1000, 0x103a, 0xfffffffc, 0xff, 0x80000000}, 0x1c)
r6 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r6, &(0x7f0000000140)=[{&(0x7f0000000240)="cc3a4ac0d0bb", 0x6}], 0x1)
r7 = fspick(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
fsmount(r7, 0x1, 0xc)
syz_open_dev$usbmon(&(0x7f0000000380), 0x8, 0x8000)
munlock(&(0x7f0000821000/0x3000)=nil, 0x3000)
socket$nl_route(0x10, 0x3, 0x0)

1.083307393s ago: executing program 0 (id=1436):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e13d6a206419010015d4010203010902120001000000000904"], 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r1 = syz_io_uring_setup(0xcf, &(0x7f0000000480)={0x0, 0x0, 0x0, 0xfffffffc, 0x10000}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r4, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r4, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
socket$packet(0x11, 0x2, 0x300)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r5 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_RDWR(r5, 0x707, &(0x7f0000000000)={&(0x7f0000000400)=[{0x7ff, 0x4001, 0x0, 0x0}], 0x1})

895.434588ms ago: executing program 3 (id=1437):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x0, 0x200ffdd, 0x4000})

875.49502ms ago: executing program 3 (id=1438):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000015c0), 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r5, @ANYBLOB="08002600851600000a00180000000000000000001c005a80180001"], 0x4c}}, 0x0)

654.631013ms ago: executing program 3 (id=1439):
sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="7800000018002507b9409b14ffff00000202be04020506056403040c5c0009003f0020010a0000000d0085a168216b46d32345653600648d27000b000a00080049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008000800000000000000e218d1ddf66ed538f2523250", 0x78, 0x4804, 0x0, 0x0)

563.970299ms ago: executing program 3 (id=1440):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0xfff0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="5d6bfbefb450d725df251c0000002000018008000100", @ANYRES32=r3, @ANYBLOB="140002"], 0x34}, 0x1, 0x0, 0x0, 0x8080}, 0x4040896)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58)
r5 = syz_io_uring_setup(0x83a, &(0x7f00000000c0)={0x0, 0x3d06, 0x400, 0x2, 0x154}, &(0x7f0000000140)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, 0xffffffffffffffff, 0x80, &(0x7f00000002c0)=@l2tp={0x2, 0x0, @remote, 0x3}})
io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000440)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x8})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r10 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$sock_FIOSETOWN(r10, 0x8901, &(0x7f0000000180))
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
accept$alg(r4, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)

93.137578ms ago: executing program 3 (id=1441):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x437, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x50483}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gre={{0x8}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0x101a02, 0x0)
copy_file_range(r3, &(0x7f0000000000)=0x7, r3, 0x0, 0x7, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000ec0)={r6, 0xc4, 0x20}, &(0x7f0000000f00)=0xc)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000000)=ANY=[@ANYRES32=r4, @ANYRES16=r1, @ANYRES64=0x0], 0x20}, 0x1, 0x0, 0x0, 0x24048814}, 0x4004)

0s ago: executing program 4 (id=1442):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010100100009043300f5602087011870fd000905820207000000000000002a795daa53ce3bd8dd7f7902862fad7faed146bd9e9c77a63907faffffff0000007268055f9d0e2b07080000000000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xa8, &(0x7f0000000000)=ANY=[@ANYBLOB="1b1b", @ANYRES16])

kernel console output (not intermixed with test programs):

][T13362] vhci_hcd vhci_hcd.0: port 0 already used
[  313.322198][    T9] usb 42-1: SetAddress Request (2) to port 0
[  313.334320][    T9] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  313.416485][T13361] vhci_hcd: connection reset by peer
[  313.425083][ T1277] vhci_hcd vhci_hcd.4: stop threads
[  313.431733][ T1277] vhci_hcd vhci_hcd.4: release socket
[  313.438680][ T1277] vhci_hcd vhci_hcd.4: disconnect device
[  313.546807][T13371] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  313.652132][   T29] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  313.803954][   T29] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  313.812827][   T29] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  313.823472][   T29] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  313.846966][   T29] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.872640][   T29] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  313.882007][   T29] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  313.890326][   T29] usb 2-1: Product: syz
[  313.896236][   T29] usb 2-1: Manufacturer: syz
[  313.914784][   T29] cdc_wdm 2-1:1.0: skipping garbage
[  313.922014][   T29] cdc_wdm 2-1:1.0: skipping garbage
[  313.941784][   T29] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  313.954791][   T29] cdc_wdm 2-1:1.0: Unknown control protocol
[  314.055874][T13376] netlink: 12 bytes leftover after parsing attributes in process `syz.3.976'.
[  314.089078][T13376] netlink: 56 bytes leftover after parsing attributes in process `syz.3.976'.
[  314.145684][   T29] usb 2-1: USB disconnect, device number 37
[  314.602151][ T5908] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  314.821449][T13389] delete_channel: no stack
[  314.828835][ T5908] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  314.840287][ T5908] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  314.860399][ T5908] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  314.879590][ T5908] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.922593][ T5908] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  314.935328][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  314.958198][ T5908] usb 2-1: Product: syz
[  314.968263][ T5908] usb 2-1: Manufacturer: syz
[  315.020523][ T5908] cdc_wdm 2-1:1.0: skipping garbage
[  315.026611][ T5908] cdc_wdm 2-1:1.0: skipping garbage
[  315.062206][   T29] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  315.184434][ T5908] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  315.190338][ T5908] cdc_wdm 2-1:1.0: Unknown control protocol
[  315.262225][   T29] usb 3-1: Using ep0 maxpacket: 8
[  315.279669][   T29] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.291143][   T29] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  315.343053][   T29] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  315.376353][   T29] usb 3-1: New USB device found, idVendor=056e, idProduct=00fe, bcdDevice= 0.00
[  315.394494][   T29] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.428046][   T29] usb 3-1: config 0 descriptor??
[  315.842567][ T5925] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  315.856864][   T29] elecom 0003:056E:00FE.0004: unknown main item tag 0x0
[  315.865327][   T29] elecom 0003:056E:00FE.0004: unknown main item tag 0x0
[  315.873415][   T29] elecom 0003:056E:00FE.0004: unexpected long global item
[  315.888933][   T29] elecom 0003:056E:00FE.0004: probe with driver elecom failed with error -22
[  316.022136][ T5925] usb 4-1: Using ep0 maxpacket: 16
[  316.033494][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.045620][ T5925] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.055952][ T5925] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  316.069239][T13401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.069776][ T5908] usb 2-1: USB disconnect, device number 38
[  316.077663][    C1] wdm_int_callback: 162 callbacks suppressed
[  316.077683][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  316.096091][    C1] wdm_int_callback: 162 callbacks suppressed
[  316.096110][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  316.108135][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  316.144224][ T5925] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  316.153557][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.164363][ T5925] usb 4-1: config 0 descriptor??
[  316.167787][T13410] FAULT_INJECTION: forcing a failure.
[  316.167787][T13410] name failslab, interval 1, probability 0, space 0, times 0
[  316.169750][T13401] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.192626][T13410] CPU: 0 UID: 0 PID: 13410 Comm: syz.4.986 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  316.192653][T13410] Tainted: [L]=SOFTLOCKUP
[  316.192660][T13410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  316.192671][T13410] Call Trace:
[  316.192678][T13410]  <TASK>
[  316.192685][T13410]  dump_stack_lvl+0xe8/0x150
[  316.192714][T13410]  should_fail_ex+0x412/0x560
[  316.192745][T13410]  should_failslab+0xa8/0x100
[  316.192783][T13410]  __kmalloc_cache_noprof+0x88/0x660
[  316.192803][T13410]  ? __sctp_v6_cmp_addr+0x1dc/0x510
[  316.192829][T13410]  ? sctp_v6_cmp_addr+0x15/0xd0
[  316.192854][T13410]  ? sctp_add_bind_addr+0x8c/0x370
[  316.192885][T13410]  sctp_add_bind_addr+0x8c/0x370
[  316.192915][T13410]  sctp_copy_local_addr_list+0x314/0x4f0
[  316.192945][T13410]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  316.192971][T13410]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  316.193000][T13410]  ? sctp_v6_is_any+0x64/0x80
[  316.193026][T13410]  ? sctp_copy_one_addr+0x93/0x360
[  316.193050][T13410]  sctp_bind_addr_copy+0xb3/0x3c0
[  316.193077][T13410]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  316.193104][T13410]  sctp_connect_new_asoc+0x2ff/0x6b0
[  316.193128][T13410]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  316.193156][T13410]  ? __local_bh_enable_ip+0xd0/0x130
[  316.193178][T13410]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  316.193200][T13410]  ? security_sctp_bind_connect+0x7e/0x2c0
[  316.193225][T13410]  sctp_sendmsg+0x1528/0x2c10
[  316.193258][T13410]  ? __pfx_sctp_sendmsg+0x10/0x10
[  316.193281][T13410]  ? aa_sk_perm+0x6d5/0x900
[  316.193313][T13410]  ? __pfx_aa_sk_perm+0x10/0x10
[  316.193341][T13410]  ? sock_rps_record_flow+0x19/0x400
[  316.193363][T13410]  ? __pfx_inet_sendmsg+0x10/0x10
[  316.193386][T13410]  ? inet_sendmsg+0x2f4/0x370
[  316.193406][T13410]  ? __pfx_inet_sendmsg+0x10/0x10
[  316.193427][T13410]  __sys_sendto+0x5de/0x710
[  316.193449][T13410]  ? __pfx___sys_sendto+0x10/0x10
[  316.193464][T13410]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  316.193496][T13410]  ? __fget_files+0x3a0/0x420
[  316.193540][T13410]  ? ksys_write+0x242/0x270
[  316.193562][T13410]  ? __pfx_ksys_write+0x10/0x10
[  316.193586][T13410]  __x64_sys_sendto+0xde/0x100
[  316.193608][T13410]  do_syscall_64+0x14d/0xf80
[  316.193627][T13410]  ? trace_irq_disable+0x3b/0x150
[  316.193652][T13410]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.193670][T13410]  ? clear_bhb_loop+0x40/0x90
[  316.193692][T13410]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.193710][T13410] RIP: 0033:0x7fa0ca79c799
[  316.193726][T13410] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  316.193741][T13410] RSP: 002b:00007fa0c89f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  316.193760][T13410] RAX: ffffffffffffffda RBX: 00007fa0caa15fa0 RCX: 00007fa0ca79c799
[  316.193773][T13410] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  316.193784][T13410] RBP: 00007fa0c89f6090 R08: 0000200000000080 R09: 000000000000001c
[  316.193796][T13410] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002
[  316.193807][T13410] R13: 00007fa0caa16038 R14: 00007fa0caa15fa0 R15: 00007fa0cab3fa48
[  316.193835][T13410]  </TASK>
[  316.540890][T13388] delete_channel: no stack
[  316.545894][   T29] usb 3-1: USB disconnect, device number 33
[  316.967611][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  316.975387][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  317.320224][T13428] netlink: 12 bytes leftover after parsing attributes in process `syz.2.992'.
[  317.346341][T13428] team0: entered allmulticast mode
[  317.364867][T13428] team_slave_0: entered allmulticast mode
[  317.371440][T13430] netlink: 12 bytes leftover after parsing attributes in process `syz.1.993'.
[  317.385060][T13428] team_slave_1: entered allmulticast mode
[  317.736302][T13434] netlink: 56 bytes leftover after parsing attributes in process `syz.1.993'.
[  317.879920][T13437] netlink: 12 bytes leftover after parsing attributes in process `syz.2.994'.
[  318.303520][   T29] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  318.387309][ T5925] usbhid 4-1:0.0: can't add hid device: -71
[  318.395704][ T5925] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  318.413349][    T9] usb 42-1: device descriptor read/8, error -110
[  318.442402][ T5925] usb 4-1: USB disconnect, device number 35
[  318.594726][T13445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  318.634753][T13445] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  318.772183][ T5908] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  318.815424][    T9] usb usb42-port1: attempt power cycle
[  319.275053][ T5908] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  319.358274][T13468] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1006'.
[  319.387373][T13469] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1005'.
[  319.401256][T13468] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1006'.
