last executing test programs:

12.641343221s ago: executing program 3 (id=214):
bpf$MAP_CREATE(0x0, &(0x7f0000000ac0)=@base={0x6, 0x4, 0x1010, 0x89}, 0x50)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0xa00, 0xb)
r1 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000140)={r0, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "280991800000598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f000000155cc30cf11d0bc000", [0x4, 0x7]}})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={<r2=>0x0}, &(0x7f00000001c0)=0xc)
write$P9_RGETLOCK(r0, &(0x7f00000002c0)={0x2a, 0x37, 0x1, {0x2, 0x40008000000, 0x4, r2, 0xc, '/dev/nullb0\x00'}}, 0x2a)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0xa02, 0x0)
r4 = dup(r3)
syz_genetlink_get_family_id$gtp(0x0, r4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c)
r6 = fcntl$dupfd(r5, 0x0, r5)
r7 = getpid()
fcntl$setownex(r6, 0xf, &(0x7f0000000000)={0x2, r7})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), r6)
r8 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000340)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x4, r8, &(0x7f0000000080)="01000000", 0x4, 0x2a25}])
getpeername$packet(r4, &(0x7f0000000300)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000380)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000600)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000005c0)={&(0x7f0000002680)=ANY=[@ANYBLOB="4c000000480000022abd7000fddbdf250a001f00", @ANYRES32=r9, @ANYBLOB="80000000080002000300000014000100fe800000000000000000fe967c5a3d1c9eb663ed080000000000bb14000100ff0200000000000000000000000000013a65bba20179e83e7d9645848b8f20ea02e2a6a9cbe2267047ed470a79d980f9121ee4ff20928aa7906552130a6a35f9c853765156284b019b8c207c4955d237777aadb1437fb89be50d21a99663f28e147eb09566c5d4ae00080000663e7f0000000023fd703fa69400369f16f6be42e84f10b94190a681e7bd257794c1f0376eab29bec8f83184680820f0116efa3e8b64705086b3a295985cd8390ca51e9c000000000000000000000000be24c195a1a23be8009273f580b302d1fe007e1b0000003112f00f645290baa236daf87d14f02a7fdc3c447e01d6ebd100b68bed99154aa4f7116ca53c6df34ccb968c37cef2146590c5714aacee7623a9591ad485ce12576798000000000000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x48811)
sendmsg$NL80211_CMD_GET_KEY(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20000090}, 0x41)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
read$FUSE(r4, &(0x7f0000000640)={0x2020}, 0x2020)

11.368055191s ago: executing program 3 (id=222):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x14e)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='bridge_slave_1\x00', 0x10)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006340)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, r3, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xac901, 0x28)
write$tcp_congestion(r4, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r4, r2)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

9.835719045s ago: executing program 3 (id=230):
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000001e40), 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_open_dev$video(0x0, 0x1d24, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000006000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f0000000080)="36450f6fe3c74424020600000088442406000000000f01142466b87a000f00d066b876000f00d0400f9ce4660f38823d00300000410f01dfb9800000c00f3235000400000f3045f7b300000000430f21e3420f00d5", 0x56}], 0x1, 0x0, 0x0, 0xb7)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
syz_usb_connect$uac2(0x0, 0x83, &(0x7f0000000880)=ANY=[@ANYBLOB="120100020000000882052500400001020301090271000301f81005020b02"], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}, 0x1, 0x0, 0x0, 0x68840}, 0x4)
recvmmsg(r5, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}}], 0x1, 0x2, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text32={0x20, 0x0}], 0x1, 0x9, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x74800)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x4, 0x80000)
r7 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r8 = fcntl$dupfd(r7, 0x0, r7)
write$sndseq(r8, &(0x7f0000000180)=[{0x0, 0x4, 0x5, 0x1, @tick=0x40003, {0x1, 0x10}, {0x3, 0x10}, @raw32={[0x0, 0x1, 0x81]}}, {0x2, 0x87, 0x7f, 0x1, @time={0x40, 0xe69}, {0x6}, {0x3, 0x9}, @ext={0x0, 0x0}}, {0x5, 0x4, 0x9, 0x0, @time={0xb, 0x5d}, {0x9e, 0x66}, {0x52, 0x3c}, @result={0xb4c, 0xe122}}, {0x3, 0x5, 0xff, 0x0, @tick=0x2, {0x1}, {0x9, 0x81}, @time=@tick=0x5}, {0x49, 0x8, 0x4, 0x2, @tick=0x6, {0x5, 0x10}, {0x1, 0x5}, @addr={0x5, 0x3}}], 0x8c)
ioctl$BLKTRACESTART(r6, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r6, 0x1276, 0x0)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20029840}, 0x45)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000000)={0x1, @private, 0x0, 0x0, 'sed\x00', 0xa, 0xfffffffb, 0x14}, 0x2c)

9.099665197s ago: executing program 1 (id=235):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000000)=@ipv6_delrule={0x1c, 0x18, 0x1, 0x0, 0x25dfdbfe, {0xa, 0x0, 0x20, 0x0, 0x0, 0x3, 0x0, 0x7, 0x20001}}, 0x1c}}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f200019"], 0xfe33)

8.732172858s ago: executing program 1 (id=237):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$inet(r2, &(0x7f0000000540)={&(0x7f0000000240)={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000000780)}, 0x2000c040)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x0, 0x200000, 0x0, 0xb49, 0x6, 0xc, 0x0, 0x1}, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read$dsp(r5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r6, 0x40047451, &(0x7f0000000200)=0x8)
ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r6, &(0x7f00000002c0)=[{&(0x7f0000000040)="00214717a7070000000003060000000000000000a8a6761d5874f72cf86d73d32f46381d8fee86d9ca0e6a9c4db5a40fef56", 0x54}], 0x1, 0xe, 0x200004)
ioctl$INCFS_IOC_CREATE_FILE(0xffffffffffffffff, 0xc058671e, &(0x7f00000004c0)={{'\x00', 0x3}, {0x16}, 0x102, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={0x2, 0xd, {0x1}}, 0x19})
r7 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=ANY=[@ANYBLOB="020d000014000000000000000000000005000600000000000a00000000000000fc010000000000000000000000000000000000001300000005000500000000000a00000000000000000000000000000000000000000000000000000000000000080012000200020000000000000000001200330002"], 0xa0}}, 0x0)
prctl$PR_MCE_KILL(0x29, 0x1, 0x2)
r8 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00')
lseek(r8, 0x1000000, 0x0)
socket$kcm(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
sendmsg$tipc(r0, &(0x7f0000001540)={&(0x7f0000000100)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x2, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x84c)

7.274092496s ago: executing program 2 (id=240):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x14e)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='bridge_slave_1\x00', 0x10)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r2, &(0x7f0000006340)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, r3, {0x7, 0x1f, 0x1, 0x8888b1, 0x0, 0x1, 0x2, 0xa, 0x0, 0x0, 0x2, 0x8}}, 0x50)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_fuse_handle_req(r2, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xac901, 0x28)
write$tcp_congestion(r4, &(0x7f00000000c0)='lp\x00', 0xfffffdef)
dup2(r4, r2)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

6.928371232s ago: executing program 4 (id=241):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

6.161978944s ago: executing program 4 (id=242):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xa8c01)
personality(0x400000)
mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x2000009, 0x2172, 0xffffffffffffffff, 0x60f4b000)
write$sndseq(r2, &(0x7f0000000080)=[{0x1e, 0x0, 0x8, 0xfd, @tick=0x8, {0x0, 0x40}, {}, @result={0xfe}}], 0x1c)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(0x0, r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x80800, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, 0x0, 0x4)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000006c0)=ANY=[@ANYBLOB="040100001a0007002abd700000000000fe800000000000000000000000000025e00000010000000000000000000000b0b37b5b796ef48f7200ffff00004e2200000000800002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc0000000000000000000000000000005a0000000000000000b4000000000000ffffffffffffffff010000007ffffffe0000000000000000000006000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000fdffffffffffffff0000040000000000e80a000000000000000000000a000200700000000000000014000e00fe8000000000000000000000000000bb"], 0x104}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
open_by_handle_at(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="20000000f10000000600001100000000000000000000000006010000f8ffffff3d00000000000000"], 0x46200)
r11 = syz_open_dev$vcsa(&(0x7f0000000380), 0x3ff, 0x101000)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r11, 0x84, 0x64, &(0x7f00000003c0)=[@in6={0xa, 0x4e25, 0x4, @empty, 0x101}], 0x1c)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r12=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newqdisc={0x80, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x80, {0x0, 0x0, 0x0, r12, {0x0, 0xc}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4c, 0x2, [@TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x9}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x6}, @TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xffff8001}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0xd7d1}, @TCA_FQ_CODEL_TARGET={0x8, 0x1, 0x6}, @TCA_FQ_CODEL_INTERVAL={0x8}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0xca}, @TCA_FQ_CODEL_QUANTUM={0x8, 0x6, 0x7}, @TCA_FQ_CODEL_TARGET={0x8, 0x1, 0x5}]}}]}, 0x80}, 0x1, 0x0, 0x0, 0xc04c001}, 0x20000804)
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r12, {0x0, 0xfff1}, {0x1, 0xb}, {0xd, 0xd}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x15}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000050}, 0x10)

5.927070654s ago: executing program 2 (id=244):
socket$can_j1939(0x1d, 0x2, 0x7)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='9', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000000300))

5.689980532s ago: executing program 3 (id=245):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/rcu_expedited', 0x149a82, 0x80)
write$cgroup_int(r1, &(0x7f0000000040)=0x800000000001e8, 0x12)
syz_usb_control_io(r0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x44)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r3, &(0x7f0000002040)={0x2020}, 0x2020)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x4, {0x0, 0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x32a, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x7, 0x50, 0x5, "", [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x0, 0x68, {0x9, 0x21, 0xda, 0x3, 0x1, {0x22, 0xfe0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x0, 0x4, 0x10}}, [{{0x9, 0x5, 0x2, 0x3, 0x0, 0x26, 0x7, 0x6}}]}}}]}}]}}, &(0x7f0000000140)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x80, 0xa0, 0x3, 0x20, 0x3}, 0xf, &(0x7f00000000c0)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x2, 0xd, 0x7}]}, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x2009}}]})
syz_usb_control_io$hid(r4, &(0x7f00000005c0)={0x24, &(0x7f00000008c0)=ANY=[@ANYBLOB="4039ab000000ab23214154afab4587e77de3d30a0c62210edb77e90230f3ff8e37d81e3fac554237217b9256db156e7061a196c0ef51eaf3ebb94a3288ae46b746d7b7fa4badfebba41ddebf01c7035434f5c3c9d4998ae657c738da70467e43374b4efce2b8177cf0e116177c04f3ee7497e60ec0879412fc5c78841d3ced9f877bb4287599c88ead54d4969da63b4f9ca6320b0706155ef18603df38b5be80b9937d7a3b78a205c1e86f1e446caad4151b8ceac50fe9a3025c44ebd17ebe8235752d360bb06ae381f5437612c72e5c96ed1d98b5de6b1f91b227438635ee85fd841a597e3bd011bd34b581be73011c252b1797e8d14c93887cdf8c82894fd07e272e44846039931c9c897902150b013fb85cd861b1058841e0add2731a2d212e7eb28655c64a2a77d00671ae2e86b14e1fbdc9bfe1b9a718859c690f98962deef2a45e858385c84d574b8c4c2304dd6501c2a1325e7f15ea3f8265f66cfec39416d9a54af125f07b66eef0513dd739efec5fa4559e"], &(0x7f0000000600)=ANY=[@ANYBLOB="000304000000683208d200"/23], &(0x7f0000000540)={0x0, 0x22, 0x1b, {[@local=@item_012={0x0, 0x2, 0x7}, @local=@item_4={0x3, 0x2, 0x1, "47719f7b"}, @main=@item_4={0x3, 0x0, 0xa, "02b13501"}, @local=@item_012={0x0, 0x2, 0x5}, @main=@item_4={0x3, 0x0, 0x0, "d562f80b"}, @global=@item_4={0x3, 0x1, 0x4, "83d0a53b"}, @local=@item_4={0x3, 0x2, 0xa, "9b026345"}]}}, &(0x7f0000000580)={0x0, 0x21, 0x9, {0x9, 0x21, 0x1, 0x1, 0x1, {0x22, 0xd81}}}}, &(0x7f00000007c0)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB="40014000ddeccf062147dad0809d938b08087858b99280d1ea6c939b87bb56137f1f8c9261116216f8be97047f66f2bcff6025ac25297b4a13d89ae0b9c676f70000000000003a4668418202252b9b440fea85e39e5fd9efa3be39d9c66e47a5a87abf2910b67071664aba940a1907007bf00845e4f4eedf"], &(0x7f0000000680)={0x0, 0xa, 0x1, 0xac}, &(0x7f00000006c0)={0x0, 0x8, 0x1, 0x6}, &(0x7f0000000700)={0x20, 0x1, 0x70, "73d36842be32995108c05184e5b0e9ba2fd685120c3ff17d356f771e630eaf26b5d2b9d08f958d6bf49b7b8e49ea1532e70bdc1b572efc02fe4eec95687729ae848d1b67e10591112b410f251a1820c10052e61174b8504cde30b44b39ac1afbe150c3753abe3b827aa0042d9475e180"}, &(0x7f0000000780)={0x20, 0x3, 0x1}})
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r5, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x4682}, 0x1c)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r7)
socket(0x400000000010, 0x3, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000007c0)='numa_maps\x00')
read$FUSE(r8, &(0x7f0000002840)={0x2020}, 0x2020)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
r11 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r11, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756a8", 0xf, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r10, 0x1, 0xd8, 0x6, @multicast}, 0x14)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x18, &(0x7f0000000380)={0x0, 0x1, 0x4, "bec7a6c3"}, 0x0, 0x0, 0x0, 0x0})

