last executing test programs:

10.550127834s ago: executing program 0 (id=746):
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x8)
r2 = eventfd2(0x6, 0x80800)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200400, 0x0)
ioctl$KVM_GET_MSRS_sys(r3, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x48c, 0x0, 0x7fffffffffffffff}]})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r4, 0xc00464b4, &(0x7f0000000400))
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000380)={0x1, r2})
r5 = pidfd_getfd(0xffffffffffffffff, r2, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r5, 0x4018aebd, &(0x7f0000000240)={0x3, r5})
r6 = semget$private(0x0, 0x6, 0x0)
syz_open_dev$video4linux(&(0x7f0000000000), 0x30ba, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r5, 0xc02c5625, &(0x7f0000002940)={0x1c0f0f000, 0x9, "9a0f0134c9664000d14000aaaa7da80f8e4fa888dece6ffdb507a30100000028", 0xffffdfffff7fa4c8, 0xd, 0x9, 0x45, 0x2, 0x305, 0xfffffffe, 0x800000e, [0x7, 0x1000, 0x0, 0x2dc]})
semtimedop(r6, &(0x7f0000000480)=[{0x3, 0x14}, {0x2, 0x1059, 0x1800}], 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000080)={0x2, 0x0, 0x6, 0xffffffffffffffff})
semop(0x0, &(0x7f0000000300)=[{0x2, 0x0, 0x2000}], 0x1)
semctl$IPC_RMID(0x0, 0x0, 0x0)
syz_open_dev$dvb_demux(&(0x7f0000000140), 0x0, 0x62400)
syz_usb_connect(0x2, 0x9a2, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d0241710d8050a81b892000000010902900902000000000904"], 0x0)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
msgget$private(0x0, 0xafb0e20fef6483ff)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, 0x0)
ioctl$I2C_RDWR(r7, 0x707, &(0x7f0000000200)={&(0x7f00000003c0)=[{0x8, 0x801, 0x7c, &(0x7f0000000500)="9d1e7bed3a256f4beadfa2862bf4092ef3e174af130cda62853ff15ac26f7887c1fcab16680b8b58376f4d9301cfb48765f77a5e3a3f5d8a3407f95fc7a30a254d441d4c65f1a8e66f7781f1942e9f78952e007fa1032aa114e04749a5936d892ef4dfa94214d86cbb576f7c729a191838eda44a9da9b5a7febb883a"}], 0x1})

8.918067354s ago: executing program 0 (id=755):
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x306a0365a8b2daaa, 0x0)
getsockopt$inet_buf(r0, 0x0, 0x24, &(0x7f0000000080)=""/12, &(0x7f0000000100)=0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x23, 0x5, 0x5)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f0000000140), 0x0, 0x43, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
r3 = socket$inet6(0xa, 0x1, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$unix(0x1, 0x1, 0x0)
r6 = syz_io_uring_setup(0xbde, &(0x7f0000000540)={0x0, 0xec25, 0x400, 0x3, 0x38a}, &(0x7f0000000dc0)=<r7=>0x0, &(0x7f0000000a40)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{0x0}], 0x1})
io_uring_enter(r6, 0x40857ba, 0x0, 0xe, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0xffffffffffffffff, 0x200000000, 0x20000000, 0x4, 0x6, 0x0, {0x0, 0x20000010001, 0x0, 0xd, 0x6, 0x100, 0x10000, 0x2, 0x800, 0x0, 0xfffffffc, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000000a000400"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x2010, r4, 0x4493c000)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001280)=ANY=[], 0x23c}}, 0x20000091)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7ff}, {}, 0x0, 0x0, 0x2}, {{@in=@local, 0x4d3, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4, 0x4}}, 0xe8)
r9 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r9, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1})
r10 = socket$isdn(0x22, 0x2, 0x22)
close(r10)

8.599952067s ago: executing program 1 (id=756):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000010400)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x80800)
setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f00000014c0)=0x10000b, 0x4)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000640)=""/88, 0x58}, {&(0x7f0000000740)=""/105, 0xfffffe0b}], 0x2}, 0x0)
r5 = io_uring_setup(0x675, &(0x7f0000000300)={0x0, 0xb931, 0x800, 0x3, 0x1b9})
syz_io_uring_setup(0x34dd, &(0x7f00000004c0)={0x0, 0x2e31, 0x400, 0x0, 0x235, 0x0, r5}, &(0x7f00000000c0), &(0x7f0000000540))
read$FUSE(0xffffffffffffffff, &(0x7f0000002680)={0x2020}, 0x2020)
ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r2, 0x8008ae9d, &(0x7f0000000240))
sendto$packet(0xffffffffffffffff, &(0x7f0000000480), 0x0, 0x404c880, &(0x7f0000000000)={0x11, 0x8100, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_open_procfs(0x0, &(0x7f0000000040)='children\x00')
syz_pidfd_open(0x0, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x20)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
read$FUSE(r6, &(0x7f0000005b80)={0x2020}, 0x2020)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r8 = dup(r7)
connect$vsock_stream(r8, &(0x7f0000000580)={0x28, 0x0, 0xe7353cf6dacc4dbf}, 0x10)

8.552606407s ago: executing program 2 (id=757):
syz_usb_connect$cdc_ncm(0x0, 0x8f, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109027d0002010080000904000001020d0000052406000105240000000d240f0103000000fd0000000406241aff072908241c0101090000142413099f33760bf14377323063f9c8a0be7f4d11390524151000090581030002080004090401000002"], 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3380, 0x1, 0x40024e}, 0x0, 0x0)
r0 = userfaultfd(0x80000)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000000)={{&(0x7f0000101000/0x1000)=nil, 0x1000}, 0x2})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$kcm(0x29, 0x5, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r3=>0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x6, &(0x7f00000000c0)=[{0x200, 0x5, 0x9, 0x4}, {0x4, 0x2e, 0x64, 0x36}, {0x6, 0x3, 0x8, 0x6}, {0x5, 0x7, 0x22, 0x7}, {0x7a, 0x40, 0x5, 0x9}, {0x1, 0x10, 0x6, 0x80000001}]})
ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f0000000200)={0xc, r3})
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r2, 0x3b72, &(0x7f0000000400)=ANY=[@ANYBLOB="18000000000000001c0000000002000001"])
userfaultfd(0x800)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x378, 0x160, 0x4c, 0x1a, 0x160, 0x73, 0x388, 0x258, 0x258, 0x388, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x11}, 0x0, 0xa8, 0xd8}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0x1d0}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:hald_var_run_t:s0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3d8)

7.775573843s ago: executing program 0 (id=759):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x2001, 0x0)
pwritev(r0, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000000)='0', 0x1}], 0x2, 0x300, 0x20009)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x97, 0xfe, 0x5d, 0x10, 0x5ac, 0x262, 0x8994, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x5, 0x20, 0xc0, 0x2}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0})
uname(&(0x7f0000000040)=""/114)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xa, 0x0, 0x7ffc0002}]})
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0x0, 0x40, 0x18}, 0xc)
ioctl$XFS_IOC_FD_TO_HANDLE(r0, 0xc038586a, &(0x7f0000000200)={r1, &(0x7f0000000100)='))/{&+-\xad\x00', 0x88000, &(0x7f0000000140)={@_ha_fsid={[0xf, 0x10000]}, {0x81, 0x7, 0x0, 0x9}}, 0xec89, &(0x7f0000000180)={@_ha_fsid}, &(0x7f00000001c0)=0xe7})
r2 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a4d2ff40f3054002241b0102030109021b00010000000009040000014eaf32000905", @ANYRES64], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$lan78xx(r2, 0x0, 0x0)

6.30746859s ago: executing program 2 (id=765):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646, 0x2a0a1}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_LIMIT={0x5, 0x6, 0x3}, @IFLA_IPTUN_FLOWINFO={0x8, 0x7, 0x9}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x600}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000480)={@local, @local, @void, {@ipv4={0x800, @tcp={{0xf, 0x4, 0x0, 0x0, 0x50, 0x0, 0x0, 0x0, 0x5, 0x0, @dev, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x5, 0x3, 0x0, [{@empty}, {@rand_addr=0x64010100}]}, @ssrr={0x89, 0xf, 0xce, [@broadcast, @dev={0xac, 0x14, 0x14, 0x15}, @dev={0xac, 0x14, 0x14, 0x18}]}, @generic={0x7, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9c000000100001002d8a5a32ec00000000000000", @ANYRES32=0x0, @ANYBLOB="02210000c80f0600140003006e657464657673696d3000000000000068001680640001800c00040009000000fef5ffff1000020000000000830f0000faffffff10000600400000000500000008000000280001"], 0x9c}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x10, &(0x7f0000000100)={0x8000000000000000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80000, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
r7 = getpid()
syz_pidfd_open(r7, 0x0)
prlimit64(r7, 0x9, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000", @ANYRESDEC=r2, @ANYRES32=0x0, @ANYRES64=r4], 0x13c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r8, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c)
ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