[  319.415295][ T5908] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  319.434738][ T5908] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  319.449437][ T5908] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.482032][ T5908] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  319.491438][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  319.543413][ T5908] usb 2-1: Product: syz
[  319.560167][ T5908] usb 2-1: Manufacturer: syz
[  319.570542][    T9] usb usb42-port1: unable to enumerate USB device
[  319.606983][ T5908] cdc_wdm 2-1:1.0: skipping garbage
[  319.629939][ T5908] cdc_wdm 2-1:1.0: skipping garbage
[  319.655759][ T5908] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  319.673061][ T5908] cdc_wdm 2-1:1.0: Unknown control protocol
[  319.798169][ T5876] usb 2-1: USB disconnect, device number 39
[  319.835290][T13476] loop5: detected capacity change from 0 to 7
[  319.852288][ T5908] usb 4-1: new low-speed USB device number 36 using dummy_hcd
[  319.860311][T11800] Dev loop5: unable to read RDB block 7
[  319.916678][T11800]  loop5: unable to read partition table
[  319.935751][T11800] loop5: partition table beyond EOD, truncated
[  319.945912][T13476] Dev loop5: unable to read RDB block 7
[  319.951702][T13476]  loop5: unable to read partition table
[  319.992607][T13476] loop5: partition table beyond EOD, truncated
[  319.998974][T13476] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  320.039297][ T5908] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  320.046882][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  320.097752][ T5908] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  320.122659][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  320.134098][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  320.148690][ T5908] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  320.158391][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  320.175637][ T5908] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  320.188464][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  320.204525][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  320.223768][ T5908] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  320.239985][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  320.252542][ T5908] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  320.264452][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  320.276764][ T5908] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  320.306337][ T5908] usb 4-1: string descriptor 0 read error: -22
[  320.318567][ T5908] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  320.329730][ T5908] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.372306][ T5876] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  320.406912][ T5908] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  320.524143][ T5876] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  320.532944][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  320.543143][ T5876] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  320.552183][ T5876] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.564820][ T5876] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  320.573899][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  320.581886][ T5876] usb 2-1: Product: syz
[  320.586080][ T5876] usb 2-1: Manufacturer: syz
[  320.597475][ T5876] cdc_wdm 2-1:1.0: skipping garbage
[  320.602879][ T5876] cdc_wdm 2-1:1.0: skipping garbage
[  320.611888][ T5876] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device
[  320.618058][ T5876] cdc_wdm 2-1:1.0: Unknown control protocol
[  320.848748][T13488] x_tables: duplicate underflow at hook 1
[  320.915946][T13489] input: syz1 as /devices/virtual/input/input32
[  321.088841][T13491] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1012'.
[  321.104887][T13491] bond0: entered promiscuous mode
[  321.113012][T13491] bond0: left promiscuous mode
[  321.563797][T13492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  321.581172][T13492] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  321.913265][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  321.913283][   T30] audit: type=1326 audit(1774154095.458:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  321.942276][   T30] audit: type=1326 audit(1774154095.458:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb81575cfce code=0x7ffc0000
[  321.967538][   T30] audit: type=1326 audit(1774154095.458:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  321.996257][   T30] audit: type=1326 audit(1774154095.468:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  322.041712][   T30] audit: type=1326 audit(1774154095.468:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  322.075023][   T30] audit: type=1326 audit(1774154095.468:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  322.126860][   T30] audit: type=1326 audit(1774154095.468:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  322.149435][   T30] audit: type=1326 audit(1774154095.468:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  322.180870][   T30] audit: type=1326 audit(1774154095.468:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13499 comm="syz.2.1016" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  322.681833][ T5908] usb 2-1: USB disconnect, device number 40
[  322.784208][ T5877] usb 4-1: USB disconnect, device number 36
[  323.514040][T13539] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1025'.
[  324.080696][ T5877] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  324.102688][   T30] audit: type=1326 audit(1774154097.658:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13550 comm="syz.2.1033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  324.256894][T13553] fuse: Bad value for 'fd'
[  324.350228][ T5877] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  324.360359][T13557] binder: BINDER_SET_CONTEXT_MGR already set
[  324.369217][ T5877] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  324.390704][T13557] binder: 13556:13557 ioctl 4018620d 200000000040 returned -16
[  324.401048][ T5877] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  324.423320][T13557] binder: 13556:13557 ioctl c0306201 200000000240 returned -11
[  324.430954][ T5877] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.464031][ T5877] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  324.473358][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  324.481480][ T5877] usb 2-1: Product: syz
[  324.486158][ T5877] usb 2-1: Manufacturer: syz
[  324.508255][ T5877] cdc_wdm 2-1:1.0: skipping garbage
[  324.513660][ T5877] cdc_wdm 2-1:1.0: skipping garbage
[  324.533741][ T5877] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  324.539662][ T5877] cdc_wdm 2-1:1.0: Unknown control protocol
[  324.602200][   T29] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  324.731707][ T1207] usb 2-1: USB disconnect, device number 41
[  324.752151][ T5891] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  324.761661][   T29] usb 5-1: Using ep0 maxpacket: 16
[  324.772240][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.784068][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  324.812556][   T29] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  324.826832][   T29] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  324.839895][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.855182][   T29] usb 5-1: config 0 descriptor??
[  324.902722][ T5891] usb 3-1: Using ep0 maxpacket: 16
[  324.913429][ T5891] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  324.923143][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.931285][ T5891] usb 3-1: Product: syz
[  324.935681][ T5891] usb 3-1: Manufacturer: syz
[  324.940393][ T5891] usb 3-1: SerialNumber: syz
[  324.964042][ T5891] usb 3-1: config 0 descriptor??
[  324.972953][ T5891] asix 3-1:0.0: probe with driver asix failed with error -22
[  325.182326][ T5891] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  325.220542][T13562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  325.231116][T13562] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  325.246980][ T5877] usb 3-1: USB disconnect, device number 34
[  325.289770][   T29] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0005/input/input33
[  325.344311][ T5891] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  325.353210][ T5891] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  325.363733][ T5891] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  325.380166][   T29] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  325.537280][ T5891] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.561584][ T5891] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  325.571753][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  325.586025][   T29] usb 5-1: USB disconnect, device number 37
[  325.592968][ T5891] usb 2-1: Product: syz
[  325.598707][ T5891] usb 2-1: Manufacturer: syz
[  325.611164][ T5891] cdc_wdm 2-1:1.0: skipping garbage
[  325.620829][ T5891] cdc_wdm 2-1:1.0: skipping garbage
[  325.640239][ T5891] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  325.648492][ T5891] cdc_wdm 2-1:1.0: Unknown control protocol
[  325.682825][T13574] fido_id[13574]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  325.806626][T13580] fuse: Bad value for 'fd'
[  325.816608][T13579] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  325.826105][T13579] syzkaller0: entered promiscuous mode
[  325.831583][T13579] syzkaller0: entered allmulticast mode
[  325.842171][ T5877] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  325.875152][T13579] tipc: Resetting bearer <eth:syzkaller0>
[  325.977688][T13577] tipc: Resetting bearer <eth:syzkaller0>
[  325.989759][T13577] tipc: Disabling bearer <eth:syzkaller0>
[  326.004145][ T5877] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  326.013367][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.024459][ T5877] usb 3-1: config 0 descriptor??
[  326.045254][ T5877] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  326.064977][T13587] ip6gretap0: left allmulticast mode
[  326.071332][T13587] team0: left allmulticast mode
[  326.269144][ T5877] gp8psk: usb in 128 operation failed.
[  326.301760][ T5877] gp8psk: usb in 137 operation failed.
[  326.311848][ T5877] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  326.338725][ T5877] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[  326.426208][ T5877] usb 3-1: media controller created
[  326.519014][ T5877] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  326.613627][ T5877] gp8psk_fe: Frontend attached
[  326.646555][ T5877] usb 3-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  326.684248][ T5877] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  326.730780][    C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  326.732011][ T5891] usb 2-1: USB disconnect, device number 42
[  326.737396][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  326.737416][    C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  326.965846][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  326.965863][   T30] audit: type=1326 audit(1774154100.458:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13600 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  326.998979][   T30] audit: type=1326 audit(1774154100.458:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13600 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  327.342159][ T5891] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  327.376234][ T5877] gp8psk: usb in 137 operation failed.
[  327.390220][ T5877] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[  327.406495][ T5877] gp8psk: found Genpix USB device pID = 203 (hex)
[  327.431678][ T5877] usb 3-1: USB disconnect, device number 35
[  327.492426][ T5891] usb 2-1: device descriptor read/64, error -71
[  327.653526][ T5877] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[  327.712873][   T30] audit: type=1326 audit(1774154101.268:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13617 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545f19c799 code=0x7ffc0000
[  327.742752][ T5891] usb 2-1: new full-speed USB device number 44 using dummy_hcd
[  327.805224][   T30] audit: type=1326 audit(1774154101.268:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13617 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545f19c799 code=0x7ffc0000
[  327.828103][   T30] audit: type=1326 audit(1774154101.268:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13617 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f545f19c799 code=0x7ffc0000
[  327.855881][   T30] audit: type=1326 audit(1774154101.268:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13617 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545f19c799 code=0x7ffc0000
[  327.895333][   T30] audit: type=1326 audit(1774154101.268:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13617 comm="syz.3.1056" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545f19c799 code=0x7ffc0000
[  328.220901][T13641] syzkaller0: entered promiscuous mode
[  328.226903][T13641] syzkaller0: entered allmulticast mode
[  328.247439][   T30] audit: type=1326 audit(1774154101.808:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13639 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  328.289310][   T30] audit: type=1326 audit(1774154101.808:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13639 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  328.312356][   T30] audit: type=1326 audit(1774154101.808:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13639 comm="syz.4.1067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  328.350048][   T29] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  328.508501][T13650] FAULT_INJECTION: forcing a failure.
[  328.508501][T13650] name failslab, interval 1, probability 0, space 0, times 0
[  328.522990][T13650] CPU: 0 UID: 0 PID: 13650 Comm: syz.3.1070 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  328.523017][T13650] Tainted: [L]=SOFTLOCKUP
[  328.523023][T13650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  328.523032][T13650] Call Trace:
[  328.523039][T13650]  <TASK>
[  328.523047][T13650]  dump_stack_lvl+0xe8/0x150
[  328.523077][T13650]  should_fail_ex+0x412/0x560
[  328.523105][T13650]  should_failslab+0xa8/0x100
[  328.523127][T13650]  ? skb_clone+0x212/0x3a0
[  328.523147][T13650]  kmem_cache_alloc_noprof+0x87/0x650
[  328.523165][T13650]  ? __netlink_lookup+0xc6/0x8b0
[  328.523189][T13650]  skb_clone+0x212/0x3a0
[  328.523214][T13650]  __netlink_deliver_tap+0x404/0x850
[  328.523251][T13650]  ? netlink_deliver_tap+0x2e/0x1b0
[  328.523278][T13650]  netlink_deliver_tap+0x19c/0x1b0
[  328.523305][T13650]  netlink_unicast+0x7e3/0x9b0
[  328.523335][T13650]  ? __pfx_netlink_unicast+0x10/0x10
[  328.523360][T13650]  ? netlink_sendmsg+0x650/0xb40
[  328.523384][T13650]  ? skb_put+0x11b/0x210
[  328.523406][T13650]  netlink_sendmsg+0x813/0xb40
[  328.523449][T13650]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.523480][T13650]  ? aa_sock_msg_perm+0xf1/0x1b0
[  328.523508][T13650]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  328.523532][T13650]  ____sys_sendmsg+0x972/0x9f0
[  328.523562][T13650]  ? __pfx_____sys_sendmsg+0x10/0x10
[  328.523592][T13650]  ? import_iovec+0x73/0xa0
[  328.523616][T13650]  ___sys_sendmsg+0x2a5/0x360
[  328.523641][T13650]  ? __pfx____sys_sendmsg+0x10/0x10
[  328.523696][T13650]  ? __fget_files+0x2a/0x420
[  328.523719][T13650]  ? __fget_files+0x3a0/0x420
[  328.523754][T13650]  __x64_sys_sendmsg+0x1bd/0x2a0
[  328.523777][T13650]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  328.523808][T13650]  ? __pfx_ksys_write+0x10/0x10
[  328.523837][T13650]  do_syscall_64+0x14d/0xf80
[  328.523856][T13650]  ? trace_irq_disable+0x3b/0x150
[  328.523883][T13650]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.523901][T13650]  ? clear_bhb_loop+0x40/0x90
[  328.523923][T13650]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.523940][T13650] RIP: 0033:0x7f545f19c799
[  328.523961][T13650] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  328.523977][T13650] RSP: 002b:00007f545ff84028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.523996][T13650] RAX: ffffffffffffffda RBX: 00007f545f415fa0 RCX: 00007f545f19c799
[  328.524010][T13650] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  328.524022][T13650] RBP: 00007f545ff84090 R08: 0000000000000000 R09: 0000000000000000
[  328.524033][T13650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.524044][T13650] R13: 00007f545f416038 R14: 00007f545f415fa0 R15: 00007f545f53fa48
[  328.524070][T13650]  </TASK>
[  328.529228][   T29] usb 3-1: Using ep0 maxpacket: 8
[  328.823415][T13654] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1072'.
[  328.843020][T13654] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1072'.