5.373043066s ago: executing program 4 (id=246):
socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00')
open_tree(r0, &(0x7f0000000640)='\x00', 0x89901)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
unshare(0x600)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x4, r4})

5.158613267s ago: executing program 2 (id=248):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x29, 0x5, 0x9, 0xe797, 0x1, @loopback, @local, 0x20, 0x1, 0x0, 0x12}}) (fail_nth: 4)

4.513508552s ago: executing program 1 (id=250):
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RGETLOCK(r0, 0x0, 0xffffff6a)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
open(&(0x7f0000000240)='./file0\x00', 0x2a000, 0x32)
syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0xb56e2e3f2d9728b3, 0x8, 0x8001, 0x0, 0x9, 0x2, 0xfffffe0000000001, 0xfa11, 0x65aa}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x60, 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000f80)=@mangle={'mangle\x00', 0x2, 0x6, 0x5c0, 0x420, 0x0, 0x330, 0x260, 0x190, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x4f0, 0x6, 0x0, {[{{@ipv6={@mcast1, @private1, [], [], 'bond_slave_0\x00', 'vlan1\x00', {}, {0xff}, 0x21}, 0x0, 0x168, 0x190, 0x0, {0x7a00000010000000}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @empty, @mcast2, @private2, [], [0xff000000, 0xffffffff, 0xff000000, 0xffffff00], [], 0x0, 0x886}}, @common=@inet=@dccp={{0x30}, {[0x4e21, 0x4e24], [0x4e23, 0x4e24], 0xd, 0x0, 0x4, 0x7}}]}, @HL={0x28}}, {{@ipv6={@mcast2, @dev={0xfe, 0x80, '\x00', 0x2}, [], [0x0, 0x0, 0x0, 0xffffff00], 'veth0_macvtap\x00', 'veth1_vlan\x00', {}, {}, 0x0, 0x0, 0x5}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@ipv4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'bridge0\x00', 'sit0\x00', {0xff}}, 0x0, 0xa8, 0xd0, 0x48000000}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@ipv6={@empty, @local, [0xff, 0x0, 0xff, 0xff000000], [0xff000000, 0xff000000, 0xffffffff, 0xffffff00], 'macvlan0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x8, 0x81, 0x1, 0x36}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4, @ipv6=@private1, 0x0, 0x37}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x50, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x620)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
r7 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000280)=0x3)
ioctl$TCSETSW2(r7, 0x80047437, 0x0)
connect$inet(r6, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1111c0, 0x0)
sched_setattr(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r8)

3.862118095s ago: executing program 2 (id=251):
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x800)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a000000000000d74619edc70000000000", @ANYRESDEC=r0], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="02010009"], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0)

3.200554784s ago: executing program 2 (id=252):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

2.950255977s ago: executing program 2 (id=253):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_open_dev$dmmidi(&(0x7f0000019300), 0x7, 0x920)
ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r2, 0x40045731, &(0x7f0000000340)=0x800)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r3, &(0x7f00000001c0)={&(0x7f00000017c0)={0x2, 0x0, @rand_addr=0x64010100}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@mask_fadd={0x58, 0x114, 0x8, {{0x1, 0x2}, &(0x7f0000000200)=0xb3f4, 0x0, 0x0, 0x3fc, 0x4cbd, 0x1, 0x30, 0x6}}, @mask_cswp={0x58, 0x114, 0x9, {{0x8, 0xe}, 0x0, 0x0, 0x10000, 0x101, 0x7, 0x6, 0x6, 0x5}}], 0xb0, 0x10}, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8001, 0x0, 0x8, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000080), 0x3, 0x2)
ioctl$VIDIOC_S_DV_TIMINGS(r4, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x191, 0x1, 0x0, 0xdd9f83, 0x1, 0x2f, 0xf3, 0x2, 0x1008, 0xc, 0x6, 0x7, 0x80, 0x27, 0x20, {0x0, 0x1ff}, 0x3, 0xed}})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000000)={'macsec0\x00', @random="010000201000"})
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r6)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000008c0)=ANY=[@ANYBLOB="98000000", @ANYRES16=r7, @ANYBLOB="010000ffffffffffffff9900000008000300", @ANYRES32=r8, @ANYBLOB="7c005a8074"], 0x98}, 0x1, 0x0, 0x0, 0x40080}, 0x20008840)
r9 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b0001000000000904000001012900000905"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_usb_control_io$hid(r9, 0x0, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000001a00), 0x1, 0x800)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r10, 0xc1205531, &(0x7f0000001a40)={0x1, 0x6, 0x0, 0x8004, '\x00', '\x00', '\x00', 0x0, 0x5d05, 0x10000004, 0x1, "38d49788ead5f71fd65acf7132de72ec"})
syz_open_procfs(0xffffffffffffffff, &(0x7f00000192c0)='coredump_filter\x00')

2.500079666s ago: executing program 4 (id=254):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x28000, 0x10)
setsockopt$IP_VS_SO_SET_DELDEST(r1, 0x0, 0x488, &(0x7f00000004c0)={{0x87, @local, 0x4e23, 0x1, 'wrr\x00', 0x5, 0x8, 0x2d}, {@local, 0x4e24, 0x2007, 0x7ff, 0x4, 0x551}}, 0x44)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000f80)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @last={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LAST_SET={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
sendmsg$NFT_MSG_GETSETELEM(r2, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x44, 0xd, 0xa, 0x301, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20040000}, 0x14)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r10 = fanotify_init(0x200, 0x0)
fanotify_mark(r10, 0x1, 0x4800003e, r9, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r11 = io_uring_setup(0x9, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x3b6})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r11, 0x6145, 0x7721, 0x17, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x11c0, 0x0)
r12 = creat(&(0x7f0000000240)='./file0\x00', 0x122)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) (fail_nth: 2)
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x8001}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x4}]}}]}, 0x4c}}, 0x4004002)
r13 = syz_open_dev$mouse(&(0x7f00000000c0), 0xd, 0x6100)
ioctl$I2C_PEC(r12, 0x708, 0x4)
ioctl$FE_READ_SIGNAL_STRENGTH(r13, 0x80026f47, &(0x7f0000000140))

1.885631716s ago: executing program 0 (id=255):
r0 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000240), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_procfs(0x0, &(0x7f0000000040)='mounts\x00')
r2 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
fchdir(r3)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x202, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="6c0000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="e0000000000101040000000000000000020000001c00188008000140a080000008000240000000020800034000000002240001801400018008000100e000000108000200e00000010c0002800500010000000000040016404400108008000140fffff800080002400000000108000140ffff1fc508000140000006870800014000000004080003"], 0xe0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="7000000000010104000000000000000002000006240001801400018008000100e000000108000200ac1414000c00028005000100000000002c0002801400018008000100e000000108000200e00000010c00028005000100006309d030955796f10000000800074000000000040006"], 0x70}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r6, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x6000000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x100, {0x0, 0x0, 0x0, r8, {0xe, 0x1}}}, 0x24}}, 0x4)

1.487946191s ago: executing program 0 (id=256):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net\x00')
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0) (async)
preadv(r0, &(0x7f0000000040)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0x7101})
socket$unix(0x1, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="120000000400"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="120000000400"/20, @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0) (async)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'macvlan1\x00'})
r3 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
ioctl$FE_GET_PROPERTY(r3, 0x80106f53, &(0x7f0000000000)={0x11, &(0x7f0000000300)=[{0x27, '\x00', @buffer={"ce674e0203d7827b63f57d2bec7d84e3c702b86a46da9180ea577401c673a6c8", 0x20}, 0x7}]}) (async)
ioctl$FE_GET_PROPERTY(r3, 0x80106f53, &(0x7f0000000000)={0x11, &(0x7f0000000300)=[{0x27, '\x00', @buffer={"ce674e0203d7827b63f57d2bec7d84e3c702b86a46da9180ea577401c673a6c8", 0x20}, 0x7}]})
socket(0x400000000010, 0x3, 0x0) (async)
socket(0x400000000010, 0x3, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = dup(r4)
setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r4, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0xffff}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
write(r5, &(0x7f0000000100)="88", 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000002700)={0xf52, 0x2, 0x2, 0xfffffff8}, 0x10) (async)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000002700)={0xf52, 0x2, 0x2, 0xfffffff8}, 0x10)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x3, 0xf06, 0x1, 0x4, 0xfffffffd, 0x5}, 0x9c)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000600)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x111, 0x6}}, 0x20)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0x46, @empty, 0xf}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c) (async)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in6={{0xa, 0x4e60, 0x46, @empty, 0xf}}, 0xffffec47, 0x9, 0xffff1896, 0x100, 0x25, 0x7fff}, 0x9c)
socket$unix(0x1, 0x5, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r7, 0x25, &(0x7f00000000c0))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r7, 0x26, &(0x7f0000000300)={0x1, 0x0, 0x1, 0xffffffffffffffff})
close_range(r6, 0xffffffffffffffff, 0x0)

1.209781179s ago: executing program 1 (id=257):
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x8, 0x4, 0x8b, 0xfffa}, 0x41, [0x7ffe, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x9, 0x5f, 0x9, 0x9, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0xd, 0x5, 0x4, 0x8, 0x4, 0x7f, 0x1, 0x3, 0x9, 0x1, 0x5d, 0x0, 0xe660, 0x8, 0x7, 0x101, 0x7eff, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0xec, 0x71, 0xfffffff8, 0x7, 0x0, 0x0, 0xd, 0x80003e, 0x8f, 0x6, 0x10000006, 0x0, 0x9, 0x4, 0x8, 0x0, 0x10, 0x0, 0xfffffffe, 0x6, 0x8, 0x6, 0x1, 0x40], [0x10000007, 0xffff, 0x134, 0x7ffe, 0x10, 0xfffffff3, 0x3f, 0x0, 0xf9, 0xd, 0x2bf, 0x80006c9, 0x2, 0x9, 0x3, 0x0, 0x7, 0x15, 0x0, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x3, 0x10000004, 0x8000, 0x8, 0x400, 0x5, 0x6, 0x7, 0xff, 0x5, 0x5, 0x5f31, 0x6, 0x0, 0x2, 0x100002, 0xa, 0x4, 0x9, 0x8, 0x800, 0x6, 0x1007, 0x8002, 0x1, 0xfe000000, 0xff7f, 0x2, 0x81, 0x9, 0x2, 0xffffffff, 0x9, 0x1, 0x7, 0x10, 0x9, 0x48c93690, 0x42, 0x9], [0x400, 0x4, 0x0, 0x5, 0xfffffffe, 0x5, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0x17ec12b8, 0x800004, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x83, 0x80000003, 0x200009, 0x100003e3, 0x9, 0x5, 0x3, 0x2, 0xf38, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0xd, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffffc, 0x1, 0x1, 0xffff, 0x0, 0x1a, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x20000004, 0x65], [0x9, 0xfffffffe, 0xc, 0xb, 0x5, 0x938, 0x2, 0x6, 0x0, 0x5, 0x2, 0x1ff, 0x2, 0xf58, 0x5, 0x0, 0x7, 0x10000, 0x6, 0x7ffe, 0x80000004, 0x200a620, 0x2, 0xa, 0x1, 0x4, 0x14c, 0x60a7, 0xe, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc4, 0xee1, 0xfffff000, 0x0, 0x3, 0x7f, 0x100, 0x9602, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x4, 0x8, 0x30b1d693, 0xd6, 0x8, 0x7, 0x1, 0x6c1c, 0x0, 0x4, 0xb0b2748, 0x1, 0x1, 0x400, 0xffbf2441, 0xffd]}, 0x45c)
unshare(0x20040600)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) (fail_nth: 2)

1.043771574s ago: executing program 0 (id=258):
socket$can_j1939(0x1d, 0x2, 0x7)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x7a22, 0xc000, 0x7, 0x337})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='9', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000000300))

1.013850203s ago: executing program 4 (id=259):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r0], 0x54}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x200000000000000)

1.010945167s ago: executing program 3 (id=260):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000140)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x29, 0x5, 0x9, 0xe797, 0x7ffffffe, @loopback, @local, 0x20, 0x1, 0x0, 0x12}})

632.55968ms ago: executing program 0 (id=261):
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)={0x174, 0x0, 0x2, 0x301, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_EXPECT_NAT={0xe4, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_TUPLE={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_DIR={0x8}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x64, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x2a}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @rand_addr=0x64010102}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}]}]}, @CTA_EXPECT_NAT={0x7c, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @private1}}}]}, @CTA_EXPECT_NAT_TUPLE={0x40, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}]}]}, 0x174}, 0x1, 0x0, 0x0, 0x40010}, 0x4008000)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000580)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/141, 0x8d}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}, 0x5}], 0x1, 0x2000, &(0x7f0000003700)={0x77359400})

420.175018ms ago: executing program 1 (id=262):
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x800)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a000000000000d74619edc70000000000", @ANYRESDEC=r0], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="02010009"], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0)