5.360436021s ago: executing program 1 (id=768):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{0x0}], 0x1}}], 0x1, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000034000000fdffffff0000000078000000000000002900000004000000040b00000000000007080000000100099f000738000000010c7a0180050000000000000004000000000000000600000000000000040000000000000000040000000000000b0000000000000005020a7e000100c910fc020000000000000000000000000000000000100100000000000029000000360000005e1e000000000000ff1450d650847249ad288702ebd0d654b985e8908def00010001000740000000030e00ff0f0200000000000000040000000000000066090000000000000700000000000000f7ffffffffffffff010000000000000001000000000000000873c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a11207180000000304030700000000000000000044ffffffffffffff01032bdb86000000000000001800000000000000290000003700000073000000000000001400000000000000290000000b0000000000000200000000280000000000000029000000390000003a02027000000000ff010000000000000000000000000001"], 0x1f8}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x20400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
getrusage(0x0, &(0x7f0000000000))
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000500)=[{&(0x7f00000024c0)="f9b4c02a14ac8ea066ecd4ff5733b8b74afdb2d55dbd267862275024d161bdc7580140ece8df670f352c4cd4ab5e576496f5ad6659b328acc0120a03052237b7e60394d0e571e297bd73714da99c52a8be9a0702804953499dc39f1afff473beac2e15ef883b61905ee81fc33a5d7df5f9ed2534ad005f1cc21ad9292bdfc5a6d1541866b6b8d873bfa6718d797db4571312ecdbf7556889e1ca2f2f3ef176c774a2f12dea3b6005b46c15cd5fcc48f463e9adfbaa307f8a9418b56f42906cdf2cca134e774c45cb9d9e051b2e9888a2e0e41ecf67101a2816f515f7ffee885a8aef987a1b80e15926ae85fc533de83e8241dc8353dd2c408fa5c0b54199e2090a14fc35207a2113e6b44e017de9ed087105600f1a1ec6c6d5fcbada99d75b23af5248c95d47e39f71d1b9422123afb8c67f010b142e9d6b6d7d60c96821d0000b42416825c81cd98b3a8cd8214f3023c8a20d3daed569aa6226b49634e912c4ced66d80f7c4356f3ef7ff20274025b9bc6527caaf2753c8bd4099f55346aaae03547cf3227d7f697557b08f9d0582d6dc0bbcfab496f725d70173d110ae4353b3fae1b3c1dd99aac3e58f6a4193cab2b4db5d2bcfbd5e09010e6a69b793c9c72b300a2f2dbe1c39039d1898724e9eec6015078e2fb8faf1867502d9fe5396a339ad81e8845bdce3960e4069c953962de380eaf102aedc8a2e84e5a3d56b0e2ecf6e0be6763c795963e79182c98a15cbdc9e5786ba500326b07a501de22e826d422e2c61af6249e91a55d6162b1d325c2d9b8ce657ec49cd2bcec327d37fa0319b6db934c082fbc4d2f232c9b6bb2b32f2a0f2246a7b96079929c43227679b29d789cc21e93d75d09636250bcaeca05cc181abca3d1d3c98968e1cd081e5077dbbfd510faa173788f409154453abaa40a4b0bad5a64a2a407b805bb5b2d5bc69da71dba16c962db598494f1c6e635702edbbfd61fd1427376d62008e5fb55276e0cacbe666304ebcf221d2a5c73489c2b55165b8308cdbde54dcc6447738f57041787cbe47082cba98f8027c57b2aaaab52589793eece5bdadc53e7e5b401b0ad0d4aed52d62b490f6435145701e5f71187d69b616f6c60d721956d31336694196f0ecced3ff1ca0c5b6967eb56ad1625161fd9372ca8a60df2f4dd605b378bc4bc515a7673845707bb0ca1665bbbe237277f00c11ecc38b6a92a8746399c53646efd5139e8b8f7dbce72b411b15700c2e3798e73fb0044bcd5111bfe3251050af0a4b091221bcad6950d03ef3319dcefdbc09663e4882a40655d27d6524abb583e518e09dc324b57b07587c05e2f8850be7ae8a76d5408fdb4ce08305802726d85a3cf4263284652f6c8228ce846e0edc07957b0db9f80bfd8b1626eb71e38d1632448735b0f55136046b644af90fd17bfe7230543e2d04bc0bc9132a9b055ea497d94a56d796a8a33c30801225f2d0e62e007e938b6cb59f61ad09d83ae58aa222ac9775332fcaaa8bb1c921b223c9569e7e1c87cef1a316c88f95d14c0e0a10d34982ef4ead206f209916299ce15b3d36b7185543c273f46154a08173ea8e917e5e67488b462672fb1571fe7865a1d59e769064a2b23ff80c040d709d82b23b5a994749899a1ea1a3673cdc16813deb3cf1a2f55ceee77c2c78a4be9462383bb6f0c9e83a0c5497381e893891569e557509835c34cbbddf3f3a80e4a10bd00ed80898c8eca6d7c60158aa6fa6dde9a784257a1162ca1af34c3d040dd601290c2d163f924542ed1512cf6ad195b2873ed108ead160f070d191ba1e390662e942579fdfc681f3c64d0b273876829df319a1f9d65f7d0f040ba4cb8f35649cd29ab11466afe1485ed77106743d62fd9bdb07dbdd23501284a671cf290116226541d25cc525b388899b1944e7487cf6c430994c876ed40c5ae6ad9ff45644a7b230ec0be47b09d3b8b746a6c5bee1e5030bfa34755d0f98b940c8ce28a867b9fb92c26c4990804378f68f8bba784200d41339ee0b11d3e97a4eee7a6df054d2cd0301e358da3acc69984743dd607cb7d5b02cc202b6abc577e73fac8223fdc79d8d2b89a80eebb187a40a81559654ae3908a6bf4849cc387329d7c03ccf80f78df4f38e379bce10346bc48a3135aaa4ffe51593548815ea4842e890358e7d4b356d56b2a5aef5166b782a0ec000328b6ed0f1e116b50710cf132d8e2db89ea8764d55951f09e3e33f718ecc9a13a47378d9302d2220a8ed46eaed98f1e521f014cd1f8e108d19a1488812d51a2210e89e63b402b00453b74494652c6f824edb9a5b09e3a35f047db097162eb11a48148de1306b9e70e7bf721a644f7fffa46b8826b891aaa88dd94344f292efdacc30109910def41781245a4085245d06864c10a85dbbdd5abff4589be705a309d1af1003ba19399b9daec1cbece7c5514a0a48530e940b8dfdd23772fcb1abfb889f9c3b03bbed4bc12baa93a917f2f31907e994a1ee08d1e4ead91791139d5251bde3c9e596839389b68c60e36849c597e2e0b5d6de7c8f956981806171c9c6e41ba1ab76d90eda79b3f5abb3abf3610b029a46d98aa9035bdfd6d06bd7fed4968750fb72cfa782d4fed68bae92da7015cd7fa5f070bf6862950259ba576a8797a92ee5d50a60707d8a73d943300e2085fa2bf50294c932f71a054fbc9da3f12041f43c55e043216e09885563a66416b61aaf3ff6971a80b84696e420d98de2fc3f478f0195b5fbba1180b4141b9306fc3172e3f6d604a89f0bbf73856d6ddafc4b7daaf5e429b1671adb063adc5be7b084e0fd0f9f94426f55660772b1a6a6374e15438884f11b26b6130040245a12b584325ea84d4b6e8e3a21391f639034f4ed1b2382ad00dcba5f39c891fe03f1251ec1e4ac3e70bd5ff34ed4a3c1c8c57c6d930d78d99528540c51c12de495c68e82a9cc341fe8f98c0057ff2c0841480f450b410621d4753bce08ad91a8a77ecb237c4389a96b769208699a16dfc8841514b3953945f8d452aad8eae9efe5e8d2cd1685977bb85586e9039de7033041acf3cb1dd61849d143c62d33deea564199968e4ad275e92604ad7a1622fdba088a2ef4df6c18b7c26dff30837d11beaed2110d661d1222cf9d029a928a2e3da4ef9a9426e6a7da585fe4a025a0f4efbbb597a7868e98432e2f17b1f135ecf7a4fc3e651069ae0f7c02e270ca57f2b04a12bf74cdd5322c7ff569fa059230fe2643c51d433d9c64cd92e87ba75e7d691681059578de5f07c0d113fa21cd3408d5a136227cfee5da0d6c21be3abb691212d0c5c0a1a1836792fb8b7e4d72d8df1d662bbdad88216aaa24369400171efc5a4ff8daad300ef2b86015e599c12efaf93caeec62d90c3df42c1f694c035fa46067f6ca8a73b5d48d3ed42b395cb2b6ca0473788d5fa65631087c95b648da643c44473aa4a8801ba5b01a96990bddbeedc9ea91011a7af7be24db3928a9fc6ed0d609d4e44f2c8119586f58eadbe798565700f6e3717e82a05a10dcdec2994fc39e1a9096baafd9d27265345cc344e60ffcaad3fc66d1b9b238b76d15989a03adbeab7d5ba7832ec8c298c690a3e4d4ad8a594e75638b2ee791751e0e202637fb57b5a91319424404d8525c0014cb576661feaf8a5d08116edaac1934fe281cb8598133321b93284a63d22831eb620f4961e6084925939f8d480e8cbe72cceb94a1998a66fad48ff9e44670b364a753f0486b1b5d5a31ebad179add7798c5201f18fd9399a04aca9de77bf30d0dcb2520cdfa04426308de28999095581ef179454cad3fadac489fe232607bc2bf8a2273824f8840c57cf65773b9c82841b25c8a10452d1aab85f08ac78d764f07718184e4899e0e294801d3c4305a41d9c0cf6a236d868e5f2ad3098a5dadc3e1f3dafbb7693867af04811c989f9813471a8680a58bf5a57250f8be60b2ce8f1352a38ddcb38bea745f469bc7f21c43a26293a7be98c06c87855acbea2c07a83d5ecb2696ebdc8fbaf49ba4e97877fcf503860cfd08843d23a03740868c9e4f21f5cc19f6be929ce02b0f2b2cd39d80239cac2109d5b4dd7c521394f643141eef70f22e5abfdcc8035fa222e25fedce30cdbed4f5dee4fabc61f1bcc012bbaaaba09ac2553b79927f7b5837bea5b6ae761fdef5e58e9ca6c6ca9bd9b418dd0731fd0fe0700a5bc8cf17f2c419c66193e1bbe5726c5cfcb84fb835576c595289563bac9839fda70727e87a1da930d979aeacd2e87bae1312c4fdd540a7ef6ab7f3908bd4de9cfae534b55cdc851f14f59e462f1e42f10ee0e7cba932372f39a3f005074f6a378c101f690f1c9999da778c81227996b197db16f5799e0b20dcf72b3bb9eaa8b57b31ea0a26b4dbc60aca418c216a412682973f94c60d091dd53b40dc1383b7d105eb0fdd536ff8f3a136e924a38bc574193a200ff3d1c4f2644165f749377a584b1769aa3aa50a14523445266b4ae303d3f60a47647a743e600199883420d2a5694103ced0cb68da47b9d3c859f443896d9525a8c5bb09e7d6a11186693fdceed7c2396557e4e840d74fd41c92b179fb70559d5f10d70a897ac53a34ab2ddd88b957e93a654df149d0ea4e765bc496cd964851f28661989c3de744d3cd9fe37ff1771ba2266fd03d4888a96cd5d7811e4aa72dd4978e3d01e1d380c1b9b16ecb32d45ddd231debff577a564c9018959852379510f4d6aa0fe9e2e90d06070335bfc12318c93dcf6661b6b8fba6dc582e44da5bbe14b012888aecbd1b88d8d4798d329bc0b15fada2301c55c65cb90eac77773c079bb322c783b4888cb17f3e505e8e9967aabbc3e03606a3f89e08cf3ac5d39dc47524d111bc8f93104c0235c0938deba6ec4df2ec3b56052095312957e38de23a0f5657072968afa0e150b2d6264dc034d3f18fa667fa3ebea8731490cc54154dfa4e27fc5fc6c0c74bec7055c373b53f81f237f857aa93f909a10cc18376b8daf7265facf47c8be938b0ff105f16c3aa2944074e4bb40722c9b32d7f25b741b77cda88ae457985b94c46e2dde61abe2099b0549f94c28f6533260e6a83828c93348f763e88adb502e5ca153d9f7a200f2d9d068489978ebbf681b6174883bff858702c391d554743cf84795313798fb89b9ad0277e2832ec39cacae25a74fe45f2e88ee64520225d16c6f09abc96e14b24354dfd3e1036ab064831d62b75831305b6dba0d861415ce246be4b6cb0ddc37850ebdcdbfd1bb57a8e28b857d222b2b3f66bc8287b3218a34c032e43f26a35aa084af93d138d522ca6c4cc11465cb40597e4f3e7cdf188f523cb5fa835fe4ff204637931a4ed2c112ff0434ccebb19b9f63198f9f133c719dc467603864589a66000a666c844e4dd7c396da584be8965332cdef05c3a7161a5a105425f1d999b641a5ffe1996186ac54252338379cff8a33ace64cff73b9311afc8c26dbdf1e025d94728d72410c77b97ac86f16ca671c639446bcd6b5c5bd901a78e6426e56829ae74c2c7c11d1b50a2c4fa414d2746d99bb1fafee9ec9ea796fdb6b8522162dee7e6609c6db275ac5e43d152a7d621ce4536df281e3db2097ef1974e8d4c50d51c3c56915ce7393b750225c86ef2748bd976c89819a38e4e08b5eaf393d31160989be47d428ed2b1f97aa680fa06e9cccfceadc6a03ed26bf7235aaaad076fc9781af98bc59090c55e903346f97474c3162009c4b43a2e47ef84d13774a867ace36ceeff11c8f942342903e5c154e0fd672a0f1568263490535fba66b8917af5d994d82e1ae3e476366d59", 0x1000}, {&(0x7f00000034c0)="e7c2617926bfe1e105db1b05c6e8c3fbc12f9c9279f8c800dc9fd3323f7a48b41740d2cec3b4c15dc1c78bf7c24a9b96eb781584f972f0350f8959265fd01ba2c0f0d7f3ee47800e64fd2e88deb962e7d89b7830748a641d12ad12197f424b87b0d91c7094169f527c8beafebdf262d4732852cece6ee414be6920c7755747e6bd7d0f3a919ed52c6bb38e897bb5800a8c44b2589efa85536e5831622ae83886bca047debc06da5955c34bb61088cb1e3b36c90edee472a68703412298debdb3bd4a69507c3be7a8d74e10ca40100972c560a0f21e25792fc857004656f4e9289ed2750be72018b415fc71771c6d1a6b5d2af6a53d9c6895ccf85d64a6171abe285ee8c161c9b61006afd6dfa358a79f1d4b3c921e13ebf310f51f67d482027cf1f2c79583acbfe2dd2316d6b98404ee1518e7399608989ed9fb34317b81d301c9175605e134e452dbb08e9c867d69b607da50d60d8560ebd4a650610c57885a8a1269dd006cc5f72ec276d4873c342cad89204548b82767cd143770f02a98d39bac6dbd9c3aca3feebf10ae2b9b3cb0106bf2d10153bbf17d0d7789cac9ddc7e328f6ad5788e624fb0456e71b7c099b64a486a87a2ab95005b4061d08b85eedec816da936fc2124af05f4d971262a0e89da87c0e2d92221e34c513693af037dfe9fd6688b37c8087ed00cea3aeac8fa89376e59892aafea650e7618f8167403382cf9a46bdedb3a00c41cb80f541f8987a079e24d265a47d6644009259dcd1b63346b4657d34d1a3a007af19e482a6a29d55eb6949475b925114d19bb7ad9e4eb7c42f64fff2ecc2f2d5aef9734124df6a3ab2e34fc17c8c8121ee8f33395517968547695ee6665c6efab1749cf534a8a26a4e3d5c96ca29701f4b54fcff14c6c7f58e4f90915e82e590bfaba8bc0834bb03167308c6fd9c848e6707f463efca0e75fe01982621fefab9656422db0b5625c586a38bba6f9d10d1ed62a6603ba7481141abe197c36dbefb3c40f6b8cd2163e4f3b181a11e08ed0cd6a30b90de88b9815195eb8058dd472d5cdec14ba8fc2b0f77563118a3760af3336d37371849bd0152b60648304adb1c487a1c334b03a023ad889dd84623e42e7b596cd07ddd4f0f1f51d34ce3196e72f811a2f0f927b0326896bd10216713a47d0e58870c83c9ee046d6ad498ab596896987d6e6360ee2228093b794fbc58c910107b1f23bacdf640cf8eb0c1d789ff1c1419ad3b39cb6fb728a81e1775ae5577f994c4c453d52bc288f95ab49c6add8ae3a54bd066553b9eeec91a8efe4638a877c8d8d899aa2b6129b14de4a8a56e46ceee8fc45d7f0be6c65796d36c53f0ca3aecb883bc8cc3959d6fdb3d4bb47e2a5125f92b04495c75dd3e6804a4a135fa3eea83e287f84fceb75e259ff9f9f7ff8056d691d537d69176d1aa9829b4cfba096c9db9db7b85e4efe4a35853cb7964eb3dd0ed5292178905519b488b8b4cecd3f00b12131a7ab71d4aa023468331b58dbc1db90b85cb0d4ce3f56b27de81dc2301dad0e31526cb2c034d980e67e2581bbad83f9ffabf869718597ae982caf8180fbda1f6308868e5e6ff194bfe144a055273a79dc25c2b1335233e282b8a9175f0eb636e708fc5345d89b1c77d5d6f6c8c3b6761a9c0851bc044ed05b13c694291438a883a84a08ed1b5ed71c3e5321bc8fdb842c46d0ea0fb2dda75da83fd7a0843a76ae2c67535bccde332671575573011512626daf0e2243a04ad6b0fd327404abff309c79c066e9cfafa3560e1a2eae2b8ad8b0eb2d78e5bc2248860ffe3e446a0905b35e8299cf39982d31a33ecd477f3dfa1023960aa44307935a8dc1b5b79783573d3c37a9d14f90786b78de38ccd2c86080e2c38be68a9004359d4c12e9a96628cd750f8cd4cd2b2453b50ad6eaad6fbf29c7cfc34b6b3a2f1ab4f8f42c321ec915d658cef48a44605db35144b5ab15219de00f6ce3d22fd7a796db6d5d040f6ace1be0e60283c9cab13ac3466fa1323a0e91672448ee0c57bfa6bc7e388cf315fae3defe058f0467e47d4d6b0f4b478ba529debf82172363ae405bd3aecb87639153c8d61bd055474e6a81727337d72ca99ef1d43d4439197df0f0a1c04652641f953ea3cd8d66f7ae5f3886310b1052e98a66520ed8b3132ede8aa8bc37c62c8ec38642563046792cf2fde73b8a41fac31fc4fb0605ffd739d55109558348093369fa94bd78ff4f76ffa0204768db181e9a0f1d2a1c9aa3d80f668677f4524c5c6c58a6e5e62a2f832ea3b97b06fde492e4e3293556697820f34bd3b18864271d78c519f8d1a7f1c66968d603025b3f42a52b71827d43f82f2bf351f6d6dcbccd0eb4ba6f173b63f200729c48eebc6b1ba3ea203db401b1e7736be1f37dd384a6c0529bfec8d58b7c40616901328c9e0d64546496b428301665fd49452fae4f1234874db017d704a84e95820e28a7ad2643861b09fe530ef065c98f28a91edf28fce4ca705abc0ef073b8b4583660ee6d715243f29de87abe42884cbeda8eb99df27881b0e5f5f2674f9a198340640cfd79d2391ffe8defb804938121b1386d62177b91d93a2b702f8f48531f68e5b5b8428b3d34074eb04ca974a4cc46987891df01f8eddabff1b2f23d14b201cc02378ae43d63072eb03f816ce724850cb042147db262cd839b1b5fc19353ef83744ab482695dff64017f871e1f6d865a997c794ffdc113f6ae710d63bf24be365d9f919a9b45001b71003f125b45af1789e12a2fbeed68d95466f14a558e623cfd4b75839d0639f8f03f75358d9c1ffca274663249eedb1485e467aab3f45b514b2f22a06b20e0ee7e9a83bcf3871d9276c8062a889fd3c80448b4ac38315ae32d7190212db97db17bb4acf2f1414b4c5bd14b6f58d3f604cdf70cae9897066634e27cb1fa98d349a332c22349e50ba4f65fc64fee0a7545dc5a397706b9f8dee20c54ebb8d51254a9611f31089972cd054bf7e558cb9bfffd0f842fa6afdd998202f8320fd1a0ededcf3d9bfa4c782d5bc6becc3b6da9805ba33d69a8716580d0cf070f84b862a5bd706d6916169bf8b6de454840e25c4edb011fa76687499e78348b97791a5bb7cebed794dab3760b93c9f8387f816f309f9fa3f98d624294a96ec453651457e1fa47b2c5fcdef38a5975118f7c6eae2bbe59a84b3890f75f3e47a0d7b5c731d443b1d7b9a089d1171e5ae4dc0f825b43e17e0c1f04e14388ad19b226673da084b078b3959fb605df8aedc32b1ff58e082ebc1516f323cde95abf26b0060dfb261b32f556f3c7465578686ac9621170d8f1f2c84531718cb9ca39e6e158ed5d83354123c9a0b0d8d806dff11e5c129220441c1ad4893ffa613a769e3bd7f6b415be4097d1ee803e9637747b79e3f5c792553d6a571e3ab0852ad499f7ec39fa99396036be8a59aad3e2e74b98e9bfe3d2d54cb8c0887ffc51b1f869827d48310d9b8476c473ad20c1305835848454d94d69c1fbeb46dc8079421eae359b87b0206f210c8b1d136ef3d7bdeb76b63398f2fc59084619eb6167d50ef87aec7cd3b0aa4577c8b9bfea90dbb8969e99c8bde045511496de5fc02eb7b0f47f220f9dcc4420906764b4f8cd6ad8497114d017f5eba2c2092402f2022aff71613259ed7e48a4f1a3b2131f6f5ec0f26f9fe122810a83dca84a4f1892849a09d5e94200ee7274aebbcc4e040382d1646f812bb661cce9ed5cfbfa94054996001ed7d9c40dd4f00f0b15d48b553285e6f70ecdfb810dcbee2f69f4e77378b3267612b73e6bc51860b33c2adea6e5f1248802617ed6f373d73c7783378ce036d3036dfb138d33f47ec15afa4c019ca9dec24e19472e1c20b31c745046a3c4288b45562442c71da65df637bf0adb4001eae9a345080bc3ac8ab4fd83933ec3decd702f18d9566269c21f5cb4e418451a57385d49caaeb1caecdd50025e63c5675010b8f47f8c9e1ce6ef4a556b53f8afe87401923f3d6be7191ecaa749a13b2e2caf856bb1113d9e68bfe8178d4c783c8eedcfe084acd8f0ef2a34a9735eb7ff97a736d1b56632e23c7d321c6637ec697719574586e16c7f93b39d10d7b21d35f7cbac21b067da807f8d1200d91ef20cc2201466e1f2caea07032fe3bee5155936ec0409f417b40321e2f7b04a5fdce27d8887828f2f5d8d5e9225c9e4a8e0cbd27d755fe5b418173c77ed4f5b3e6bd2552f16ff1c58a94dc80700545b86773be4b6b9022f066fb4f2a29db3e67e173fa26e3a1eb7970587fd7c30e84435b0daf9d7229ede426bfa6b140ea75775250e76b62f13ebaea21b2a4b9e58059611af9dd5808e566632278e5f8b70c38ebcfaecd4649242e84e9a072ccccacfae72a6e584fcb1b2af5e77733731389a205e27a5e2e21e5eae6b46e481aa4a7f625a70b77b69a3912ef150b8a9e91e3a4e174e9e3070f3b2fab747791bddf34a1ee8e1e99928f511ca01fde7f86895de418b66a60c9cc4179c099d8aa38f0502041e646ef57902e52996bb8eb9164f531ca608c8d6cd278aff9a91ac6c310f42cefae5b767ca877102a30c492be02acc6679443a53a92cc1b29e067437728155a4d56cf12d08da0df148b959dedc8caa8e0c5d32f384b5843cd15de45b9784265e313db5b52579897db0663b39a60e8f2a26d462fb39a174d1b54236e397463437acf911e4b143a01fa321dc8446eb59a23fef72eceec8bd7386e64403b0d11387b7474043f9a75a5f8fab903fecd6a60faf5c9088c904bc765ce82c70bac4775dfe2b98d4fbbc74c0182e6541368f62c57db1a914c4345142f8de2e08ab4782ffb5675e5725ef8051169d36c370484643ced155ea2c68327db21b1bb19fb1361a70b7162b774ed6543b725c73ba1c517b41ac523dd5fdaebd1a86e6c26389ad0a1c3eaffea7828dbce1d70fde8898472e3871fe0eac5169de8237bfe63bb8dde99b7110e7755a939c321d9387384c9f48b1978d0593eacdd7dc50bc88c19a72c0e7424937fd78cc3840f240db0be1e30240afc63d38b5a9e70b0ef861028ab770f5f852d85b1e568de9f2ba2333f385a00a022828e3ce9b496d6c28ddd9a271d1de24a52bef1dcf2c287889e1b6964f2bc75ab67a61b13f5fe78d27c128310b57e9a834b326a8472870c7fd3a17113a9d6b74e2c8e7e76a17dc4279049a3b2573741a862aa21b9a846a873eb9796fd63efaa23bc3e968d8ceec1eca028e3ff6b9eab355519bde1790f525534dea3ad19542169af849d6fc419b20f307bd397facebf827bce1672ca00dd22fd0e19ed8c458ba6e20f2597d45035af2ecd1d3b72f10210b2704be1b6bdb692f277c1afa6850417dadab8df69d39bdc1238c3b50bdac1f8c0707781363936a09d2d814b718c8b018175f877866caec5e71eb4eb0dde8f81691c5aab84cf45439d98bcff131b5304cfb041dd0f5945d2a2ca488985a0cfb2f3102f1bfe403c64a056983307d2e111729e0735aa18a0cd42065dcf581697c10dbf4eb2eefc622c6ced0b85b312c4ca46d549b7afc6ba7ab95804c49e7967d58930b87060e38b9c7c0eff4de6463e60675f35f8e216baf8aee8a8df78e853ae5356b44c768797c5eb7d9354fa6157a3c1f565854747821950d116198d0c1daeb95b5be9615700161299620fffc5d950cecf033aa247e3bdbdb18639e8e2bb711941072aa94e33a1e623518168501660b378f363bcd86f71bcfd8b2346a1f666df5fb81e2320f96307c40ddb6926afe5d6204b6362dea792d6c5c861fd35678aec099ec44593dd9cae70a337de8", 0x1000}, {&(0x7f00000002c0)="c3e22efffeffff", 0x7}, {&(0x7f00000054c0)="68b98ca3c517c25598b9031227e4627844d04af29a00c21bd0c99c34bf4f0b9fdb4318c0784914a2acac9a93cbe8e00149df36302fba49919dd339fdbe83c9598728502a7e24008cab2963ee25cadf8805ec53e9bea63c62a7d1737a6196a06261c5bc890912f593c28cb799f4904085dab8bee93bb546e6aaa4aef5a13e87e8e48c394f4a2d63c79d80c53c765bad1f4cfe0444a3a3d27d1fd57358e905fb65bb947317e4bfaf078bb715acbcf4544aeea19830677bfbfde94196b2ae3dada22cd1003956b8a716a7c630f3d944050aaa487680b95fb7cbf8c27d52029dedb6bf89a18a92ba3eca305644001a490e0a344a788ec598a119163148b42fc69cbac1638d095b0e0b81fe9963a3b3dbb78f8bd009cd2173c24f4c35f2c0d44b709dc9027d697fa1083b2e345c063d92272057f40bc8d98fa89c1a137686f23cd42eb126c72e47c07ff349eac78e36970f994ab9dd807779291d5da0bdc018516f672060f94e19efa92e228bd439c466002492def4cea032f369ed6316c46d15f51d7a5c223bf917a93214996ad1bc6f0e3f4416b885f3b782ff419aeb6ce70bdcfa683494829d37af5a832d0d2c1fa9f5ef4420f75a1e59b20e96ac23c436ab7fe1417d27d3159ce640c551bb13116517e2f1d2e77a75760eff6b1b3f5189e75666a27a0a516b4f1475620d327eb32c330eb5bbe736967eab727455d57fdbf56171a9c2762fa05aa814c4aa1483d392fcb5d14664f315939e41bccb205abf82b46ac4f6f0703b176e43317e4489f1508b4e535b6c7cc7e2a6be715c1ed633aaeead3f2b4a8377992994e174504f51da4707ab9a76ae360aa2ae7b846e7bc9ab297752d65da3983acfc2d660b3e5a57bcab4386a52944fdc0a79f7bec09489d006dc67ab9f6c17b5d59f1688f7e1ad4d163efcb18d51f543a946054e96295586c89667944136aaf3432d28a4891136c693e2e6bc1e5228da99562cf6a86ec3bf0c57b501a9006d14ed759b4d46175477305a9a006663885c8290e473475c51984efc6e2a2132a7d93dac803057b5ad3606a264a7bfaef43ecc344ad6651c83af92efa229d3ccf64586362989019274303f501241f3deab9c5792555b5dc2c180342886d180bbabbca94508edbffa9fc48c5eb33a77aad0f2e36706aed04726de064ad8f5e5fe3606acd715b55c382041b523f8b7b90f1c19b240c62a298016ee94086b38a3d1bc418ba048df272156803bb4485ca47e165a891bf7c9218731161893b6b6d4d235571739ad53c4fe26b1f15dd0737478fcbf52f0b38c0fea1e817cc865c3e0d4127536f331cddccdc0641f124f4515b9b0d410a0cee665a262a62eb443e00b3742d108bce201306cd5c3e39e35a9cf4933607ddad8b212b32d4a94abb7bc3b607a328f972a4f4504cc60d7921227b015e92ad87e476c9c3fc08a306fd7f9295de5a3995062580285c6799ed60f9a83f126a8541de24d4d383df41281ce3a15097a91dc1ce4106e6f28d86226fb6e4cf531babc1561483f48e1f52a2fd9bd8ce3fae4674675392c84745aedbb06c02b7c7de278202cea35382d82b35ee66fe75a6ac52d77ebdaadfc1212a3654fcf2bb9655a83486c683ae7a40bebffab39ccdf95859dbb993c5212d8bc656bef22329cb4db168895cb2af8a9155e30891bf7eb112554336503dc61c466892762dc7116deb524b2779f48a579e9db72e9ace8adf37f96e70181cb0a1d2c5a671f95745a134d4a007aa296ba3ddb9f4b4ad416e6ff09009463d094bf014389905d440e31a3247995e5c0789a8a95f63f26545e5a092d570023d07dd306546d172cf54c52377ffac6470ac7c644d2d054d7b89af105131eef6b2965a1af6e4fad81349d9e66fd22c1902b6dc00776d4d1501da0f4cf6e663d45b9feed7ee8988fd6986b8121c719b11cda56b03306498fe4d98c22c20318a2a92e7daa686dd2c5a0d94d92f6c15783d2489d6e7c473a2a37cf8bd6760fa08c362c63d9ab31699e3a22e39cd178eca46a6a8479f1de073d60d52169a260b22c3ef1044a3a5e3857e8422a1304c4661a5d8e84f24f586ff45f06ad2d576a566c929fc09f26b49e24ce8d2bff087d9b8eb02309fc2035c0111df467a9b22b86f8533fa1bc6b2e3970bebe4d13a651fab32072bab3417d0cee543d1820a7da17aa62c28e38feaaa846843c0d0e2e1ace26e68872e07a3509b0f7372d8e23403bdcc877779c89287106fda602ce5183edf7a27ddd92ec441a066abd9517d0f5954c10d52f3a21df08e7f800328a1ea7edaea9e2f9bf77af586f8900f55125bb177b0a1f5f1c2ad2dc592968cbb2ca1721fbeff767ba9f7beea000b6e3c824d3dd3b9341b8c547df6d369883c5bc91322402d5757444ced660435cc605dd8139be61dd97eef8d3de9a0dfe8c519e4b1b81df17742932ccedbd1ec6d09d94d8323b51f50b8b9604f2bebec48bc01388dbb3c3d4cc8664aa12b34a5d9b6dc084a63835cb0336e1b985a1af334f901c85c9b41bc47e374ad1c95fc28bb5aa5e39fa855fb7fdd37f19caa56fcac553f7d5cb8c8e49aa670722da1c91f36cea018ec501d0a8b293900dd59c28466c9240db6e40b67f5e32b4782974bbdb148d02d8521751c7363cded675d5774a78ee383c4a8a7b0d8870bacf171e2f3b565b3cb876a7107f27b5ff14e4c78465d5522dd11f815e86d1e5a4effb26b412c459d1c5e9068c2454991629ee2870d59d5449c547956e660102bf3b1bb0be533978942bf86f69bcd362f32d676637dbc84827a49aebdb3c334821ff1d6e7fe78bae14a264bd2b0e941e929f9fb35ef81463945630b50e9a937a08de3f1cf58e4f6236222967e9ef37a6319514b0ed6c40383f39714aa29f4f7c28c0c0c3028455b9337d38f6f20dc8c872a909214805b6c9af229f15e2ee3bf023d888bf047678f3ab612c371e2d0a4a8ebbc1feeb1f1e6cf27e2954b2f3b1afb3c6cde6ba1cae16446c626694f5201a9de3b29a327a28273453d20638c482e97d5ce26329b46399961253f4ed3d9bc16f64775da36b49658a56869c8e99f1072f341d95bfbb9264766d0dfb49d6fd6d6ecd6002245b1493ab54b3e0a90901e6855b43f5922d6ab5243e5b93a644963b239f4402a9bf86c3963c19a6194bb593daa385d6ef38d11a6de3bb16f5fa9c5072f4db7797e8b23d792bc360ad22754fbd0d8e3fb314dbdc8868346b494f5258c1e74c75b579540cf368462b3c5f637c7508f6570cb4721eb978f8d3283a8e4750075bcec28fd6f4044eff170d6636fa945f6728e718a34ba1e15ef00aee7ad2f5159646838f368b7c8614ef0cebb36ef4a06e0b5c868cdff098b65e1fb52a936839677d1a0aacca9b0e207d2a122d6beb67427525e82587602ed831bd369801024802522eef085a6f619fe13e98a4a2e44981095010564af34f575744412c821404d145db2b4ed33fe4adc37ba708b2e698411cde39e9166bfe6c05a7df46e0bcfa30bb3f0b1ca3f16ec9d6a12fb4500a3abe733eff1ac27c0ce329254001b5a7bf6a0a3bc48afeeb8c641a9cc6df413f6e1a90895c4283036232508402bb8b79ab36ff15506824a2cffda2d24a511294dc980ac8eff1e837ebd8b0e710c156aadc6e2e33d4fc9ac25463d3105b82b0466e75dbb54d3eea97680c2a25a285c89a3313c620fb7c37a1d2976c8a9e6882b034328bd5d3f16cada5eefede4491e50408515c789cbecb1862e259fe6e32525429fd6a016fc3df47d305128af3da9f15f5888b7bdcb1d4a90044bb20f827bbd98a0706c8a7e2b4bb9b98be0f48e2335ea6486c286f7c48c81ca30a4bf6f0e048e1ea8b618941933fa24b42b99cc2a5969832749706611d6a3d04a5c929c8c43d9f5e5a70a2a4b2b54463b7133cf023b5829861df8765a51802a972c3174730eac45429c6ce28006cf988aef19a344e0ea0703feb9defedd8b742db5986e840e7bda1c82d7f058d63fd63a3e6698674b1d8df41ca4eb387245091f1fb9da39cf930b35d6604ee697d7e6a59cdacacf5a422e50dc3688ab7155bc8b94d9af242d62973c6dafcd8049fd63de0bbdcf6296afdaae80429dfe5d4f4d02b5d41c006edfb5f5e10eaba784410350b938cb68259aff7bff9d763c72e46eb1379c1ee6ffe7c1e70a41e2753b607f04eaa9acb1cd06fd18b96fe335e3ad08aa4a9c2b6d6d4ccb2a4f2b44e6ce17f7bc2bf758a591ab05e05960e53dda15f1f7654e608ae0cd90e585dbc8dc14b436fc1dc612bcb0c3ff18c4978fd14145526a14fb8dfd56d368be97135d258f4705aedb4ef995c35bb0a305514a168e419bd0356f94c1ae750bd4e78d4b45aec45bceaba9f67a53b1878e0d44923f6fc2dd304d29bb991af6f4c1e41e5112f94087ab731fd524b5c643aee22f003daf6e198061fadedeb63beb36e6905ec8e1a47ab4dbb09266bee0c28881743217ad39d78102b0cee8b06030773d7f51217d0ada4b83b1f986be35b2a92330d847dcca8e44566163cfdf1cf8aad0c38c2fb303a7110b5fe8988a211433f6c2055c9254d737aec121c7c5103fba75e886ae10329ce68e93ba8bbde25292a41b18067cfc4d97a31f2c8de82181b607459ee9bb1a672aa692e851da4956489350f9037c18fff8fba031c04561446b9332b2cb8afac1335e931ec3d7cb5a2b358ee7e9b75987aa5e4a5d0e23d20476cb996a7e00a305b76a0199fe3b31ac45455d9f21f98f0eb86138364a5459972e88378fcd93b5fe4e641c3be6f1347d12ba5a78a29323d7b3ece792e3c10b08d01bc4bf16fd47e9089a053fbfc8bd4fd9f0c59f3c5465d2204d4a4490e288fd455081cd1857736405f79b281a064e645d2c28b7d3767629ea055dfbb929b96b99097217601fb3701b1f2120be020d6dc4e1597efd756f9f4beaba8405fb216d81e3b4424f59f632e2f57e33c8779fbeb00d03e6d3fd5d4542caaa94295b73e843915fc29c57704cf6d07e874228e79d71538d8211ce29cb9eb6b579d849ac20508a75c63473fb2dea929851fed7428a0dcb8678a67893a51bdf8a008c00a2e5a9568a75b5f1af15b391b6efeea929c25dd7b0d7449402aa6b05ca8c7acbcc1722210e39b3d6307b1c7e73f4e71e53725bb61808d112e6100349f20992ba59f31436078ff7e998c2b2f2e68d563f81ae0e2155eb3d6899182e783ed6ee24c49237574c0b4df0a0347dda43b4a8526a170a99f2b13cdb24b3b13fa33433010b00487b7d3ba1140e219d09da82a17f6d685dc819bfc6de3943d205ee0fe6e9fd344465301260a1f0147afc7d2132f6bda9eef615dbef89218735a3c466f438a816fc3f6e3553dec798c8f4b421525f1e1d1b7479a79f66d5c4a368343e565f11926e44dfad3515654ad6fe9f5e04096dd017128fd268994b22dcbbc460270f070cffe6522488e9058a33af9a05be7e633589b46e90e2a24f46b8d2be34c8103adfd993669a825f0b2d510dfe2c56b41204ba731a11b5dcd62976ccb0443a4852bf059e68d393cbe4296ea668b5e15e148538931de13741714320fd5fe4a138340879a79bd3fbe06e507220022d122fc119d794f66e04ccff6895b6008e1901e9889f4229c044f2c97327cd7b9a25778e1dcaa2e41fded4fbb21e74acbe53ac883d74227720ad0eb741ede745adc8a439d7350a047c76c6742061b5411e03cbe4030a70c32e2362fd377ed0cbde6d42acf53314e731abd9f8b1ae26e07d5b0bcab7269d9be9c752d6e0d3d488e24063cce673c7c3dd1294b4b1258172a5592566efb3db5", 0x1000}, {&(0x7f0000000980)="ecc3e284aff8cd7b6cdc70a03cd2621d62e5844de43b3613256a6d6e9870ae862ff3617275a005dbfbdbc3357258858bc1aa9e40677d665f2e4629f20494e85a0fac0cc1f2ebf1b8cc2508a8c071f5c2760f008f8a6e4b69433bdebb318c3e2e65734d4d7ed3e9ddb0a81d02a7ed067fe8ad9563cac7ce8de46f33ae5ceaa4435481be719aae79c6c74353ea75afad33b02dcbd19d70e548f6a9243d232dc096797aeb4f4f202fdd55a966eda0da4994616e5ba1cce33d28d36613e7115427d16faf1faa579f33551b36a2d7aaac8ac04e9a", 0xd2}, {&(0x7f0000000880)="2fe9cfd3200095816ae6722050eef7852e560b0409855a9fb85cb78a981fcb874187f304d52b800a6b8f6c1d47fdc4d98015bb3ea247f12b92fbda2a2b59c16df55e5d9a734685de601d1ecb1f3c58fddba0678391104e97ef74d090fa6127f4f722b40812671be27a29e4b65a06f7f422bf102f45aadcdf6f19873648bdfc3d2fb751f02b1d7d0c3c77c807f45ce2289b246dcb09ff861b194af92fe655329d9cd625a53fb66222d1007930cb55ec8bad42546b5013f732bdbd7545903310ad2f17644f774771a5ecee8976de52fff1b89d3a78aeeb6b754717315cfb", 0xdd}], 0x6, 0x1, 0x2)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000580)={'dvmrp0\x00', 0x400})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