[  328.913798][   T29] usb 3-1: config 0 interface 0 has no altsetting 0
[  328.923048][   T29] usb 3-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=c4.6d
[  328.933556][   T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.941669][   T29] usb 3-1: Product: syz
[  328.946448][   T29] usb 3-1: Manufacturer: syz
[  328.951089][   T29] usb 3-1: SerialNumber: syz
[  328.964956][   T29] usb 3-1: config 0 descriptor??
[  328.977548][   T29] gspca_main: sonixj-2.14.0 probing 0c45:614a
[  329.120377][T13659] batman_adv: batadv0: Interface deactivated: dummy0
[  329.127555][T13659] batman_adv: batadv0: Removing interface: dummy0
[  329.154521][T13659] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  330.690000][T13684] netlink: 'syz.0.1082': attribute type 4 has an invalid length.
[  330.767900][T13684] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1082'.
[  330.836480][T13684] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  331.396541][T13709] loop2: detected capacity change from 0 to 7
[  331.409457][T13709] Dev loop2: unable to read RDB block 7
[  331.445349][T13709]  loop2: AHDI p1 p2
[  331.450998][T13709] loop2: partition table partially beyond EOD, truncated
[  331.466761][T13709] loop2: p1 start 1700753509 is beyond EOD, truncated
[  331.489554][ T5877] usb 3-1: USB disconnect, device number 36
[  332.147314][    T9] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  332.528739][    T9] usb 4-1: config 0 has an invalid interface number: 117 but max is 0
[  332.541349][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  332.566128][    T9] usb 4-1: config 0 has no interface number 0
[  332.584539][    T9] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  332.611064][    T9] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  332.652894][    T9] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  332.716240][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.741743][    T9] usb 4-1: Product: syz
[  332.767272][    T9] usb 4-1: Manufacturer: syz
[  332.780804][    T9] usb 4-1: SerialNumber: syz
[  332.813364][    T9] usb 4-1: config 0 descriptor??
[  333.252539][T13722] netlink: 'syz.3.1095': attribute type 29 has an invalid length.
[  333.264117][T13722] netlink: 'syz.3.1095': attribute type 29 has an invalid length.
[  333.773943][T13752] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  333.786282][T13752] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  333.852120][T13752] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  333.862412][   T29] usb 4-1: USB disconnect, device number 37
[  333.886792][T13752] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  333.908038][T13752] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  333.915829][T13752] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  333.927534][T13752] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  333.933994][T13752] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  333.949560][T13752] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  333.974484][T13752] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  333.975041][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  333.975054][   T30] audit: type=1326 audit(1774154107.528:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13759 comm="syz.0.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  334.045185][   T30] audit: type=1326 audit(1774154107.568:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13759 comm="syz.0.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  334.172125][   T30] audit: type=1326 audit(1774154107.568:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13759 comm="syz.0.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  334.392857][   T30] audit: type=1326 audit(1774154107.568:437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13759 comm="syz.0.1105" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  334.547352][T13776] netlink: 'syz.0.1113': attribute type 7 has an invalid length.
[  334.555245][T13776] netlink: 'syz.0.1113': attribute type 8 has an invalid length.
[  334.774911][T13787] netlink: 384 bytes leftover after parsing attributes in process `syz.3.1114'.
[  335.550170][   T30] audit: type=1326 audit(1774154109.088:438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13790 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  335.648693][   T30] audit: type=1326 audit(1774154109.088:439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13790 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  335.803606][   T30] audit: type=1326 audit(1774154109.088:440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13790 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  335.822119][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  335.912928][   T30] audit: type=1326 audit(1774154109.088:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13790 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  335.942158][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  335.951237][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  336.022330][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  336.028379][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  336.289023][   T30] audit: type=1326 audit(1774154109.088:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13790 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  336.711729][T13801] pim6reg: entered allmulticast mode
[  336.719482][T13801] pim6reg: left allmulticast mode
[  337.012289][ T5877] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  337.207017][ T5877] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  337.215747][ T5877] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  337.231176][ T5877] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  337.250956][ T5877] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  337.294931][ T5877] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  337.367906][ T5877] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  337.520295][ T5877] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  337.569400][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  337.628571][ T5877] usb 3-1: Product: syz
[  337.678875][ T5877] usb 3-1: Manufacturer: syz
[  337.716897][T13802] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  337.756196][ T5877] cdc_wdm 3-1:1.0: skipping garbage
[  337.761425][ T5877] cdc_wdm 3-1:1.0: skipping garbage
[  337.792417][   T29] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  337.816199][ T5877] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  337.842853][ T5823] Bluetooth: hci1: command 0x0406 tx timeout
[  337.854911][ T5877] cdc_wdm 3-1:1.0: Unknown control protocol
[  337.999038][   T29] usb 5-1: config 0 has no interfaces?
[  338.003376][ T5823] Bluetooth: hci2: command 0x0406 tx timeout
[  338.005081][   T29] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  338.071998][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.083519][ T5823] Bluetooth: hci4: command 0x0406 tx timeout
[  338.085111][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  338.089589][ T5823] Bluetooth: hci3: command 0x0406 tx timeout
[  338.117506][   T30] audit: type=1326 audit(1774154111.668:443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13828 comm="syz.3.1127" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f545f19c799 code=0x7ffc0000
[  338.165714][   T29] usb 5-1: config 0 descriptor??
[  338.214815][T13835] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  338.408744][   T29] usb 5-1: USB disconnect, device number 38
[  338.508345][T13838] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  338.626342][T13841] team0: left allmulticast mode
[  338.902134][ T5877] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  339.112202][ T5877] usb 2-1: device descriptor read/64, error -71
[  339.133081][   T29] usb 3-1: USB disconnect, device number 37
[  339.356506][ T5877] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  339.513769][ T5877] usb 2-1: device descriptor read/64, error -71
[  339.623838][ T5877] usb usb2-port1: attempt power cycle
[  339.857472][T13856] FAULT_INJECTION: forcing a failure.
[  339.857472][T13856] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  339.972392][T13856] CPU: 1 UID: 0 PID: 13856 Comm: syz.2.1133 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  339.972421][T13856] Tainted: [L]=SOFTLOCKUP
[  339.972427][T13856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  339.972439][T13856] Call Trace:
[  339.972446][T13856]  <TASK>
[  339.972453][T13856]  dump_stack_lvl+0xe8/0x150
[  339.972483][T13856]  should_fail_ex+0x412/0x560
[  339.972514][T13856]  _copy_to_user+0x31/0xb0
[  339.972538][T13856]  simple_read_from_buffer+0xe1/0x170
[  339.972570][T13856]  proc_fail_nth_read+0x1bb/0x230
[  339.972597][T13856]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  339.972624][T13856]  ? rw_verify_area+0x2a6/0x4d0
[  339.972643][T13856]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  339.972669][T13856]  vfs_read+0x20c/0xa70
[  339.972686][T13856]  ? fdget_pos+0x246/0x320
[  339.972708][T13856]  ? ksys_read+0x1e6/0x270
[  339.972728][T13856]  ? __pfx___mutex_lock+0x10/0x10
[  339.972749][T13856]  ? __pfx_vfs_read+0x10/0x10
[  339.972769][T13856]  ? __fget_files+0x2a/0x420
[  339.972799][T13856]  ? __fget_files+0x3a0/0x420
[  339.972823][T13856]  ? __fget_files+0x2a/0x420
[  339.972853][T13856]  ksys_read+0x150/0x270
[  339.972875][T13856]  ? __pfx_ksys_read+0x10/0x10
[  339.972904][T13856]  do_syscall_64+0x14d/0xf80
[  339.972923][T13856]  ? trace_irq_disable+0x3b/0x150
[  339.972947][T13856]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.972965][T13856]  ? clear_bhb_loop+0x40/0x90
[  339.972986][T13856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.973005][T13856] RIP: 0033:0x7fb81575cfce
[  339.973022][T13856] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  339.973038][T13856] RSP: 002b:00007fb8165c1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  339.973059][T13856] RAX: ffffffffffffffda RBX: 00007fb8165c26c0 RCX: 00007fb81575cfce
[  339.973073][T13856] RDX: 000000000000000f RSI: 00007fb8165c20a0 RDI: 000000000000000e
[  339.973084][T13856] RBP: 00007fb8165c2090 R08: 0000000000000000 R09: 0000000000000000
[  339.973096][T13856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.973106][T13856] R13: 00007fb815a16218 R14: 00007fb815a16180 R15: 00007fb815b3fa48
[  339.973136][T13856]  </TASK>
[  339.992480][ T5877] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  340.905503][ T5877] usb 2-1: device descriptor read/8, error -71
[  341.184628][ T5877] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  341.354310][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  341.354621][   T30] audit: type=1326 audit(1774154114.908:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.2.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  341.404444][ T5877] usb 2-1: device not accepting address 48, error -71
[  341.424155][ T5877] usb usb2-port1: unable to enumerate USB device
[  341.430624][   T30] audit: type=1326 audit(1774154114.908:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.2.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  341.536311][   T30] audit: type=1326 audit(1774154114.958:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.2.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  341.578202][   T30] audit: type=1326 audit(1774154114.958:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.2.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  341.647247][   T30] audit: type=1326 audit(1774154114.958:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13875 comm="syz.2.1140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb81579c799 code=0x7ffc0000
[  341.687751][T13889] input: syz0 as /devices/virtual/input/input36
[  341.694268][T13889] input: failed to attach handler leds to device input36, error: -6
[  341.882404][ T5877] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  342.054126][ T5877] usb 2-1: config 0 has no interfaces?
[  342.059825][ T5877] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  342.098081][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.147464][ T5877] usb 2-1: config 0 descriptor??
[  342.513791][   T29] usb 2-1: USB disconnect, device number 49
[  343.881552][   T30] audit: type=1326 audit(1774154117.428:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13917 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  343.992209][   T30] audit: type=1326 audit(1774154117.428:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13917 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  344.022307][   T29] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  344.123860][   T30] audit: type=1326 audit(1774154117.428:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13917 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  344.239085][   T30] audit: type=1326 audit(1774154117.428:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13917 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  344.263204][   T29] usb 3-1: Using ep0 maxpacket: 16
[  344.274656][   T29] usb 3-1: unable to get BOS descriptor or descriptor too short
[  344.313262][   T29] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  344.333280][   T30] audit: type=1326 audit(1774154117.428:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13917 comm="syz.4.1153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  344.336621][   T29] usb 3-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  344.491631][T13926] loop2: detected capacity change from 0 to 7
[  344.596267][T13926]  loop2:
[  344.599241][T13926] loop2: partition table partially beyond EOD, truncated
[  344.629229][   T29] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.650338][   T29] usb 3-1: Product: syz
[  344.671216][   T29] usb 3-1: Manufacturer: syz
[  344.693076][   T29] usb 3-1: SerialNumber: syz
[  345.284518][T13944] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1160'.
[  345.401723][T13950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.473278][T13950] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  345.508239][ T5925] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  345.683834][ T5925] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  345.701627][ T5925] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.771104][ T5925] usb 5-1: config 0 descriptor??
[  345.801322][ T5925] cp210x 5-1:0.0: cp210x converter detected
[  346.055265][T13960] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1165'.
[  346.219779][ T5925] usb 5-1: cp210x converter now attached to ttyUSB0
[  346.418722][ T5925] usb 5-1: USB disconnect, device number 39
[  346.468342][ T5925] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  346.522031][   T29] usb 3-1: Audio class v2/v3 interfaces need an interface association
[  346.532509][ T5925] cp210x 5-1:0.0: device disconnected
[  346.539902][   T29] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22
[  346.663980][   T29] usb 3-1: USB disconnect, device number 38
[  346.694249][T11800] udevd[11800]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  346.740695][T13976] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1171'.
[  346.759954][T13976] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1171'.
[  346.770627][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  346.923742][    T9] usb 4-1: config 0 has an invalid interface number: 117 but max is 0
[  346.950269][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  347.093435][    T9] usb 4-1: config 0 has no interface number 0
[  347.140010][    T9] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  347.232217][    T9] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  347.312172][    T9] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  347.329056][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.339675][    T9] usb 4-1: Product: syz
[  347.345556][    T9] usb 4-1: Manufacturer: syz
[  347.350279][    T9] usb 4-1: SerialNumber: syz
[  347.363864][    T9] usb 4-1: config 0 descriptor??
[  347.572079][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  347.910166][T13964] netlink: 'syz.3.1167': attribute type 29 has an invalid length.
[  347.918861][T13964] netlink: 'syz.3.1167': attribute type 29 has an invalid length.
[  347.943145][T13995] netlink: 'syz.1.1177': attribute type 7 has an invalid length.
[  347.951111][T13995] netlink: 'syz.1.1177': attribute type 8 has an invalid length.
[  348.245517][ T5908] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  348.368355][T14004] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1179'.