375.136747ms ago: executing program 0 (id=263):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x2}}}, 0x28}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

279.949335ms ago: executing program 1 (id=264):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000100)={0x1000000000000178, 0x0, [{0x40000072, 0x0, 0x2b349891}]})
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000300))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x48)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r5, 0x3b87, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0x0, 0xffffffff}, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f00006ef000/0x4000)=nil, 0x4000, 0x9, 0x10, 0xffffffffffffffff, 0x8000000)
r6 = syz_open_dev$vim2m(&(0x7f0000000200), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000003c0)={0x2, 0x1, 0x1})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="5c000000020601010000000000000000000000000900020073797a3000000000050001000600000005000500000000000500040000000000140007800800114000000000050015007a8537350d000300686173683a6d6163"], 0x5c}}, 0x4000)
r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r7, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, r9, 0x1, 0x70bd27, 0x25dfdbfb}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x880)
r10 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCGPGRP(r10, 0x540f, &(0x7f0000000140))
r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r11, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x2c8, 0x120, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x1f8, 0xffffffff, 0xffffffff, 0x1f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'syzkaller0\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x120, 0x0, {}, [@common=@unspec=@cluster={{0x30}, {0x7, 0x4, 0x9}}, @inet=@rpfilter={{0x28}, {0x9}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x328)
add_key(&(0x7f0000000040)='rxrpc\x00', 0x0, &(0x7f0000000180)="0000000000000002ff69000000000001000000c000000006000200861fa72e5b01504104bfeacdd5a9007d167c71e3b8a93aa64d957a684161c833020a6da888c7a56843a85f3a078c97d542ed1fbf069ca713670adf7d9fb6d2600fd9c1981fe9f095cfe9d2fe1e1e34f6096bf02543747b2c792890f07c0da0fa25e6101062e6c9176a70e41698814a213711764f88495994cfd8a57c1e13f6b5298e7ab3a2bfb58dde34d58536633c27882e51ced17d67999b0009446100"/212, 0xd4, 0xffffffffffffffff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200000)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x1010c2, 0x0)

63.709932ms ago: executing program 4 (id=265):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000040)=0x5, 0x4)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x8, 0x4, 0x8d, 0xfffa}, 0x41, [0x7ffe, 0xc95a, 0xfffffff6, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x6, 0x4d, 0x9, 0x5f, 0x9, 0x9, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0xd, 0x5, 0x200, 0x8, 0x4, 0x7f, 0x1, 0x3, 0x9, 0x1, 0x5d, 0x0, 0xe660, 0x8, 0x7, 0x101, 0x7eff, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0xec, 0x71, 0xfffffff8, 0x7, 0x0, 0x0, 0xd, 0x80003e, 0x8f, 0x6, 0x10000006, 0x0, 0x9, 0x4, 0x8, 0x0, 0xd, 0x0, 0x0, 0x6, 0xa, 0x6, 0x1, 0x40], [0x1000000a, 0xffff, 0x134, 0x7ffe, 0x10, 0xfffffff3, 0x3f, 0x0, 0xf9, 0xd, 0x2bf, 0x80006c9, 0xe1, 0x9, 0x3, 0xffffffff, 0x9, 0x15, 0x0, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x3, 0x10000004, 0x8000, 0x8, 0x400, 0x5, 0x2, 0x7, 0xff, 0x5, 0x5, 0x5f31, 0x6, 0x0, 0x2, 0x100002, 0xa, 0x4, 0x9, 0x8, 0x802, 0x6, 0x1007, 0x8002, 0x1, 0xfe000000, 0xff7f, 0x2, 0x81, 0x9, 0x2, 0xffffffff, 0x9, 0x1, 0x7, 0x10, 0x9, 0x48c93690, 0x42, 0x9], [0x400, 0x4, 0x0, 0x5, 0xfffffffe, 0x5, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0x17ec12b8, 0x92, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x85, 0x80000003, 0x200009, 0x100003e3, 0x8, 0x5, 0x3, 0x5, 0xf38, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0xd, 0x2950bfaf, 0x9000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffffc, 0x1, 0x1, 0xffff, 0x0, 0x1a, 0x400, 0x120000, 0x3, 0x6, 0x9, 0x20000004, 0x40], [0x9, 0xfffffffe, 0xc, 0xb, 0x5, 0x938, 0x2, 0x6, 0x0, 0x5, 0x2, 0x1ff, 0x2, 0xf58, 0x5, 0x0, 0x7, 0x10000, 0x6, 0x7ffe, 0x80000004, 0x200a620, 0x2, 0xa, 0x4001, 0x4, 0x14d, 0x60a7, 0xe, 0x6, 0xffffffff, 0x400, 0x5, 0x8, 0xc4, 0xee1, 0xfffff000, 0x0, 0x3, 0x7f, 0x100, 0x3, 0x7, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x4, 0x8, 0x30b1d68f, 0xd6, 0x8, 0x7, 0x1, 0x6c1c, 0x0, 0x4, 0xb0b2748, 0x1, 0x1, 0x400, 0xffbf2441, 0xffd]}, 0x45c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_disconnect(r4)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000b40)=ANY=[@ANYRES64=r2, @ANYBLOB="ac28743846beda172b824612133ceaaf66e0be3039cf7d71c0eb6ea14aa2b888ea5bd856a03651a824dc14213d0d6342f0ba8f15cdc38a047c68bd1ab21fa932433af221582b614821050b392bc7887f8f7111f6172c532b8e0594dc421337870b2a09267c6def8f9a304ef65e4e92f5aa250160763ecb5e3dc9e33fff401fd8a8059f9e1671c2c82cf8603cdd37ebe6", @ANYRES64=r3, @ANYBLOB="8b1ec2563816a959807dadbd7afcb144100578af0682154bb61a2704db723659876a160ad9f9b28360470efda0cec962a33417b9d9d8f868f71ab0713f6e25facb6dabac0abe6ea59d3948e806138bd3193a694e521275a85a1961f132378a339964e453ea70f083bac7d94461cc3f586ebccd1bf5f3e79e", @ANYRESHEX=r2, @ANYRESDEC=r4, @ANYRESDEC=r1, @ANYRES16=r2, @ANYRESOCT=r3], 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r5, &(0x7f00000001c0)=""/238, 0xee)
syz_usb_connect_ath9k(0x3, 0x0, 0x0, 0x0)
syz_open_dev$hiddev(0x0, 0x6, 0xa8000)
read$char_usb(r5, &(0x7f0000000100)=""/178, 0xb2)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r7, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f00000000c0)={0x5555555555554a8, 0x0, [{0xd, 0x2, 0x1, 0x0, @irqchip={0x9, 0x6}}]})
ioctl$KVM_IRQ_LINE_STATUS(r7, 0xc008ae67, &(0x7f0000000140)={0x0, 0x401})
syz_usb_ep_write(r4, 0x81, 0x9, &(0x7f00000002c0)="28d36689fb2134111f")
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000000140)={'gretap0\x00', @random="02004000002b"})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffff7fffffffffd, 0x80000001, 0xffffffff, 0xfffffffffffffffd, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0x8000c595, 0x0, 0x1, 0xffffffffffffffff, 0x7, 0x80000004000000, 0x90], 0xeeee8000, 0x2150d3})
syz_open_dev$loop(&(0x7f0000000280), 0xffff, 0x14f600)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.stat\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x6, 0x9, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "288cdfdbe108598948224ad44afac11d6e5397bdb22d0000b420a1b63c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0x100000000, 0x8000000000000000]}})
unshare(0x20040600)
r9 = signalfd(r0, &(0x7f0000000000)={[0x100000000]}, 0x8)
write$P9_RLCREATE(r9, &(0x7f0000000040)={0x18, 0xf, 0x1, {{0x20, 0x1, 0x8}, 0x1}}, 0x18)

40.807591ms ago: executing program 0 (id=266):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000080)={{{@in6=@mcast2, @in=@multicast1, 0x4e20, 0xfd95, 0x4e23, 0x394, 0xa, 0xa0, 0xa0, 0x32}, {0x4, 0x53, 0xffff, 0x8000000000000000, 0x1, 0x800c5c4, 0x8, 0xfffffffffffffffe}, {0x100000000003, 0x5, 0xc, 0x9}, 0x3, 0x6e6bb1, 0x2, 0x1, 0x3, 0x3}, {{@in6=@private1, 0x4d2, 0x6c}, 0x2, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x3504, 0x2, 0xf8a3eceea9e5829a, 0x2, 0x392daa26, 0xfffffffe}}, 0xe8)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000001400000060"], 0xfdef)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea5400c2", 0x10)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r2, 0x10, &(0x7f0000000500)={0x7, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)=""/245, 0xf5}], &(0x7f00000004c0)=[0x3, 0x100000000, 0x400, 0x8, 0x5, 0x40d0], 0x1}, 0x20)
recvmmsg$unix(r4, &(0x7f00000053c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0xa32, 0x60, 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
r6 = socket$key(0xf, 0x3, 0x2)
r7 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0)
sendmmsg(r6, &(0x7f0000000180), 0x3ef, 0x0)
r8 = getpid()
r9 = syz_pidfd_open(r8, 0x0)
open_by_handle_at(r9, &(0x7f0000002580)=ANY=[@ANYBLOB="0c000000fe00000013"], 0x0)
r10 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x20c880, 0x14c)
sync_file_range(r10, 0x9, 0x1, 0x2)
setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000240)={0x4, &(0x7f0000000140)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x8, 0xfffff010}, {0x50}, {0x6, 0xba, 0x2, 0xefff}]}, 0x10)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/keys\x00', 0x0, 0x0)
syz_emit_ethernet(0xaf, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa8100000086dd"], 0x0)

0s ago: executing program 3 (id=267):
syz_usb_connect(0x3, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000cc1ef420890b070064ef000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000200)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", "cc6c2d12e0353c0e42899a29fdefe3bc", "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=@newsa={0x104, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000, 0xffffffffffffffff}, {0x0, 0x200000, 0x7}, {0x40000, 0xfffffffd, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x34}, [@coaddr={0x14, 0xe, @in6=@remote}]}, 0x104}}, 0x0) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) (async)
r3 = syz_open_dev$dvb_demux(&(0x7f00000002c0), 0x1, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r3, 0x403c6f2b, &(0x7f0000000000)={0x7, {"9db867d09ed91aa9c5c29f2f1e4be6bf", '\x00', "9defe9f49655f386b84e6bb715dac54f"}, 0x445, 0x7})

kernel console output (not intermixed with test programs):