5.033888906s ago: executing program 1 (id=770):
socket$unix(0x1, 0x1, 0x0)
r0 = socket(0x11, 0x2, 0x0)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000002c00)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0xa, 0x0, 0x1, 0x40, 0x1})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, 0xffffffffffffffff, 0x0}])
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
io_uring_enter(r1, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
setsockopt(r0, 0x107, 0x14, &(0x7f0000000000)="11106e00", 0x4)

4.522555403s ago: executing program 4 (id=773):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0)
connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty, 0xa, 0x4}, 0x20)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000200)={0x0, <r1=>0x0})
syz_open_procfs(r1, &(0x7f0000000240)='net/udplite6\x00')
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$KVM_CAP_X2APIC_API(r2, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x3})
sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x400080c}, 0x814)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
splice(r0, &(0x7f0000000280)=0x1d50, r3, &(0x7f00000002c0)=0x5, 0x100, 0x4)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000440)="da7b00b83701cee002bbe402bbe40fbd1e00780f1c6f0f01c466b9bd0a00000f3266efbafc0c66b83b59000066eff20f01d767479d0f786acfbaf80c66b8138b0f8d66efbafc0c096b0000", 0x4b}], 0x1, 0x10, 0x0, 0x0)
fsopen(&(0x7f0000000040)='sysfs\x00', 0x0)
ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(0xffffffffffffffff, 0x40184150, &(0x7f0000000100)={0x0, &(0x7f0000000500)="b7bab39f43653e939efd1483a019938ede0bdc54bd38f4341999cc26afd499d8498935d04966d3f2b2739082079dbfbce320e326ded8178688c91657943f3ae1defd398682a7e0107c13657b2c54ef8822dff9a42eb5d1765b7cc3b962bb24a94967d9592a8905bbecec991ff09a8e1e2504987e7dbf02f67bc12edb4256b71914da9aa219fd7107535f434ed04dee64d7058a19907a947b4d7ba7b3c2aca51ea1e664671f79e299e6e8c94a7aeda0cbf2dbcc35ef22458e095d35622362c79c0d9ebb01c6db3f2f59f12fb32d5adf7c666462bcf89ffd823b09bd4f1187de3788bbb842a66fd255d655708fd9efd1f8e649d520b929d25f000eb3cf4a01dec5da36c4589a13185d1ae7c5f74281b7e6f4d9eee60b290706229e624519ba039f871f40e21ae77d8215d58b6540868f95e7c14c58e49e8601bfa105dd2964f167132ce671e19b1d9d64b33c6953d23940b2797de497c69976f3157b328c2730b752169bace35e713cac756c8b9ff037bbe5071664759fc415438c1bbfc88eac2bcfd5327b9cdc8e9f1bac04e60efb15cf0c48ef7faac67ea8d455b2b7d5072c9019af7683e260cee2cbb42898a92019985097c7850260b6d20317f53dbf90aa4df189270cbd07e8f87ceedacf001fcb4ef751d6ff6ae507cd511ca6f78638a683b07aa924498c9b74b485a80c80fea9c7c00cacad98d07586e232be0dfe0235c6042a6cba0a5c96815ae57a2012872fa350c3cd5f59d45395df8131e770781e8352f96603db38d4192c7754da09d82e7e28905131e0062ad188615d34986ef850455ca7fe544bc31789e9291f27e6fe7331c4bfc4cfce0e1a4b4a4369c7e8a8f1fb6519c149d55a377407991c4b1fb50ec32f6a58e4d8928bd6789b1b6038c881451ad860ca48927789d40f225c884a904bb2fb1053b46316693203992648ddf3cc45cf72268ad6fabc39d0df0bc58f4e701254a438b3d62a5f8f6e8b54cdc9620029f0f10f071ca3be9c37e5d74eaecf518a08a4cbbffe63baaac91c26b839df2991f4f0fcdced5a2d956b7745749d7d893b93399fde08e8ef5b386ab9261d4bad2573cb267b6a5b6eab7d39fa9ecd27a1d1605bdd4feb9fde8f489e83da243d410bc5943a9804ad860f345f4250f584e8b5b65fa3d8bb1022e9c76661e80fb73ae1d2f7a0b35c0027f8f136236a67df991b7d602726aac4253db9742005acd8a9f51c5ad8e72c2802104186eb7fce9dcaea4c24ea51dc7cd6d64db2d64ebf3d2d0311853f615ba76062dedca1efceaf439173bcfe514a52198eb238874df05ebc3224ddac7151c7caa69b576c60888f6d49296739bf01ca10386b5c063c7de2", 0x3c0})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

4.335725008s ago: executing program 0 (id=774):
unshare(0x22020600)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000040)=0xf2b, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000080)=""/6, &(0x7f0000000100)=0x6)
unshare(0x4000000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xbb, 0x0, &(0x7f0000000240)="e30080670000ec67838717bd86dde148f0630962bb87dd45fe42904bcfe14db4241544716b9ea42231ed03000000017f9c1fd05dacf5bb80b4b7dd0fae7aea53492b38978d0958a5df2dc6781a2c1b2af08596c7e12bfd09f4562e9f339e7fd955a6694659f2754ffa12ce3445bf17168f8012059dad0306b8e2eac80b1b30c5de9653181182ba401f291f9116b8d8afa0bd3a5ff306c992cf464485ef2da5d963e441a24fec4857c0000000841bc2531bb096d389ed8f69b13baf", 0x0, 0xfffffff0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x7}, 0x50)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)

4.331765899s ago: executing program 1 (id=775):
r0 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x8000)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000080)={0x2, 0x0, {0x31, 0x8000003a, 0xd, 0x16, 0x1, 0x18000, 0x1, 0x88000000, 0xe755a3d832dace16}})
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet6(0x2d, 0x806, 0x0)
socket(0x25, 0x80000, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8002, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0x8}, 0x0)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x1, {0x9, @sliced={0x1, [0x52e, 0x1fd5, 0x7, 0x2, 0xfff9, 0x80, 0x8000, 0x9, 0x44b, 0x743, 0x6, 0x8, 0x5, 0x1aa, 0x8, 0x2, 0x8001, 0x0, 0x5, 0x401, 0x6, 0x0, 0x9, 0x8, 0x5, 0x0, 0x6, 0x9, 0x5, 0x2, 0x400, 0x0, 0xfffb, 0x2, 0x66, 0x4, 0xb, 0x4, 0x2, 0xff, 0x8, 0x39, 0x100, 0x1, 0xe05, 0x7, 0x6, 0x80], 0x2}}, 0x6b})
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000300)='illinois', 0x8)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x3, 0x9, @mcast1, 0xfffffffa}, 0x1c)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
unshare(0x22020600)
move_mount(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
renameat2(r4, &(0x7f00000002c0)='./file0\x00', r4, &(0x7f00000003c0)='./bus\x00', 0x0)
sendmmsg$inet6(r3, 0x0, 0x0, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc580000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000002c0003800c0000800800034000000002100000800c000180060001", @ANYRESHEX, @ANYBLOB="785454f63ace2532535fe418e26a717fb1f470cbce39e577ca8ca7fd3ef37ed255183ecba11f"], 0xbc}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='cubic', 0x9)
r5 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})
ioctl$vim2m_VIDIOC_EXPBUF(r5, 0xc0405610, 0x0)
syz_usb_connect(0x5, 0x48, &(0x7f0000000580)=ANY=[@ANYBLOB="1201100335fe6510ca1a8eb232920102030109023600010d019002090432a70201039e08098508061000060408042387ac0725010305f80409050702"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})

4.319750689s ago: executing program 3 (id=776):
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0xe00, 0x34524742, 0x500, 0x2d0, 0x0, @discrete={0x1ff, 0xf}})

4.20794993s ago: executing program 4 (id=777):
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x9, 0xfffffffe, 0x0, 0x2}, 0x10)
write(r1, &(0x7f0000000080)="240000001e005f0214fffffffffffff80700000001000000000000000500f3ff01000000", 0x24)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x74fb01, 0x0)
close(r6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000840), 0x80000, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f0000000180)=@x86={0x6, 0x7, 0x57, 0x0, 0x1, 0xd, 0xf, 0xff, 0x6, 0x7, 0x5, 0x3e, 0x0, 0x7ff, 0xf, 0x7d, 0x1a, 0x8, 0xb0, '\x00', 0x6, 0xffffffffffffffff})
ioctl$SOUND_MIXER_READ_STEREODEVS(r8, 0x80044dfb, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc1, 0xe23, 0x3, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x60000)
sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0x7fffc, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0x6, 0xb}, {0x6, 0xd}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x0, 0x1, 0x406, 0x4, 0x7fffffff, 0xb}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x9b3, 0x5, 0xa, 0xffffffff, 0xb2}}]}]}}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4004060}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000000300)={'syzkaller0\x00', @random="2b0100004ec6"})
r10 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r10, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r10, &(0x7f0000000340)={0x0, 0xffffffffffffff96, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="050000009f6000"/16, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="00000000030000000300ab5b56aacc9ca1e6c4d5e47ce8000f9ee9dc3d4d00098d4806"], 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x8800)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=ANY=[@ANYBLOB="02030003130000002cbd7040fcdbdf2503000900800000001cdc0dca1d9f68846960e56de42944af05000600000000000a004e2300000007ff0100000000000a0000000000000001010000800000000002000100000000000000070c0000008005000500000000000a004e23000000fffe8000000000000000000000000000aaff010000000000000200130002"], 0x98}, 0x1, 0x7}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)

3.950893226s ago: executing program 3 (id=778):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x6, 0x801)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000000)={0x4000, r2})
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f00000002c0)={0x400002, r2})
syz_open_dev$video4linux(&(0x7f0000000080), 0x3, 0x40000)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfd, 0x7fff0003}]})
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
r6 = syz_io_uring_setup(0x2b9, &(0x7f0000000740)={0x0, 0xb1e9, 0x10100, 0x0, 0x0, 0x0, r5}, &(0x7f0000000080)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
inotify_init()
syz_io_uring_submit(r7, r8, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {0x21}, 0x1})
io_uring_enter(r6, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r10, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r10, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c)
splice(r10, 0x0, r9, 0x0, 0x10000008ebc, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

3.930353276s ago: executing program 0 (id=779):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0xfffffffd, 0x3}, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
setsockopt$inet_int(r3, 0x0, 0x1, 0x0, 0x0)
r4 = openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x32c180)
mknodat(0xffffffffffffffff, &(0x7f00000000c0)='./file2\x00', 0x8000, 0x0)
r5 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_rxfh_indir={0x38, 0x3, [0x4, 0x9, 0x9]}})
r6 = socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x7000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='net/fib_trie\x00')
read$FUSE(r7, &(0x7f0000000640)={0x2020}, 0x2020)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_inet6_SIOCADDRT(r8, 0x890b, &(0x7f0000000200)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xa, 0x0, 0x6, 0x0, 0x185877a4, 0x10200})
sendmsg$kcm(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e1406022400000003000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r9, 0xc0045006, &(0x7f00000001c0)=0x7)
dup(r4)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)

3.489788147s ago: executing program 4 (id=780):
mount$fuse(0x0, 0x0, 0x0, 0x38820, &(0x7f0000000200)={{}, 0x2c, {'rootmode', 0x3d, 0x8000}})
syz_usb_connect(0x6, 0x1fc, &(0x7f0000000780)=ANY=[@ANYBLOB="12015002b8005108101407a0683e010203010902ea01030e00300309040309027f54cc00090502040004040403800109661bede31b6d40ffd5a6457d3483a7c64a2cf09c6b30e3afe9caf13ed9a2924ed053d2b4b24aedb4035d4212c8a5f7df3b67916187c245f81035efe9b53a8d79988d4b00a8aa5926f8b9103fd0e543cebd14ca5d0825146c7ff12ef0b8fe612538542d6f5c9fdc7894374795b8ccb6bdb303b42aa86746d3370ad7a31c090504104000050209072501830200040725018101070009045b060c317135060905051008000600d30725018002000009050610200080ff0407250101060200090500100004090401090504104000ab0005090505022000060d0d48007672bf7524ef90e0a086de3562bf356642bc0201de8fa807c3b757b1c182c0f4c59af7c59293e1bc41956912be0eafd96bdf03aa6117bc3e50fbee59a6e5dfc7206516e091fce94c0c778a134b5368d1af31d240535b0725018002010009050b08000401a9050725010332f60b0725010206ac15090502140000c7070e0905010400020805800905051000020802ae07250103fbff0009050010400008000309050c040002030d07410f8c1ea652c620acd24cbf2bfeb921dfc3f2c147f7c05a53e4f7db6742a64c76fe8d2f319387c80165b1ad6b9054e93ae7385d785e1c040f2c4e5c2388ef87910905090020000108"], 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
r2 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000140)=0x14, 0x800)
bind$packet(r2, &(0x7f00000001c0)={0x11, 0x1, r1, 0x1, 0x4, 0x6, @broadcast}, 0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e127a5108000200"], 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa0}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f0000000000), 0x4000000000001f2, 0xfff0)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x3, 0x1a7a40)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$P9_RCREATE(r5, &(0x7f0000000000)={0x18, 0x73, 0x1, {{0x4, 0x3, 0x7}, 0x8}}, 0x18)
write$binfmt_misc(r5, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x48dd, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac100875397bdb22d0000b420a1a93c9e01177d3d058dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x100000000, 0x7]}})

2.899679249s ago: executing program 2 (id=781):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0xfffffffc, 0x80, {0x0, 0x0, 0x0, 0x0, 0x17b93, 0x12}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x2004d808}, 0x0)

2.848229107s ago: executing program 3 (id=782):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4000000)

2.713395169s ago: executing program 3 (id=783):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0))
r4 = syz_io_uring_setup(0xa1, &(0x7f0000000640)={0x0, 0xe8ce, 0x0, 0x2, 0x40000336}, &(0x7f00000006c0)=<r5=>0x0, &(0x7f00000020c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x6007, @fd=r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001800)=""/211, 0xd3}], 0x1})
io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
munmap(&(0x7f0000001000/0x3000)=nil, 0x3000)
mremap(&(0x7f00006bd000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000721000/0x4000)=nil)
mremap(&(0x7f00007b2000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS(r7, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x813000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x10)
sendmsg$NFT_BATCH(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x6c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x30, 0x11, 0x0, 0x1, @target={{0xb}, @val={0x20, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x5, 0x3, 'P'}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xa, 0x1, 'AUDIT\x00'}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}}, 0xb4}}, 0x0)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r10, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)
fcntl$dupfd(r10, 0x406, r9)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r10, 0x4068aea3, &(0x7f0000000000))

2.416148749s ago: executing program 4 (id=784):
r0 = syz_open_procfs$userns(0x0, &(0x7f0000000240))
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0)
read$FUSE(r1, &(0x7f00000009c0)={0x2020}, 0x2020)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x2, 0x2, 0x7fff})
syz_open_procfs$userns(0x0, &(0x7f0000000240)) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0) (async)
read$FUSE(r1, &(0x7f00000009c0)={0x2020}, 0x2020) (async)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000280)={0x0, 0x2, 0x2, 0x7fff}) (async)