[  348.501632][ T5908] usb 2-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  348.519860][    T9] usb 4-1: USB disconnect, device number 38
[  348.579674][ T5908] usb 2-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  348.623437][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.633489][ T5908] usb 2-1: Product: syz
[  348.637667][ T5908] usb 2-1: Manufacturer: syz
[  348.642518][ T5908] usb 2-1: SerialNumber: syz
[  348.652999][ T5908] usb 2-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  349.414907][ T5908] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  349.458625][ T5908] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  349.488215][ T5908] usb 2-1: media controller created
[  349.585747][ T5908] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  349.778610][T14013] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1182'.
[  350.308203][ T5908] usb 2-1: USB disconnect, device number 50
[  350.426002][T14028] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1186'.
[  350.437491][T14028] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1186'.
[  350.460805][T14027] fuse: Bad value for 'group_id'
[  350.465798][T14027] fuse: Bad value for 'group_id'
[  350.738818][T14030] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1185'.
[  350.918092][T14031] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  350.942209][T14028] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  350.959419][T14028] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1186'.
[  351.052168][ T5908] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  351.278769][ T5908] usb 2-1: Using ep0 maxpacket: 32
[  351.289058][ T5908] usb 2-1: config 0 has an invalid interface number: 188 but max is 0
[  351.297780][ T5908] usb 2-1: config 0 has no interface number 0
[  351.309256][ T5908] usb 2-1: config 0 interface 188 altsetting 0 endpoint 0x82 has invalid maxpacket 27168, setting to 1024
[  351.368412][ T5908] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  351.593046][T14040] binder_alloc: 14039: binder_alloc_buf, no vma
[  351.626268][ T5908] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  351.637063][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.670762][ T5908] usb 2-1: Product: syz
[  351.691534][T14042] syzkaller0: entered promiscuous mode
[  351.697611][ T5908] usb 2-1: Manufacturer: syz
[  351.701476][T14042] syzkaller0: entered allmulticast mode
[  351.704061][ T5908] usb 2-1: SerialNumber: syz
[  351.752679][ T5876] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  351.773127][ T5908] usb 2-1: config 0 descriptor??
[  351.782588][T14027] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  351.903607][ T5876] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  351.912688][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  351.942131][ T5876] usb 3-1: config 0 has no interface number 0
[  351.953229][ T5876] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  351.991245][T14027] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  352.028794][ T5876] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  352.075148][ T5876] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  352.093002][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.122104][ T5876] usb 3-1: Product: syz
[  352.142142][ T5876] usb 3-1: Manufacturer: syz
[  352.152392][ T5876] usb 3-1: SerialNumber: syz
[  352.169169][ T5876] usb 3-1: config 0 descriptor??
[  352.221795][ T5908] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  352.236964][ T5908] asix 2-1:0.188: probe with driver asix failed with error -61
[  352.239247][T14050] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1195'.
[  352.626598][T14037] netlink: 'syz.2.1190': attribute type 29 has an invalid length.
[  352.635088][T14037] netlink: 'syz.2.1190': attribute type 29 has an invalid length.
[  352.800382][ T5876] usb 2-1: USB disconnect, device number 51
[  353.173329][ T5876] usb 3-1: USB disconnect, device number 39
[  353.201500][T14064] FAULT_INJECTION: forcing a failure.
[  353.201500][T14064] name failslab, interval 1, probability 0, space 0, times 0
[  353.224795][T14064] CPU: 0 UID: 0 PID: 14064 Comm: syz.1.1201 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  353.224822][T14064] Tainted: [L]=SOFTLOCKUP
[  353.224829][T14064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  353.224840][T14064] Call Trace:
[  353.224905][T14064]  <TASK>
[  353.224947][T14064]  dump_stack_lvl+0xe8/0x150
[  353.225070][T14064]  should_fail_ex+0x412/0x560
[  353.225193][T14064]  should_failslab+0xa8/0x100
[  353.225242][T14064]  __kmalloc_cache_noprof+0x88/0x660
[  353.225269][T14064]  ? sctp_v6_cmp_addr+0x15/0xd0
[  353.225419][T14064]  ? sctp_add_bind_addr+0x8c/0x370
[  353.225495][T14064]  sctp_add_bind_addr+0x8c/0x370
[  353.225524][T14064]  sctp_copy_local_addr_list+0x314/0x4f0
[  353.225603][T14064]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  353.225628][T14064]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  353.225657][T14064]  ? sctp_v6_is_any+0x64/0x80
[  353.225693][T14064]  ? sctp_copy_one_addr+0x93/0x360
[  353.225722][T14064]  sctp_bind_addr_copy+0xb3/0x3c0
[  353.225749][T14064]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  353.225774][T14064]  sctp_connect_new_asoc+0x2ff/0x6b0
[  353.225798][T14064]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  353.225825][T14064]  ? __local_bh_enable_ip+0xd0/0x130
[  353.225870][T14064]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  353.225909][T14064]  ? security_sctp_bind_connect+0x7e/0x2c0
[  353.226003][T14064]  sctp_sendmsg+0x1528/0x2c10
[  353.226038][T14064]  ? __pfx_sctp_sendmsg+0x10/0x10
[  353.226060][T14064]  ? aa_sk_perm+0x6d5/0x900
[  353.226124][T14064]  ? __pfx_aa_sk_perm+0x10/0x10
[  353.226152][T14064]  ? sock_rps_record_flow+0x19/0x400
[  353.226229][T14064]  ? __pfx_inet_sendmsg+0x10/0x10
[  353.226251][T14064]  ? inet_sendmsg+0x2f4/0x370
[  353.226272][T14064]  ? __pfx_inet_sendmsg+0x10/0x10
[  353.226295][T14064]  __sys_sendto+0x5de/0x710
[  353.226356][T14064]  ? __pfx___sys_sendto+0x10/0x10
[  353.226371][T14064]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  353.226447][T14064]  ? __fget_files+0x3a0/0x420
[  353.226494][T14064]  ? ksys_write+0x242/0x270
[  353.226521][T14064]  ? __pfx_ksys_write+0x10/0x10
[  353.226545][T14064]  __x64_sys_sendto+0xde/0x100
[  353.226567][T14064]  do_syscall_64+0x14d/0xf80
[  353.226639][T14064]  ? trace_irq_disable+0x3b/0x150
[  353.226684][T14064]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.226716][T14064]  ? clear_bhb_loop+0x40/0x90
[  353.226738][T14064]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.226756][T14064] RIP: 0033:0x7f0866b9c799
[  353.226805][T14064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  353.226820][T14064] RSP: 002b:00007f0867aec028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  353.226867][T14064] RAX: ffffffffffffffda RBX: 00007f0866e15fa0 RCX: 00007f0866b9c799
[  353.226879][T14064] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  353.226890][T14064] RBP: 00007f0867aec090 R08: 0000200000000080 R09: 000000000000001c
[  353.226902][T14064] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002
[  353.226913][T14064] R13: 00007f0866e16038 R14: 00007f0866e15fa0 R15: 00007f0866f3fa48
[  353.226942][T14064]  </TASK>
[  353.837158][T14071] binder_alloc: 14069: binder_alloc_buf, no vma
[  353.880191][T14078] Invalid logical block size (8448)
[  353.889095][T14073] pim6reg: entered allmulticast mode
[  353.926115][T14076] syzkaller0: entered promiscuous mode
[  353.931602][T14076] syzkaller0: entered allmulticast mode
[  353.973141][T14072] pim6reg: left allmulticast mode
[  354.212591][T14091] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1210'.
[  354.286761][ T5876] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  354.432395][ T5908] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  354.582130][ T5876] usb 3-1: Using ep0 maxpacket: 16
[  354.647648][ T5876] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  354.655936][ T5876] usb 3-1: config 0 has no interface number 0
[  354.721099][ T5876] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  354.756360][ T5908] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  354.767840][ T5908] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  354.784509][ T5876] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  354.892382][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  354.900645][ T5908] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  354.910106][ T5876] usb 3-1: Product: syz
[  355.307549][ T5876] usb 3-1: SerialNumber: syz
[  355.313385][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.322357][ T5876] usb 3-1: config 0 descriptor??
[  355.344809][ T5876] usbhid 3-1:0.8: couldn't find an input interrupt endpoint
[  355.355310][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  355.355326][   T30] audit: type=1326 audit(1774154128.908:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  355.436855][   T30] audit: type=1326 audit(1774154128.908:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  355.463616][   T30] audit: type=1326 audit(1774154128.908:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0866b5cfce code=0x7ffc0000
[  355.512358][   T30] audit: type=1326 audit(1774154128.908:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  355.534947][   T30] audit: type=1326 audit(1774154128.908:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  355.570662][   T29] usb 3-1: USB disconnect, device number 40
[  355.709848][   T30] audit: type=1326 audit(1774154128.938:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  355.771205][ T5908] usb 4-1: usb_control_msg returned -32
[  355.784721][ T5908] usbtmc 4-1:16.0: can't read capabilities
[  355.849630][   T30] audit: type=1326 audit(1774154128.938:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  355.958972][   T30] audit: type=1326 audit(1774154128.938:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  356.047229][   T30] audit: type=1326 audit(1774154128.938:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  356.080106][   T30] audit: type=1326 audit(1774154128.938:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14101 comm="syz.1.1214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0866b9c799 code=0x7ffc0000
[  356.157987][T14117] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1211'.
[  356.166249][T14119] fuse: Unknown parameter 'fd0x0000000000000004'
[  356.213399][T14120] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1217'.
[  356.288718][T14122] binder_alloc: 14121: binder_alloc_buf, no vma
[  356.363772][ T5925] usb 4-1: USB disconnect, device number 39
[  356.532369][   T29] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  356.692226][   T29] usb 3-1: Using ep0 maxpacket: 32
[  356.699835][   T29] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  356.846581][ T5908] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  356.963440][   T29] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  356.990895][   T29] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  357.009765][   T29] usb 3-1: Product: syz
[  357.017450][   T29] usb 3-1: Manufacturer: syz
[  357.026711][   T29] usb 3-1: SerialNumber: syz
[  357.040365][   T29] usb 3-1: config 0 descriptor??
[  357.058122][ T5908] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  357.067603][ T5908] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.076632][T14115] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  357.084008][ T5908] usb 5-1: Product: syz
[  357.121879][ T5908] usb 5-1: Manufacturer: syz
[  357.136923][ T5908] usb 5-1: SerialNumber: syz
[  357.165516][   T29] hub 3-1:0.0: bad descriptor, ignoring hub
[  357.165533][   T29] hub 3-1:0.0: probe with driver hub failed with error -5
[  357.210401][ T5908] usb 5-1: config 0 descriptor??
[  357.253772][ T5908] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 040
[  357.665461][ T5908]  (null): failure reading functionality
[  357.680294][ T5908] i2c i2c-1: connected i2c-tiny-usb device
[  357.837843][T14142] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1224'.
[  357.874891][T14142] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1224'.
[  358.495998][ T5908] usb 5-1: USB disconnect, device number 40
[  360.422558][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  360.422577][   T30] audit: type=1326 audit(1774154133.978:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.4.1232" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0ca79c799 code=0x0
[  360.704671][T14171] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1233'.
[  361.416341][T14182] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1234'.
[  362.369338][T14193] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1236'.
[  362.387759][T14192] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  362.847449][   T30] audit: type=1326 audit(1774154136.398:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  362.871892][   T30] audit: type=1326 audit(1774154136.398:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9cd675cfce code=0x7ffc0000
[  362.872803][   T29] usb 3-1: USB disconnect, device number 41
[  363.107062][   T30] audit: type=1326 audit(1774154136.398:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  363.154506][ T1207] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  363.281409][   T30] audit: type=1326 audit(1774154136.398:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  363.402981][ T1207] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.417957][   T30] audit: type=1326 audit(1774154136.398:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  363.458094][ T1207] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.509133][ T1207] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00
[  363.518311][   T30] audit: type=1326 audit(1774154136.398:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  363.652276][ T1207] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.666163][ T1207] usb 4-1: config 0 descriptor??
[  363.692299][   T30] audit: type=1326 audit(1774154136.398:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  364.016552][   T30] audit: type=1326 audit(1774154136.398:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  364.145006][   T30] audit: type=1326 audit(1774154136.398:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14200 comm="syz.0.1240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  364.324187][ T1207] hid-led 0003:1D34:000A.0006: unknown main item tag 0x0
[  364.333605][ T1207] hid-led 0003:1D34:000A.0006: unknown main item tag 0x0
[  364.357664][ T1207] hid-led 0003:1D34:000A.0006: unknown main item tag 0x0
[  364.601823][ T1207] hid-led 0003:1D34:000A.0006: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.3-1/input0
[  364.705021][ T1207] hid-led 0003:1D34:000A.0006: Dream Cheeky Webmail Notifier initialized
[  365.026256][T14231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1246'.
[  365.310413][T14242] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1248'.