adv0
[   91.142407][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.173876][ T5840] veth0_vlan: entered promiscuous mode
[   91.182991][ T5845] veth0_macvtap: entered promiscuous mode
[   91.211680][ T5845] veth1_macvtap: entered promiscuous mode
[   91.230123][ T5840] veth1_vlan: entered promiscuous mode
[   91.272585][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.286815][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.329532][  T477] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.340728][  T477] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.367264][  T477] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.377768][  T477] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.393706][ T5842] veth0_vlan: entered promiscuous mode
[   91.421270][ T5842] veth1_vlan: entered promiscuous mode
[   91.437821][ T5840] veth0_macvtap: entered promiscuous mode
[   91.449875][ T5843] veth0_vlan: entered promiscuous mode
[   91.479313][ T5840] veth1_macvtap: entered promiscuous mode
[   91.502799][ T5843] veth1_vlan: entered promiscuous mode
[   91.520770][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.589144][  T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.613838][  T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.627556][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.658234][ T5842] veth0_macvtap: entered promiscuous mode
[   91.672809][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.699942][  T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.710063][ T5842] veth1_macvtap: entered promiscuous mode
[   91.716086][  T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   91.730424][ T5843] veth0_macvtap: entered promiscuous mode
[   91.737741][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.747646][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.787225][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.815084][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.837261][ T5843] veth1_macvtap: entered promiscuous mode
[   91.847905][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   91.961318][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.988870][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.003511][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.020811][   T10] cfg80211: failed to load regulatory.db
[   92.044623][ T5846] veth0_vlan: entered promiscuous mode
[   92.056448][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.067295][ T5919] loop4: detected capacity change from 0 to 7
[   92.083228][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.096896][ T5839] Bluetooth: hci0: command tx timeout
[   92.102465][ T5839] Bluetooth: hci3: command tx timeout
[   92.108073][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.136751][ T5882]  loop4: [CUMANA/ADFS] p1 [ADFS] p1
[   92.142341][ T5882] loop4: partition table partially beyond EOD, truncated
[   92.156221][ T1015] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.170435][ T5882] loop4: p1 size 2989602745 extends beyond EOD, truncated
[   92.178705][ T1015] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.179553][ T5827] Bluetooth: hci4: command tx timeout
[   92.188543][   T51] Bluetooth: hci2: command tx timeout
[   92.205327][ T5839] Bluetooth: hci1: command tx timeout
[   92.226098][ T1015] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.250255][ T5919]  loop4: [CUMANA/ADFS] p1 [ADFS] p1
[   92.257963][ T5919] loop4: partition table partially beyond EOD, truncated
[   92.286177][ T1015] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.295201][ T5919] loop4: p1 size 2989602745 extends beyond EOD, truncated
[   92.328629][ T1015] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.346449][   T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.354492][   T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.374559][ T1015] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.397904][ T1015] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.412061][ T1015] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.462495][ T5846] veth1_vlan: entered promiscuous mode
[   92.598891][ T1015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.622964][ T1015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.772041][  T477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.782153][  T477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.809472][ T5924] syzkaller0: entered promiscuous mode
[   92.815094][ T5924] syzkaller0: entered allmulticast mode
[   92.823737][ T5846] veth0_macvtap: entered promiscuous mode
[   92.824584][ T5924] FAULT_INJECTION: forcing a failure.
[   92.824584][ T5924] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   92.843170][ T5924] CPU: 1 UID: 0 PID: 5924 Comm: syz.1.2 Not tainted syzkaller #0 PREEMPT(full) 
[   92.843197][ T5924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   92.843216][ T5924] Call Trace:
[   92.843225][ T5924]  <TASK>
[   92.843234][ T5924]  dump_stack_lvl+0xe8/0x150
[   92.843283][ T5924]  should_fail_ex+0x412/0x560
[   92.843323][ T5924]  _copy_from_user+0x2d/0xb0
[   92.843350][ T5924]  ___sys_sendmsg+0x1c6/0x360
[   92.843384][ T5924]  ? __pfx____sys_sendmsg+0x10/0x10
[   92.843445][ T5924]  ? __fget_files+0x2a/0x420
[   92.843465][ T5924]  ? __fget_files+0x3a0/0x420
[   92.843493][ T5924]  __x64_sys_sendmsg+0x1bd/0x2a0
[   92.843525][ T5924]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[   92.843561][ T5924]  ? __pfx_ksys_write+0x10/0x10
[   92.843597][ T5924]  do_syscall_64+0x14d/0xf80
[   92.843626][ T5924]  ? trace_irq_disable+0x3b/0x150
[   92.843645][ T5924]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.843668][ T5924]  ? clear_bhb_loop+0x40/0x90
[   92.843694][ T5924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.843715][ T5924] RIP: 0033:0x7f355859c819
[   92.843741][ T5924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   92.843758][ T5924] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   92.843781][ T5924] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[   92.843797][ T5924] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000005
[   92.843810][ T5924] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[   92.843823][ T5924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.843835][ T5924] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[   92.843867][ T5924]  </TASK>
[   93.041289][  T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.049692][  T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.070057][ T5846] veth1_macvtap: entered promiscuous mode
[   93.091689][ T1015] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.099639][ T1015] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.166038][ T5813] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   93.269575][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.284137][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.341773][  T149] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.352024][ T5813] usb 5-1: Using ep0 maxpacket: 32
[   93.364974][  T149] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.379304][ T5813] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[   93.388708][ T5813] usb 5-1: config 0 has no interface number 0
[   93.394885][ T5813] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   93.410313][ T5813] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[   93.426047][  T149] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.445283][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.456073][  T477] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.468404][ T5813] usb 5-1: Product: syz
[   93.472764][ T5813] usb 5-1: Manufacturer: syz
[   93.484304][ T5813] usb 5-1: SerialNumber: syz
[   93.527488][ T5813] usb 5-1: config 0 descriptor??
[   93.591242][ T5813] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[   93.615545][ T5813] em28xx 5-1:0.132: Video interface 132 found:
[   93.774503][  T477] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.806319][  T477] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.897655][  T477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.918777][  T477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.969252][ T5813] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[   93.977282][   T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   94.158159][   T10] usb 2-1: too many configurations: 33, using maximum allowed: 8
[   94.170015][ T5942] netlink: 32 bytes leftover after parsing attributes in process `syz.2.9'.
[   94.179130][   T51] Bluetooth: hci3: command tx timeout
[   94.184643][   T51] Bluetooth: hci0: command tx timeout
[   94.187278][ T5942] Zero length message leads to an empty skb
[   94.216151][   T10] usb 2-1: New USB device found, idVendor=0eb1, idProduct=6668, bcdDevice=57.b8
[   94.233641][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.242260][   T10] usb 2-1: Product: syz
[   94.247401][   T10] usb 2-1: Manufacturer: syz
[   94.252160][   T10] usb 2-1: SerialNumber: syz
[   94.258388][   T51] Bluetooth: hci4: command tx timeout
[   94.258865][ T5839] Bluetooth: hci2: command tx timeout
[   94.265709][   T51] Bluetooth: hci1: command tx timeout
[   94.284659][   T10] usb 2-1: config 0 descriptor??
[   94.338300][   T10] go7007-loader 2-1:0.0: can't handle multiple config
[   94.354216][   T10] go7007-loader 2-1:0.0: probe failed
[   94.416410][ T5813] em28xx 5-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=0)
[   94.455861][ T5813] em28xx 5-1:0.132: board has no eeprom
[   94.727896][ T5813] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[   94.739597][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   94.764516][ T5813] em28xx 5-1:0.132: analog set to bulk mode.
[   94.787898][   T10] em28xx 5-1:0.132: Registering V4L2 extension
[   94.824640][ T5813] usb 5-1: USB disconnect, device number 2
[   94.847899][ T5813] em28xx 5-1:0.132: Disconnecting em28xx
[   94.927422][    T9] usb 3-1: Using ep0 maxpacket: 16
[   94.950658][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.982459][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   95.013962][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   95.095471][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   95.134782][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   95.288325][    T9] usb 3-1: config 0 descriptor??
[   95.354146][   T10] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[   95.412651][   T10] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[   95.448645][   T10] em28xx 5-1:0.132: No AC97 audio processor
[   95.516306][   T10] usb 5-1: Decoder not found
[   95.525579][   T10] em28xx 5-1:0.132: failed to create media graph
[   95.562608][   T10] em28xx 5-1:0.132: V4L2 device video103 deregistered
[   95.618812][   T10] em28xx 5-1:0.132: Remote control support is not available for this card.
[   95.676378][ T5813] em28xx 5-1:0.132: Closing input extension
[   95.754985][ T5813] em28xx 5-1:0.132: Freeing device
[   95.788977][    T9] usbhid 3-1:0.0: can't add hid device: -71
[   95.816275][    T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[   95.889272][    T9] usb 3-1: USB disconnect, device number 2
[   97.391386][ T5997] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   97.481501][ T5813] usb 2-1: USB disconnect, device number 2
[   97.711994][ T6004] FAULT_INJECTION: forcing a failure.
[   97.711994][ T6004] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.767778][ T6004] CPU: 1 UID: 0 PID: 6004 Comm: syz.1.22 Not tainted syzkaller #0 PREEMPT(full) 
[   97.767808][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   97.767821][ T6004] Call Trace:
[   97.767830][ T6004]  <TASK>
[   97.767839][ T6004]  dump_stack_lvl+0xe8/0x150
[   97.767875][ T6004]  should_fail_ex+0x412/0x560
[   97.767912][ T6004]  _copy_from_user+0x2d/0xb0
[   97.767939][ T6004]  ___sys_recvmsg+0x175/0x590
[   97.767966][ T6004]  ? __lock_acquire+0x6b5/0x2cf0
[   97.768000][ T6004]  ? __pfx____sys_recvmsg+0x10/0x10
[   97.768063][ T6004]  do_recvmmsg+0x334/0x800
[   97.768099][ T6004]  ? __pfx_do_recvmmsg+0x10/0x10
[   97.768139][ T6004]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   97.768185][ T6004]  __x64_sys_recvmmsg+0x198/0x250
[   97.768218][ T6004]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   97.768258][ T6004]  do_syscall_64+0x14d/0xf80
[   97.768286][ T6004]  ? trace_irq_disable+0x3b/0x150
[   97.768304][ T6004]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.768325][ T6004]  ? clear_bhb_loop+0x40/0x90
[   97.768350][ T6004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.768371][ T6004] RIP: 0033:0x7f355859c819
[   97.768390][ T6004] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   97.768407][ T6004] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   97.768429][ T6004] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[   97.768445][ T6004] RDX: 0000000000000048 RSI: 00002000000004c0 RDI: 0000000000000003
[   97.768457][ T6004] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[   97.768470][ T6004] R10: 000000000000820b R11: 0000000000000246 R12: 0000000000000001
[   97.768482][ T6004] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[   97.768513][ T6004]  </TASK>
[   98.020367][ T6009] syz.4.25 uses obsolete (PF_INET,SOCK_PACKET)
[   98.255689][ T5813] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   98.415887][ T5813] usb 3-1: Using ep0 maxpacket: 16
[   98.431957][ T5813] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[   98.448313][ T5813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.463701][ T5813] usb 3-1: Product: syz
[   98.469901][ T5813] usb 3-1: Manufacturer: syz
[   98.474672][ T5813] usb 3-1: SerialNumber: syz
[   98.484461][ T5813] usb 3-1: config 0 descriptor??
[   98.558201][ T6016] netlink: 32 bytes leftover after parsing attributes in process `syz.1.26'.
[   98.745866][   T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   98.880093][ T5813] speedtch 3-1:0.0: speedtch_bind: data interface not found!
[   98.893280][ T5813] speedtch 3-1:0.0: usbatm_usb_probe: bind failed: -19!
[   98.905644][   T10] usb 5-1: Using ep0 maxpacket: 16
[   98.913902][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   98.927609][ T5813] usb 3-1: USB disconnect, device number 3
[   98.942142][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   98.952676][   T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   98.978012][   T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   99.016742][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.040555][ T6028] FAULT_INJECTION: forcing a failure.
[   99.040555][ T6028] name failslab, interval 1, probability 0, space 0, times 1