2.148918222s ago: executing program 4 (id=785):
socket$unix(0x1, 0x1, 0x0)
r0 = socket(0x11, 0x2, 0x0)
r1 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000002c00)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0xa, 0x0, 0x1, 0x40, 0x1})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000040)=0x3, 0xac5)
syz_clone3(&(0x7f0000000900)={0x23800000, 0x0, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x8, &(0x7f0000000600)=<r4=>0x0)
io_submit(r4, 0x1, &(0x7f0000001300)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x6, 0xffffffffffffffff, 0x0}])
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
io_uring_enter(r1, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
setsockopt(r0, 0x107, 0x14, &(0x7f0000000000)="11106e00", 0x4)

2.013011409s ago: executing program 2 (id=786):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TOS={0x5, 0x4, 0x5}, @IFLA_GENEVE_TTL={0x5, 0x3, 0xab}]}}}]}, 0x44}}, 0x404c814) (fail_nth: 9)

875.771002ms ago: executing program 1 (id=787):
io_uring_setup(0x1612, &(0x7f0000000200)={0x0, 0x0, 0x800})
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x5, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)="180c4552", 0x4)
write$P9_RREADLINK(r1, &(0x7f0000000080)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x20, 0x2, 0x800000000000208, 0x0, 0x0, 0x2, 0xc, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100000000020000ffffffffff00", "2809e8dbe108598948224ad54afac11d875397bd3c5240f45f819e01177d2d458dd4992861ac00", "90be8b1c55080021000c547d03d8a0f4bd00", [0x0, 0x6]}})

740.149826ms ago: executing program 2 (id=788):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="0203000a0f000000000700000020000005000900e000000001d78771b90bd8a3b4914783c58777003d5b9538a9d03e6e9bfdac5500000000030006000000000002008e34000000000000000000000000020001000000000000000a1600000000030005000000000002"], 0x78}, 0x1, 0x7}, 0x0)

619.015116ms ago: executing program 3 (id=789):
unshare(0x22020600)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000040)=0xf2b, 0x4)
getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000080)=""/6, &(0x7f0000000100)=0x6)
unshare(0x4000000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xbb, 0x0, &(0x7f0000000240)="e30080670000ec67838717bd86dde148f0630962bb87dd45fe42904bcfe14db4241544716b9ea42231ed03000000017f9c1fd05dacf5bb80b4b7dd0fae7aea53492b38978d0958a5df2dc6781a2c1b2af08596c7e12bfd09f4562e9f339e7fd955a6694659f2754ffa12ce3445bf17168f8012059dad0306b8e2eac80b1b30c5de9653181182ba401f291f9116b8d8afa0bd3a5ff306c992cf464485ef2da5d963e441a24fec4857c0000000841bc2531bb096d389ed8f69b13baf", 0x0, 0xfffffff0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x7}, 0x50)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4)
setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)

433.947389ms ago: executing program 1 (id=790):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x11, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$inet(0x2b, 0x801, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_io_uring_setup(0x8d2, &(0x7f00000001c0)={0x0, 0xb0a8, 0x80, 0x0, 0x37b}, &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000080))
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/bus/input/handlers\x00', 0x0, 0x0)
preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000140)=""/4078, 0xfee}], 0x1, 0x18, 0x207fff)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000bc0)=@bridge_newneigh={0x28, 0x1c, 0x1, 0x70bd29, 0x25dfdbfe, {0x7, 0x0, 0x0, r7, 0x80, 0xff, 0xa}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000890}, 0x4040000)

422.398673ms ago: executing program 4 (id=791):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r2, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @dev={0xfe, 0x80, '\x00', 0x38}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)="17", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r2, 0x1)
getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000600)={0x0, 0x4, 0x80000001, 0x8}, &(0x7f0000000640)=0x10)
r3 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1ff, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000001c0)="b9800000c00f3235000400000f30440f20c03508000000440f22c036646665f36526f20f22a5430f01c566ba4000edc4a39979250b00000008b9800000c00f3235010000000f30f245ab48b800000000000000800f23c00f21f83500000b000f23f8c481e57dcd", 0x67}], 0x1, 0x10, 0x0, 0x0)
capset(0x0, &(0x7f0000000040)={0x98d, 0x8, 0x100000b, 0x5, 0x0, 0x3})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

348.052369ms ago: executing program 2 (id=792):
r0 = socket$alg(0x26, 0x5, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@dstopts_2292={{0x18, 0x29, 0x4, {0x2f}}}], 0x18}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000091000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'seqiv(aegis256-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_FLUSH(r2, 0x0, 0x20000044)
recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000200)=""/83, 0x53}, {0x0}, {&(0x7f00000001c0)=""/14, 0xe}], 0x3}, 0x40000100)

116.251344ms ago: executing program 0 (id=793):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4000000)

0s ago: executing program 3 (id=794):
r0 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev, 0xb000000}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0xe0000000)

kernel console output (not intermixed with test programs):