[  365.636638][ T5876] usb 2-1: new full-speed USB device number 52 using dummy_hcd
[  365.846964][ T5876] usb 2-1: config 2 has an invalid interface number: 88 but max is 0
[  365.914245][ T5876] usb 2-1: config 2 has no interface number 0
[  365.942645][ T5876] usb 2-1: config 2 interface 88 altsetting 7 endpoint 0x6 has invalid maxpacket 256, setting to 64
[  365.954805][ T5876] usb 2-1: config 2 interface 88 altsetting 7 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  366.010468][ T5876] usb 2-1: config 2 interface 88 has no altsetting 0
[  366.030187][ T5908] usb 4-1: USB disconnect, device number 40
[  366.050894][ T5876] usb 2-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  366.083319][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.116917][ T5876] usb 2-1: Product: syz
[  366.135201][ T5876] usb 2-1: Manufacturer: syz
[  366.140657][ T5876] usb 2-1: SerialNumber: syz
[  366.160048][T14243] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  366.167797][T14243] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  366.385605][T14240] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  366.393530][T14240] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  366.534007][T14255] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  366.774795][T14254] fuse: Bad value for 'fd'
[  367.132328][ T5908] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  367.288693][T14267] FAULT_INJECTION: forcing a failure.
[  367.288693][T14267] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  367.311741][T14267] CPU: 1 UID: 0 PID: 14267 Comm: syz.4.1256 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  367.311769][T14267] Tainted: [L]=SOFTLOCKUP
[  367.311775][T14267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  367.311790][T14267] Call Trace:
[  367.311798][T14267]  <TASK>
[  367.311806][T14267]  dump_stack_lvl+0xe8/0x150
[  367.311837][T14267]  should_fail_ex+0x412/0x560
[  367.311868][T14267]  _copy_from_user+0x2d/0xb0
[  367.311953][T14267]  ___sys_sendmsg+0x1c6/0x360
[  367.311981][T14267]  ? __pfx____sys_sendmsg+0x10/0x10
[  367.312018][T14267]  ? __fget_files+0x2a/0x420
[  367.312034][T14267]  ? __fget_files+0x3a0/0x420
[  367.312068][T14267]  __x64_sys_sendmsg+0x1bd/0x2a0
[  367.312091][T14267]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  367.312120][T14267]  ? __pfx_ksys_write+0x10/0x10
[  367.312150][T14267]  do_syscall_64+0x14d/0xf80
[  367.312165][T14267]  ? trace_irq_disable+0x3b/0x150
[  367.312180][T14267]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.312190][T14267]  ? clear_bhb_loop+0x40/0x90
[  367.312203][T14267]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  367.312221][T14267] RIP: 0033:0x7fa0ca79c799
[  367.312239][T14267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  367.312254][T14267] RSP: 002b:00007fa0c89f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  367.312274][T14267] RAX: ffffffffffffffda RBX: 00007fa0caa15fa0 RCX: 00007fa0ca79c799
[  367.312287][T14267] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000006
[  367.312298][T14267] RBP: 00007fa0c89f6090 R08: 0000000000000000 R09: 0000000000000000
[  367.312305][T14267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  367.312310][T14267] R13: 00007fa0caa16038 R14: 00007fa0caa15fa0 R15: 00007fa0cab3fa48
[  367.312325][T14267]  </TASK>
[  367.805159][ T5908] usb 3-1: Using ep0 maxpacket: 16
[  367.831163][ T5908] usb 3-1: config 0 has no interfaces?
[  367.858094][   T30] audit: type=1326 audit(1774154141.408:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14268 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  367.942516][ T5908] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  367.970804][   T30] audit: type=1326 audit(1774154141.408:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14268 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  367.995390][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.028200][ T5908] usb 3-1: Product: syz
[  368.082594][ T5908] usb 3-1: Manufacturer: syz
[  368.092239][ T5908] usb 3-1: SerialNumber: syz
[  368.107019][   T30] audit: type=1326 audit(1774154141.408:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14268 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  368.131788][ T5908] usb 3-1: config 0 descriptor??
[  368.229932][   T30] audit: type=1326 audit(1774154141.408:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14268 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  368.293991][   T30] audit: type=1326 audit(1774154141.408:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14268 comm="syz.0.1258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  368.320098][ T5908] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  368.403354][ T5877] usb 3-1: USB disconnect, device number 42
[  368.452352][ T5876] asix 2-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  368.462733][ T5876] asix 2-1:2.88: probe with driver asix failed with error -71
[  368.482499][ T5876] usb 2-1: USB disconnect, device number 52
[  368.504206][ T5908] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  368.516910][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  368.547803][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  368.863357][ T5908] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  368.880675][ T5908] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  368.891832][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.917507][ T5908] usb 4-1: config 0 descriptor??
[  369.610616][ T5908] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  369.669729][ T5908] usb 4-1: USB disconnect, device number 41
[  369.750907][T14294] fido_id[14294]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  369.766594][ T5877] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  369.934174][ T5877] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  369.945054][ T5877] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  369.971707][T14300] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1266'.
[  370.020325][ T5877] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  370.036273][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  370.044723][ T5877] usb 3-1: SerialNumber: syz
[  370.191557][   T30] audit: type=1326 audit(1774154143.738:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14301 comm="syz.0.1267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  370.239816][   T30] audit: type=1326 audit(1774154143.738:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14301 comm="syz.0.1267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  370.302568][   T30] audit: type=1326 audit(1774154143.738:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14301 comm="syz.0.1267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  370.365356][ T5877] usb 3-1: 0:2 : does not exist
[  370.403525][ T5877] usb 3-1: unit 5: unexpected type 0x09
[  370.410783][   T30] audit: type=1326 audit(1774154143.738:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14301 comm="syz.0.1267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  370.476457][   T30] audit: type=1326 audit(1774154143.738:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14301 comm="syz.0.1267" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9cd675cfce code=0x7ffc0000
[  370.530586][ T5877] usb 3-1: USB disconnect, device number 43
[  371.522223][    T9] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  371.705448][T14325] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  371.719670][T14325] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1273'.
[  372.592072][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  373.126101][T14343] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1279'.
[  373.952074][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  373.972076][    T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!!
[  374.191960][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  374.211537][    T9] usb 3-1: unable to read config index 0 descriptor/start: -71
[  374.236902][T14352] input: syz0 as /devices/virtual/input/input40
[  374.262107][    T9] usb 3-1: can't read configurations, error -71
[  374.290971][T14359] netlink: 'syz.0.1282': attribute type 30 has an invalid length.
[  374.476473][T14364] loop5: detected capacity change from 0 to 6303
[  374.545968][T11800] buffer_io_error: 7 callbacks suppressed
[  374.545985][T11800] Buffer I/O error on dev loop5, logical block 787, async page read
[  374.810420][T14373] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  374.868743][T14375] binder: BINDER_SET_CONTEXT_MGR already set
[  374.874916][T14375] binder: 14374:14375 ioctl 4018620d 200000000040 returned -16
[  374.889324][T14375] binder: 14374:14375 ioctl c0306201 200000000240 returned -11
[  375.982526][ T5877] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  376.131798][ T5877] usb 5-1: device descriptor read/64, error -71
[  376.138101][    T9] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  376.303375][    T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  376.315043][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  376.341190][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  376.369356][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  376.383052][    T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  376.404459][ T5877] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  376.454337][    T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  376.470680][    T9] usb 4-1: Product: syz
[  376.474944][    T9] usb 4-1: Manufacturer: syz
[  376.480872][T14402] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1296'.
[  376.593220][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  376.599691][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  376.679439][ T5877] usb 5-1: device descriptor read/64, error -71
[  376.696048][    T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  376.724526][    T9] cdc_wdm 4-1:1.0: Unknown control protocol
[  376.826107][ T5877] usb usb5-port1: attempt power cycle
[  376.839066][ T5876] usb 4-1: USB disconnect, device number 42
[  377.182352][ T5877] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  377.219451][ T5877] usb 5-1: device descriptor read/8, error -71
[  377.432184][ T5876] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  377.583631][ T5876] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  377.597586][ T5876] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  377.622213][ T5877] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  377.640030][ T5876] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  377.676614][ T5876] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  377.689589][ T5877] usb 5-1: device descriptor read/8, error -71
[  377.725418][ T5876] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  377.734644][ T5908] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  377.745157][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  377.763110][ T5876] usb 4-1: Product: syz
[  377.767425][ T5876] usb 4-1: Manufacturer: syz
[  377.782875][ T5876] cdc_wdm 4-1:1.0: skipping garbage
[  377.790735][ T5876] cdc_wdm 4-1:1.0: skipping garbage
[  377.801613][ T5876] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  377.807762][ T5876] cdc_wdm 4-1:1.0: Unknown control protocol
[  377.814839][ T5877] usb usb5-port1: unable to enumerate USB device
[  377.892200][ T5908] usb 3-1: Using ep0 maxpacket: 32
[  377.900373][ T5908] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  377.909944][ T5908] usb 3-1: config 0 has no interface number 0
[  377.918446][ T5908] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  377.942097][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.958699][ T5908] usb 3-1: Product: syz
[  377.967034][ T5908] usb 3-1: Manufacturer: syz
[  377.973816][ T5908] usb 3-1: SerialNumber: syz
[  377.985319][ T5908] usb 3-1: config 0 descriptor??
[  378.405470][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.410433][ T5908] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61
[  378.411982][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.426647][ T5908] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  378.625799][ T5908] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  378.651098][ T5908] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  378.666437][ T5908] usb 3-1: USB disconnect, device number 46
[  378.813903][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.820535][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.827102][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.833728][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.840009][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.846609][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.852915][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.859517][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.865804][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.872422][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.878701][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.885301][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.891568][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.898161][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.904408][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.911006][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.917283][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.923885][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.930145][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  378.936744][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  378.944356][ T5876] usb 4-1: USB disconnect, device number 43
[  378.944429][    C0] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  379.314040][T14441] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1310'.
[  379.631980][T14453] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1311'.
[  380.246176][T14465] input: syz0 as /devices/virtual/input/input41
[  380.859077][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  380.859094][   T30] audit: type=1326 audit(1774154154.408:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.078306][   T30] audit: type=1326 audit(1774154154.408:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.174976][T14489] netlink: 'syz.2.1322': attribute type 4 has an invalid length.
[  381.184196][   T30] audit: type=1326 audit(1774154154.408:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.232456][T14492] input: syz0 as /devices/virtual/input/input42
[  381.248717][T14493] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1323'.
[  381.347757][   T30] audit: type=1326 audit(1774154154.408:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.405874][   T30] audit: type=1326 audit(1774154154.408:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.430469][   T30] audit: type=1326 audit(1774154154.408:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.508402][   T30] audit: type=1326 audit(1774154154.408:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.509859][T14497] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1325'.
[  381.604133][ T5905] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  381.621567][   T30] audit: type=1326 audit(1774154154.408:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.621592][T14504] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1325'.
[  381.687359][   T30] audit: type=1326 audit(1774154154.408:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.705853][T14497] netlink: 'syz.3.1325': attribute type 2 has an invalid length.
[  381.738074][   T30] audit: type=1326 audit(1774154154.408:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14480 comm="syz.0.1319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f9cd679c799 code=0x7ffc0000
[  381.784493][T14497] netlink: 164 bytes leftover after parsing attributes in process `syz.3.1325'.
[  381.795924][T14504] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1325'.
[  381.816439][ T5905] usb 2-1: Using ep0 maxpacket: 16
[  381.831666][ T5905] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  381.846797][ T5905] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.939408][ T5905] usb 2-1: Product: syz
[  381.984726][ T5905] usb 2-1: Manufacturer: syz
[  381.989388][ T5905] usb 2-1: SerialNumber: syz
[  381.997254][ T5905] usb 2-1: config 0 descriptor??
[  382.014891][ T5905] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  382.612241][ T1207] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  382.762400][ T5905] ssu100 2-1:0.0: probe with driver ssu100 failed with error -110
[  382.852159][ T1207] usb 5-1: Using ep0 maxpacket: 16
[  382.858759][ T1207] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  382.871623][ T1207] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  382.880917][ T1207] usb 5-1: New USB device strings: Mfr=140, Product=215, SerialNumber=3
[  382.896691][ T1207] usb 5-1: Product: syz
[  382.898159][T14523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1331'.
[  382.900859][ T1207] usb 5-1: Manufacturer: syz
[  382.940560][ T1207] usb 5-1: SerialNumber: syz
[  382.959428][ T1207] usb 5-1: config 0 descriptor??
[  382.974553][ T1207] pegasus_notetaker 5-1:0.0: Invalid number of endpoints
[  382.981781][ T1207] pegasus_notetaker 5-1:0.0: probe with driver pegasus_notetaker failed with error -22
[  383.274095][T14528] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1332'.