[   99.054382][ T6028] CPU: 1 UID: 0 PID: 6028 Comm: syz.1.30 Not tainted syzkaller #0 PREEMPT(full) 
[   99.054410][ T6028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[   99.054423][ T6028] Call Trace:
[   99.054431][ T6028]  <TASK>
[   99.054439][ T6028]  dump_stack_lvl+0xe8/0x150
[   99.054475][ T6028]  should_fail_ex+0x412/0x560
[   99.054514][ T6028]  should_failslab+0xa8/0x100
[   99.054545][ T6028]  __kmalloc_noprof+0xe8/0x760
[   99.054570][ T6028]  ? tomoyo_encode+0x28b/0x550
[   99.054597][ T6028]  tomoyo_encode+0x28b/0x550
[   99.054625][ T6028]  tomoyo_realpath_from_path+0x58d/0x5d0
[   99.054665][ T6028]  ? tomoyo_path_number_perm+0x219/0x630
[   99.054695][ T6028]  tomoyo_path_number_perm+0x246/0x630
[   99.054729][ T6028]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   99.054762][ T6028]  ? __lock_acquire+0x6b5/0x2cf0
[   99.054802][ T6028]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[   99.054852][ T6028]  ? __fget_files+0x2a/0x420
[   99.054881][ T6028]  ? __fget_files+0x2a/0x420
[   99.055002][ T6028]  ? __fget_files+0x3a0/0x420
[   99.055095][ T6028]  ? __fget_files+0x2a/0x420
[   99.055125][ T6028]  security_file_ioctl+0xc3/0x2a0
[   99.055165][ T6028]  __se_sys_ioctl+0x47/0x170
[   99.055195][ T6028]  do_syscall_64+0x14d/0xf80
[   99.055225][ T6028]  ? trace_irq_disable+0x3b/0x150
[   99.055244][ T6028]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.055273][ T6028]  ? clear_bhb_loop+0x40/0x90
[   99.055300][ T6028]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   99.055323][ T6028] RIP: 0033:0x7f355859c819
[   99.055344][ T6028] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   99.055361][ T6028] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   99.055393][ T6028] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[   99.055409][ T6028] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000003
[   99.055423][ T6028] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[   99.055443][ T6028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   99.055460][ T6028] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[   99.055495][ T6028]  </TASK>
[   99.064056][   T10] usb 5-1: config 0 descriptor??
[   99.142241][ T6028] ERROR: Out of memory at tomoyo_realpath_from_path.
[  100.037277][   T10] usbhid 5-1:0.0: can't add hid device: -71
[  100.043415][   T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  100.100001][   T10] usb 5-1: USB disconnect, device number 3
[  100.127882][ T6042] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  100.162343][ T6042] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  100.207921][ T6045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.36'.
[  100.365744][ T5917] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  100.539690][ T5917] usb 3-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  100.560242][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.571063][  T924] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  100.594321][ T5917] usb 3-1: Product: syz
[  100.611028][ T5917] usb 3-1: Manufacturer: syz
[  100.616242][ T5917] usb 3-1: SerialNumber: syz
[  100.627291][ T5917] usb 3-1: config 0 descriptor??
[  100.729970][   T51] Bluetooth: hci5: urb ffff88802b2a3100 submission failed (2)
[  100.757281][  T924] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  100.773306][ T6059] FAULT_INJECTION: forcing a failure.
[  100.773306][ T6059] name failslab, interval 1, probability 0, space 0, times 0
[  100.790875][  T924] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  100.839398][ T6055] syz.0.40 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  100.852737][  T924] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  100.859104][ T6059] CPU: 0 UID: 0 PID: 6059 Comm: syz.3.41 Not tainted syzkaller #0 PREEMPT(full) 
[  100.859183][ T6059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  100.859218][ T6059] Call Trace:
[  100.859240][ T6059]  <TASK>
[  100.859269][ T6059]  dump_stack_lvl+0xe8/0x150
[  100.859370][ T6059]  should_fail_ex+0x412/0x560
[  100.859476][ T6059]  should_failslab+0xa8/0x100
[  100.859568][ T6059]  __kmalloc_noprof+0xe8/0x760
[  100.859645][ T6059]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  100.859724][ T6059]  tomoyo_realpath_from_path+0xe3/0x5d0
[  100.859821][ T6059]  ? tomoyo_path_number_perm+0x219/0x630
[  100.859940][ T6059]  tomoyo_path_number_perm+0x246/0x630
[  100.860042][ T6059]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  100.860130][ T6059]  ? __lock_acquire+0x6b5/0x2cf0
[  100.860238][ T6059]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  100.860381][ T6059]  ? __fget_files+0x2a/0x420
[  100.860445][ T6059]  ? __fget_files+0x2a/0x420
[  100.860499][ T6059]  ? __fget_files+0x3a0/0x420
[  100.860553][ T6059]  ? __fget_files+0x2a/0x420
[  100.860617][ T6059]  security_file_ioctl+0xc3/0x2a0
[  100.860704][ T6059]  __se_sys_ioctl+0x47/0x170
[  100.860783][ T6059]  do_syscall_64+0x14d/0xf80
[  100.860872][ T6059]  ? trace_irq_disable+0x3b/0x150
[  100.860917][ T6059]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.860982][ T6059]  ? clear_bhb_loop+0x40/0x90
[  100.861057][ T6059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.861111][ T6059] RIP: 0033:0x7f87f7b9c819
[  100.861167][ T6059] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  100.861219][ T6059] RSP: 002b:00007f87f8985028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  100.861292][ T6059] RAX: ffffffffffffffda RBX: 00007f87f7e15fa0 RCX: 00007f87f7b9c819
[  100.861335][ T6059] RDX: 0000200000000540 RSI: 00000000c4c85513 RDI: 0000000000000003
[  100.861370][ T6059] RBP: 00007f87f8985090 R08: 0000000000000000 R09: 0000000000000000
[  100.861403][ T6059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  100.861444][ T6059] R13: 00007f87f7e16038 R14: 00007f87f7e15fa0 R15: 00007f87f7f3fa48
[  100.861546][ T6059]  </TASK>
[  100.861569][ T6059] ERROR: Out of memory at tomoyo_realpath_from_path.
[  100.879968][  T924] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  101.103192][  T924] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  101.191110][ T6043] trusted_key: syz.2.35 sent an empty control message without MSG_MORE.
[  101.213546][  T924] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  101.231153][  T924] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  101.239405][  T924] usb 2-1: Product: syz
[  101.243662][  T924] usb 2-1: Manufacturer: syz
[  101.273435][  T924] cdc_wdm 2-1:1.0: skipping garbage
[  101.291583][  T924] cdc_wdm 2-1:1.0: skipping garbage
[  101.333919][  T924] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  101.345640][  T924] cdc_wdm 2-1:1.0: Unknown control protocol
[  101.731557][  T924] usb 2-1: USB disconnect, device number 3
[  101.965717][ T5938] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  102.140163][ T5938] usb 5-1: config 0 has an invalid interface number: 28 but max is 0
[  102.159881][ T5938] usb 5-1: config 0 has no interface number 0
[  102.183365][ T5938] usb 5-1: config 0 has an invalid interface number: 28 but max is 0
[  102.197468][ T5938] usb 5-1: config 0 has no interface number 0
[  102.221718][ T5938] usb 5-1: config 0 has an invalid interface number: 28 but max is 0
[  102.237351][ T5938] usb 5-1: config 0 has no interface number 0
[  102.296104][ T5938] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb
[  102.328241][ T5938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201
[  102.363754][ T5938] usb 5-1: Product: syz
[  102.380154][ T5938] usb 5-1: Manufacturer: syz
[  102.384825][ T5938] usb 5-1: SerialNumber: syz
[  102.429603][ T5938] usb 5-1: config 0 descriptor??
[  102.457949][ T5938] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state.
[  102.470692][ T6083] loop5: detected capacity change from 0 to 7
[  102.487686][ T5938] dvb-usb: bulk message failed: -22 (2/0)
[  102.551443][ T5938] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  102.594020][ T5938] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB)
[  102.625872][ T5938] usb 5-1: media controller created
[  102.688190][ T6084] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  102.708936][ T6087] tipc: Started in network mode
[  102.714139][ T6087] tipc: Node identity 7f000001, cluster identity 4711
[  102.728979][ T6087] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  102.795625][ T5925] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  102.851151][ T5938] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  102.882286][ T5938] cxusb: set interface failed
[  102.887879][ T5938] dvb-usb: bulk message failed: -22 (1/0)
[  102.960698][ T6083] Dev loop5: unable to read RDB block 7
[  102.968449][ T5925] usb 2-1: Using ep0 maxpacket: 8
[  102.994076][ T6083]  loop5: unable to read partition table
[  103.006516][ T6083] loop5: partition table beyond EOD, truncated
[  103.074912][ T6083] loop_reread_partitions: partition scan of loop5 (���W������ý�*���	��ܽ���4FLQk݊5) failed (rc=-5)
[  103.096599][ T5925] usb 2-1: config 8 has an invalid interface number: 188 but max is 0
[  103.113019][ T5925] usb 2-1: config 8 has no interface number 0
[  103.145081][ T5925] usb 2-1: config 8 interface 188 altsetting 0 has an endpoint descriptor with address 0xFD, changing to 0x8D
[  103.186839][ T5925] usb 2-1: config 8 interface 188 altsetting 0 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  103.212087][ T5938] DVB: Unable to find symbol mt352_attach()
[  103.220349][ T5938] dvb-usb: bulk message failed: -22 (5/0)
[  103.229609][ T5938] zl10353_read_register: readreg error (reg=127, ret==-121)
[  103.237283][ T5938] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB'
[  103.317403][ T5925] usb 2-1: config 8 interface 188 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  103.400853][   T10] usb 3-1: USB disconnect, device number 4
[  103.425624][ T5925] usb 2-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=8f.67
[  103.463809][ T5925] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.486718][ T5925] usb 2-1: Product: syz
[  103.499946][ T5925] usb 2-1: Manufacturer: syz
[  103.508912][ T6094] FAULT_INJECTION: forcing a failure.
[  103.508912][ T6094] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  103.523101][ T5925] usb 2-1: SerialNumber: syz
[  103.529213][ T6094] CPU: 0 UID: 0 PID: 6094 Comm: syz.2.51 Not tainted syzkaller #0 PREEMPT(full) 
[  103.529243][ T6094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  103.529256][ T6094] Call Trace:
[  103.529265][ T6094]  <TASK>
[  103.529274][ T6094]  dump_stack_lvl+0xe8/0x150
[  103.529309][ T6094]  should_fail_ex+0x412/0x560
[  103.529349][ T6094]  _copy_from_user+0x2d/0xb0
[  103.529377][ T6094]  do_tcp_getsockopt+0x22e/0x2950
[  103.529412][ T6094]  ? __pfx_do_tcp_getsockopt+0x10/0x10
[  103.529435][ T6094]  ? sock_recv_errqueue+0x550/0x590
[  103.529462][ T6094]  ? __lock_acquire+0x6b5/0x2cf0
[  103.529500][ T6094]  ? aa_label_sk_perm+0x532/0x6e0
[  103.529537][ T6094]  ? kstrtoull+0x12f/0x1d0
[  103.529570][ T6094]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  103.529601][ T6094]  ? kstrtouint+0x6e/0xe0
[  103.529640][ T6094]  ? get_pid_task+0x20/0x1f0
[  103.529668][ T6094]  ? __lock_acquire+0x6b5/0x2cf0
[  103.529712][ T6094]  ? aa_sk_perm+0x6d5/0x900
[  103.529760][ T6094]  tcp_getsockopt+0x83/0x130
[  103.529782][ T6094]  ? sock_recv_errqueue+0x550/0x590
[  103.529802][ T6094]  ? sock_recv_errqueue+0x550/0x590
[  103.529821][ T6094]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  103.529845][ T6094]  do_sock_getsockopt+0x2d3/0x3f0
[  103.529874][ T6094]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  103.529905][ T6094]  ? ksys_write+0x1fc/0x270
[  103.529932][ T6094]  __x64_sys_getsockopt+0x1a4/0x240
[  103.529968][ T6094]  do_syscall_64+0x14d/0xf80
[  103.529996][ T6094]  ? trace_irq_disable+0x3b/0x150
[  103.530015][ T6094]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.530036][ T6094]  ? clear_bhb_loop+0x40/0x90
[  103.530062][ T6094]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  103.530083][ T6094] RIP: 0033:0x7fc10419c819
[  103.530103][ T6094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  103.530121][ T6094] RSP: 002b:00007fc10506c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  103.530142][ T6094] RAX: ffffffffffffffda RBX: 00007fc104415fa0 RCX: 00007fc10419c819
[  103.530158][ T6094] RDX: 000000000000001d RSI: 0000000000000006 RDI: 0000000000000003
[  103.530170][ T6094] RBP: 00007fc10506c090 R08: 00002000000000c0 R09: 0000000000000000
[  103.530183][ T6094] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  103.530194][ T6094] R13: 00007fc104416038 R14: 00007fc104415fa0 R15: 00007fc10453fa48
[  103.530227][ T6094]  </TASK>
[  104.137388][ T5938] rc_core: IR keymap rc-dvico-mce not found
[  104.156804][ T5938] Registered IR keymap rc-empty
[  104.183948][ T6097] FAULT_INJECTION: forcing a failure.
[  104.183948][ T6097] name failslab, interval 1, probability 0, space 0, times 0
[  104.200366][ T5925] vmk80xx 2-1:8.188: driver 'vmk80xx' failed to auto-configure device.
[  104.211769][ T6097] CPU: 0 UID: 0 PID: 6097 Comm: syz.0.53 Not tainted syzkaller #0 PREEMPT(full) 
[  104.211797][ T6097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  104.211810][ T6097] Call Trace:
[  104.211818][ T6097]  <TASK>
[  104.211827][ T6097]  dump_stack_lvl+0xe8/0x150
[  104.211862][ T6097]  should_fail_ex+0x412/0x560
[  104.211900][ T6097]  should_failslab+0xa8/0x100
[  104.211931][ T6097]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  104.211956][ T6097]  ? __alloc_skb+0x186/0x7d0
[  104.211982][ T6097]  ? __alloc_skb+0x1d0/0x7d0
[  104.211998][ T6097]  ? __local_bh_enable_ip+0xd0/0x130
[  104.212022][ T6097]  __alloc_skb+0x1d0/0x7d0
[  104.212061][ T6097]  netlink_sendmsg+0x5d4/0xb40
[  104.212087][ T6097]  ? __pfx_netlink_sendmsg+0x10/0x10
[  104.212107][ T6097]  ? aa_sock_msg_perm+0xf1/0x1b0
[  104.212136][ T6097]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  104.212174][ T6097]  ____sys_sendmsg+0x972/0x9f0
[  104.212201][ T6097]  ? __pfx_____sys_sendmsg+0x10/0x10
[  104.212228][ T6097]  ? import_iovec+0x73/0xa0
[  104.212248][ T6097]  ___sys_sendmsg+0x2a5/0x360
[  104.212272][ T6097]  ? __pfx____sys_sendmsg+0x10/0x10
[  104.212317][ T6097]  ? __fget_files+0x2a/0x420
[  104.212330][ T6097]  ? __fget_files+0x3a0/0x420
[  104.212350][ T6097]  __x64_sys_sendmsg+0x1bd/0x2a0
[  104.212372][ T6097]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  104.212399][ T6097]  ? __pfx_ksys_write+0x10/0x10
[  104.212424][ T6097]  do_syscall_64+0x14d/0xf80
[  104.212444][ T6097]  ? trace_irq_disable+0x3b/0x150
[  104.212458][ T6097]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.212473][ T6097]  ? clear_bhb_loop+0x40/0x90