t
[  211.776858][ T5828] Bluetooth: hci1: command 0x0406 tx timeout
[  211.781748][ T5141] Bluetooth: hci0: command 0x0406 tx timeout
[  211.789240][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  211.800497][ T5141] Bluetooth: hci4: command 0x0406 tx timeout
[  212.772117][ T5887] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  212.801873][ T5887] usb 4-1: MIDIStreaming interface descriptor not found
[  213.161509][ T5887] usb 4-1: USB disconnect, device number 20
[  213.562956][ T7449] libceph: resolve '0..' (ret=-3): failed
[  213.647892][ T7454] loop5: detected capacity change from 0 to 4096
[  213.859340][ T7459] loop2: detected capacity change from 0 to 7
[  213.938522][ T7459] Dev loop2: unable to read RDB block 7
[  213.944277][ T7459]  loop2: unable to read partition table
[  213.952416][ T7459] loop2: partition table beyond EOD, truncated
[  213.969607][ T7459] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  215.345183][ T5913] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  215.518389][ T5913] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  215.527009][ T5913] usb 1-1: config 0 has no interface number 0
[  215.533278][ T5913] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  215.628166][ T5913] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  215.697978][ T7488] netlink: 16 bytes leftover after parsing attributes in process `syz.2.430'.
[  215.883670][ T7491] fuse: Bad value for 'rootmode'
[  215.896513][ T7491] netlink: 40 bytes leftover after parsing attributes in process `syz.2.430'.
[  215.961919][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  216.002772][ T5913] usb 1-1: Manufacturer: syz
[  216.009834][ T5913] usb 1-1: SerialNumber: syz
[  216.046220][ T5913] usb 1-1: config 0 descriptor??
[  216.657242][ T5876] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  216.981494][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.008259][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.197718][   T10] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  217.715878][ T5876] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  217.825627][   T10] usb 2-1: Using ep0 maxpacket: 16
[  217.894892][ T5913] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71
[  217.933167][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  217.944207][   T10] usb 2-1: config 13 has an invalid interface number: 50 but max is 0
[  217.954132][ T5876] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  217.965659][ T5913] usb 1-1: USB disconnect, device number 19
[  217.973294][   T10] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  217.993953][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.099500][   T10] usb 2-1: config 13 has no interface number 0
[  218.111102][ T5876] usb 5-1: config 0 descriptor??
[  218.126595][   T10] usb 2-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  218.153329][   T10] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  218.164237][   T10] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  218.179791][   T10] usb 2-1: config 13 interface 50 has no altsetting 0
[  218.253798][   T10] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  218.297748][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.316241][   T10] usb 2-1: Product: syz
[  218.335589][   T10] usb 2-1: Manufacturer: syz
[  218.340325][   T10] usb 2-1: SerialNumber: syz
[  218.709635][ T5876] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  219.216340][ T7496] usb 5-1: string descriptor 0 read error: -71
[  219.224472][ T5887] usb 5-1: USB disconnect, device number 23
[  219.234664][ T7497] plantronics 0003:047F:FFFF.0005: usb_submit_urb(ctrl) failed: -19
[  219.643435][   T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  219.741459][   T10] usb 2-1: MIDIStreaming interface descriptor not found
[  219.816125][ T7518] FAULT_INJECTION: forcing a failure.
[  219.816125][ T7518] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  219.984425][ T7518] CPU: 0 UID: 0 PID: 7518 Comm: syz.2.437 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  219.984460][ T7518] Tainted: [L]=SOFTLOCKUP
[  219.984468][ T7518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  219.984481][ T7518] Call Trace:
[  219.984489][ T7518]  <TASK>
[  219.984498][ T7518]  dump_stack_lvl+0xe8/0x150
[  219.984533][ T7518]  should_fail_ex+0x412/0x560
[  219.984562][ T7518]  _copy_to_user+0x31/0xb0
[  219.984595][ T7518]  video_usercopy+0xe0a/0x14b0
[  219.984628][ T7518]  ? __pfx_subdev_do_ioctl_lock+0x10/0x10
[  219.984660][ T7518]  ? __pfx_video_usercopy+0x10/0x10
[  219.984695][ T7518]  ? __fget_files+0x2a/0x420
[  219.984726][ T7518]  ? __fget_files+0x2a/0x420
[  219.984753][ T7518]  ? __fget_files+0x3a0/0x420
[  219.984785][ T7518]  v4l2_ioctl+0x18d/0x1e0
[  219.984808][ T7518]  ? __pfx_v4l2_ioctl+0x10/0x10
[  219.984830][ T7518]  __se_sys_ioctl+0xfc/0x170
[  219.984856][ T7518]  do_syscall_64+0x14d/0xf80
[  219.984874][ T7518]  ? trace_irq_disable+0x3b/0x150
[  219.984903][ T7518]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.984924][ T7518]  ? clear_bhb_loop+0x40/0x90
[  219.984948][ T7518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  219.984969][ T7518] RIP: 0033:0x7fdb2899c799
[  219.984987][ T7518] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  219.985011][ T7518] RSP: 002b:00007fdb297a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  219.985038][ T7518] RAX: ffffffffffffffda RBX: 00007fdb28c15fa0 RCX: 00007fdb2899c799
[  219.985051][ T7518] RDX: 00002000000000c0 RSI: 00000000c0205647 RDI: 0000000000000003
[  219.985063][ T7518] RBP: 00007fdb297a8090 R08: 0000000000000000 R09: 0000000000000000
[  219.985075][ T7518] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  219.985086][ T7518] R13: 00007fdb28c16038 R14: 00007fdb28c15fa0 R15: 00007fdb28d3fa48
[  219.985117][ T7518]  </TASK>
[  220.381320][   T10] usb 2-1: USB disconnect, device number 19
[  220.569744][ T7523] loop2: detected capacity change from 0 to 7
[  220.600414][ T7523] Dev loop2: unable to read RDB block 7
[  220.643167][ T7523]  loop2: unable to read partition table
[  220.684714][ T7523] loop2: partition table beyond EOD, truncated
[  220.711286][ T7523] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  220.788968][ T5191] Dev loop2: unable to read RDB block 7
[  220.814269][ T5191]  loop2: unable to read partition table
[  220.824177][ T7530] ������: renamed from lo (while UP)
[  220.846364][ T5191] loop2: partition table beyond EOD, truncated
[  221.740165][ T7542] netlink: 176 bytes leftover after parsing attributes in process `syz.1.444'.
[  221.755422][ T5913] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  221.949412][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  221.969318][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  222.168286][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  222.209357][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  222.284345][ T7554] netlink: 24 bytes leftover after parsing attributes in process `syz.3.447'.
[  222.312228][ T5913] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  222.346049][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.381319][ T5913] usb 1-1: config 0 descriptor??
[  222.915725][   T24] usb 2-1: new full-speed USB device number 20 using dummy_hcd
[  223.180659][   T24] usb 2-1: unable to get BOS descriptor or descriptor too short
[  223.207151][   T24] usb 2-1: not running at top speed; connect to a high speed hub
[  223.258922][   T24] usb 2-1: config 9 has an invalid interface number: 124 but max is 0
[  223.313074][   T24] usb 2-1: config 9 has no interface number 0
[  223.354023][   T24] usb 2-1: config 9 interface 124 altsetting 195 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  223.384506][   T24] usb 2-1: config 9 interface 124 has no altsetting 0
[  223.398369][   T24] usb 2-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=42.b4
[  223.410899][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.429891][   T24] usb 2-1: Product: 쏹몛䧨ᘉ옙쨶ᅚঁ室⃬퐡훟癳뚃
[  223.492265][   T24] usb 2-1: Manufacturer: Є
[  223.502384][   T24] usb 2-1: SerialNumber: 賩ᙍᮏ쬺ﺖ딍뽪수줴舞ྑ릈넠펀掇㏮庀⭍枞ō῟଑쇁ᬠ≮聘턊䁛솊쀲䔂墧ꑩ脁↙嵷ⶁ⦏瓒师᧺裶
[  223.880765][ T7559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.904952][ T7559] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.974909][   T24] usbtest 2-1:9.124: couldn't get endpoints, -22
[  224.033073][   T24] usbtest 2-1:9.124: probe with driver usbtest failed with error -22
[  224.096002][   T24] usb 2-1: USB disconnect, device number 20
[  224.525665][   T24] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  224.715699][   T24] usb 5-1: Using ep0 maxpacket: 16
[  224.818410][   T24] usb 5-1: unable to get BOS descriptor or descriptor too short
[  224.836563][   T24] usb 5-1: config 13 has an invalid interface number: 50 but max is 0
[  224.868206][   T24] usb 5-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  224.904438][   T24] usb 5-1: config 13 has no interface number 0
[  224.911329][ T5915] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  225.012166][   T24] usb 5-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  225.102457][ T5913] usbhid 1-1:0.0: can't add hid device: -71
[  225.107756][   T24] usb 5-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  225.149587][ T5913] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  225.151409][   T24] usb 5-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  225.203800][ T5915] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  225.230176][ T5913] usb 1-1: USB disconnect, device number 20
[  225.260757][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.272419][   T24] usb 5-1: config 13 interface 50 has no altsetting 0
[  225.371980][   T24] usb 5-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  225.372019][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.372040][   T24] usb 5-1: Product: syz
[  225.372055][   T24] usb 5-1: Manufacturer: syz
[  225.372072][   T24] usb 5-1: SerialNumber: syz
[  225.383371][ T5915] usb 3-1: config 0 descriptor??
[  225.388903][ T5915] cp210x 3-1:0.0: cp210x converter detected
[  225.994013][ T5915] usb 3-1: cp210x converter now attached to ttyUSB0
[  226.080703][ T5915] usb 3-1: USB disconnect, device number 13
[  226.101197][ T5915] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  226.115914][ T5915] cp210x 3-1:0.0: device disconnected
[  227.194273][   T24] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  227.233274][   T24] usb 5-1: MIDIStreaming interface descriptor not found
[  227.712568][   T24] usb 5-1: USB disconnect, device number 24
[  227.863429][ T6155] udevd[6155]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  227.965273][ T5876] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  227.985633][ T5915] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  228.137066][ T5876] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  228.141623][ T5915] usb 1-1: not running at top speed; connect to a high speed hub
[  228.153721][ T5876] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  228.161097][ T5915] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  228.182592][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.193457][ T5915] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 544, setting to 64
[  228.248485][ T5915] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  228.259542][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  228.259910][ T5876] usb 3-1: config 0 descriptor??
[  228.280384][ T7616] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.469'.
[  228.296628][ T5915] usb 1-1: Product: syz
[  228.313353][ T5915] usb 1-1: Manufacturer: syz
[  228.321554][ T7616] netlink: Unknown conntrack attr (0)
[  228.331523][ T5915] usb 1-1: SerialNumber: syz
[  228.339396][ T5876] pwc: Askey VC010 type 2 USB webcam detected.
[  228.368339][ T7607] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  228.734628][ T5876] pwc: recv_control_msg error -32 req 02 val 2b00
[  228.743550][ T5876] pwc: recv_control_msg error -32 req 02 val 2700
[  228.753669][ T5876] pwc: recv_control_msg error -32 req 02 val 2c00
[  228.776950][ T5876] pwc: recv_control_msg error -32 req 04 val 1000
[  228.793246][ T7607] dvmrp0: entered allmulticast mode
[  228.807653][ T5876] pwc: recv_control_msg error -32 req 04 val 1300
[  228.836260][ T5876] pwc: recv_control_msg error -32 req 04 val 1400
[  228.842606][ T5915] cdc_ncm 1-1:1.0: bind() failure
[  228.853485][ T5876] pwc: recv_control_msg error -32 req 02 val 2000
[  228.872441][ T5915] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  229.346032][ T5876] pwc: recv_control_msg error -32 req 02 val 2100
[  229.353379][ T5876] pwc: recv_control_msg error -32 req 04 val 1500
[  229.360106][ T5915] cdc_ncm 1-1:1.1: bind() failure
[  229.361545][ T5876] pwc: recv_control_msg error -32 req 02 val 2500
[  229.372937][ T5876] pwc: recv_control_msg error -32 req 02 val 2400
[  229.386357][ T5876] pwc: recv_control_msg error -32 req 02 val 2600
[  229.395153][ T5876] pwc: recv_control_msg error -32 req 02 val 2900
[  229.402534][ T5876] pwc: recv_control_msg error -32 req 02 val 2800
[  229.410635][ T5876] pwc: recv_control_msg error -32 req 04 val 1100
[  229.418441][ T5876] pwc: recv_control_msg error -32 req 04 val 1200
[  229.428507][ T5915] usb 1-1: USB disconnect, device number 21
[  229.455005][ T5876] pwc: Registered as video103.
[  229.499203][ T5876] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input20
[  230.145131][ T5876] usb 3-1: USB disconnect, device number 14
[  230.312395][ T7638] netlink: 8 bytes leftover after parsing attributes in process `syz.0.474'.
[  231.185683][ T5915] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  231.365571][ T5915] usb 2-1: Using ep0 maxpacket: 16
[  231.433288][ T5915] usb 2-1: unable to get BOS descriptor or descriptor too short
[  231.487529][ T5915] usb 2-1: config 13 has an invalid interface number: 50 but max is 0
[  231.559441][ T7662] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.481'.
[  231.584005][ T5915] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  231.631024][ T7662] netlink: Unknown conntrack attr (0)
[  231.641096][ T5915] usb 2-1: config 13 has no interface number 0
[  231.686697][ T5915] usb 2-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  231.718246][ T5915] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  231.750693][ T5915] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  231.802059][ T5915] usb 2-1: config 13 interface 50 has no altsetting 0
[  231.829823][ T5915] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  231.845646][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  231.853736][ T5915] usb 2-1: Product: syz
[  231.858639][ T5915] usb 2-1: Manufacturer: syz
[  231.863280][ T5915] usb 2-1: SerialNumber: syz
[  232.716804][ T7674] netlink: 'syz.0.486': attribute type 5 has an invalid length.
[  232.738412][ T7674] netlink: 60 bytes leftover after parsing attributes in process `syz.0.486'.
[  233.032867][ T7679] loop5: detected capacity change from 0 to 7
[  233.041823][ T7679] Dev loop5: unable to read RDB block 7
[  233.059804][ T7679]  loop5: AHDI p1
[  233.068168][ T7679] loop5: partition table partially beyond EOD, truncated
[  233.153616][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  233.153643][   T30] audit: type=1800 audit(1772416840.448:267): pid=7684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.489" name="bus" dev="tmpfs" ino=506 res=0 errno=0
[  233.346593][ T5825] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  233.527936][ T5825] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  233.561155][ T5825] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  233.599883][ T5825] usb 3-1: config 220 has no interface number 2
[  233.630789][ T5825] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  233.680146][ T5825] usb 3-1: config 220 interface 0 has no altsetting 0
[  233.700896][ T5825] usb 3-1: config 220 interface 76 has no altsetting 0
[  233.717507][ T5825] usb 3-1: config 220 interface 1 has no altsetting 0
[  233.737425][ T5825] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  233.754770][ T5825] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.779066][ T5825] usb 3-1: Product: syz
[  233.783574][ T5825] usb 3-1: Manufacturer: syz
[  233.792257][ T5825] usb 3-1: SerialNumber: syz
[  233.990495][ T5915] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  234.029478][ T5915] usb 2-1: MIDIStreaming interface descriptor not found
[  234.040428][ T7701] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.493'.
[  234.059690][ T7701] netlink: Unknown conntrack attr (0)
[  234.430654][ T5915] usb 2-1: USB disconnect, device number 21
[  234.502748][ T7707] xt_nfacct: accounting object `syz0' does not exist
[  234.596255][ T5825] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  234.705700][ T5825] uvcvideo 3-1:220.0: No valid video chain found.
[  234.742680][ T5825] usb 3-1: USB disconnect, device number 15
[  234.919254][ T5880] udevd[5880]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  234.964089][ T7709] FAULT_INJECTION: forcing a failure.
[  234.964089][ T7709] name failslab, interval 1, probability 0, space 0, times 0
[  235.085235][ T7709] CPU: 0 UID: 0 PID: 7709 Comm: syz.1.495 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  235.085273][ T7709] Tainted: [L]=SOFTLOCKUP
[  235.085281][ T7709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  235.085294][ T7709] Call Trace:
[  235.085302][ T7709]  <TASK>
[  235.085311][ T7709]  dump_stack_lvl+0xe8/0x150
[  235.085347][ T7709]  should_fail_ex+0x412/0x560
[  235.085378][ T7709]  should_failslab+0xa8/0x100
[  235.085405][ T7709]  __kmalloc_noprof+0xe8/0x760
[  235.085428][ T7709]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  235.085461][ T7709]  tomoyo_realpath_from_path+0xe3/0x5d0
[  235.085508][ T7709]  ? tomoyo_path_number_perm+0x219/0x630
[  235.085531][ T7709]  tomoyo_path_number_perm+0x246/0x630
[  235.085557][ T7709]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  235.085582][ T7709]  ? __lock_acquire+0x6b5/0x2cf0
[  235.085617][ T7709]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  235.085658][ T7709]  ? __fget_files+0x2a/0x420
[  235.085689][ T7709]  ? __fget_files+0x2a/0x420
[  235.085716][ T7709]  ? __fget_files+0x3a0/0x420
[  235.085742][ T7709]  ? __fget_files+0x2a/0x420
[  235.085775][ T7709]  security_file_ioctl+0xc3/0x2a0
[  235.085798][ T7709]  __se_sys_ioctl+0x47/0x170
[  235.085824][ T7709]  do_syscall_64+0x14d/0xf80
[  235.085843][ T7709]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.085865][ T7709]  ? clear_bhb_loop+0x40/0x90
[  235.085890][ T7709]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  235.085910][ T7709] RIP: 0033:0x7f41cc39c799
[  235.085928][ T7709] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  235.085946][ T7709] RSP: 002b:00007f41cd279028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  235.085967][ T7709] RAX: ffffffffffffffda RBX: 00007f41cc615fa0 RCX: 00007f41cc39c799
[  235.085981][ T7709] RDX: 0000200000000100 RSI: 00000000c034564b RDI: 0000000000000003
[  235.085996][ T7709] RBP: 00007f41cd279090 R08: 0000000000000000 R09: 0000000000000000
[  235.086008][ T7709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  235.086021][ T7709] R13: 00007f41cc616038 R14: 00007f41cc615fa0 R15: 00007f41cc73fa48
[  235.086053][ T7709]  </TASK>
[  235.086107][ T7709] ERROR: Out of memory at tomoyo_realpath_from_path.
[  235.785619][ T5913] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  235.969320][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  235.976378][ T5876] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  236.015681][ T5913] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  236.081465][ T5913] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  236.141297][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  236.173982][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  236.190652][ T5876] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  236.203063][ T5876] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  236.222271][ T5913] usb 4-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  236.268765][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3
[  236.287466][ T5876] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  236.305650][ T5913] usb 4-1: Product: syz
[  236.314539][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.332913][ T5913] usb 4-1: Manufacturer: syz
[  236.352517][ T5913] usb 4-1: SerialNumber: syz
[  236.386694][ T5876] usb 2-1: config 0 descriptor??
[  236.408375][ T5913] usb 4-1: config 0 descriptor??
[  236.420611][ T5876] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  236.489566][ T5876] dvb-usb: bulk message failed: -22 (3/0)
[  236.524373][ T5876] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  236.557437][ T5876] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  236.572576][ T5876] usb 2-1: media controller created
[  236.581984][ T5876] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  236.632636][ T7716] dvb-usb: bulk message failed: -22 (4/0)
[  236.645688][ T5876] dvb-usb: bulk message failed: -22 (6/0)
[  236.668749][ T5913] rc_core: IR keymap rc-imon-rsc not found
[  236.675456][ T5876] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  236.692877][ T7712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.696800][ T5913] Registered IR keymap rc-empty
[  236.704544][ T7712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.727433][ T5876] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input22
[  236.754653][ T5913] rc rc0: iMON Station as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  236.797765][ T5876] dvb-usb: schedule remote query interval to 150 msecs.
[  236.805658][ T5876] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  236.814137][ T5913] input: iMON Station as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input21
[  236.830613][ T5913] imon_raw 4-1:0.0: probe with driver imon_raw failed with error -90
[  236.846439][ T5876] usb 2-1: USB disconnect, device number 22
[  236.904075][ T5876] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  236.955663][ T5913] usb 4-1: USB disconnect, device number 21
[  237.446769][ T7734] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.504'.
[  237.475601][ T7734] netlink: Unknown conntrack attr (0)
[  237.764048][ T7743] kAFS: unable to lookup cell '/,'
[  237.905937][ T5876] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  238.083629][ T5876] usb 2-1: Using ep0 maxpacket: 16
[  238.111312][ T5876] usb 2-1: unable to get BOS descriptor or descriptor too short
[  238.128937][ T5876] usb 2-1: config 13 has an invalid interface number: 50 but max is 0
[  238.151346][ T5876] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  238.270431][ T5876] usb 2-1: config 13 has no interface number 0
[  238.305980][ T5876] usb 2-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  238.397647][   T30] audit: type=1326 audit(1772416845.668:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  238.481179][   T30] audit: type=1326 audit(1772416845.668:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  238.517170][ T5876] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  238.578000][ T5876] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  238.625731][ T5876] usb 2-1: config 13 interface 50 has no altsetting 0
[  238.715572][ T5916] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  238.715625][ T5876] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  238.737467][   T30] audit: type=1326 audit(1772416845.668:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  238.832744][   T30] audit: type=1326 audit(1772416845.668:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  238.865747][   T30] audit: type=1326 audit(1772416845.678:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  238.885520][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.905500][ T5916] usb 3-1: Using ep0 maxpacket: 32
[  238.933182][ T5876] usb 2-1: Product: syz
[  238.952171][ T5876] usb 2-1: Manufacturer: syz
[  238.969188][ T5876] usb 2-1: SerialNumber: syz
[  238.982029][   T30] audit: type=1326 audit(1772416845.698:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  239.040758][ T5916] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  239.057073][ T5916] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  239.165128][   T30] audit: type=1326 audit(1772416845.728:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  239.188493][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.241853][ T5916] usb 3-1: config 0 descriptor??
[  239.349014][   T30] audit: type=1326 audit(1772416845.728:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  239.417277][ T5916] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  239.453612][   T30] audit: type=1326 audit(1772416845.728:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  239.535810][   T30] audit: type=1326 audit(1772416845.728:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.509" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  240.001300][ T7757] libceph: resolve 'c' (ret=-3): failed
[  240.402650][ T5876] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  240.455144][ T5876] usb 2-1: MIDIStreaming interface descriptor not found
[  240.755359][ T5876] usb 2-1: USB disconnect, device number 23
[  240.928044][ T7764] netlink: 132 bytes leftover after parsing attributes in process `syz.1.511'.
[  241.419630][ T7768] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  241.469645][ T7768] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  241.587261][ T5916] usb 3-1: USB disconnect, device number 16
[  241.645154][ T5876] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  241.805173][ T5876] usb 2-1: Using ep0 maxpacket: 32
[  241.813335][ T5876] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  241.825861][ T5876] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  241.918564][ T5876] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  242.045072][ T5876] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  242.098878][ T7779] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  242.140005][ T5876] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  242.159639][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.169937][ T5876] usb 2-1: Product: syz
[  242.176553][ T5876] usb 2-1: Manufacturer: syz
[  242.182076][ T7779] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  242.200314][ T7782] netlink: 212348 bytes leftover after parsing attributes in process `syz.3.517'.
[  242.210474][ T5876] usb 2-1: SerialNumber: syz
[  242.218111][ T7782] netlink: Unknown conntrack attr (0)
[  242.261783][    C0] imon 2-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  242.298416][ T5876] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/input/input23
[  242.465672][ T5876] imon 2-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  242.528379][ T5876]  (id 0x00)
[  242.736773][ T5876] rc_core: IR keymap rc-imon-pad not found
[  242.756282][ T5876] Registered IR keymap rc-empty
[  242.791894][ T5876] imon 2-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  242.827588][ T5876] imon 2-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  242.865640][ T5876] imon:send_packet: packet tx failed (-71)
[  242.899343][ T5876] imon 2-1:155.0: remote input dev register failed
[  242.921106][ T7790] program syz.3.519 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  242.935534][ T5876] imon 2-1:155.0: imon_init_intf0: rc device setup failed
[  243.081790][ T5876] imon 2-1:155.0: unable to initialize intf0, err 0
[  243.117969][ T5876] imon:imon_probe: failed to initialize context!
[  243.141724][ T5876] imon 2-1:155.0: unable to register, err -19
[  243.196927][ T5876] usb 2-1: USB disconnect, device number 24
[  243.535846][ T5915] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  243.716084][ T5915] usb 3-1: Using ep0 maxpacket: 16
[  244.123566][ T5915] usb 3-1: unable to get BOS descriptor or descriptor too short
[  244.365196][ T5913] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  244.527096][ T7811] FAULT_INJECTION: forcing a failure.
[  244.527096][ T7811] name failslab, interval 1, probability 0, space 0, times 0
[  244.540971][ T7811] CPU: 0 UID: 0 PID: 7811 Comm: syz.4.524 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  244.540996][ T5915] usb 3-1: config 13 has an invalid interface number: 50 but max is 0
[  244.541005][ T7811] Tainted: [L]=SOFTLOCKUP
[  244.541014][ T7811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  244.541027][ T7811] Call Trace:
[  244.541036][ T7811]  <TASK>
[  244.541044][ T7811]  dump_stack_lvl+0xe8/0x150
[  244.541181][ T7811]  should_fail_ex+0x412/0x560
[  244.541278][ T7811]  should_failslab+0xa8/0x100
[  244.541351][ T7811]  __kmalloc_noprof+0xe8/0x760
[  244.541403][ T7811]  ? __kasan_kmalloc+0x93/0xb0
[  244.541464][ T7811]  ? nla_strdup+0x9d/0x140
[  244.541528][ T7811]  ? __kmalloc_cache_noprof+0x31c/0x660
[  244.541607][ T7811]  nla_strdup+0x9d/0x140
[  244.541680][ T7811]  nf_tables_newtable+0x491/0x1910
[  244.541760][ T7811]  ? nfnetlink_subsys_unregister+0x1a1/0x1b0
[  244.541863][ T7811]  nfnetlink_rcv+0x1240/0x27b0
[  244.542001][ T7811]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  244.542097][ T7811]  ? ref_tracker_free+0x693/0x840
[  244.542242][ T7811]  ? __netlink_deliver_tap+0x807/0x850
[  244.542307][ T7811]  ? netlink_deliver_tap+0x2e/0x1b0
[  244.542414][ T7811]  netlink_unicast+0x80f/0x9b0
[  244.542496][ T7811]  ? __pfx_netlink_unicast+0x10/0x10
[  244.542571][ T7811]  ? netlink_sendmsg+0x650/0xb40
[  244.542660][ T7811]  ? skb_put+0x11b/0x210
[  244.542746][ T7811]  netlink_sendmsg+0x813/0xb40
[  244.542834][ T7811]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.542908][ T7811]  ? aa_sock_msg_perm+0xf1/0x1b0
[  244.542979][ T7811]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  244.543041][ T7811]  ? __pfx_netlink_sendmsg+0x10/0x10
[  244.543105][ T7811]  ____sys_sendmsg+0xa68/0xad0