[  383.350692][T14517] vlan2: entered promiscuous mode
[  383.439353][ T5877] usb 5-1: USB disconnect, device number 45
[  383.928643][T14538] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1334'.
[  384.202131][ T5891] usb 2-1: USB disconnect, device number 53
[  384.212166][ T5877] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  384.255897][T14544] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  384.263809][ T1207] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  384.312548][T14544] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  384.329041][T14550] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1338'.
[  384.362130][ T5877] usb 3-1: Using ep0 maxpacket: 16
[  384.368755][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  384.380345][ T5877] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  384.390313][ T5877] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  384.407912][ T5877] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  384.417191][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.430544][ T5877] usb 3-1: config 0 descriptor??
[  384.463701][ T1207] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  384.474755][ T1207] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  384.493070][ T1207] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  384.506876][ T1207] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.530499][T14540] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  384.545452][ T1207] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  384.658740][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.674524][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.681872][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.682388][ T5891] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[  384.689685][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.739432][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.752180][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.773982][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.794807][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.812486][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.821828][ T5877] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0
[  384.825623][ T5925] usb 5-1: USB disconnect, device number 46
[  384.860461][ T5877] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0008/input/input43
[  384.875669][ T5891] usb 2-1: unable to get BOS descriptor or descriptor too short
[  384.885344][ T5891] usb 2-1: not running at top speed; connect to a high speed hub
[  384.916182][ T5891] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  384.936610][ T5891] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  384.950142][ T5891] usb 2-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= 0.40
[  384.957292][ T5877] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  384.960479][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.992851][ T5891] usb 2-1: Product: syz
[  384.997030][ T5891] usb 2-1: Manufacturer: syz
[  385.001622][ T5891] usb 2-1: SerialNumber: syz
[  385.012400][ T5877] usb 3-1: USB disconnect, device number 47
[  385.181631][T14563] fido_id[14563]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  385.272895][ T5891] usb 2-1: 0:1 : does not exist
[  385.280717][ T5891] usb 2-1: BAAD GENERIC IO: no channels?
[  385.339906][ T5891] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  385.375818][ T5891] usb 2-1: USB disconnect, device number 54
[  385.392545][T11800] udevd[11800]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  385.472379][ T5877] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  385.632194][ T5877] usb 3-1: Using ep0 maxpacket: 32
[  385.668216][ T5877] usb 3-1: config 0 has no interfaces?
[  385.676466][ T5877] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  385.688531][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.699527][ T5877] usb 3-1: Product: syz
[  385.703861][ T5877] usb 3-1: Manufacturer: syz
[  385.717773][ T5877] usb 3-1: SerialNumber: syz
[  385.722582][ T5876] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  385.738865][ T5877] usb 3-1: config 0 descriptor??
[  385.750205][T14577] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1346'.
[  385.874206][ T5876] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  385.895713][ T5876] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  385.928586][ T5876] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  385.937910][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  385.946037][ T5876] usb 5-1: SerialNumber: syz
[  386.188053][ T5876] usb 5-1: 0:2 : does not exist
[  386.484564][ T5876] usb 5-1: USB disconnect, device number 47
[  386.523052][T11800] udevd[11800]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  387.755690][T14615] xt_CT: You must specify a L4 protocol and not use inversions on it
[  388.384228][ T5891] usb 3-1: USB disconnect, device number 48
[  388.893451][ T5891] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  388.966055][  T796] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  389.124033][  T796] usb 3-1: config 0 has no interfaces?
[  389.129704][  T796] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  389.139387][  T796] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.242521][ T5891] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  389.264050][  T796] usb 3-1: config 0 descriptor??
[  389.265745][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  389.369530][ T5891] usb 2-1: config 0 has no interface number 0
[  389.387437][ T5891] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  389.428910][ T5891] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  389.474193][ T5891] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  389.491111][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.502504][  T796] usb 3-1: USB disconnect, device number 49
[  389.536640][ T5891] usb 2-1: Product: syz
[  389.546389][ T5891] usb 2-1: Manufacturer: syz
[  389.555326][ T5891] usb 2-1: SerialNumber: syz
[  389.717554][ T5891] usb 2-1: config 0 descriptor??
[  390.088002][T14660] FAULT_INJECTION: forcing a failure.
[  390.088002][T14660] name failslab, interval 1, probability 0, space 0, times 0
[  390.130716][T14660] CPU: 0 UID: 0 PID: 14660 Comm: syz.2.1371 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  390.130746][T14660] Tainted: [L]=SOFTLOCKUP
[  390.130753][T14660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  390.130764][T14660] Call Trace:
[  390.130771][T14660]  <TASK>
[  390.130779][T14660]  dump_stack_lvl+0xe8/0x150
[  390.130810][T14660]  should_fail_ex+0x412/0x560
[  390.130842][T14660]  should_failslab+0xa8/0x100
[  390.130866][T14660]  __kmalloc_cache_noprof+0x88/0x660
[  390.130887][T14660]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  390.130914][T14660]  ? sctp_add_bind_addr+0x8c/0x370
[  390.130945][T14660]  sctp_add_bind_addr+0x8c/0x370
[  390.130975][T14660]  sctp_copy_local_addr_list+0x314/0x4f0
[  390.131005][T14660]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  390.131031][T14660]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  390.131057][T14660]  ? sctp_v6_is_any+0x64/0x80
[  390.131079][T14660]  ? sctp_copy_one_addr+0x93/0x360
[  390.131102][T14660]  sctp_bind_addr_copy+0xb3/0x3c0
[  390.131123][T14660]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  390.131144][T14660]  sctp_connect_new_asoc+0x2ff/0x6b0
[  390.131162][T14660]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  390.131184][T14660]  ? __local_bh_enable_ip+0xd0/0x130
[  390.131202][T14660]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  390.131221][T14660]  ? security_sctp_bind_connect+0x7e/0x2c0
[  390.131242][T14660]  sctp_sendmsg+0x1528/0x2c10
[  390.131269][T14660]  ? __pfx_sctp_sendmsg+0x10/0x10
[  390.131287][T14660]  ? aa_sk_perm+0x6d5/0x900
[  390.131312][T14660]  ? __pfx_aa_sk_perm+0x10/0x10
[  390.131334][T14660]  ? sock_rps_record_flow+0x19/0x400
[  390.131351][T14660]  ? __pfx_inet_sendmsg+0x10/0x10
[  390.131375][T14660]  ? inet_sendmsg+0x2f4/0x370
[  390.131392][T14660]  ? __pfx_inet_sendmsg+0x10/0x10
[  390.131410][T14660]  __sys_sendto+0x5de/0x710
[  390.131428][T14660]  ? __pfx___sys_sendto+0x10/0x10
[  390.131440][T14660]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  390.131468][T14660]  ? __fget_files+0x3a0/0x420
[  390.131497][T14660]  ? ksys_write+0x242/0x270
[  390.131515][T14660]  ? __pfx_ksys_write+0x10/0x10
[  390.131535][T14660]  __x64_sys_sendto+0xde/0x100
[  390.131553][T14660]  do_syscall_64+0x14d/0xf80
[  390.131568][T14660]  ? trace_irq_disable+0x3b/0x150
[  390.131589][T14660]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.131604][T14660]  ? clear_bhb_loop+0x40/0x90
[  390.131622][T14660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.131636][T14660] RIP: 0033:0x7fb81579c799
[  390.131650][T14660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  390.131663][T14660] RSP: 002b:00007fb816604028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  390.131680][T14660] RAX: ffffffffffffffda RBX: 00007fb815a15fa0 RCX: 00007fb81579c799
[  390.131691][T14660] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000003
[  390.131700][T14660] RBP: 00007fb816604090 R08: 0000200000000080 R09: 000000000000001c
[  390.131710][T14660] R10: 0000000000000051 R11: 0000000000000246 R12: 0000000000000002
[  390.131719][T14660] R13: 00007fb815a16038 R14: 00007fb815a15fa0 R15: 00007fb815b3fa48
[  390.131742][T14660]  </TASK>
[  390.463168][T14636] netlink: 'syz.1.1360': attribute type 29 has an invalid length.
[  390.477824][T14636] netlink: 'syz.1.1360': attribute type 29 has an invalid length.
[  390.564220][T14664] openvswitch: netlink: IP tunnel dst address not specified
[  390.631329][T14666] fuse: Unknown parameter '
[  390.631329][T14666] TracerPid:	0
[  390.631329][T14666] Uid:	0	0	0	0
[  390.631329][T14666] Gid:	0	0	0	0
[  390.631329][T14666] FDSize:	256
[  390.631329][T14666] Groups:	0 65534 
[  390.631329][T14666] NStgid:	1507
[  390.631329][T14666] NSpid:	1509
[  390.631329][T14666] NSpgid:	1507
[  390.631329][T14666] NSsid:	0
[  390.631329][T14666] Kthread:	0
[  390.631329][T14666] VmPeak:	  102364 kB
[  390.631329][T14666] VmSize:	  102364 kB
[  390.631329][T14666] VmLck:	       0 kB
[  390.631329][T14666] VmPin:	       0 kB
[  390.631329][T14666] VmHWM:	   24448 kB
[  390.631329][T14666] VmRSS:	   24448 kB
[  390.631329][T14666] RssAnon:	    1456 kB
[  390.631329][T14666] RssFile:	   22988 kB
[  390.631329][T14666] RssShmem:	       4 kB
[  390.631329][T14666] VmData:	   36708 kB
[  390.631329][T14666] VmStk:	     132 kB
[  390.631329][T14666] VmExe:	    1772 kB
[  390.631329][T14666] VmLib:	       8 kB
[  390.631329][T14666] VmPTE:	     140 kB
[  390.631329][T14666] VmSwap:	       0 kB
[  390.631329][T14666] HugetlbPages:	       0 kB
[  390.631329][T14666] CoreDumping:	0
[  390.631329][T14666] THP_enabled:	1
[  390.631329][T14666] untag_mask:	0xffffffffffffffff
[  390.631329][T14666] Threads:	4
[  390.631329][T14666] SigQ:	0/12993
[  390.631329][T14666] SigPnd:	0000000000000000
[  390.631329][T14666] ShdPnd:	0000000000000000
[  390.631329][T14666] SigBlk:	0000000000000000
[  390.631329][T14666] SigIgn:	fffffffefffaba35
[  390.631329][T14666] SigCgt:	0000000100010440
[  390.631329][T14666] CapInh:	0000000000000000
[  390.631329][T14666] CapPrm:	000001ffff77ffff
[  390.631329][T14666] CapEff:	000001ffff77ffff
[  390.631329][T14666] CapBnd:	000001ffffffffff
[  390.631329][T14666] CapAmb:	0000000000000000
[  390.631329][T14666] NoNewPrivs:	0
[  390.631329][T14666] Seccomp:	0
[  390.631329][T14666] Seccomp_filters:	0
[  390.631329][T14666] Speculation_Store_Bypass:	thread vulnerable
[  390.631329][T14666] SpeculationIndirectBranch:	conditional enabled
[  391.153535][ T5891] usb 2-1: USB disconnect, device number 55
[  391.192297][ T5925] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[  391.357361][ T5925] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  391.368720][ T5925] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.389326][ T5925] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  391.490220][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.517039][ T5925] hub 4-1:4.0: USB hub found
[  391.851355][ T5925] hub 4-1:4.0: 5 ports detected
[  391.857068][ T5925] usb 4-1: selecting invalid altsetting 1
[  391.863091][ T5925] hub 4-1:4.0: Using single TT (err -22)
[  391.919314][ T5925] hub 4-1:4.0: insufficient power available to use all downstream ports
[  392.076108][T14676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.086635][T14676] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.097316][ T5925] hub 4-1:4.0: hub_hub_status failed (err = -71)
[  392.104076][ T5925] hub 4-1:4.0: config failed, can't get hub status (err -71)
[  392.192335][ T5925] usb 4-1: USB disconnect, device number 44
[  392.272217][  T796] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  392.512213][  T796] usb 5-1: Using ep0 maxpacket: 32
[  392.525104][  T796] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  392.535037][  T796] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.545306][  T796] usb 5-1: config 0 descriptor??
[  392.760986][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  392.760999][   T30] audit: type=1326 audit(1774154166.308:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  392.790936][T14698] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1381'.