[  104.212491][ T6097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.212507][ T6097] RIP: 0033:0x7f4aa639c819
[  104.212522][ T6097] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.212534][ T6097] RSP: 002b:00007f4aa71c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  104.212550][ T6097] RAX: ffffffffffffffda RBX: 00007f4aa6615fa0 RCX: 00007f4aa639c819
[  104.212561][ T6097] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000004
[  104.212570][ T6097] RBP: 00007f4aa71c7090 R08: 0000000000000000 R09: 0000000000000000
[  104.212579][ T6097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.212588][ T6097] R13: 00007f4aa6616038 R14: 00007f4aa6615fa0 R15: 00007f4aa673fa48
[  104.212610][ T6097]  </TASK>
[  104.214131][ T5925] vmk80xx 2-1:8.188: probe with driver vmk80xx failed with error -22
[  104.350318][ T5938] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0
[  104.681608][ T5925] usb 2-1: USB disconnect, device number 4
[  104.755563][  T924] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  104.767822][ T5938] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc0/input5
[  104.868553][ T5938] dvb-usb: schedule remote query interval to 100 msecs.
[  104.885536][ T5938] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected.
[  104.926212][  T924] usb 3-1: Using ep0 maxpacket: 16
[  104.951349][  T924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.976442][ T6110] fuse: Bad value for 'fd'
[  105.056087][ T5917] dvb-usb: bulk message failed: -22 (1/0)
[  105.215863][  T924] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  105.253967][  T924] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  105.329603][ T5938] dvb-usb: bulk message failed: -22 (1/0)
[  105.358144][  T924] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  105.382965][  T924] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.494378][ T5938] dvb-usb: bulk message failed: -22 (1/0)
[  105.522498][ T5938] usb 5-1: USB disconnect, device number 4
[  105.550536][  T924] usb 3-1: config 0 descriptor??
[  106.092981][  T924] usbhid 3-1:0.0: can't add hid device: -71
[  106.136570][  T924] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  106.178218][ T5938] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected.
[  106.202631][  T924] usb 3-1: USB disconnect, device number 5
[  106.821258][ T6130] openvswitch: netlink: Message has 106 unknown bytes.
[  106.885815][ T6130] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  107.215670][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  107.380069][  T924] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  107.409849][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84
[  107.422704][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 51544, setting to 1024
[  107.461376][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024
[  107.485197][    T9] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  107.495169][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.511099][    T9] usb 3-1: Product: syz
[  107.526193][    T9] usb 3-1: Manufacturer: syz
[  107.538408][    T9] usb 3-1: SerialNumber: syz
[  107.545767][  T924] usb 5-1: Using ep0 maxpacket: 8
[  107.560692][  T924] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  107.581354][    T9] usb 3-1: config 0 descriptor??
[  107.595896][ T6134] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  107.605045][  T924] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.664329][  T924] usb 5-1: Product: syz
[  107.692825][  T924] usb 5-1: Manufacturer: syz
[  107.717685][  T924] usb 5-1: SerialNumber: syz
[  107.743217][  T924] usb 5-1: config 0 descriptor??
[  107.815721][ T6134] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  108.035754][  T924] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  108.335390][  T924] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  108.407450][  T924] usb 5-1: USB disconnect, device number 5
[  109.436803][ T6171] FAULT_INJECTION: forcing a failure.
[  109.436803][ T6171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.458408][ T6171] CPU: 1 UID: 0 PID: 6171 Comm: syz.0.73 Not tainted syzkaller #0 PREEMPT(full) 
[  109.458430][ T6171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  109.458440][ T6171] Call Trace:
[  109.458447][ T6171]  <TASK>
[  109.458455][ T6171]  dump_stack_lvl+0xe8/0x150
[  109.458482][ T6171]  should_fail_ex+0x412/0x560
[  109.458511][ T6171]  _copy_to_user+0x31/0xb0
[  109.458532][ T6171]  simple_read_from_buffer+0xe1/0x170
[  109.458559][ T6171]  proc_fail_nth_read+0x1bb/0x230
[  109.458585][ T6171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  109.458610][ T6171]  ? rw_verify_area+0x2a6/0x4d0
[  109.458627][ T6171]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  109.458651][ T6171]  vfs_read+0x20c/0xa70
[  109.458667][ T6171]  ? fdget_pos+0x246/0x320
[  109.458684][ T6171]  ? __pfx___mutex_lock+0x10/0x10
[  109.458707][ T6171]  ? __pfx_vfs_read+0x10/0x10
[  109.458725][ T6171]  ? __fget_files+0x2a/0x420
[  109.458742][ T6171]  ? __fget_files+0x3a0/0x420
[  109.458755][ T6171]  ? __fget_files+0x2a/0x420
[  109.458775][ T6171]  ksys_read+0x150/0x270
[  109.458795][ T6171]  ? __pfx_ksys_read+0x10/0x10
[  109.458821][ T6171]  do_syscall_64+0x14d/0xf80
[  109.458843][ T6171]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.458858][ T6171]  ? clear_bhb_loop+0x40/0x90
[  109.458877][ T6171]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.458893][ T6171] RIP: 0033:0x7f4aa635d04e
[  109.458908][ T6171] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  109.458920][ T6171] RSP: 002b:00007f4aa71c6fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  109.458938][ T6171] RAX: ffffffffffffffda RBX: 00007f4aa71c76c0 RCX: 00007f4aa635d04e
[  109.458949][ T6171] RDX: 000000000000000f RSI: 00007f4aa71c70a0 RDI: 0000000000000004
[  109.458958][ T6171] RBP: 00007f4aa71c7090 R08: 0000000000000000 R09: 0000000000000000
[  109.458967][ T6171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.458976][ T6171] R13: 00007f4aa6616038 R14: 00007f4aa6615fa0 R15: 00007f4aa673fa48
[  109.459000][ T6171]  </TASK>
[  109.770407][ T6172] pimreg: entered allmulticast mode
[  109.806039][ T6172] pimreg: left allmulticast mode
[  109.915606][ T5938] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  110.097002][ T5938] usb 2-1: too many configurations: 109, using maximum allowed: 8
[  110.261869][  T924] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  110.316068][ T5938] usb 2-1: unable to read config index 0 descriptor/start: -61
[  110.335990][ T5938] usb 2-1: can't read configurations, error -61
[  110.414627][ T6179] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  110.449205][  T924] usb 1-1: Using ep0 maxpacket: 32
[  110.471573][  T924] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  110.502876][    T9] usb 3-1: USB disconnect, device number 6
[  110.517136][  T924] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  110.532295][ T5938] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  110.567993][  T924] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  110.582678][  T924] usb 1-1: Product: syz
[  110.603132][  T924] usb 1-1: Manufacturer: syz
[  110.613644][  T924] usb 1-1: SerialNumber: syz
[  110.626244][  T924] usb 1-1: config 0 descriptor??
[  110.636284][ T6175] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  110.645366][  T924] hub 1-1:0.0: bad descriptor, ignoring hub
[  110.690403][  T924] hub 1-1:0.0: probe with driver hub failed with error -5
[  110.736836][ T5938] usb 2-1: too many configurations: 109, using maximum allowed: 8
[  110.756508][ T5938] usb 2-1: unable to read config index 0 descriptor/start: -61
[  110.802401][ T5938] usb 2-1: can't read configurations, error -61
[  110.837594][ T5938] usb usb2-port1: attempt power cycle
[  111.226647][ T5938] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  111.247190][ T5938] usb 2-1: too many configurations: 109, using maximum allowed: 8
[  111.257013][ T5938] usb 2-1: unable to read config index 0 descriptor/start: -61
[  111.264791][ T5938] usb 2-1: can't read configurations, error -61
[  111.426062][ T5938] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  111.487415][ T5938] usb 2-1: too many configurations: 109, using maximum allowed: 8
[  111.501690][ T5938] usb 2-1: unable to read config index 0 descriptor/start: -61
[  111.514778][ T5938] usb 2-1: can't read configurations, error -61
[  111.544405][ T5938] usb usb2-port1: unable to enumerate USB device
[  111.850449][    T9] usb 1-1: USB disconnect, device number 2
[  112.066006][ T5938] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  112.213398][ T6197] FAULT_INJECTION: forcing a failure.
[  112.213398][ T6197] name failslab, interval 1, probability 0, space 0, times 0
[  112.226469][ T6197] CPU: 0 UID: 0 PID: 6197 Comm: syz.1.82 Not tainted syzkaller #0 PREEMPT(full) 
[  112.226506][ T6197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  112.226519][ T6197] Call Trace:
[  112.226528][ T6197]  <TASK>
[  112.226537][ T6197]  dump_stack_lvl+0xe8/0x150
[  112.226572][ T6197]  should_fail_ex+0x412/0x560
[  112.226612][ T6197]  should_failslab+0xa8/0x100
[  112.226642][ T6197]  ? skb_clone+0x212/0x3a0
[  112.226672][ T6197]  kmem_cache_alloc_noprof+0x87/0x650
[  112.226695][ T6197]  ? __netlink_lookup+0xc6/0x8b0
[  112.226728][ T6197]  skb_clone+0x212/0x3a0
[  112.226761][ T6197]  __netlink_deliver_tap+0x404/0x850
[  112.226796][ T6197]  ? netlink_deliver_tap+0x2e/0x1b0
[  112.226821][ T6197]  netlink_deliver_tap+0x19c/0x1b0
[  112.226847][ T6197]  netlink_unicast+0x7e3/0x9b0
[  112.226890][ T6197]  ? __pfx_netlink_unicast+0x10/0x10
[  112.226926][ T6197]  ? netlink_sendmsg+0x650/0xb40
[  112.226947][ T6197]  ? skb_put+0x11b/0x210
[  112.226976][ T6197]  netlink_sendmsg+0x813/0xb40
[  112.227010][ T6197]  ? __pfx_netlink_sendmsg+0x10/0x10
[  112.227038][ T6197]  ? aa_sock_msg_perm+0xf1/0x1b0
[  112.227075][ T6197]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  112.227104][ T6197]  ____sys_sendmsg+0x972/0x9f0
[  112.227143][ T6197]  ? __pfx_____sys_sendmsg+0x10/0x10
[  112.227182][ T6197]  ? import_iovec+0x73/0xa0
[  112.227212][ T6197]  ___sys_sendmsg+0x2a5/0x360
[  112.227247][ T6197]  ? __pfx____sys_sendmsg+0x10/0x10
[  112.227311][ T6197]  ? __fget_files+0x2a/0x420
[  112.227331][ T6197]  ? __fget_files+0x3a0/0x420
[  112.227362][ T6197]  __x64_sys_sendmsg+0x1bd/0x2a0
[  112.227394][ T6197]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  112.227434][ T6197]  ? __pfx_ksys_write+0x10/0x10
[  112.227472][ T6197]  do_syscall_64+0x14d/0xf80
[  112.227512][ T6197]  ? trace_irq_disable+0x3b/0x150
[  112.227531][ T6197]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.227553][ T6197]  ? clear_bhb_loop+0x40/0x90
[  112.227581][ T6197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.227602][ T6197] RIP: 0033:0x7f355859c819
[  112.227623][ T6197] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.227640][ T6197] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  112.227663][ T6197] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[  112.227679][ T6197] RDX: 00000000000008d0 RSI: 00002000000003c0 RDI: 0000000000000003
[  112.227693][ T6197] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[  112.227706][ T6197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  112.227719][ T6197] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[  112.227753][ T6197]  </TASK>
[  112.227859][ T6197] netlink: 12 bytes leftover after parsing attributes in process `syz.1.82'.
[  112.230448][ T5938] usb 3-1: unable to get BOS descriptor or descriptor too short
[  112.693273][ T5938] usb 3-1: not running at top speed; connect to a high speed hub
[  112.702541][ T5938] usb 3-1: config 129 has an invalid interface number: 80 but max is 0
[  112.711116][ T5938] usb 3-1: config 129 has an invalid interface number: 5 but max is 0
[  112.728729][ T6203] FAULT_INJECTION: forcing a failure.
[  112.728729][ T6203] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  112.742227][ T5938] usb 3-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  112.755911][ T6203] CPU: 1 UID: 0 PID: 6203 Comm: syz.0.84 Not tainted syzkaller #0 PREEMPT(full) 
[  112.755940][ T6203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  112.755952][ T6203] Call Trace:
[  112.755960][ T6203]  <TASK>
[  112.755969][ T6203]  dump_stack_lvl+0xe8/0x150
[  112.756005][ T6203]  should_fail_ex+0x412/0x560
[  112.756044][ T6203]  _copy_from_user+0x2d/0xb0
[  112.756081][ T6203]  memdup_user+0x5e/0xd0
[  112.756109][ T6203]  strndup_user+0x68/0xd0
[  112.756135][ T6203]  __se_sys_fsconfig+0x4b5/0x820
[  112.756171][ T6203]  ? __pfx___se_sys_fsconfig+0x10/0x10
[  112.756193][ T6203]  ? ksys_write+0x242/0x270
[  112.756217][ T6203]  ? __pfx_ksys_write+0x10/0x10
[  112.756245][ T6203]  ? __x64_sys_fsconfig+0x20/0xc0
[  112.756271][ T6203]  do_syscall_64+0x14d/0xf80
[  112.756297][ T6203]  ? trace_irq_disable+0x3b/0x150
[  112.756315][ T6203]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.756334][ T6203]  ? clear_bhb_loop+0x40/0x90
[  112.756362][ T6203]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.756379][ T6203] RIP: 0033:0x7f4aa639c819
[  112.756397][ T6203] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  112.756419][ T6203] RSP: 002b:00007f4aa71c7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  112.756439][ T6203] RAX: ffffffffffffffda RBX: 00007f4aa6615fa0 RCX: 00007f4aa639c819
[  112.756452][ T6203] RDX: 0000200000000000 RSI: 0000000000000001 RDI: 0000000000000003
[  112.756463][ T6203] RBP: 00007f4aa71c7090 R08: 0000000000000000 R09: 0000000000000000
[  112.756474][ T6203] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  112.756486][ T6203] R13: 00007f4aa6616038 R14: 00007f4aa6615fa0 R15: 00007f4aa673fa48
[  112.756514][ T6203]  </TASK>
[  112.982722][ T5938] usb 3-1: config 129 has no interface number 0
[  112.989125][ T5938] usb 3-1: config 129 has no interface number 1
[  112.995596][ T5938] usb 3-1: config 129 interface 80 altsetting 11 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  113.009324][ T5938] usb 3-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  113.020914][ T5938] usb 3-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  113.034533][ T5938] usb 3-1: config 129 interface 80 has no altsetting 0
[  113.041645][ T5938] usb 3-1: config 129 interface 5 has no altsetting 0
[  113.093197][ T5938] usb 3-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00
[  113.102915][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.111063][ T5938] usb 3-1: SerialNumber: syz
[  113.382951][ T5938] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  113.421394][ T5938] usb 3-1: MIDIStreaming interface descriptor not found