[  244.543208][ T7811]  ? __pfx_____sys_sendmsg+0x10/0x10
[  244.543310][ T7811]  ? import_iovec+0x73/0xa0
[  244.543386][ T7811]  ___sys_sendmsg+0x2a5/0x360
[  244.543486][ T7811]  ? __pfx____sys_sendmsg+0x10/0x10
[  244.543661][ T7811]  ? __fget_files+0x2a/0x420
[  244.543733][ T7811]  ? __fget_files+0x3a0/0x420
[  244.543831][ T7811]  __x64_sys_sendmsg+0x1bd/0x2a0
[  244.543929][ T7811]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  244.544058][ T7811]  ? __pfx_ksys_write+0x10/0x10
[  244.544136][ T7811]  do_syscall_64+0x14d/0xf80
[  244.544187][ T7811]  ? trace_irq_disable+0x3b/0x150
[  244.544260][ T7811]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.544312][ T7811]  ? clear_bhb_loop+0x40/0x90
[  244.544376][ T7811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.544435][ T7811] RIP: 0033:0x7f16d559c799
[  244.544486][ T7811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  244.544530][ T7811] RSP: 002b:00007f16d6370028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  244.544584][ T7811] RAX: ffffffffffffffda RBX: 00007f16d5815fa0 RCX: 00007f16d559c799
[  244.544625][ T7811] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  244.544658][ T7811] RBP: 00007f16d6370090 R08: 0000000000000000 R09: 0000000000000000
[  244.544690][ T7811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.544722][ T7811] R13: 00007f16d5816038 R14: 00007f16d5815fa0 R15: 00007f16d593fa48
[  244.544804][ T7811]  </TASK>
[  244.876479][ T7812] F2FS-fs: Conflicting test_dummy_encryption options
[  245.076951][ T5915] usb 3-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  245.125803][ T5915] usb 3-1: config 13 has no interface number 0
[  245.184805][ T5915] usb 3-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  245.895686][ T5915] usb 3-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  245.940215][ T5915] usb 3-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  246.001527][ T5915] usb 3-1: config 13 interface 50 has no altsetting 0
[  246.035828][ T5915] usb 3-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  246.046024][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.054066][ T5915] usb 3-1: Product: syz
[  246.071477][ T7822] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.528'.
[  246.109229][ T7822] netlink: Unknown conntrack attr (0)
[  246.113886][ T5915] usb 3-1: Manufacturer: syz
[  246.154581][ T5915] usb 3-1: SerialNumber: syz
[  246.217526][ T5915] usb 3-1: can't set config #13, error -71
[  246.289912][ T5915] usb 3-1: USB disconnect, device number 17
[  246.298483][ T7823] syzkaller0: entered promiscuous mode
[  246.307787][ T7823] syzkaller0: entered allmulticast mode
[  246.376120][ T7828] loop2: detected capacity change from 0 to 7
[  246.418662][ T7828] Dev loop2: unable to read RDB block 7
[  246.475571][ T7828]  loop2: unable to read partition table
[  246.515824][ T7828] loop2: partition table beyond EOD, truncated
[  246.545437][ T7828] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  247.137884][ T7836] fuse: Unknown parameter 'group_i00000000000000000000'
[  247.276611][ T7842] libceph: resolve '0..' (ret=-3): failed
[  247.497681][ T7843] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  249.352377][ T7868] netlink: 8 bytes leftover after parsing attributes in process `syz.1.539'.
[  250.193972][ T7870] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.540'.
[  250.204918][ T7870] netlink: Unknown conntrack attr (0)
[  251.442312][   T49] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  251.452440][   T49] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  251.476816][   T49] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  251.511838][   T49] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  251.902420][ T7889] loop2: detected capacity change from 0 to 7
[  251.915006][ T7889] Dev loop2: unable to read RDB block 7
[  251.933057][ T7889]  loop2: unable to read partition table
[  251.958136][ T7889] loop2: partition table beyond EOD, truncated
[  251.985685][ T5825] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  251.998000][ T7889] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  252.215759][ T5825] usb 5-1: Using ep0 maxpacket: 16
[  252.226027][ T5825] usb 5-1: unable to get BOS descriptor or descriptor too short
[  252.236907][ T5825] usb 5-1: config 13 has an invalid interface number: 50 but max is 0
[  252.246005][ T5825] usb 5-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  252.257529][ T5825] usb 5-1: config 13 has no interface number 0
[  252.264603][ T5825] usb 5-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  252.280035][ T5825] usb 5-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  252.309197][ T5825] usb 5-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  252.347566][ T5825] usb 5-1: config 13 interface 50 has no altsetting 0
[  252.369605][ T5825] usb 5-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  252.379610][ T5825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.390123][ T5825] usb 5-1: Product: syz
[  252.394483][ T5825] usb 5-1: Manufacturer: syz
[  252.401835][ T5825] usb 5-1: SerialNumber: syz
[  252.521618][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  252.521639][   T30] audit: type=1326 audit(1772416859.818:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.616719][   T30] audit: type=1326 audit(1772416859.858:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.641586][   T30] audit: type=1326 audit(1772416859.858:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.665876][   T30] audit: type=1326 audit(1772416859.858:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.689506][   T30] audit: type=1326 audit(1772416859.858:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.754176][   T30] audit: type=1326 audit(1772416860.038:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.826225][ T7897] netlink: 6 bytes leftover after parsing attributes in process `syz.0.550'.
[  252.868966][ T7899] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.551'.
[  252.879634][ T7899] netlink: Unknown conntrack attr (0)
[  252.892008][   T30] audit: type=1326 audit(1772416860.038:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.915729][ T7897] A link change request failed with some changes committed already. Interface vxcan1 may have been left with an inconsistent configuration, please check.
[  252.927961][   T30] audit: type=1326 audit(1772416860.038:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  252.956558][   T30] audit: type=1326 audit(1772416860.038:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  253.145737][   T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  253.400955][   T30] audit: type=1326 audit(1772416860.078:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7892 comm="syz.3.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0499c799 code=0x7ffc0000
[  253.440858][ T7907] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  253.595152][   T10] usb 4-1: Using ep0 maxpacket: 32
[  253.605657][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  253.628366][   T10] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  253.645988][   T24] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  253.666122][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.731787][   T10] usb 4-1: config 0 descriptor??
[  253.754275][   T10] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  253.817754][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  253.865760][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  253.939757][   T24] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  253.982215][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.193553][   T24] usb 3-1: config 0 descriptor??
[  254.771750][   T24] hid-steam 0003:28DE:1142.0006: unknown main item tag 0x0
[  254.806683][   T24] hid-steam 0003:28DE:1142.0006: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  254.842183][ T5825] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  254.865820][ T5825] usb 5-1: MIDIStreaming interface descriptor not found
[  254.975846][   T24] hid-steam 0003:28DE:1142.0006: Steam wireless receiver connected
[  255.050770][   T24] hid-steam 0003:28DE:1142.0006: No HID_FEATURE_REPORT submitted -  nothing to read
[  255.198947][ T5825] usb 5-1: USB disconnect, device number 25
[  255.226800][   T24] hid-steam 0003:28DE:1142.0007: unknown main item tag 0x0
[  255.321388][   T24] hid-steam 0003:28DE:1142.0007: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  255.613523][ T6531] udevd[6531]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  255.779183][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  255.788211][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  255.919742][ T7931] loop2: detected capacity change from 0 to 7
[  255.939475][ T7931] Dev loop2: unable to read RDB block 7
[  255.956265][ T7931]  loop2: unable to read partition table
[  255.962372][ T7931] loop2: partition table beyond EOD, truncated
[  255.969385][ T7931] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  256.007299][   T10] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  256.158592][ T5916] usb 3-1: reset high-speed USB device number 18 using dummy_hcd
[  256.168353][   T10] usb 5-1: Using ep0 maxpacket: 8
[  256.178265][   T10] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  256.188903][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  256.200753][   T10] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  256.211311][   T10] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  256.230470][   T10] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  256.244449][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.473471][   T10] usb 5-1: GET_CAPABILITIES returned 0
[  256.489564][   T10] usbtmc 5-1:16.0: can't read capabilities
[  256.678837][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  256.690178][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  256.699321][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  256.708564][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  256.717669][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  256.727221][    C1] usbtmc 5-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  256.757803][ T7934] netlink: 212348 bytes leftover after parsing attributes in process `syz.0.562'.
[  256.775721][ T7934] netlink: Unknown conntrack attr (0)
[  256.818500][ T5915] usb 5-1: USB disconnect, device number 26
[  257.192149][ T7939] loop4: detected capacity change from 0 to 1
[  257.283757][ T7939] Dev loop4: unable to read RDB block 1
[  257.325292][ T7939]  loop4: unable to read partition table
[  257.342870][   T10] usb 4-1: USB disconnect, device number 23
[  257.372451][ T7939] loop4: partition table beyond EOD, truncated
[  257.435212][ T7939] loop_reread_partitions: partition scan of loop4 (�ݷ�U@�:�B$�{
W�ɴ�) failed (rc=-5)
[  257.665460][ T7957] netlink: 'syz.4.569': attribute type 10 has an invalid length.
[  257.734276][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  257.734296][   T30] audit: type=1800 audit(1772416865.028:351): pid=7960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.568" name="bus" dev="tmpfs" ino=605 res=0 errno=0
[  257.845251][   T10] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  257.905934][ T7957] 8021q: adding VLAN 0 to HW filter on device team0
[  257.984626][ T7957] bond0: (slave team0): Enslaving as an active interface with an up link
[  257.995808][ T5915] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  258.004911][   T10] usb 4-1: Using ep0 maxpacket: 8
[  258.018399][   T10] usb 4-1: config 64 has an invalid descriptor of length 0, skipping remainder of the config
[  258.029618][   T10] usb 4-1: config 64 has 0 interfaces, different from the descriptor's value: 2
[  258.059142][   T24] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  258.072957][   T10] usb 4-1: New USB device found, idVendor=04c8, idProduct=0720, bcdDevice=3e.66
[  258.087403][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.102097][   T10] usb 4-1: Product: syz
[  258.107642][   T10] usb 4-1: Manufacturer: syz
[  258.113880][   T10] usb 4-1: SerialNumber: syz
[  258.145826][ T5915] usb 1-1: Using ep0 maxpacket: 16
[  258.166885][ T5915] usb 1-1: unable to get BOS descriptor or descriptor too short
[  258.182990][ T5825] usb 3-1: USB disconnect, device number 18
[  258.206183][ T5825] hid-steam 0003:28DE:1142.0006: Steam wireless receiver disconnected
[  258.216054][   T24] usb 2-1: Using ep0 maxpacket: 32
[  258.228339][   T24] usb 2-1: config index 0 descriptor too short (expected 29220, got 36)
[  258.241633][   T24] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  258.252436][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81
[  258.267060][ T5915] usb 1-1: config 13 has an invalid interface number: 50 but max is 0
[  258.276148][ T5915] usb 1-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  258.456955][ T5915] usb 1-1: config 13 has no interface number 0
[  258.466400][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  258.476912][ T5915] usb 1-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  258.487609][   T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  258.498060][ T5915] usb 1-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  258.508764][   T24] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  258.525641][ T5915] usb 1-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  258.539514][   T24] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  258.549276][ T5915] usb 1-1: config 13 interface 50 has no altsetting 0
[  258.557303][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.694110][ T7952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  258.714097][ T7952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  258.749762][ T5915] usb 1-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  258.760816][   T24] usb 2-1: config 0 descriptor??
[  258.780314][ T5915] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.805461][   T10] usb 4-1: USB disconnect, device number 24
[  258.846203][ T5915] usb 1-1: Product: syz
[  258.850457][ T5915] usb 1-1: Manufacturer: syz
[  258.965803][   T30] audit: type=1326 audit(1772416866.238:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  259.015706][ T7961] syz_tun: entered allmulticast mode
[  259.023249][ T5915] usb 1-1: SerialNumber: syz
[  259.053583][   T24] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 25 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  259.084627][   T24] usb 2-1: USB disconnect, device number 25
[  259.097245][   T30] audit: type=1326 audit(1772416866.238:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  259.192627][   T24] usblp0: removed
[  259.245694][ T5876] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  259.329511][   T10] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  259.431037][   T30] audit: type=1326 audit(1772416866.238:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  259.510489][ T5876] usb 5-1: Using ep0 maxpacket: 32
[  259.532093][   T10] usb 4-1: config index 0 descriptor too short (expected 66, got 56)
[  259.548856][   T10] usb 4-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  259.555533][ T7969] netlink: 212348 bytes leftover after parsing attributes in process `syz.2.573'.
[  259.574456][ T7969] netlink: Unknown conntrack attr (0)
[  259.625887][   T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  259.640498][   T30] audit: type=1326 audit(1772416866.238:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  259.708637][   T10] usb 4-1: config 1 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 6
[  259.745777][   T30] audit: type=1326 audit(1772416866.238:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  259.748538][   T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  259.807979][   T24] usb 2-1: device descriptor read/64, error -71
[  259.827082][ T5876] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  259.840129][ T5876] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  259.854063][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.871381][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.884334][   T30] audit: type=1326 audit(1772416866.238:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  259.885176][   T10] usb 4-1: Product: syz
[  259.951778][ T5876] usb 5-1: config 0 descriptor??
[  259.976535][ T5876] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  259.999160][   T10] usb 4-1: Manufacturer: syz
[  260.008061][   T10] usb 4-1: SerialNumber: syz
[  260.036091][   T10] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  260.063413][ T7972] binder: 7970:7972 ioctl 8933 200000000440 returned -22
[  260.075830][   T24] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  260.086650][ T5913] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  260.129049][   T30] audit: type=1326 audit(1772416866.238:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  260.225861][   T24] usb 2-1: device descriptor read/64, error -71
[  260.232979][   T30] audit: type=1326 audit(1772416866.238:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  260.315262][ T7952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.340171][   T24] usb usb2-port1: attempt power cycle
[  260.408373][ T7952] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.463424][ T7973] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.517430][ T5915] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  260.568093][ T5915] usb 1-1: MIDIStreaming interface descriptor not found
[  260.621548][ T7976] libceph: resolve 'c' (ret=-3): failed
[  260.673381][ T7973] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.685810][   T24] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  260.759091][   T30] audit: type=1326 audit(1772416866.238:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7964 comm="syz.4.572" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16d559c799 code=0x7ffc0000
[  260.828261][ T7961] syz_tun: left allmulticast mode
[  260.871850][   T24] usb 2-1: device descriptor read/8, error -71
[  261.198754][ T5916] usb 4-1: USB disconnect, device number 25
[  261.249010][ T5915] usb 1-1: USB disconnect, device number 22
[  261.407306][ T7980] netlink: 4 bytes leftover after parsing attributes in process `syz.2.576'.
[  261.446389][ T6155] udevd[6155]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  261.549199][ T7980] input: syz0 as /devices/virtual/input/input26
[  261.734722][ T7998] syzkaller1: entered promiscuous mode
[  261.795633][ T7998] syzkaller1: entered allmulticast mode
[  261.917282][ T8002] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.584'.
[  261.927798][ T8002] netlink: Unknown conntrack attr (0)
[  261.935200][ T5913] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  261.943749][ T5913] ath9k_htc: Failed to initialize the device
[  261.957564][ T5916] usb 4-1: ath9k_htc: USB layer deinitialized
[  262.560417][ T8017] netlink: 'syz.2.590': attribute type 39 has an invalid length.
[  263.121878][ T5913] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  263.345427][ T5913] usb 2-1: Using ep0 maxpacket: 16
[  263.388968][   T10] usb 5-1: USB disconnect, device number 27
[  263.695863][ T5923] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  263.702429][ T5830] Bluetooth: hci0: command 0x0406 tx timeout
[  263.722879][ T5923] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  263.750734][ T5913] usb 2-1: unable to get BOS descriptor or descriptor too short
[  263.817578][ T5913] usb 2-1: config 13 has an invalid interface number: 50 but max is 0
[  263.863956][ T5913] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  263.894366][ T8030] netlink: 'syz.4.595': attribute type 39 has an invalid length.
[  263.908678][ T5913] usb 2-1: config 13 has no interface number 0
[  263.938583][ T5913] usb 2-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  263.959427][ T5913] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  263.983920][ T5913] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  264.024296][ T5913] usb 2-1: config 13 interface 50 has no altsetting 0
[  264.055904][   T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  264.193257][ T5913] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  264.203805][   T10] usb 3-1: device descriptor read/64, error -71
[  264.211091][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.219895][ T5913] usb 2-1: Product: syz
[  264.224248][ T5913] usb 2-1: Manufacturer: syz
[  264.232861][ T5913] usb 2-1: SerialNumber: syz
[  264.505155][   T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  264.520515][ T8040] trusted_key: syz.4.598 sent an empty control message without MSG_MORE.
[  264.645202][   T10] usb 3-1: device descriptor read/64, error -71
[  264.832863][   T10] usb usb3-port1: attempt power cycle
[  265.101034][ T8047] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.28.0.0
[  265.109161][ T8047] PKCS7: Only support pkcs7_signedData type
[  265.187161][ T8049] FAULT_INJECTION: forcing a failure.
[  265.187161][ T8049] name failslab, interval 1, probability 0, space 0, times 0
[  265.217171][   T10] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  265.228679][ T8049] CPU: 1 UID: 0 PID: 8049 Comm: syz.0.601 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  265.228716][ T8049] Tainted: [L]=SOFTLOCKUP
[  265.228724][ T8049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  265.228737][ T8049] Call Trace:
[  265.228745][ T8049]  <TASK>
[  265.228754][ T8049]  dump_stack_lvl+0xe8/0x150
[  265.228789][ T8049]  should_fail_ex+0x412/0x560
[  265.228821][ T8049]  should_failslab+0xa8/0x100
[  265.228849][ T8049]  __kmalloc_noprof+0xe8/0x760
[  265.228873][ T8049]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  265.228908][ T8049]  tomoyo_realpath_from_path+0xe3/0x5d0
[  265.228946][ T8049]  ? tomoyo_path_number_perm+0x219/0x630
[  265.228975][ T8049]  tomoyo_path_number_perm+0x246/0x630
[  265.229001][ T8049]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  265.229028][ T8049]  ? __lock_acquire+0x6b5/0x2cf0
[  265.229065][ T8049]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  265.229108][ T8049]  ? __fget_files+0x2a/0x420
[  265.229140][ T8049]  ? __fget_files+0x2a/0x420
[  265.229168][ T8049]  ? __fget_files+0x3a0/0x420
[  265.229195][ T8049]  ? __fget_files+0x2a/0x420
[  265.229228][ T8049]  security_file_ioctl+0xc3/0x2a0
[  265.229252][ T8049]  __se_sys_ioctl+0x47/0x170
[  265.229278][ T8049]  do_syscall_64+0x14d/0xf80
[  265.229303][ T8049]  ? trace_irq_disable+0x3b/0x150
[  265.229331][ T8049]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.229352][ T8049]  ? clear_bhb_loop+0x40/0x90
[  265.229377][ T8049]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.229397][ T8049] RIP: 0033:0x7fda6659c799
[  265.229417][ T8049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  265.229436][ T8049] RSP: 002b:00007fda6742a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  265.229464][ T8049] RAX: ffffffffffffffda RBX: 00007fda66815fa0 RCX: 00007fda6659c799
[  265.229479][ T8049] RDX: 0000200000000100 RSI: 00000000c034564b RDI: 0000000000000003
[  265.229493][ T8049] RBP: 00007fda6742a090 R08: 0000000000000000 R09: 0000000000000000
[  265.229505][ T8049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.229517][ T8049] R13: 00007fda66816038 R14: 00007fda66815fa0 R15: 00007fda6693fa48
[  265.229550][ T8049]  </TASK>
[  265.229766][ T8049] ERROR: Out of memory at tomoyo_realpath_from_path.
[  265.515552][ T8047] syz.4.600 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  265.576244][   T10] usb 3-1: device descriptor read/8, error -71
[  265.619000][ T5913] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  265.652348][ T5913] usb 2-1: MIDIStreaming interface descriptor not found
[  265.751437][ T8052] netlink: 32 bytes leftover after parsing attributes in process `syz.0.602'.
[  265.781337][ T5923] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  265.812060][ T5923] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  265.855760][ T5830] Bluetooth: hci2: command 0x0406 tx timeout
[  265.880321][ T5913] usb 2-1: USB disconnect, device number 30
[  265.887814][   T10] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  265.976936][   T10] usb 3-1: device descriptor read/8, error -71
[  266.127856][   T10] usb usb3-port1: unable to enumerate USB device
[  266.163213][ T8052] syzkaller0: entered promiscuous mode
[  266.170862][ T8052] syzkaller0: entered allmulticast mode
[  266.509912][ T8060] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.28.0.0
[  266.517420][ T8060] PKCS7: Only support pkcs7_signedData type
[  266.909646][ T8068] netlink: 4 bytes leftover after parsing attributes in process `syz.2.606'.
[  267.935435][ T8072] loop2: detected capacity change from 0 to 7
[  267.945739][ T8072] Dev loop2: unable to read RDB block 7
[  267.951387][ T8072]  loop2: unable to read partition table
[  267.958104][ T8072] loop2: partition table beyond EOD, truncated
[  267.976257][ T8072] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  267.998171][ T5191] Dev loop2: unable to read RDB block 7
[  268.003873][ T5191]  loop2: unable to read partition table
[  268.009980][ T5191] loop2: partition table beyond EOD, truncated
[  268.016372][ T5830] Bluetooth: hci1: command 0x0406 tx timeout
[  268.022610][ T5923] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  268.029481][ T5923] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  268.748614][ T8079] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  268.816097][ T8079] Cannot find add_set index 0 as target
[  270.176897][ T5923] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  270.183478][ T5923] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  270.184480][ T5830] Bluetooth: hci3: command 0x0406 tx timeout
[  270.405627][ T5916] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  270.545622][ T5916] usb 2-1: device descriptor read/64, error -71
[  270.785603][ T5916] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  270.929068][ T5916] usb 2-1: device descriptor read/64, error -71
[  271.046073][ T5916] usb usb2-port1: attempt power cycle
[  271.070716][ T8105] loop2: detected capacity change from 0 to 7
[  271.086413][ T8105] Dev loop2: unable to read RDB block 7
[  271.105258][ T8105]  loop2: unable to read partition table
[  271.111159][ T8105] loop2: partition table beyond EOD, truncated
[  271.140855][ T8105] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  271.405587][ T5916] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  271.454440][ T5916] usb 2-1: device descriptor read/8, error -71
[  271.709051][ T5916] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  271.756588][ T5916] usb 2-1: device descriptor read/8, error -71
[  271.882579][ T5916] usb usb2-port1: unable to enumerate USB device
[  271.935353][   T10] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  272.085129][   T10] usb 1-1: Using ep0 maxpacket: 16
[  272.092617][   T10] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  272.114522][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  272.135605][ T5915] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  272.167415][   T10] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  272.204548][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.224840][   T10] usb 1-1: Product: syz
[  272.235784][   T10] usb 1-1: Manufacturer: syz
[  272.250593][   T10] usb 1-1: SerialNumber: syz
[  272.255595][ T5830] Bluetooth: hci4: command 0x0406 tx timeout
[  272.265612][ T5923] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  272.277875][   T10] usb 1-1: config 0 descriptor??
[  272.298002][ T5915] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  272.298580][   T10] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  272.330716][ T5923] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  272.355487][   T10] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  272.358733][ T5915] usb 3-1: config 0 interface 0 has no altsetting 0
[  272.408896][ T5915] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9
[  272.426641][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.434917][ T5915] usb 3-1: Product: syz
[  272.440285][ T5915] usb 3-1: Manufacturer: syz
[  272.450028][ T5915] usb 3-1: SerialNumber: syz
[  272.463413][ T5915] usb 3-1: config 0 descriptor??
[  272.500308][ T5915] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  272.546830][ T5915] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  272.566733][ T5915] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  272.605709][ T5915] usb 3-1: media controller created
[  272.652658][ T5915] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  272.892934][ T5915] DVB: Unable to find symbol tda10046_attach()
[  272.915643][ T5915] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  272.943370][   T10] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  272.958091][   T10] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  272.965832][ T8117] netlink: 16 bytes leftover after parsing attributes in process `syz.0.622'.
[  272.976417][ T8117] openvswitch: netlink: Flow actions attr not present in new flow.
[  272.977160][ T5915] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  273.266598][ T8131] ������5g�Q[�: renamed from lo (while UP)
[  273.307214][ T5915] dvb_usb_m920x 3-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  273.349096][ T5915] usb 3-1: USB disconnect, device number 23
[  273.606432][   T10] em28xx 1-1:0.0: Unknown AC97 audio processor detected!
[  273.665459][   T10] em28xx 1-1:0.0: couldn't setup AC97 register 2
[  274.095591][ T5876] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  274.295324][   T10] em28xx 1-1:0.0: AC97 command still being executed: not handled properly!
[  274.304000][   T10] em28xx 1-1:0.0: couldn't setup AC97 register 6
[  274.388996][ T5876] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  274.403818][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  274.440975][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  274.464771][ T8146] loop2: detected capacity change from 0 to 7