[  392.807626][  T796] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  392.824615][  T796] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  392.842206][   T30] audit: type=1326 audit(1774154166.348:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  392.867226][   T30] audit: type=1326 audit(1774154166.348:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  392.890360][  T796] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  392.897906][  T796] usb 5-1: media controller created
[  392.926632][  T796] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  392.958881][   T30] audit: type=1326 audit(1774154166.348:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  393.032226][   T30] audit: type=1326 audit(1774154166.348:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=439 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  393.072178][   T30] audit: type=1326 audit(1774154166.348:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa0ca79c799 code=0x7ffc0000
[  393.117182][   T30] audit: type=1326 audit(1774154166.348:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fa0ca75cfce code=0x7ffc0000
[  393.182346][   T30] audit: type=1326 audit(1774154166.358:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fa0ca75cfce code=0x7ffc0000
[  393.249608][   T30] audit: type=1326 audit(1774154166.358:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa0ca79c502 code=0x7ffc0000
[  393.306492][   T30] audit: type=1326 audit(1774154166.358:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14697 comm="syz.4.1381" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fa0ca79c5c7 code=0x7ffc0000
[  393.483405][T14720] kvm: kvm [14717]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0xcd
[  393.492757][ T5891] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  393.532394][T14720] hub 1-0:1.0: USB hub found
[  393.538603][T14720] hub 1-0:1.0: 1 port detected
[  393.633169][  T796] az6027: usb out operation failed. (-71)
[  393.639720][  T796] stb0899_attach: Driver disabled by Kconfig
[  393.647206][  T796] az6027: no front-end attached
[  393.647206][  T796] 
[  393.669821][  T796] az6027: usb out operation failed. (-71)
[  393.676186][  T796] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  393.688404][  T796] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input45
[  393.771690][ T5891] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  393.780025][ T5891] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  393.793578][ T5891] usb 3-1: config 0 has no interface number 0
[  393.794872][  T796] dvb-usb: schedule remote query interval to 400 msecs.
[  393.802123][ T5891] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  393.820908][ T5891] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  393.848976][  T796] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  393.890792][  T796] usb 5-1: USB disconnect, device number 48
[  393.896404][ T5891] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  393.907139][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.932777][ T5891] usb 3-1: Product: syz
[  393.937087][ T5891] usb 3-1: Manufacturer: syz
[  393.950057][ T5891] usb 3-1: SerialNumber: syz
[  393.960642][ T5891] usb 3-1: config 0 descriptor??
[  393.989567][  T796] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  394.182265][ T5925] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  394.386133][T14712] netlink: 'syz.2.1387': attribute type 29 has an invalid length.
[  394.394876][T14712] netlink: 'syz.2.1387': attribute type 29 has an invalid length.
[  394.412565][ T5925] usb 2-1: Using ep0 maxpacket: 8
[  394.422221][ T5925] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  394.432513][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.441750][ T5925] usb 2-1: Product: syz
[  394.449767][ T5925] usb 2-1: Manufacturer: syz
[  394.467506][ T5925] usb 2-1: SerialNumber: syz
[  394.505104][ T5925] usb 2-1: config 0 descriptor??
[  394.546419][T14732] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  394.726352][ T5925] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  395.071763][  T796] usb 3-1: USB disconnect, device number 50
[  396.442136][ T5876] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  396.496136][ T5925] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  396.527054][ T5925] usb 2-1: USB disconnect, device number 56
[  396.592335][ T5876] usb 4-1: Using ep0 maxpacket: 32
[  396.725346][ T5876] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  396.774549][ T5876] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  396.842505][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  396.885423][ T5876] usb 4-1: Product: syz
[  396.945073][ T5876] usb 4-1: Manufacturer: syz
[  397.241703][ T5876] usb 4-1: SerialNumber: syz
[  397.265938][ T5876] usb 4-1: config 0 descriptor??
[  397.311409][T14758] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  397.359037][ T5876] hub 4-1:0.0: bad descriptor, ignoring hub
[  397.398673][ T5876] hub 4-1:0.0: probe with driver hub failed with error -5
[  398.003833][T14780] FAULT_INJECTION: forcing a failure.
[  398.003833][T14780] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  398.020692][T14780] CPU: 1 UID: 0 PID: 14780 Comm: syz.1.1407 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  398.020718][T14780] Tainted: [L]=SOFTLOCKUP
[  398.020725][T14780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  398.020735][T14780] Call Trace:
[  398.020743][T14780]  <TASK>
[  398.020751][T14780]  dump_stack_lvl+0xe8/0x150
[  398.020782][T14780]  should_fail_ex+0x412/0x560
[  398.020815][T14780]  prepare_alloc_pages+0x22a/0x650
[  398.020870][T14780]  __alloc_frozen_pages_noprof+0x12f/0x380
[  398.020898][T14780]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  398.020925][T14780]  ? __pfx_policy_nodemask+0x10/0x10
[  398.020952][T14780]  ? __lock_acquire+0x6b5/0x2cf0
[  398.020988][T14780]  alloc_pages_mpol+0x232/0x4a0
[  398.021016][T14780]  alloc_pages_noprof+0xa8/0x190
[  398.021042][T14780]  pte_alloc_one+0x22/0x370
[  398.021080][T14780]  __pte_alloc+0x25/0x1a0
[  398.021105][T14780]  do_pte_missing+0x2c47/0x3490
[  398.021130][T14780]  ? do_raw_spin_unlock+0xf5/0x210
[  398.021166][T14780]  handle_mm_fault+0x1bec/0x3310
[  398.021206][T14780]  ? handle_mm_fault+0xee/0x3310
[  398.021240][T14780]  ? __pfx_handle_mm_fault+0x10/0x10
[  398.021286][T14780]  ? lock_mm_and_find_vma+0xa7/0x340
[  398.021309][T14780]  do_user_addr_fault+0x75b/0x1340
[  398.021347][T14780]  exc_page_fault+0x6a/0xc0
[  398.021370][T14780]  asm_exc_page_fault+0x26/0x30
[  398.021388][T14780] RIP: 0010:rep_movs_alternative+0xf/0x90
[  398.021415][T14780] Code: c4 10 e9 94 48 04 00 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e
[  398.021431][T14780] RSP: 0018:ffffc9000c437d78 EFLAGS: 00050202
[  398.021448][T14780] RAX: 00007ffffffff001 RBX: 0000000000000004 RCX: 0000000000000004
[  398.021460][T14780] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: ffffc9000c437e00
[  398.021473][T14780] RBP: ffffc9000c437e68 R08: 0000000000000003 R09: 0000000000000004
[  398.021484][T14780] R10: dffffc0000000000 R11: fffff52001886fc0 R12: ffff8880588f0b80
[  398.021497][T14780] R13: ffffc9000c437de0 R14: ffffc9000c437e00 R15: 00002000000001c0
[  398.021526][T14780]  _copy_from_user+0x7a/0xb0
[  398.021548][T14780]  do_sock_getsockopt+0x165/0x3f0
[  398.021572][T14780]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  398.021593][T14780]  ? __fget_files+0x3a0/0x420
[  398.021619][T14780]  ? __fget_files+0x2a/0x420
[  398.021651][T14780]  __x64_sys_getsockopt+0x1a4/0x240
[  398.021680][T14780]  do_syscall_64+0x14d/0xf80
[  398.021700][T14780]  ? trace_irq_disable+0x3b/0x150
[  398.021726][T14780]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.021744][T14780]  ? clear_bhb_loop+0x40/0x90
[  398.021767][T14780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.021785][T14780] RIP: 0033:0x7f0866b9c799
[  398.021801][T14780] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  398.021816][T14780] RSP: 002b:00007f0867aec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  398.021834][T14780] RAX: ffffffffffffffda RBX: 00007f0866e15fa0 RCX: 00007f0866b9c799
[  398.021847][T14780] RDX: 0000000000000016 RSI: 0000000000000000 RDI: 0000000000000003
[  398.021857][T14780] RBP: 00007f0867aec090 R08: 00002000000001c0 R09: 0000000000000000
[  398.021869][T14780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.021880][T14780] R13: 00007f0866e16038 R14: 00007f0866e15fa0 R15: 00007f0866f3fa48
[  398.021909][T14780]  </TASK>
[  398.594548][T14786] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  398.874768][  T796] usb 4-1: USB disconnect, device number 45
[  399.607077][T14802] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1412'.
[  400.128173][T14810] loop5: detected capacity change from 0 to 7
[  400.136204][T14810] Dev loop5: unable to read RDB block 7
[  400.146868][T14810]  loop5: unable to read partition table
[  400.153580][T14810] loop5: partition table beyond EOD, truncated
[  400.164998][  T796] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  400.185108][T14810] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  400.325140][  T796] usb 5-1: Using ep0 maxpacket: 32
[  400.337867][  T796] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  400.349810][  T796] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.359550][  T796] usb 5-1: Product: syz
[  400.367095][  T796] usb 5-1: Manufacturer: syz
[  400.375217][  T796] usb 5-1: SerialNumber: syz
[  400.381513][  T796] usb 5-1: config 0 descriptor??
[  400.604705][  T796] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: version d4.15 found at bus 005 address 049
[  400.714317][T14825] batadv0: mtu less than device minimum
[  400.727998][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.739897][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.751594][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.763421][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.774644][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.785676][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.796719][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.806693][T14805] i2c i2c-1: adapter quirk: no zero length (addr 0x07ff, size 0, read)
[  400.808336][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.827134][T14825] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  400.851453][T14831] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  400.875006][ T5905] usb 5-1: USB disconnect, device number 49
[  401.227479][T14837] team0: Port device gtp0 added
[  401.462008][T14844] syzkaller0: entered promiscuous mode
[  401.477971][T14844] syzkaller0: entered allmulticast mode
[  402.552239][ T5891] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  402.713435][T14906] FAULT_INJECTION: forcing a failure.
[  402.713435][T14906] name failslab, interval 1, probability 0, space 0, times 0
[  402.713458][T14906] CPU: 1 UID: 0 PID: 14906 Comm: syz.4.1430 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  402.713473][T14906] Tainted: [L]=SOFTLOCKUP
[  402.713480][T14906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  402.713487][T14906] Call Trace:
[  402.713490][T14906]  <TASK>
[  402.713495][T14906]  dump_stack_lvl+0xe8/0x150
[  402.713514][T14906]  should_fail_ex+0x412/0x560
[  402.713533][T14906]  should_failslab+0xa8/0x100
[  402.713548][T14906]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  402.713560][T14906]  ? __alloc_skb+0x1d0/0x7d0
[  402.713633][T14906]  ? __local_bh_enable_ip+0xd0/0x130
[  402.713650][T14906]  __alloc_skb+0x1d0/0x7d0
[  402.713660][T14906]  ? netlink_ack_tlv_len+0x6c/0x210
[  402.713732][T14906]  netlink_ack+0x146/0xa50
[  402.713746][T14906]  ? __pfx_genl_rcv_msg+0x10/0x10
[  402.713757][T14906]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  402.713820][T14906]  ? __pfx_nl80211_post_doit+0x10/0x10
[  402.713832][T14906]  ? __lock_acquire+0x6b5/0x2cf0
[  402.713851][T14906]  netlink_rcv_skb+0x2b6/0x4b0
[  402.713866][T14906]  ? __pfx_genl_rcv_msg+0x10/0x10
[  402.713879][T14906]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  402.713902][T14906]  ? down_read+0x272/0x2e0
[  402.713939][T14906]  ? genl_rcv+0xd/0x40
[  402.713951][T14906]  genl_rcv+0x28/0x40
[  402.713962][T14906]  netlink_unicast+0x80f/0x9b0
[  402.713979][T14906]  ? __pfx_netlink_unicast+0x10/0x10
[  402.714001][T14906]  ? netlink_sendmsg+0x650/0xb40
[  402.714024][T14906]  ? skb_put+0x11b/0x210
[  402.714045][T14906]  netlink_sendmsg+0x813/0xb40
[  402.714078][T14906]  ? __pfx_netlink_sendmsg+0x10/0x10
[  402.714104][T14906]  ? aa_sock_msg_perm+0xf1/0x1b0
[  402.714160][T14906]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  402.714183][T14906]  ____sys_sendmsg+0x972/0x9f0
[  402.714213][T14906]  ? __pfx_____sys_sendmsg+0x10/0x10
[  402.714239][T14906]  ? import_iovec+0x73/0xa0
[  402.714288][T14906]  ___sys_sendmsg+0x2a5/0x360
[  402.714313][T14906]  ? __pfx____sys_sendmsg+0x10/0x10
[  402.714363][T14906]  ? __fget_files+0x2a/0x420
[  402.714388][T14906]  ? __fget_files+0x3a0/0x420
[  402.714422][T14906]  __x64_sys_sendmsg+0x1bd/0x2a0
[  402.714446][T14906]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  402.714476][T14906]  ? __pfx_ksys_write+0x10/0x10
[  402.714505][T14906]  do_syscall_64+0x14d/0xf80
[  402.714524][T14906]  ? trace_irq_disable+0x3b/0x150
[  402.714550][T14906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.714568][T14906]  ? clear_bhb_loop+0x40/0x90
[  402.714590][T14906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.714607][T14906] RIP: 0033:0x7fa0ca79c799
[  402.714625][T14906] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  402.714641][T14906] RSP: 002b:00007fa0c89f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  402.714660][T14906] RAX: ffffffffffffffda RBX: 00007fa0caa15fa0 RCX: 00007fa0ca79c799
[  402.714673][T14906] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003
[  402.714684][T14906] RBP: 00007fa0c89f6090 R08: 0000000000000000 R09: 0000000000000000
[  402.714695][T14906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  402.714706][T14906] R13: 00007fa0caa16038 R14: 00007fa0caa15fa0 R15: 00007fa0cab3fa48
[  402.714742][T14906]  </TASK>
[  402.816177][ T5891] usb 2-1: config 0 has an invalid interface number: 117 but max is 0
[  402.816207][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  402.816226][ T5891] usb 2-1: config 0 has no interface number 0
[  402.816266][ T5891] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  402.816288][ T5891] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  402.818373][ T5891] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  402.818398][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.818416][ T5891] usb 2-1: Product: syz
[  402.818428][ T5891] usb 2-1: Manufacturer: syz
[  402.818440][ T5891] usb 2-1: SerialNumber: syz
[  402.821281][ T5891] usb 2-1: config 0 descriptor??