[  113.452993][ T6217] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  113.471582][ T6217] netlink: 20 bytes leftover after parsing attributes in process `syz.1.87'.
[  113.616748][ T6220] process 'syz.4.88' launched './file2' with NULL argv: empty string added
[  113.670746][   T30] audit: type=1326 audit(1775813631.600:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  113.815423][ T5938] usb 3-1: USB disconnect, device number 7
[  113.822212][   T30] audit: type=1326 audit(1775813631.600:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  113.990849][   T30] audit: type=1326 audit(1775813631.600:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  114.283806][   T30] audit: type=1326 audit(1775813631.600:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  114.430805][ T6229] netlink: 16 bytes leftover after parsing attributes in process `syz.0.90'.
[  114.511079][   T30] audit: type=1326 audit(1775813631.600:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  114.602943][   T30] audit: type=1326 audit(1775813631.600:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  114.696744][   T30] audit: type=1326 audit(1775813631.600:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  114.945641][   T30] audit: type=1326 audit(1775813631.600:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  115.088040][   T30] audit: type=1326 audit(1775813631.600:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  115.116333][ T5925] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  115.270397][   T30] audit: type=1326 audit(1775813631.610:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6212 comm="syz.4.88" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa33219c819 code=0x7ffc0000
[  115.425893][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  115.486664][ T5925] usb 4-1: too many configurations: 109, using maximum allowed: 8
[  115.603052][ T5925] usb 4-1: unable to read config index 0 descriptor/start: -61
[  115.611372][    T9] usb 3-1: Using ep0 maxpacket: 8
[  115.627969][    T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 247, changing to 7
[  115.656264][ T5925] usb 4-1: can't read configurations, error -61
[  115.675366][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  115.713071][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.738574][    T9] usb 3-1: Product: syz
[  115.751869][    T9] usb 3-1: Manufacturer: syz
[  115.771863][    T9] usb 3-1: SerialNumber: syz
[  115.845765][ T5925] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  116.022276][    T9] usb 3-1: found format II with max.bitrate = 3962, frame size=923
[  116.071148][    T9] usb 3-1: 1:1 : invalid UAC_FORMAT_TYPE desc
[  116.079060][ T5925] usb 4-1: too many configurations: 109, using maximum allowed: 8
[  116.108920][ T5925] usb 4-1: unable to read config index 0 descriptor/start: -61
[  116.122333][    T9] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  116.132450][ T5925] usb 4-1: can't read configurations, error -61
[  116.171877][ T5925] usb usb4-port1: attempt power cycle
[  116.265789][   T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  116.385118][    T9] usb 3-1: USB disconnect, device number 8
[  116.465606][   T10] usb 2-1: Using ep0 maxpacket: 32
[  116.486711][ T6100] udevd[6100]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  116.505853][   T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  116.594144][   T10] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  116.616819][ T5925] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  116.625385][   T10] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  116.656696][   T10] usb 2-1: Product: syz
[  116.670247][   T10] usb 2-1: Manufacturer: syz
[  116.677135][ T5925] usb 4-1: too many configurations: 109, using maximum allowed: 8
[  116.697007][   T10] usb 2-1: SerialNumber: syz
[  116.714360][ T6251] fuse: Bad value for 'fd'
[  116.775968][   T10] usb 2-1: config 0 descriptor??
[  116.794332][ T6245] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  116.809809][ T5925] usb 4-1: unable to read config index 0 descriptor/start: -61
[  116.824658][   T10] hub 2-1:0.0: bad descriptor, ignoring hub
[  116.858428][ T5925] usb 4-1: can't read configurations, error -61
[  116.952887][   T10] hub 2-1:0.0: probe with driver hub failed with error -5
[  117.068827][   T10] usb 2-1: USB disconnect, device number 9
[  117.155912][ T5925] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  117.211693][ T5925] usb 4-1: too many configurations: 109, using maximum allowed: 8
[  117.233749][ T5925] usb 4-1: unable to read config index 0 descriptor/start: -61
[  117.284017][ T5925] usb 4-1: can't read configurations, error -61
[  117.375299][ T5925] usb usb4-port1: unable to enumerate USB device
[  117.725867][ T5925] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  117.901104][ T5925] usb 3-1: Using ep0 maxpacket: 16
[  117.920209][ T5925] usb 3-1: config 252 has an invalid interface number: 15 but max is 0
[  117.931642][ T5925] usb 3-1: config 252 has no interface number 0
[  117.965148][ T5925] usb 3-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  118.027683][ T5925] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[  118.036955][ T5938] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  118.080943][ T6264] FAULT_INJECTION: forcing a failure.
[  118.080943][ T6264] name failslab, interval 1, probability 0, space 0, times 0
[  118.094463][ T5925] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.125637][ T6264] CPU: 1 UID: 0 PID: 6264 Comm: syz.1.101 Not tainted syzkaller #0 PREEMPT(full) 
[  118.125668][ T6264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  118.125681][ T6264] Call Trace:
[  118.125689][ T6264]  <TASK>
[  118.125698][ T6264]  dump_stack_lvl+0xe8/0x150
[  118.125733][ T6264]  should_fail_ex+0x412/0x560
[  118.125772][ T6264]  should_failslab+0xa8/0x100
[  118.125802][ T6264]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  118.125831][ T6264]  ? __alloc_skb+0x186/0x7d0
[  118.125854][ T6264]  ? __alloc_skb+0x1d0/0x7d0
[  118.125877][ T6264]  ? __local_bh_enable_ip+0xd0/0x130
[  118.125910][ T6264]  __alloc_skb+0x1d0/0x7d0
[  118.125939][ T6264]  netlink_sendmsg+0x5d4/0xb40
[  118.125973][ T6264]  ? __pfx_netlink_sendmsg+0x10/0x10
[  118.126000][ T6264]  ? aa_sock_msg_perm+0xf1/0x1b0
[  118.126044][ T6264]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  118.126074][ T6264]  ____sys_sendmsg+0x972/0x9f0
[  118.126112][ T6264]  ? __pfx_____sys_sendmsg+0x10/0x10
[  118.126150][ T6264]  ? import_iovec+0x73/0xa0
[  118.126179][ T6264]  ___sys_sendmsg+0x2a5/0x360
[  118.126213][ T6264]  ? __pfx____sys_sendmsg+0x10/0x10
[  118.126277][ T6264]  ? __fget_files+0x2a/0x420
[  118.126296][ T6264]  ? __fget_files+0x3a0/0x420
[  118.126326][ T6264]  __x64_sys_sendmsg+0x1bd/0x2a0
[  118.126358][ T6264]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  118.126397][ T6264]  ? __pfx_ksys_write+0x10/0x10
[  118.126432][ T6264]  do_syscall_64+0x14d/0xf80
[  118.126461][ T6264]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.126483][ T6264]  ? clear_bhb_loop+0x40/0x90
[  118.126509][ T6264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.126531][ T6264] RIP: 0033:0x7f355859c819
[  118.126552][ T6264] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  118.126569][ T6264] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  118.126592][ T6264] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[  118.126607][ T6264] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003
[  118.126621][ T6264] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[  118.126633][ T6264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  118.126645][ T6264] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[  118.126660][ T5925] usb 3-1: Product: syz
[  118.126677][ T6264]  </TASK>
[  118.166187][ T5938] usb 1-1: device descriptor read/64, error -71
[  118.452663][ T5925] usb 3-1: Manufacturer: syz
[  118.505296][ T5925] usb 3-1: SerialNumber: syz
[  118.576705][ T6270] misc userio: No port type given on /dev/userio
[  118.607742][ T5925] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  118.645588][ T5938] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  118.805901][ T5938] usb 1-1: device descriptor read/64, error -71
[  118.833535][   T37] usb 3-1: Failed to submit usb control message: -71
[  118.834126][ T1218] usb 3-1: USB disconnect, device number 9
[  118.903498][   T37] usb 3-1: unable to send the bmi data to the device: -71
[  118.920297][ T5938] usb usb1-port1: attempt power cycle
[  118.939580][   T37] usb 3-1: unable to get target info from device
[  118.959566][   T37] usb 3-1: could not get target info (-71)
[  118.989612][   T37] usb 3-1: could not probe fw (-71)
[  119.036906][ T6279] netlink: 'syz.1.105': attribute type 1 has an invalid length.
[  119.148033][ T6279] 8021q: adding VLAN 0 to HW filter on device bond1
[  119.209346][ T6283] bond1: (slave gretap1): making interface the new active one
[  119.237490][ T6283] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  119.265607][ T5938] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  119.296816][ T5938] usb 1-1: device descriptor read/8, error -71
[  119.456115][   T10] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  119.539919][ T6288] capability: warning: `syz.2.108' uses deprecated v2 capabilities in a way that may be insecure
[  119.555977][ T5938] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  119.581035][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  119.581054][   T30] audit: type=1326 audit(1775813637.590:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  119.631005][ T5938] usb 1-1: device descriptor read/8, error -71
[  119.646011][   T10] usb 5-1: config 1 has an invalid descriptor of length 78, skipping remainder of the config
[  119.667278][   T10] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  119.692802][   T10] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  119.714104][   T30] audit: type=1326 audit(1775813637.590:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  119.745878][ T5938] usb usb1-port1: unable to enumerate USB device
[  119.749551][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  119.795642][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  119.824730][   T10] usb 5-1: SerialNumber: syz
[  119.838198][   T30] audit: type=1326 audit(1775813637.590:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  119.896019][ T6294] FAULT_INJECTION: forcing a failure.
[  119.896019][ T6294] name failslab, interval 1, probability 0, space 0, times 0
[  119.924337][   T30] audit: type=1326 audit(1775813637.590:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  119.928247][   T10] cdc_acm 5-1:1.0: skipping garbage
[  119.957531][ T6294] CPU: 0 UID: 0 PID: 6294 Comm: syz.1.109 Not tainted syzkaller #0 PREEMPT(full) 
[  119.957554][ T6294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  119.957564][ T6294] Call Trace:
[  119.957570][ T6294]  <TASK>
[  119.957576][ T6294]  dump_stack_lvl+0xe8/0x150
[  119.957602][ T6294]  should_fail_ex+0x412/0x560
[  119.957631][ T6294]  should_failslab+0xa8/0x100
[  119.957651][ T6294]  ? fcntl_getlk+0x35/0xaa0
[  119.957667][ T6294]  kmem_cache_alloc_noprof+0x87/0x650
[  119.957689][ T6294]  fcntl_getlk+0x35/0xaa0
[  119.957716][ T6294]  do_fcntl+0xb6b/0x1a20
[  119.957737][ T6294]  ? kmem_cache_free+0x187/0x630
[  119.957755][ T6294]  ? __pfx_do_fcntl+0x10/0x10
[  119.957783][ T6294]  ? ksys_write+0x1fc/0x270
[  119.957805][ T6294]  ? bpf_lsm_file_fcntl+0x9/0x20
[  119.957828][ T6294]  __se_sys_fcntl+0xc8/0x150
[  119.957847][ T6294]  do_syscall_64+0x14d/0xf80
[  119.957867][ T6294]  ? trace_irq_disable+0x3b/0x150
[  119.957881][ T6294]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.957896][ T6294]  ? clear_bhb_loop+0x40/0x90
[  119.957914][ T6294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.957929][ T6294] RIP: 0033:0x7f355859c819
[  119.957943][ T6294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  119.957955][ T6294] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  119.957972][ T6294] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[  119.957983][ T6294] RDX: 0000200000000600 RSI: 0000000000000024 RDI: 0000000000000003
[  119.957992][ T6294] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[  119.958001][ T6294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.958009][ T6294] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[  119.958038][ T6294]  </TASK>
[  120.154876][   T30] audit: type=1326 audit(1775813637.590:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  120.182290][   T10] cdc_acm 5-1:1.0: Control and data interfaces are not separated!
[  120.194164][   T30] audit: type=1326 audit(1775813637.620:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  120.195904][   T10] cdc_acm 5-1:1.0: This needs exactly 3 endpoints
[  120.226193][   T10] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22
[  120.267641][   T30] audit: type=1326 audit(1775813637.620:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  120.307168][ T5938] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  120.326615][   T30] audit: type=1326 audit(1775813637.620:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  120.418302][   T30] audit: type=1326 audit(1775813637.620:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  120.471464][   T30] audit: type=1326 audit(1775813637.620:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6289 comm="syz.1.107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  120.494429][ T5938] usb 3-1: Using ep0 maxpacket: 32
[  120.517977][ T5938] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  120.530495][ T5938] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  120.542976][ T5938] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  120.551835][ T5938] usb 3-1: Product: syz
[  120.556837][ T5938] usb 3-1: Manufacturer: syz
[  120.561754][ T5938] usb 3-1: SerialNumber: syz
[  120.600101][ T5938] usb 3-1: config 0 descriptor??
[  120.616317][ T6293] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  120.689605][ T5938] hub 3-1:0.0: bad descriptor, ignoring hub
[  120.695656][ T5938] hub 3-1:0.0: probe with driver hub failed with error -5
[  121.056002][   T10] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  121.255413][ T6315] fuse: Bad value for 'fd'
[  121.311429][   T10] usb 4-1: unable to read config index 0 descriptor/start: -61
[  121.321781][   T10] usb 4-1: can't read configurations, error -61
[  121.487650][ T6318] syzkaller1: entered promiscuous mode
[  121.500842][ T6318] syzkaller1: entered allmulticast mode