[  274.472388][ T5876] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  274.501618][ T5876] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  274.510945][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.522311][ T5837] Dev loop2: unable to read RDB block 7
[  274.531775][ T5837]  loop2: unable to read partition table
[  274.565794][ T8116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  274.578528][ T5876] usb 4-1: config 0 descriptor??
[  274.583882][ T5837] loop2: partition table beyond EOD, truncated
[  274.588400][ T8116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  274.610324][ T8146] Dev loop2: unable to read RDB block 7
[  274.616528][ T8146]  loop2: unable to read partition table
[  274.622628][ T8146] loop2: partition table beyond EOD, truncated
[  274.649627][ T8146] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  274.685398][   T10] em28xx 1-1:0.0: couldn't setup AC97 register 54
[  274.703064][   T10] em28xx 1-1:0.0: couldn't setup AC97 register 56
[  274.738901][   T10] usb 1-1: USB disconnect, device number 23
[  275.205218][   T10] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  275.397289][   T10] usb 3-1: New USB device found, idVendor=090a, idProduct=1200, bcdDevice=24.87
[  275.428184][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.469103][ T8160] netlink: 7 bytes leftover after parsing attributes in process `syz.1.636'.
[  275.626471][   T10] usb 3-1: config 0 descriptor??
[  275.644886][   T10] usb-storage 3-1:0.0: USB Mass Storage device detected
[  275.713561][   T10] usb-storage 3-1:0.0: This device (090a,1200,2487 S 01 P 00) has an unneeded SubClass entry in unusual_devs.h (kernel syzkaller)
[  275.713561][   T10]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  276.040839][ T5915] usb 3-1: USB disconnect, device number 24
[  276.374350][ T5876] usbhid 4-1:0.0: can't add hid device: -71
[  276.399751][ T5876] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  276.451646][ T5876] usb 4-1: USB disconnect, device number 26
[  277.429214][    T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  277.615227][    T9] usb 3-1: Using ep0 maxpacket: 8
[  277.622437][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  277.636394][    T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  277.675537][    T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 17520, setting to 1024
[  277.754247][    T9] usb 3-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40
[  277.766924][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.775859][    T9] usb 3-1: Product: syz
[  277.780164][    T9] usb 3-1: Manufacturer: syz
[  277.784803][    T9] usb 3-1: SerialNumber: syz
[  277.805684][ T5923] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  277.947965][ T5923] usb 2-1: device descriptor read/64, error -71
[  278.004480][    T9] usb 3-1: failed waiting for Axe-Fx III to boot: -71
[  278.013938][    T9] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -71
[  278.121733][    T9] usb 3-1: USB disconnect, device number 25
[  278.285680][ T5923] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  278.422920][ T5923] usb 2-1: device descriptor read/64, error -71
[  278.536087][ T5923] usb usb2-port1: attempt power cycle
[  278.910296][ T5923] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  278.962072][ T5923] usb 2-1: device descriptor read/8, error -71
[  278.976984][ T5825] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  279.165112][ T5825] usb 3-1: Using ep0 maxpacket: 32
[  279.172580][ T5825] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  279.188097][ T5825] usb 3-1: config 0 has no interface number 0
[  279.195882][ T5825] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  279.222130][ T5825] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  279.232077][ T5825] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.241176][ T5825] usb 3-1: Product: syz
[  279.247596][ T5825] usb 3-1: Manufacturer: syz
[  279.255668][ T5825] usb 3-1: SerialNumber: syz
[  279.274559][ T5825] usb 3-1: config 0 descriptor??
[  279.280298][ T5923] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  279.307220][ T5923] usb 2-1: device descriptor read/8, error -71
[  279.322485][ T8202] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  279.422250][ T5923] usb usb2-port1: unable to enumerate USB device
[  279.560968][ T8202] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  280.105770][ T5923] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  280.305572][ T5923] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  280.330337][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  280.385935][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  280.474024][ T5923] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  280.506884][ T5923] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  280.541682][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.567844][ T5923] usb 1-1: config 0 descriptor??
[  281.485357][    T9] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  281.645642][    T9] usb 2-1: Using ep0 maxpacket: 16
[  281.653884][    T9] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  281.668074][    T9] usb 2-1: config 0 interface 0 has no altsetting 0
[  281.677457][    T9] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  281.690627][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.726257][    T9] usb 2-1: config 0 descriptor??
[  282.160559][    T9] nzxt-smart2 0003:1E71:2009.0008: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.1-1/input0
[  282.544651][ T8234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.567370][ T8234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.742100][ T8219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  282.794648][ T8219] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  282.858511][ T5825] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  282.870234][ T5825] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  282.886397][ T5825] asix 3-1:0.188: probe with driver asix failed with error -71
[  282.947725][ T5825] usb 3-1: USB disconnect, device number 26
[  283.393762][ T5923] usbhid 1-1:0.0: can't add hid device: -71
[  283.400534][ T5923] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  283.868737][ T5923] usb 1-1: USB disconnect, device number 24
[  284.253734][ T8247] netlink: 'syz.2.661': attribute type 1 has an invalid length.
[  284.434896][ T5916] usb 2-1: USB disconnect, device number 39
[  284.526300][ T5923] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  284.696510][ T5923] usb 1-1: Using ep0 maxpacket: 16
[  284.722600][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.742007][ T5923] usb 1-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00
[  284.894265][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.918666][ T5923] usb 1-1: config 0 descriptor??
[  284.963558][ T5923] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  285.015715][ T5916] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  285.165805][ T5916] usb 2-1: Using ep0 maxpacket: 16
[  285.173667][ T5916] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  285.186803][ T5916] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  285.305471][   T30] kauditd_printk_skb: 35 callbacks suppressed
[  285.305494][   T30] audit: type=1326 audit(1772416892.588:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8266 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  285.307715][ T5916] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  285.344186][ T5916] usb 2-1: New USB device strings: Mfr=140, Product=215, SerialNumber=3
[  285.344216][ T5916] usb 2-1: Product: syz
[  285.364418][ T5916] usb 2-1: Manufacturer: syz
[  285.399930][ T5916] usb 2-1: SerialNumber: syz
[  285.405370][   T30] audit: type=1326 audit(1772416892.598:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8266 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  285.437339][ T5916] usb 2-1: config 0 descriptor??
[  285.474664][ T5916] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input27
[  285.561684][   T30] audit: type=1326 audit(1772416892.598:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8266 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  285.744247][   T30] audit: type=1326 audit(1772416892.598:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8266 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  285.874168][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.882610][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.890135][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.897613][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.904982][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.912406][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.919819][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.927215][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.934810][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.942725][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.950077][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.957607][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.964935][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.972279][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.979609][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.986970][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  285.994309][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.001650][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.009049][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.016430][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.023754][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.034568][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.041983][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.049323][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.056675][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.063980][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.071311][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.071538][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.071744][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.071951][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.072167][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.072387][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.072602][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.072817][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.073040][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.073280][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.073493][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.073709][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.073928][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.074144][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.074356][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.074572][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.074787][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.075007][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.075214][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.075417][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.075614][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.075821][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.076041][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.076248][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.076452][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.076658][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.076862][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.077061][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.077262][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.077464][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.077667][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.077868][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.078068][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.078265][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.078470][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.078675][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.078898][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.079096][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.079287][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.079476][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.079667][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.079859][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.080048][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.080248][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.080440][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.080633][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.080821][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.081031][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.081237][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.081428][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.081616][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.081804][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.081992][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.082189][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.082381][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.082581][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.082770][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.082980][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.083187][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.083378][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.083563][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.083754][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.083945][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.084139][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.084339][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.084543][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.084739][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.084937][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.085141][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.085345][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.085549][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.085747][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.085939][ T5176] usb 2-1: control msg error: -71
[  286.085950][    C0] usb 2-1: pegasus_irq - nonzero urb status received: -71
[  286.086092][ T5916] usb 2-1: USB disconnect, device number 40
[  286.086148][    C0] usb 2-1: pegasus_irq - urb shutting down with status: -2
[  286.109232][ T8277] netlink: 'syz.0.660': attribute type 1 has an invalid length.
[  286.109802][   T30] audit: type=1326 audit(1772416892.598:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8266 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  286.109859][   T30] audit: type=1326 audit(1772416892.768:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8266 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  286.109903][   T30] audit: type=1326 audit(1772416892.768:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8266 comm="syz.2.667" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2899c799 code=0x7ffc0000
[  286.513405][ T5876] usb 1-1: USB disconnect, device number 25
[  286.836012][ T5916] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  287.017181][ T5916] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  287.017208][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  287.017227][ T5916] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  287.017243][ T5916] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  287.017274][ T5916] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  287.017291][ T5916] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.019555][ T5916] usb 5-1: config 0 descriptor??
[  288.562521][ T5916] usbhid 5-1:0.0: can't add hid device: -71
[  288.562638][ T5916] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  288.565916][ T5916] usb 5-1: USB disconnect, device number 28
[  288.671921][ T8303] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  288.671990][ T8303] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  288.715184][ T8305] syzkaller0: entered promiscuous mode
[  288.715212][ T8305] syzkaller0: entered allmulticast mode
[  289.035137][ T5876] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  289.211581][ T5876] usb 3-1: Using ep0 maxpacket: 8
[  289.219232][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 2746, setting to 1024
[  289.219271][ T5876] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  289.219313][ T5876] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  289.219338][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.222657][ T5876] usb 3-1: config 0 descriptor??
[  289.223415][ T8305] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  289.231211][ T5876] iowarrior 3-1:0.0: no interrupt-in endpoint found
[  289.326400][ T8316] FAULT_INJECTION: forcing a failure.
[  289.326400][ T8316] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  289.326442][ T8316] CPU: 0 UID: 0 PID: 8316 Comm: syz.0.683 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  289.326470][ T8316] Tainted: [L]=SOFTLOCKUP
[  289.326477][ T8316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  289.326489][ T8316] Call Trace:
[  289.326497][ T8316]  <TASK>
[  289.326506][ T8316]  dump_stack_lvl+0xe8/0x150
[  289.326549][ T8316]  should_fail_ex+0x412/0x560
[  289.326580][ T8316]  _copy_from_user+0x2d/0xb0
[  289.326610][ T8316]  ___sys_sendmsg+0x1c6/0x360
[  289.326646][ T8316]  ? __pfx____sys_sendmsg+0x10/0x10
[  289.326719][ T8316]  ? __fget_files+0x2a/0x420
[  289.326747][ T8316]  ? __fget_files+0x3a0/0x420
[  289.326785][ T8316]  __x64_sys_sendmsg+0x1bd/0x2a0
[  289.326819][ T8316]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  289.326859][ T8316]  ? __pfx_ksys_write+0x10/0x10
[  289.326892][ T8316]  do_syscall_64+0x14d/0xf80
[  289.326910][ T8316]  ? trace_irq_disable+0x3b/0x150
[  289.326939][ T8316]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.326959][ T8316]  ? clear_bhb_loop+0x40/0x90
[  289.326984][ T8316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  289.327005][ T8316] RIP: 0033:0x7fda6659c799
[  289.327022][ T8316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  289.327040][ T8316] RSP: 002b:00007fda6742a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  289.327063][ T8316] RAX: ffffffffffffffda RBX: 00007fda66815fa0 RCX: 00007fda6659c799
[  289.327077][ T8316] RDX: 0000000000040000 RSI: 0000200000000580 RDI: 0000000000000003
[  289.327090][ T8316] RBP: 00007fda6742a090 R08: 0000000000000000 R09: 0000000000000000
[  289.327102][ T8316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  289.327113][ T8316] R13: 00007fda66816038 R14: 00007fda66815fa0 R15: 00007fda6693fa48
[  289.327144][ T8316]  </TASK>
[  289.461326][ T8322] program syz.3.686 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  289.728210][ T5916] usb 3-1: USB disconnect, device number 27
[  289.833064][ T8333] tipc: Started in network mode
[  289.833103][ T8333] tipc: Node identity 52001886cf1f, cluster identity 4711
[  289.833356][ T8333] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  289.837374][ T8333] tipc: Resetting bearer <eth:syzkaller0>
[  290.935654][ T5923] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  291.117006][ T5923] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  291.117034][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  291.117053][ T5923] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  291.117069][ T5923] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  291.117100][ T5923] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  291.117117][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.119973][ T5923] usb 4-1: config 0 descriptor??
[  293.657524][ T8325] tipc: Disabling bearer <eth:syzkaller0>
[  293.670593][ T5876] tipc: Node number set to 2636060806
[  293.880188][ T8362] loop2: detected capacity change from 0 to 7
[  293.894951][ T5934] Dev loop2: unable to read RDB block 7
[  293.904729][ T5934]  loop2: unable to read partition table
[  293.911792][ T5934] loop2: partition table beyond EOD, truncated
[  293.930850][ T5923] usbhid 4-1:0.0: can't add hid device: -71
[  293.940532][ T8362] Dev loop2: unable to read RDB block 7
[  293.949211][ T8362]  loop2: unable to read partition table
[  293.956243][ T5923] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  293.970843][ T8362] loop2: partition table beyond EOD, truncated
[  293.985869][ T8362] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  293.996837][ T5923] usb 4-1: USB disconnect, device number 27
[  294.128565][ T8369] program syz.3.699 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  294.333667][ T8377] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  294.475124][ T5876] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  294.585545][   T10] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  294.648564][ T5876] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  294.658034][ T5876] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  294.680846][ T5876] usb 1-1: config 0 has no interface number 0
[  294.697132][ T5876] usb 1-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  294.709979][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.732083][ T5876] usb 1-1: Product: syz
[  294.743140][ T5876] usb 1-1: Manufacturer: syz
[  294.756280][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  294.773981][ T5876] usb 1-1: SerialNumber: syz
[  294.782414][   T10] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  294.803475][ T5876] usb 1-1: config 0 descriptor??
[  294.827691][   T10] usb 4-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=13.4a
[  294.839235][ T5876] cx231xx 1-1:0.1: New device syz syz @ 12 Mbps (0572:58a5) with 1 interfaces
[  294.853528][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.877201][ T5876] cx231xx 1-1:0.1: Not found matching IAD interface
[  294.887965][   T10] usb 4-1: Product: syz
[  294.949334][   T10] usb 4-1: Manufacturer: syz
[  294.976209][   T10] usb 4-1: SerialNumber: syz
[  294.988616][   T10] usb 4-1: config 0 descriptor??
[  295.088885][ T8398] ������5g�Q[�: renamed from lo (while UP)
[  295.209497][   T10] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  295.230455][ T5923] usb 4-1: USB disconnect, device number 28
[  295.330161][ T5915] usb 1-1: USB disconnect, device number 26
[  295.392573][   T10] usb 5-1: device descriptor read/64, error -71
[  295.630391][ T5923] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  295.797995][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  295.815167][   T10] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  295.816457][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  295.904592][ T5923] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  295.941979][ T5923] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  295.955251][   T10] usb 5-1: device descriptor read/64, error -71
[  295.973644][ T5923] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  295.984260][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.004828][ T5923] usb 2-1: config 0 descriptor??
[  296.096818][   T10] usb usb5-port1: attempt power cycle
[  296.457532][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  296.506907][   T10] usb 5-1: device descriptor read/8, error -71
[  296.518729][ T8412] program syz.3.713 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  296.597361][ T5915] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  296.745211][   T10] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  296.758358][ T5915] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  296.776271][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.776523][   T10] usb 5-1: device descriptor read/8, error -71
[  296.799498][ T8416] netlink: 4 bytes leftover after parsing attributes in process `syz.2.715'.
[  296.858439][ T5915] usb 1-1: config 0 descriptor??
[  296.922150][   T10] usb usb5-port1: unable to enumerate USB device
[  296.987972][ T5915] pwc: Samsung MPC-C10 USB webcam detected.
[  297.237204][ T5915] pwc: send_video_command error -71
[  297.243914][ T5915] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  297.252950][ T5915] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  297.301057][ T5915] usb 1-1: USB disconnect, device number 27
[  297.475708][   T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  297.638357][   T10] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  297.649531][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  297.656608][   T10] usb 4-1: New USB device found, idVendor=0463, idProduct=1215, bcdDevice= 0.00
[  297.666599][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.692932][   T10] usb 4-1: config 0 descriptor??
[  297.755759][ T5915] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  297.960100][ T5915] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  298.024701][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.103128][ T5915] usb 1-1: config 0 descriptor??
[  298.143639][ T5915] pwc: Samsung MPC-C10 USB webcam detected.
[  298.189918][ T8436] netlink: 'syz.2.722': attribute type 4 has an invalid length.
[  298.489665][ T5923] usbhid 2-1:0.0: can't add hid device: -71
[  298.518145][ T5923] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  298.641383][ T5915] pwc: recv_control_msg error -32 req 02 val 2b00
[  298.657013][ T5915] pwc: recv_control_msg error -32 req 02 val 2700
[  298.664095][ T5923] usb 2-1: USB disconnect, device number 41
[  298.685728][ T5916] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  298.733490][ T8441] program syz.1.724 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  298.835687][ T5916] usb 5-1: Using ep0 maxpacket: 32
[  298.863052][ T5916] usb 5-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  298.887701][ T5916] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.913716][ T5916] usb 5-1: Product: syz
[  298.928284][ T5916] usb 5-1: Manufacturer: syz
[  298.985690][ T5916] usb 5-1: SerialNumber: syz
[  299.024476][ T5916] usb 5-1: config 0 descriptor??
[  299.230646][ T8445] netlink: 36 bytes leftover after parsing attributes in process `syz.2.726'.
[  299.274034][ T8445] netlink: 36 bytes leftover after parsing attributes in process `syz.2.726'.
[  299.610635][ T5916] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=0] err=-32
[  299.990739][ T5916] peak_usb 5-1:0.0: unable to read PCAN-USB Pro bootloader info (err -32)
[  300.356536][ T5916] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -32
[  300.399353][ T5915] pwc: recv_control_msg error -71 req 02 val 2c00
[  300.425956][ T5916] usb 5-1: USB disconnect, device number 33
[  300.440892][ T5915] pwc: recv_control_msg error -71 req 04 val 1000
[  300.474209][ T5915] pwc: recv_control_msg error -71 req 04 val 1300
[  300.531930][ T5915] pwc: recv_control_msg error -71 req 04 val 1400
[  300.565948][ T5915] pwc: recv_control_msg error -71 req 02 val 2000
[  300.591867][ T8455] loop4: detected capacity change from 0 to 7
[  300.601866][ T5915] pwc: recv_control_msg error -71 req 02 val 2100
[  300.620335][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.631184][ T5915] pwc: recv_control_msg error -71 req 02 val 2200
[  300.680942][ T5915] pwc: recv_control_msg error -71 req 06 val 0600
[  300.701382][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.724628][ T5915] pwc: recv_control_msg error -71 req 04 val 1500
[  300.731288][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731331][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731388][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731456][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731494][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731511][ T8455] ldm_validate_partition_table(): Disk read failed.
[  300.731539][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731591][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731621][ T8455] Buffer I/O error on dev loop4, logical block 0, async page read
[  300.731652][ T8455] Dev loop4: unable to read RDB block 0
[  300.731737][ T8455]  loop4: unable to read partition table
[  300.731962][ T8455] loop4: partition table beyond EOD, truncated
[  300.732020][ T8455] loop_reread_partitions: partition scan of loop4 (���������S�j��	���%��`��ր����5) failed (rc=-5)
[  300.833341][ T5915] pwc: recv_control_msg error -71 req 02 val 2500
[  300.844284][ T5915] pwc: recv_control_msg error -71 req 02 val 2400
[  300.896242][ T5915] pwc: recv_control_msg error -71 req 02 val 2600
[  300.939904][ T5915] pwc: recv_control_msg error -71 req 02 val 2900
[  300.988588][ T5915] pwc: recv_control_msg error -71 req 02 val 2800
[  301.009144][ T8461] loop2: detected capacity change from 0 to 7
[  301.030292][ T5915] pwc: recv_control_msg error -71 req 04 val 1100
[  301.039208][ T8461] Dev loop2: unable to read RDB block 7
[  301.044841][ T8461]  loop2: unable to read partition table
[  301.090950][ T5915] pwc: recv_control_msg error -71 req 04 val 1200
[  301.097516][ T8461] loop2: partition table beyond EOD, truncated
[  301.097557][ T8461] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  301.176141][ T5915] pwc: Registered as video103.
[  301.191493][ T8465] netlink: 12 bytes leftover after parsing attributes in process `syz.2.733'.
[  301.205946][ T5915] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input28
[  301.329236][ T5915] usb 1-1: USB disconnect, device number 28
[  301.471697][ T8468] netlink: 'syz.4.734': attribute type 10 has an invalid length.
[  301.507835][   T10] usbhid 4-1:0.0: can't add hid device: -71
[  301.514689][   T10] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  301.551909][   T10] usb 4-1: USB disconnect, device number 29