[  402.984987][T14909] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1431'.
[  403.009316][T14909] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1431'.
[  403.502140][ T5891] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  404.257766][ T5891] usb 5-1: Using ep0 maxpacket: 16
[  404.274701][ T5891] usb 5-1: config index 0 descriptor too short (expected 16456, got 72)
[  404.274728][ T5891] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  404.274748][ T5891] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  404.274766][ T5891] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  404.274777][ T5891] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  404.274788][ T5891] usb 5-1: config 0 has no interface number 0
[  404.274810][ T5891] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  404.274824][ T5891] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  404.274835][ T5891] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  404.274851][ T5891] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  404.274865][ T5891] usb 5-1: config 0 interface 125 has no altsetting 0
[  404.274875][ T5891] usb 5-1: config 0 interface 125 has no altsetting 2
[  404.277168][ T5891] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  404.277191][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.277202][ T5891] usb 5-1: Product: syz
[  404.277210][ T5891] usb 5-1: Manufacturer: syz
[  404.277218][ T5891] usb 5-1: SerialNumber: syz
[  404.286425][ T5891] usb 5-1: config 0 descriptor??
[  404.289029][ T5891] usb 5-1: selecting invalid altsetting 2
[  404.768856][T14921] netlink: 'syz.2.1435': attribute type 7 has an invalid length.
[  404.768870][T14921] netlink: 'syz.2.1435': attribute type 8 has an invalid length.
[  405.072914][  T796] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  405.224687][  T796] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  405.259390][  T796] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  405.302099][  T796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.332122][  T796] usb 3-1: Product: syz
[  405.336312][  T796] usb 3-1: Manufacturer: syz
[  405.361610][  T796] usb 3-1: SerialNumber: syz
[  405.388734][  T796] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  405.602939][ T5905] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  405.762136][ T5905] usb 1-1: Using ep0 maxpacket: 32
[  405.775417][ T5905] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  405.802105][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.810116][ T5905] usb 1-1: Product: syz
[  405.833161][  T796] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  405.852745][ T5905] usb 1-1: Manufacturer: syz
[  405.865120][ T5905] usb 1-1: SerialNumber: syz
[  405.872721][  T796] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  405.888450][ T5905] usb 1-1: config 0 descriptor??
[  405.900114][  T796] usb 3-1: media controller created
[  405.962843][  T796] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  406.134458][ T5905] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: version d4.15 found at bus 001 address 032
[  406.335027][T14923] ------------[ cut here ]------------
[  406.340819][T14923] usb 3-1: BOGUS control dir, pipe 80003380 doesn't match bRequestType c0
[  406.342498][ T5905] usb 5-1: USB disconnect, device number 50
[  406.349793][T14923] WARNING: drivers/usb/core/urb.c:413 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.0.1436/14923
[  406.365690][T14923] Modules linked in:
[  406.369830][T14923] CPU: 0 UID: 0 PID: 14923 Comm: syz.0.1436 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  406.381342][T14923] Tainted: [L]=SOFTLOCKUP
[  406.385982][T14923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  406.396308][T14923] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  406.402168][T14923] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  406.421860][T14923] RSP: 0018:ffffc900043978c8 EFLAGS: 00010246
[  406.428379][T14923] RAX: 0000000000000000 RBX: ffff8880284aed00 RCX: 0000000080003380
[  406.436551][T14923] RDX: ffff888072f09ea0 RSI: ffffffff8c7f1e20 RDI: ffffffff901ee3c0
[  406.444572][T14923] RBP: 1ffff11004256ecc R08: 00000000000000c0 R09: 0000000000000000
[  406.452644][T14923] R10: ffffc900043979c0 R11: fffff52000872f44 R12: ffff88802964f100
[  406.460630][T14923] R13: ffff8880212b7660 R14: 0000000080003380 R15: ffff888072f09ea0
[  406.468657][T14923] FS:  00007f9cd75f26c0(0000) GS:ffff88812545d000(0000) knlGS:0000000000000000
[  406.477661][T14923] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  406.484315][T14923] CR2: 000000110c369aa3 CR3: 0000000032566000 CR4: 00000000003526f0
[  406.492344][T14923] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000083
[  406.500348][T14923] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  406.508386][T14923] Call Trace:
[  406.511672][T14923]  <TASK>
[  406.514706][T14923]  ? __init_swait_queue_head+0xa9/0x150
[  406.520317][T14923]  usb_start_wait_urb+0x13f/0x5b0
[  406.525413][T14923]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  406.531029][T14923]  usb_control_msg+0x234/0x3e0
[  406.535890][T14923]  ? __se_sys_ioctl+0xfc/0x170
[  406.540695][T14923]  gl861_ctrl_msg+0x207/0x420
[  406.545536][T14923]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[  406.550797][T14923]  gl861_i2c_master_xfer+0x439/0x6a0
[  406.556175][T14923]  __i2c_transfer+0x79a/0x2020
[  406.561047][T14923]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  406.567287][T14923]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  406.573350][T14923]  ? i2c_transfer+0xc8/0x2d0
[  406.577976][T14923]  i2c_transfer+0x1cc/0x2d0
[  406.582562][T14923]  i2cdev_ioctl_rdwr+0x460/0x740
[  406.587588][T14923]  i2cdev_ioctl+0x6a5/0x880
[  406.592176][T14923]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  406.597244][T14923]  ? __fget_files+0x3a0/0x420
[  406.601939][T14923]  ? __fget_files+0x2a/0x420
[  406.606624][T14923]  ? bpf_lsm_file_ioctl+0x9/0x20
[  406.611579][T14923]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  406.616696][T14923]  __se_sys_ioctl+0xfc/0x170
[  406.621309][T14923]  do_syscall_64+0x14d/0xf80
[  406.625969][T14923]  ? trace_irq_disable+0x3b/0x150
[  406.631032][T14923]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.637196][T14923]  ? clear_bhb_loop+0x40/0x90
[  406.641897][T14923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.648210][T14923] RIP: 0033:0x7f9cd679c799
[  406.652676][T14923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  406.672359][T14923] RSP: 002b:00007f9cd75f2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  406.680808][T14923] RAX: ffffffffffffffda RBX: 00007f9cd6a15fa0 RCX: 00007f9cd679c799
[  406.688869][T14923] RDX: 0000200000000000 RSI: 0000000000000707 RDI: 000000000000000a
[  406.696928][T14923] RBP: 00007f9cd6832c99 R08: 0000000000000000 R09: 0000000000000000
[  406.704984][T14923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  406.713011][T14923] R13: 00007f9cd6a16038 R14: 00007f9cd6a15fa0 R15: 00007f9cd6b3fa48
[  406.721030][T14923]  </TASK>
[  406.724146][T14923] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  406.731428][T14923] CPU: 0 UID: 0 PID: 14923 Comm: syz.0.1436 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  406.742356][T14923] Tainted: [L]=SOFTLOCKUP
[  406.746665][T14923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  406.756707][T14923] Call Trace:
[  406.759979][T14923]  <TASK>
[  406.762901][T14923]  vpanic+0x56c/0xa60
[  406.766909][T14923]  ? __pfx__printk+0x10/0x10
[  406.771486][T14923]  ? __pfx_vpanic+0x10/0x10
[  406.775980][T14923]  ? is_bpf_text_address+0x292/0x2b0
[  406.781256][T14923]  ? is_bpf_text_address+0x26/0x2b0
[  406.786450][T14923]  panic+0xc5/0xd0
[  406.790168][T14923]  ? __pfx_panic+0x10/0x10
[  406.794590][T14923]  __warn+0x315/0x4f0
[  406.798567][T14923]  ? usb_submit_urb+0x1052/0x18b0
[  406.803586][T14923]  ? usb_submit_urb+0x1052/0x18b0
[  406.808609][T14923]  __report_bug+0x29a/0x540
[  406.813183][T14923]  ? usb_submit_urb+0x1052/0x18b0
[  406.818196][T14923]  ? __pfx___report_bug+0x10/0x10
[  406.823214][T14923]  ? lockdep_hardirqs_on+0x7a/0x110
[  406.828401][T14923]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  406.834204][T14923]  report_bug_entry+0x19a/0x290
[  406.839049][T14923]  ? usb_submit_urb+0x1114/0x18b0
[  406.844063][T14923]  ? usb_submit_urb+0x1119/0x18b0
[  406.849076][T14923]  handle_bug+0xce/0x200
[  406.853312][T14923]  exc_invalid_op+0x1a/0x50
[  406.857807][T14923]  asm_exc_invalid_op+0x1a/0x20
[  406.862644][T14923] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  406.868267][T14923] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  406.887861][T14923] RSP: 0018:ffffc900043978c8 EFLAGS: 00010246
[  406.893930][T14923] RAX: 0000000000000000 RBX: ffff8880284aed00 RCX: 0000000080003380
[  406.901889][T14923] RDX: ffff888072f09ea0 RSI: ffffffff8c7f1e20 RDI: ffffffff901ee3c0
[  406.909849][T14923] RBP: 1ffff11004256ecc R08: 00000000000000c0 R09: 0000000000000000
[  406.917809][T14923] R10: ffffc900043979c0 R11: fffff52000872f44 R12: ffff88802964f100
[  406.925768][T14923] R13: ffff8880212b7660 R14: 0000000080003380 R15: ffff888072f09ea0
[  406.933742][T14923]  ? usb_submit_urb+0x10a3/0x18b0
[  406.938763][T14923]  ? __init_swait_queue_head+0xa9/0x150
[  406.944302][T14923]  usb_start_wait_urb+0x13f/0x5b0
[  406.949320][T14923]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  406.954873][T14923]  usb_control_msg+0x234/0x3e0
[  406.959633][T14923]  ? __se_sys_ioctl+0xfc/0x170
[  406.964392][T14923]  gl861_ctrl_msg+0x207/0x420
[  406.969074][T14923]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[  406.974277][T14923]  gl861_i2c_master_xfer+0x439/0x6a0
[  406.979559][T14923]  __i2c_transfer+0x79a/0x2020
[  406.984310][T14923]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  406.990108][T14923]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  406.995905][T14923]  ? i2c_transfer+0xc8/0x2d0
[  407.000484][T14923]  i2c_transfer+0x1cc/0x2d0
[  407.004976][T14923]  i2cdev_ioctl_rdwr+0x460/0x740
[  407.009909][T14923]  i2cdev_ioctl+0x6a5/0x880
[  407.014837][T14923]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  407.019856][T14923]  ? __fget_files+0x3a0/0x420
[  407.024533][T14923]  ? __fget_files+0x2a/0x420
[  407.029130][T14923]  ? bpf_lsm_file_ioctl+0x9/0x20
[  407.034059][T14923]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  407.039070][T14923]  __se_sys_ioctl+0xfc/0x170
[  407.043653][T14923]  do_syscall_64+0x14d/0xf80
[  407.048235][T14923]  ? trace_irq_disable+0x3b/0x150
[  407.053256][T14923]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.059310][T14923]  ? clear_bhb_loop+0x40/0x90
[  407.063981][T14923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  407.069866][T14923] RIP: 0033:0x7f9cd679c799
[  407.074275][T14923] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  407.093873][T14923] RSP: 002b:00007f9cd75f2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  407.102276][T14923] RAX: ffffffffffffffda RBX: 00007f9cd6a15fa0 RCX: 00007f9cd679c799
[  407.110237][T14923] RDX: 0000200000000000 RSI: 0000000000000707 RDI: 000000000000000a
[  407.118193][T14923] RBP: 00007f9cd6832c99 R08: 0000000000000000 R09: 0000000000000000
[  407.126152][T14923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  407.134111][T14923] R13: 00007f9cd6a16038 R14: 00007f9cd6a15fa0 R15: 00007f9cd6b3fa48
[  407.142088][T14923]  </TASK>
[  407.145358][T14923] Kernel Offset: disabled
[  407.149669][T14923] Rebooting in 86400 seconds..