[  301.649800][ T8470] program syz.2.735 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  302.344941][ T8501] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  302.365645][ T5825] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  302.392149][ T8501] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  302.543531][ T8505] netlink: 12 bytes leftover after parsing attributes in process `syz.1.749'.
[  302.558511][ T5825] usb 4-1: Using ep0 maxpacket: 16
[  302.567006][    T9] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  302.583670][ T5825] usb 4-1: unable to get BOS descriptor or descriptor too short
[  302.597468][ T5825] usb 4-1: config 13 has an invalid interface number: 50 but max is 0
[  302.607217][ T5825] usb 4-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  302.618459][ T5825] usb 4-1: config 13 has no interface number 0
[  302.626547][ T5825] usb 4-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  302.626567][   T10] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  302.638225][ T5825] usb 4-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  302.655834][ T5825] usb 4-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  302.670307][ T5825] usb 4-1: config 13 interface 50 has no altsetting 0
[  302.681038][ T5825] usb 4-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  302.692907][ T5825] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.701965][ T5825] usb 4-1: Product: syz
[  302.706969][ T5825] usb 4-1: Manufacturer: syz
[  302.712149][ T5825] usb 4-1: SerialNumber: syz
[  302.748081][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.758474][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  302.782602][    T9] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  302.813959][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  302.838136][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.846690][   T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  302.894698][   T10] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  302.921803][    T9] usb 1-1: config 0 descriptor??
[  302.943960][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.986721][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  303.001174][   T10] usb 3-1: config 0 descriptor??
[  303.007023][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  303.042552][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  303.054283][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  303.068680][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  303.094123][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  303.111606][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  303.130243][    T9] usb 1-1: media controller created
[  303.147112][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  303.182256][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  303.193536][   T10] usb 3-1: media controller created
[  303.218788][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  303.241027][ T8500] FAULT_INJECTION: forcing a failure.
[  303.241027][ T8500] name failslab, interval 1, probability 0, space 0, times 0
[  303.253899][ T8500] CPU: 0 UID: 0 PID: 8500 Comm: syz.2.747 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  303.253932][ T8500] Tainted: [L]=SOFTLOCKUP
[  303.253939][ T8500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  303.253952][ T8500] Call Trace:
[  303.253961][ T8500]  <TASK>
[  303.253969][ T8500]  dump_stack_lvl+0xe8/0x150
[  303.254003][ T8500]  should_fail_ex+0x412/0x560
[  303.254032][ T8500]  should_failslab+0xa8/0x100
[  303.254059][ T8500]  __kmalloc_noprof+0xe8/0x760
[  303.254086][ T8500]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  303.254135][ T8500]  tomoyo_realpath_from_path+0xe3/0x5d0
[  303.254174][ T8500]  ? tomoyo_path_number_perm+0x219/0x630
[  303.254197][ T8500]  tomoyo_path_number_perm+0x246/0x630
[  303.254227][ T8500]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  303.254246][ T8500]  ? __lock_acquire+0x6b5/0x2cf0
[  303.254273][ T8500]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  303.254328][ T8500]  ? __fget_files+0x2a/0x420
[  303.254359][ T8500]  ? __fget_files+0x2a/0x420
[  303.254389][ T8500]  ? __fget_files+0x3a0/0x420
[  303.254409][ T8500]  ? __fget_files+0x2a/0x420
[  303.254433][ T8500]  security_file_ioctl+0xc3/0x2a0
[  303.254469][ T8500]  __se_sys_ioctl+0x47/0x170
[  303.254496][ T8500]  do_syscall_64+0x14d/0xf80
[  303.254514][ T8500]  ? trace_irq_disable+0x3b/0x150
[  303.254545][ T8500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.254560][ T8500]  ? clear_bhb_loop+0x40/0x90
[  303.254577][ T8500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.254607][ T8500] RIP: 0033:0x7fdb2899c799
[  303.254627][ T8500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  303.254645][ T8500] RSP: 002b:00007fdb297a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  303.254666][ T8500] RAX: ffffffffffffffda RBX: 00007fdb28c15fa0 RCX: 00007fdb2899c799
[  303.254680][ T8500] RDX: 0000200000000200 RSI: 0000000000000707 RDI: 000000000000000c
[  303.254698][ T8500] RBP: 00007fdb297a8090 R08: 0000000000000000 R09: 0000000000000000
[  303.254707][ T8500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  303.254721][ T8500] R13: 00007fdb28c16038 R14: 00007fdb28c15fa0 R15: 00007fdb28d3fa48
[  303.254745][ T8500]  </TASK>
[  303.254766][ T8500] ERROR: Out of memory at tomoyo_realpath_from_path.
[  303.578813][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  303.584848][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  303.601008][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  303.626843][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  303.663659][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input29
[  303.683017][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input30
[  303.730070][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  303.751981][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  303.762011][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[  303.788699][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  303.859797][    T9] usb 1-1: USB disconnect, device number 29
[  303.873058][   T10] usb 3-1: USB disconnect, device number 28
[  303.905609][ T5913] dvb-usb: bulk message failed: -22 (1/0)
[  303.911487][ T5913] dvb-usb: error while querying for an remote control event.
[  303.994654][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  304.067402][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  304.247361][ T8522] delete_channel: no stack
[  304.645124][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  304.822454][ T5825] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  304.831924][    T9] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  304.842411][ T5825] usb 4-1: MIDIStreaming interface descriptor not found
[  304.995280][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  305.059519][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  305.088309][    T9] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  305.194386][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  305.236451][ T5825] usb 4-1: USB disconnect, device number 30
[  305.265526][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.322493][    T9] usb 3-1: Product: syz
[  305.373519][    T9] usb 3-1: Manufacturer: syz
[  305.389381][    T9] usb 3-1: SerialNumber: syz
[  305.454074][    T9] cdc_ncm 3-1:1.0: skipping garbage
[  305.475050][    T9] cdc_ncm 3-1:1.0: skipping garbage
[  305.480330][    T9] cdc_ncm 3-1:1.0: invalid descriptor buffer length
[  305.593946][    T9] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[  305.622459][    T9] cdc_ncm 3-1:1.0: bind() failure
[  305.691140][ T8546] program syz.4.762 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  306.388646][ T5825] usb 3-1: USB disconnect, device number 29
[  306.498266][ T8554] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  306.527634][ T8554] netlink: 12 bytes leftover after parsing attributes in process `syz.2.765'.
[  306.685128][   T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  306.885712][   T10] usb 1-1: Using ep0 maxpacket: 16
[  306.913050][   T10] usb 1-1: unable to get BOS descriptor or descriptor too short
[  306.931285][   T10] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  306.962171][   T10] usb 1-1: config 5 has 0 interfaces, different from the descriptor's value: 1
[  306.990072][   T10] usb 1-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice=89.94
[  307.007505][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.016149][   T10] usb 1-1: Product: syz
[  307.020619][   T10] usb 1-1: Manufacturer: syz
[  307.027686][   T10] usb 1-1: SerialNumber: syz
[  307.324779][   T30] audit: type=1326 audit(1772416914.618:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  307.356743][ T8537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  307.419546][ T8537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  307.427632][   T30] audit: type=1326 audit(1772416914.618:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  307.485940][   T10] usb 1-1: USB disconnect, device number 30
[  307.506361][   T30] audit: type=1326 audit(1772416914.618:405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  307.627106][ T7187] udevd[7187]: setting mode of /dev/bus/usb/001/030 to 020664 failed: No such file or directory
[  307.635332][   T30] audit: type=1326 audit(1772416914.618:406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  307.661166][ T7187] udevd[7187]: setting owner of /dev/bus/usb/001/030 to uid=0, gid=0 failed: No such file or directory
[  307.738837][   T30] audit: type=1326 audit(1772416914.618:407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  307.829368][   T30] audit: type=1326 audit(1772416914.618:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  307.890588][   T30] audit: type=1326 audit(1772416914.618:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  308.005776][   T30] audit: type=1326 audit(1772416914.658:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda6659c799 code=0x7ffc0000
[  308.037475][   T30] audit: type=1326 audit(1772416914.658:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fda6655cfce code=0x7ffc0000
[  308.198409][   T30] audit: type=1326 audit(1772416914.658:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8535 comm="syz.0.759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fda6659c42b code=0x7ffc0000
[  308.676563][ T8595] syzkaller0: entered promiscuous mode
[  308.682117][ T8595] syzkaller0: entered allmulticast mode
[  309.048146][   T10] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  309.258907][ T8610] loop3: detected capacity change from 0 to 7
[  309.265237][   T10] usb 2-1: Using ep0 maxpacket: 16
[  309.271506][ T8610] Dev loop3: unable to read RDB block 7
[  309.310727][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  309.423526][   T10] usb 2-1: config 13 has an invalid interface number: 50 but max is 0
[  309.435865][ T8610]  loop3: unable to read partition table
[  309.464466][   T10] usb 2-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[  309.477429][ T8610] loop3: partition table beyond EOD, truncated
[  309.559215][   T10] usb 2-1: config 13 has no interface number 0
[  309.565563][   T10] usb 2-1: config 13 interface 50 altsetting 167 endpoint 0x7 has invalid wMaxPacketSize 0
[  309.567356][ T8610] loop_reread_partitions: partition scan of loop3 (�被x������ ) failed (rc=-5)
[  309.576002][   T10] usb 2-1: config 13 interface 50 altsetting 167 bulk endpoint 0x7 has invalid maxpacket 0
[  309.576043][   T10] usb 2-1: config 13 interface 50 altsetting 167 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  309.576081][   T10] usb 2-1: config 13 interface 50 has no altsetting 0
[  309.707791][   T10] usb 2-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  309.719640][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.732393][   T10] usb 2-1: Product: syz
[  309.737609][   T10] usb 2-1: Manufacturer: syz
[  309.743827][   T10] usb 2-1: SerialNumber: syz
[  309.878460][ T8613] netlink: 'syz.0.779': attribute type 10 has an invalid length.
[  310.040165][ T8618] netlink: 14 bytes leftover after parsing attributes in process `syz.0.779'.
[  310.579794][ T8613] team0: Port device netdevsim0 added
[  310.799030][ T8628] FAULT_INJECTION: forcing a failure.
[  310.799030][ T8628] name failslab, interval 1, probability 0, space 0, times 0
[  310.813054][ T8628] CPU: 1 UID: 0 PID: 8628 Comm: syz.2.786 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  310.813089][ T8628] Tainted: [L]=SOFTLOCKUP
[  310.813097][ T8628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  310.813122][ T8628] Call Trace:
[  310.813131][ T8628]  <TASK>
[  310.813139][ T8628]  dump_stack_lvl+0xe8/0x150
[  310.813174][ T8628]  should_fail_ex+0x412/0x560
[  310.813203][ T8628]  ? alloc_inode+0x6a/0x1b0
[  310.813232][ T8628]  should_failslab+0xa8/0x100
[  310.813259][ T8628]  kmem_cache_alloc_lru_noprof+0x87/0x640
[  310.813281][ T8628]  ? simple_start_creating+0xcc/0x110
[  310.813318][ T8628]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  310.813349][ T8628]  alloc_inode+0x6a/0x1b0
[  310.813378][ T8628]  new_inode+0x22/0x170
[  310.813411][ T8628]  __debugfs_create_file+0xb8/0x400
[  310.813444][ T8628]  debugfs_create_file_full+0x3f/0x60
[  310.813477][ T8628]  ref_tracker_dir_debugfs+0x197/0x360
[  310.813504][ T8628]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  310.813559][ T8628]  ? __kvmalloc_node_noprof+0x545/0x8a0
[  310.813582][ T8628]  ? alloc_netdev_mqs+0xa6/0x11b0
[  310.813617][ T8628]  ? __raw_spin_lock_init+0x45/0x100
[  310.813644][ T8628]  alloc_netdev_mqs+0x272/0x11b0
[  310.813669][ T8628]  ? __pfx_geneve_setup+0x10/0x10
[  310.813707][ T8628]  rtnl_create_link+0x31f/0xd70
[  310.813737][ T8628]  rtnl_newlink_create+0x277/0xb70
[  310.813768][ T8628]  ? __pfx___nla_validate_parse+0x10/0x10
[  310.813808][ T8628]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  310.813842][ T8628]  ? __pfx___mutex_lock+0x10/0x10
[  310.813874][ T8628]  ? ns_capable+0x89/0xe0
[  310.813905][ T8628]  rtnl_newlink+0x1666/0x1be0
[  310.813957][ T8628]  ? __pfx_rtnl_newlink+0x10/0x10
[  310.813982][ T8628]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.814042][ T8628]  ? kasan_quarantine_put+0xbb/0x1f0
[  310.814064][ T8628]  ? lockdep_hardirqs_on+0x7a/0x110
[  310.814099][ T8628]  ? kmem_cache_free+0x187/0x630
[  310.814120][ T8628]  ? nlmon_xmit+0xb0/0x100
[  310.814161][ T8628]  ? __lock_acquire+0x6b5/0x2cf0
[  310.814195][ T8628]  ? __local_bh_enable_ip+0xd0/0x130
[  310.814222][ T8628]  ? lockdep_hardirqs_on+0x7a/0x110
[  310.814251][ T8628]  ? __dev_queue_xmit+0x277/0x3890
[  310.814270][ T8628]  ? __local_bh_enable_ip+0xd0/0x130
[  310.814294][ T8628]  ? __dev_queue_xmit+0x277/0x3890
[  310.814341][ T8628]  ? __pfx_rtnl_newlink+0x10/0x10
[  310.814367][ T8628]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  310.814397][ T8628]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  310.814423][ T8628]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.814447][ T8628]  ? ref_tracker_free+0x693/0x840
[  310.814471][ T8628]  ? __copy_skb_header+0xa3/0x4a0
[  310.814505][ T8628]  ? __pfx_ref_tracker_free+0x10/0x10
[  310.814529][ T8628]  ? __skb_clone+0x63/0x7a0
[  310.814568][ T8628]  netlink_rcv_skb+0x232/0x4b0
[  310.814595][ T8628]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.814632][ T8628]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  310.814670][ T8628]  ? netlink_deliver_tap+0x2e/0x1b0
[  310.814702][ T8628]  netlink_unicast+0x80f/0x9b0
[  310.814734][ T8628]  ? __pfx_netlink_unicast+0x10/0x10
[  310.814759][ T8628]  ? netlink_sendmsg+0x650/0xb40
[  310.814782][ T8628]  ? skb_put+0x11b/0x210
[  310.814813][ T8628]  netlink_sendmsg+0x813/0xb40
[  310.814849][ T8628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.814879][ T8628]  ? aa_sock_msg_perm+0xf1/0x1b0
[  310.814906][ T8628]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  310.814931][ T8628]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.814955][ T8628]  ____sys_sendmsg+0xa68/0xad0
[  310.814999][ T8628]  ? __pfx_____sys_sendmsg+0x10/0x10
[  310.815038][ T8628]  ? import_iovec+0x73/0xa0
[  310.815070][ T8628]  ___sys_sendmsg+0x2a5/0x360
[  310.815105][ T8628]  ? __pfx____sys_sendmsg+0x10/0x10
[  310.815175][ T8628]  ? __fget_files+0x2a/0x420
[  310.815205][ T8628]  ? __fget_files+0x3a0/0x420
[  310.815244][ T8628]  __x64_sys_sendmsg+0x1bd/0x2a0
[  310.815277][ T8628]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  310.815334][ T8628]  ? __pfx_ksys_write+0x10/0x10
[  310.815369][ T8628]  do_syscall_64+0x14d/0xf80
[  310.815387][ T8628]  ? trace_irq_disable+0x3b/0x150
[  310.815414][ T8628]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.815436][ T8628]  ? clear_bhb_loop+0x40/0x90
[  310.815454][ T8628]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.815468][ T8628] RIP: 0033:0x7fdb2899c799
[  310.815498][ T8628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  310.815516][ T8628] RSP: 002b:00007fdb297a8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  310.815537][ T8628] RAX: ffffffffffffffda RBX: 00007fdb28c15fa0 RCX: 00007fdb2899c799
[  310.815551][ T8628] RDX: 000000000404c814 RSI: 0000200000000240 RDI: 0000000000000003
[  310.815563][ T8628] RBP: 00007fdb297a8090 R08: 0000000000000000 R09: 0000000000000000
[  310.815579][ T8628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.815587][ T8628] R13: 00007fdb28c16038 R14: 00007fdb28c15fa0 R15: 00007fdb28d3fa48
[  310.815615][ T8628]  </TASK>
[  311.714518][ T8628] debugfs: out of free dentries, can not create file 'netdev@ffff88801ff0e620'
[  311.760152][ T8628] geneve2: entered promiscuous mode
[  311.841472][ T8628] geneve2: entered allmulticast mode
[  311.879795][   T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  311.912822][   T10] usb 2-1: MIDIStreaming interface descriptor not found
[  312.033795][ T8635] loop5: detected capacity change from 0 to 7
[  312.065711][ T8635] Dev loop5: unable to read RDB block 7
[  312.071423][ T8635]  loop5: AHDI p4
[  312.166984][ T8635] loop5: partition table partially beyond EOD, truncated
[  312.285390][   T10] usb 2-1: USB disconnect, device number 42
[  312.516147][ T6531] udevd[6531]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:13.50/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  312.666313][ T8649] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:0)
[  312.743397][ T8649] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:0c, vlan:1)
[  312.889333][ T8655] ==================================================================
[  312.897457][ T8655] BUG: KASAN: use-after-free in nf_hook_entry_head+0x1f1/0x2c0
[  312.905651][ T8655] Read of size 8 at addr ffff8880544c4108 by task syz.0.793/8655
[  312.913413][ T8655] 
[  312.915852][ T8655] CPU: 1 UID: 0 PID: 8655 Comm: syz.0.793 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  312.915875][ T8655] Tainted: [L]=SOFTLOCKUP
[  312.915880][ T8655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  312.915890][ T8655] Call Trace:
[  312.915898][ T8655]  <TASK>
[  312.915905][ T8655]  dump_stack_lvl+0xe8/0x150
[  312.915930][ T8655]  print_report+0xba/0x230
[  312.915948][ T8655]  ? nf_hook_entry_head+0x1f1/0x2c0
[  312.915969][ T8655]  kasan_report+0x117/0x150
[  312.915989][ T8655]  ? nf_hook_entry_head+0x1f1/0x2c0
[  312.916012][ T8655]  nf_hook_entry_head+0x1f1/0x2c0
[  312.916034][ T8655]  __nf_unregister_net_hook+0x74/0x6f0
[  312.916056][ T8655]  ? __pfx_nf_flow_table_offload_setup+0x10/0x10
[  312.916077][ T8655]  nf_tables_commit+0x4270/0xa400
[  312.916103][ T8655]  ? nft_pernet+0x23/0x240
[  312.916119][ T8655]  ? nft_pernet+0x23/0x240
[  312.916131][ T8655]  ? nft_pernet+0x23/0x240
[  312.916145][ T8655]  ? __pfx_nf_tables_commit+0x10/0x10
[  312.916166][ T8655]  ? nft_trans_commit_list_add_tail+0x179/0x520
[  312.916183][ T8655]  ? nft_flush_table+0x1749/0x18e0
[  312.916198][ T8655]  ? nft_pernet+0x23/0x240
[  312.916210][ T8655]  ? nf_tables_deltable+0x5af/0xe80
[  312.916240][ T8655]  ? nf_tables_deltable+0x678/0xe80
[  312.916265][ T8655]  ? __pfx_nf_tables_deltable+0x10/0x10
[  312.916293][ T8655]  nfnetlink_rcv+0x1c1b/0x27b0
[  312.916323][ T8655]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  312.916344][ T8655]  ? ref_tracker_free+0x693/0x840
[  312.916373][ T8655]  ? __netlink_deliver_tap+0x807/0x850
[  312.916392][ T8655]  ? netlink_deliver_tap+0x2e/0x1b0
[  312.916415][ T8655]  netlink_unicast+0x80f/0x9b0
[  312.916435][ T8655]  ? __pfx_netlink_unicast+0x10/0x10
[  312.916451][ T8655]  ? netlink_sendmsg+0x650/0xb40
[  312.916468][ T8655]  ? skb_put+0x11b/0x210
[  312.916490][ T8655]  netlink_sendmsg+0x813/0xb40
[  312.916512][ T8655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  312.916531][ T8655]  ? aa_sock_msg_perm+0xf1/0x1b0
[  312.916550][ T8655]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  312.916566][ T8655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  312.916584][ T8655]  ____sys_sendmsg+0xa68/0xad0
[  312.916606][ T8655]  ? futex_unqueue+0x211/0x240
[  312.916625][ T8655]  ? __pfx_____sys_sendmsg+0x10/0x10
[  312.916650][ T8655]  ? import_iovec+0x73/0xa0
[  312.916672][ T8655]  ___sys_sendmsg+0x2a5/0x360
[  312.916695][ T8655]  ? __pfx____sys_sendmsg+0x10/0x10
[  312.916719][ T8655]  ? futex_wait+0x29a/0x380
[  312.916750][ T8655]  ? __fget_files+0x2a/0x420
[  312.916771][ T8655]  ? __fget_files+0x3a0/0x420
[  312.916795][ T8655]  __x64_sys_sendmsg+0x1bd/0x2a0
[  312.916818][ T8655]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  312.916844][ T8655]  ? rcu_is_watching+0x15/0xb0
[  312.916869][ T8655]  do_syscall_64+0x14d/0xf80
[  312.916883][ T8655]  ? trace_irq_disable+0x3b/0x150
[  312.916904][ T8655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.916919][ T8655]  ? clear_bhb_loop+0x40/0x90
[  312.916936][ T8655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.916951][ T8655] RIP: 0033:0x7fda6659c799
[  312.916966][ T8655] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  312.916979][ T8655] RSP: 002b:00007fda6742a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  312.916995][ T8655] RAX: ffffffffffffffda RBX: 00007fda66815fa0 RCX: 00007fda6659c799
[  312.917006][ T8655] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000003
[  312.917016][ T8655] RBP: 00007fda66632bd9 R08: 0000000000000000 R09: 0000000000000000
[  312.917025][ T8655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  312.917034][ T8655] R13: 00007fda66816038 R14: 00007fda66815fa0 R15: 00007fda6693fa48
[  312.917051][ T8655]  </TASK>
[  312.917056][ T8655] 
[  313.282137][ T8655] The buggy address belongs to the physical page:
[  313.288696][ T8655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880544c7c00 pfn:0x544c4
[  313.298800][ T8655] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  313.305968][ T8655] raw: 00fff00000000000 ffffea000170d808 ffffea00016a3c08 0000000000000000
[  313.314574][ T8655] raw: ffff8880544c7c00 0000000000000000 00000000ffffffff 0000000000000000
[  313.323172][ T8655] page dumped because: kasan: bad access detected
[  313.329648][ T8655] page_owner tracks the page as freed
[  313.335034][ T8655] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 8247, tgid 8246 (syz.2.661), ts 284377252011, free_ts 301426513422
[  313.354289][ T8655]  post_alloc_hook+0x231/0x280
[  313.359089][ T8655]  get_page_from_freelist+0x24dc/0x2580
[  313.364676][ T8655]  __alloc_frozen_pages_noprof+0x18d/0x380
[  313.370526][ T8655]  alloc_pages_mpol+0x232/0x4a0
[  313.375414][ T8655]  allocate_slab+0x83/0x660
[  313.379975][ T8655]  ___slab_alloc+0x150/0x6b0
[  313.384609][ T8655]  __kmalloc_cache_noprof+0x12e/0x660
[  313.390021][ T8655]  __genradix_ptr_alloc+0x352/0x4a0
[  313.395264][ T8655]  __genradix_prealloc+0x44/0x90
[  313.400231][ T8655]  sctp_process_strreset_addstrm_out+0x294/0x700
[  313.406579][ T8655]  sctp_sf_do_reconf+0x695/0xab0
[  313.411539][ T8655]  sctp_do_sm+0x238/0x5cf0
[  313.415986][ T8655]  sctp_assoc_bh_rcv+0x3f2/0x630
[  313.420942][ T8655]  sctp_backlog_rcv+0x167/0x380
[  313.425810][ T8655]  __release_sock+0x297/0x3a0
[  313.430503][ T8655]  release_sock+0x5f/0x1f0
[  313.434942][ T8655] page last free pid 26 tgid 26 stack trace:
[  313.444505][ T8655]  __free_frozen_pages+0xc2b/0xdb0
[  313.449639][ T8655]  __slab_free+0x263/0x2b0
[  313.454071][ T8655]  qlist_free_all+0x97/0x100
[  313.458680][ T8655]  kasan_quarantine_reduce+0x148/0x160
[  313.464164][ T8655]  __kasan_slab_alloc+0x22/0x80
[  313.469115][ T8655]  kmem_cache_alloc_noprof+0x2bc/0x650
[  313.474792][ T8655]  do_getname_kernel+0x54/0x230
[  313.479699][ T8655]  start_removing_path+0x23/0x150
[  313.485125][ T8655]  devtmpfs_work_loop+0x245/0xdf0
[  313.490185][ T8655]  devtmpfsd+0x4d/0x50
[  313.494291][ T8655]  kthread+0x388/0x470
[  313.498400][ T8655]  ret_from_fork+0x51e/0xb90
[  313.503036][ T8655]  ret_from_fork_asm+0x1a/0x30
[  313.507832][ T8655] 
[  313.510171][ T8655] Memory state around the buggy address:
[  313.515835][ T8655]  ffff8880544c4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  313.524053][ T8655]  ffff8880544c4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  313.532172][ T8655] >ffff8880544c4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  313.543666][ T8655]                       ^
[  313.548113][ T8655]  ffff8880544c4180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  313.557064][ T8655]  ffff8880544c4200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  313.565324][ T8655] ==================================================================
[  313.595311][ T8655] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  313.604432][ T8655] CPU: 0 UID: 0 PID: 8655 Comm: syz.0.793 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  313.615696][ T8655] Tainted: [L]=SOFTLOCKUP
[  313.620598][ T8655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  313.631079][ T8655] Call Trace:
[  313.634417][ T8655]  <TASK>
[  313.637382][ T8655]  vpanic+0x56c/0xa60
[  313.641413][ T8655]  ? __pfx_vpanic+0x10/0x10
[  313.645948][ T8655]  panic+0xc5/0xd0
[  313.649719][ T8655]  ? __pfx_panic+0x10/0x10
[  313.654182][ T8655]  ? preempt_schedule_thunk+0x16/0x30
[  313.659838][ T8655]  ? nf_hook_entry_head+0x1f1/0x2c0
[  313.665937][ T8655]  ? preempt_schedule_thunk+0x16/0x30
[  313.671347][ T8655]  ? nf_hook_entry_head+0x1f1/0x2c0
[  313.676563][ T8655]  check_panic_on_warn+0x89/0xb0
[  313.681870][ T8655]  ? nf_hook_entry_head+0x1f1/0x2c0
[  313.687604][ T8655]  end_report+0x73/0x180
[  313.691991][ T8655]  ? nf_hook_entry_head+0x1f1/0x2c0
[  313.698271][ T8655]  kasan_report+0x128/0x150
[  313.702955][ T8655]  ? nf_hook_entry_head+0x1f1/0x2c0
[  313.708374][ T8655]  nf_hook_entry_head+0x1f1/0x2c0
[  313.713526][ T8655]  __nf_unregister_net_hook+0x74/0x6f0
[  313.719028][ T8655]  ? __pfx_nf_flow_table_offload_setup+0x10/0x10
[  313.725469][ T8655]  nf_tables_commit+0x4270/0xa400
[  313.730571][ T8655]  ? nft_pernet+0x23/0x240
[  313.735104][ T8655]  ? nft_pernet+0x23/0x240
[  313.739579][ T8655]  ? nft_pernet+0x23/0x240
[  313.744215][ T8655]  ? __pfx_nf_tables_commit+0x10/0x10
[  313.749618][ T8655]  ? nft_trans_commit_list_add_tail+0x179/0x520
[  313.755890][ T8655]  ? nft_flush_table+0x1749/0x18e0
[  313.761398][ T8655]  ? nft_pernet+0x23/0x240
[  313.765837][ T8655]  ? nf_tables_deltable+0x5af/0xe80
[  313.771114][ T8655]  ? nf_tables_deltable+0x678/0xe80
[  313.776407][ T8655]  ? __pfx_nf_tables_deltable+0x10/0x10
[  313.782010][ T8655]  nfnetlink_rcv+0x1c1b/0x27b0
[  313.786820][ T8655]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  313.792408][ T8655]  ? ref_tracker_free+0x693/0x840
[  313.797646][ T8655]  ? __netlink_deliver_tap+0x807/0x850
[  313.803254][ T8655]  ? netlink_deliver_tap+0x2e/0x1b0
[  313.808603][ T8655]  netlink_unicast+0x80f/0x9b0
[  313.813517][ T8655]  ? __pfx_netlink_unicast+0x10/0x10
[  313.820376][ T8655]  ? netlink_sendmsg+0x650/0xb40
[  313.826600][ T8655]  ? skb_put+0x11b/0x210
[  313.831338][ T8655]  netlink_sendmsg+0x813/0xb40
[  313.836416][ T8655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  313.841767][ T8655]  ? aa_sock_msg_perm+0xf1/0x1b0
[  313.846997][ T8655]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  313.852346][ T8655]  ? __pfx_netlink_sendmsg+0x10/0x10
[  313.857667][ T8655]  ____sys_sendmsg+0xa68/0xad0
[  313.862568][ T8655]  ? futex_unqueue+0x211/0x240
[  313.867358][ T8655]  ? __pfx_____sys_sendmsg+0x10/0x10
[  313.872769][ T8655]  ? import_iovec+0x73/0xa0
[  313.879209][ T8655]  ___sys_sendmsg+0x2a5/0x360
[  313.883929][ T8655]  ? __pfx____sys_sendmsg+0x10/0x10
[  313.889163][ T8655]  ? futex_wait+0x29a/0x380
[  313.894061][ T8655]  ? __fget_files+0x2a/0x420
[  313.898773][ T8655]  ? __fget_files+0x3a0/0x420
[  313.903477][ T8655]  __x64_sys_sendmsg+0x1bd/0x2a0
[  313.908457][ T8655]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  313.914048][ T8655]  ? rcu_is_watching+0x15/0xb0
[  313.918857][ T8655]  do_syscall_64+0x14d/0xf80
[  313.923696][ T8655]  ? trace_irq_disable+0x3b/0x150
[  313.929132][ T8655]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.935696][ T8655]  ? clear_bhb_loop+0x40/0x90
[  313.940523][ T8655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.946529][ T8655] RIP: 0033:0x7fda6659c799
[  313.951676][ T8655] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  313.974348][ T8655] RSP: 002b:00007fda6742a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  313.983235][ T8655] RAX: ffffffffffffffda RBX: 00007fda66815fa0 RCX: 00007fda6659c799
[  313.992409][ T8655] RDX: 0000000004000000 RSI: 0000200000000340 RDI: 0000000000000003
[  314.001375][ T8655] RBP: 00007fda66632bd9 R08: 0000000000000000 R09: 0000000000000000
[  314.009970][ T8655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.018438][ T8655] R13: 00007fda66816038 R14: 00007fda66815fa0 R15: 00007fda6693fa48
[  314.026814][ T8655]  </TASK>
[  314.031554][ T8655] Kernel Offset: disabled
[  314.036387][ T8655] Rebooting in 86400 seconds..