[  121.525601][   T10] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  121.711865][   T10] usb 4-1: unable to read config index 0 descriptor/start: -61
[  121.728743][   T10] usb 4-1: can't read configurations, error -61
[  121.735436][    T9] usb 3-1: USB disconnect, device number 10
[  121.765923][   T10] usb usb4-port1: attempt power cycle
[  122.131306][ T5962] usb 5-1: USB disconnect, device number 6
[  122.175878][   T10] usb 4-1: new full-speed USB device number 8 using dummy_hcd
[  122.263284][   T10] usb 4-1: unable to read config index 0 descriptor/start: -61
[  122.273484][   T10] usb 4-1: can't read configurations, error -61
[  122.438613][   T10] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  122.518224][   T10] usb 4-1: unable to read config index 0 descriptor/start: -61
[  122.545914][   T10] usb 4-1: can't read configurations, error -61
[  122.571447][   T10] usb usb4-port1: unable to enumerate USB device
[  122.755932][ T6329] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size.
[  123.121604][ T6338] FAULT_INJECTION: forcing a failure.
[  123.121604][ T6338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  123.165315][ T6338] CPU: 0 UID: 0 PID: 6338 Comm: syz.4.125 Not tainted syzkaller #0 PREEMPT(full) 
[  123.165337][ T6338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  123.165347][ T6338] Call Trace:
[  123.165353][ T6338]  <TASK>
[  123.165360][ T6338]  dump_stack_lvl+0xe8/0x150
[  123.165386][ T6338]  should_fail_ex+0x412/0x560
[  123.165414][ T6338]  strncpy_from_user+0x36/0x2b0
[  123.165440][ T6338]  do_getname+0x77/0x250
[  123.165488][ T6338]  do_sys_openat2+0xca/0x200
[  123.165524][ T6338]  ? __pfx_do_sys_openat2+0x10/0x10
[  123.165557][ T6338]  ? ksys_write+0x242/0x270
[  123.165577][ T6338]  ? __pfx_ksys_write+0x10/0x10
[  123.165597][ T6338]  __x64_sys_openat+0x138/0x170
[  123.165624][ T6338]  do_syscall_64+0x14d/0xf80
[  123.165645][ T6338]  ? trace_irq_disable+0x3b/0x150
[  123.165658][ T6338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.165674][ T6338]  ? clear_bhb_loop+0x40/0x90
[  123.165693][ T6338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.165709][ T6338] RIP: 0033:0x7fa33219c819
[  123.165723][ T6338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  123.165736][ T6338] RSP: 002b:00007fa33301e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  123.165753][ T6338] RAX: ffffffffffffffda RBX: 00007fa332415fa0 RCX: 00007fa33219c819
[  123.165764][ T6338] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  123.165775][ T6338] RBP: 00007fa33301e090 R08: 0000000000000000 R09: 0000000000000000
[  123.165784][ T6338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.165793][ T6338] R13: 00007fa332416038 R14: 00007fa332415fa0 R15: 00007fa33253fa48
[  123.165815][ T6338]  </TASK>
[  123.754362][ T6354] netlink: 8 bytes leftover after parsing attributes in process `syz.4.128'.
[  123.763588][ T6354] bond0: option lp_interval: invalid value (0)
[  123.770960][ T6354] bond0: option lp_interval: allowed values 1 - 2147483647
[  124.599581][ T6357] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  124.846157][ T6364] IPv6: Can't replace route, no match found
[  125.115699][ T5917] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  125.125619][ T5938] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  125.150909][ T6374] fuse: Bad value for 'fd'
[  125.375647][ T5938] usb 5-1: Using ep0 maxpacket: 8
[  125.383115][ T5938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  125.395845][ T5917] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[  125.407444][ T5938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  125.417339][ T5917] usb 3-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice= 0.00
[  125.427001][ T5938] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  125.436991][ T5917] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.445207][ T5938] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024
[  125.459174][ T5938] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  125.470679][ T5917] usb 3-1: config 0 descriptor??
[  125.476623][ T6364] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  125.494894][ T5938] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  125.509765][ T5938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.545333][ T5938] usb 5-1: config 0 descriptor??
[  125.571653][ T6365] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  125.707617][ T6379] netlink: 20 bytes leftover after parsing attributes in process `syz.0.138'.
[  125.846538][   T51] Bluetooth: hci5: Opcode 0x0c03 failed: -71
[  125.863671][   T10] usb 5-1: USB disconnect, device number 7
[  125.947274][ T5917] usbhid 3-1:0.0: can't add hid device: -71
[  125.974143][ T5917] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  126.015926][ T5917] usb 3-1: USB disconnect, device number 11
[  126.140656][ T6387] netlink: 8 bytes leftover after parsing attributes in process `syz.0.140'.
[  126.162688][ T6387] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.446052][  T924] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  126.556881][   T10] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  126.666018][  T924] usb 2-1: Using ep0 maxpacket: 32
[  126.706438][  T924] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  126.745850][  T924] usb 2-1: config 0 has no interfaces?
[  126.770971][  T924] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  126.789788][  T924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.803345][   T10] usb 3-1: unable to read config index 0 descriptor/start: -61
[  126.846649][   T10] usb 3-1: can't read configurations, error -61
[  126.900106][  T924] usb 2-1: Product: syz
[  126.945450][  T924] usb 2-1: Manufacturer: syz
[  126.950534][  T924] usb 2-1: SerialNumber: syz
[  126.989494][  T924] usb 2-1: config 0 descriptor??
[  127.028700][   T10] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  127.409966][   T10] usb 3-1: unable to read config index 0 descriptor/start: -61
[  127.514310][   T10] usb 3-1: can't read configurations, error -61
[  127.528756][   T10] usb usb3-port1: attempt power cycle
[  127.895933][   T10] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  127.947666][   T10] usb 3-1: unable to read config index 0 descriptor/start: -61
[  127.955351][   T10] usb 3-1: can't read configurations, error -61
[  128.158765][   T10] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  128.383830][   T10] usb 3-1: unable to read config index 0 descriptor/start: -61
[  128.393460][   T10] usb 3-1: can't read configurations, error -61
[  128.401657][   T10] usb usb3-port1: unable to enumerate USB device
[  129.610356][ T5938] usb 2-1: USB disconnect, device number 10
[  130.055960][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  130.275605][   T10] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  130.337121][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  130.337140][   T30] audit: type=1326 audit(1775813648.300:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  130.419283][   T30] audit: type=1326 audit(1775813648.300:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  130.490271][   T30] audit: type=1326 audit(1775813648.300:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  130.515098][   T30] audit: type=1326 audit(1775813648.300:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  130.602026][   T10] usb 3-1: Using ep0 maxpacket: 32
[  130.657747][   T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  130.725377][ T6450] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  130.753068][   T10] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  130.798982][   T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  130.894402][   T30] audit: type=1326 audit(1775813648.300:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  131.113170][   T10] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  131.117637][   T30] audit: type=1326 audit(1775813648.300:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  131.213983][   T10] usb 3-1: Product: syz
[  131.227271][   T10] usb 3-1: Manufacturer: syz
[  131.244386][   T10] usb 3-1: SerialNumber: syz
[  131.263428][   T10] appletouch 3-1:1.0: Could not find int-in endpoint
[  131.279771][   T10] appletouch 3-1:1.0: probe with driver appletouch failed with error -5
[  131.308596][   T30] audit: type=1326 audit(1775813648.320:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  131.358936][   T10] usbhid 3-1:1.0: couldn't find an input interrupt endpoint
[  131.577711][   T30] audit: type=1326 audit(1775813648.320:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  131.835932][   T30] audit: type=1326 audit(1775813648.330:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  131.936456][   T30] audit: type=1326 audit(1775813648.330:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6442 comm="syz.1.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f355859c819 code=0x7ffc0000
[  132.925585][ T5962] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  132.982789][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.992732][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  133.104924][ T5962] usb 4-1: unable to read config index 0 descriptor/start: -61
[  133.112854][ T5962] usb 4-1: can't read configurations, error -61
[  133.178979][ T6472] loop9: detected capacity change from 0 to 7
[  133.191131][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.199539][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.211858][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.223965][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.237948][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.246346][ T5962] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  133.259104][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.277762][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.296290][ T6100] ldm_validate_partition_table(): Disk read failed.
[  133.315258][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.350780][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.408587][ T6100] Buffer I/O error on dev loop9, logical block 0, async page read
[  133.429244][ T5962] usb 4-1: unable to read config index 0 descriptor/start: -61
[  133.438663][ T5962] usb 4-1: can't read configurations, error -61
[  133.456513][ T6100] Dev loop9: unable to read RDB block 0
[  133.469927][ T5962] usb usb4-port1: attempt power cycle
[  133.482217][ T6100]  loop9: unable to read partition table
[  133.502135][ T6100] loop9: partition table beyond EOD, truncated
[  133.516579][ T6475] netlink: 36 bytes leftover after parsing attributes in process `syz.0.164'.
[  133.527470][ T6472] ldm_validate_partition_table(): Disk read failed.
[  133.534222][ T6472] Dev loop9: unable to read RDB block 0
[  133.544644][ T6472]  loop9: unable to read partition table
[  133.571237][ T6472] loop9: partition table beyond EOD, truncated
[  133.579409][ T6472] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  133.579409][ T6472] 
) failed (rc=-5)
[  133.837723][ T5962] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  133.869912][  T924] usb 3-1: USB disconnect, device number 16
[  133.953151][ T5962] usb 4-1: unable to read config index 0 descriptor/start: -61
[  133.964591][ T5962] usb 4-1: can't read configurations, error -61
[  133.991547][ T6479] netlink: 56 bytes leftover after parsing attributes in process `syz.2.168'.
[  134.043977][ T6479] netlink: 28 bytes leftover after parsing attributes in process `syz.2.168'.
[  134.122670][ T5962] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  134.161755][ T5962] usb 4-1: unable to read config index 0 descriptor/start: -61
[  134.169851][ T5962] usb 4-1: can't read configurations, error -61
[  134.197946][ T5962] usb usb4-port1: unable to enumerate USB device
[  135.161833][ T6498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.172'.
[  135.210374][ T6499] FAULT_INJECTION: forcing a failure.
[  135.210374][ T6499] name failslab, interval 1, probability 0, space 0, times 0
[  135.247580][ T6499] CPU: 1 UID: 0 PID: 6499 Comm: syz.2.173 Not tainted syzkaller #0 PREEMPT(full) 
[  135.247610][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  135.247623][ T6499] Call Trace:
[  135.247631][ T6499]  <TASK>
[  135.247640][ T6499]  dump_stack_lvl+0xe8/0x150
[  135.247676][ T6499]  should_fail_ex+0x412/0x560
[  135.247715][ T6499]  should_failslab+0xa8/0x100
[  135.247746][ T6499]  __kmalloc_noprof+0xe8/0x760
[  135.247772][ T6499]  ? tomoyo_encode+0x28b/0x550
[  135.247800][ T6499]  tomoyo_encode+0x28b/0x550
[  135.247828][ T6499]  tomoyo_realpath_from_path+0x58d/0x5d0
[  135.247861][ T6499]  ? tomoyo_path_number_perm+0x219/0x630
[  135.247892][ T6499]  tomoyo_path_number_perm+0x246/0x630
[  135.247927][ T6499]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  135.247960][ T6499]  ? __lock_acquire+0x6b5/0x2cf0
[  135.247997][ T6499]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  135.248047][ T6499]  ? __fget_files+0x2a/0x420
[  135.248070][ T6499]  ? __fget_files+0x2a/0x420
[  135.248088][ T6499]  ? __fget_files+0x3a0/0x420
[  135.248106][ T6499]  ? __fget_files+0x2a/0x420
[  135.248129][ T6499]  security_file_ioctl+0xc3/0x2a0
[  135.248161][ T6499]  __se_sys_ioctl+0x47/0x170
[  135.248191][ T6499]  do_syscall_64+0x14d/0xf80
[  135.248219][ T6499]  ? trace_irq_disable+0x3b/0x150
[  135.248238][ T6499]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.248260][ T6499]  ? clear_bhb_loop+0x40/0x90
[  135.248287][ T6499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.248308][ T6499] RIP: 0033:0x7fc10419c819
[  135.248328][ T6499] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  135.248345][ T6499] RSP: 002b:00007fc10506c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  135.248368][ T6499] RAX: ffffffffffffffda RBX: 00007fc104415fa0 RCX: 00007fc10419c819
[  135.248391][ T6499] RDX: 0000200000000000 RSI: 000000000000890c RDI: 0000000000000003
[  135.248404][ T6499] RBP: 00007fc10506c090 R08: 0000000000000000 R09: 0000000000000000
[  135.248417][ T6499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  135.248429][ T6499] R13: 00007fc104416038 R14: 00007fc104415fa0 R15: 00007fc10453fa48
[  135.248469][ T6499]  </TASK>
[  135.248491][ T6499] ERROR: Out of memory at tomoyo_realpath_from_path.
[  135.455856][ T5962] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  135.944261][ T5962] usb 5-1: Using ep0 maxpacket: 32
[  135.958511][ T5962] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  135.978393][ T5962] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  136.015892][ T5962] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  136.024121][ T5962] usb 5-1: Product: syz
[  136.045857][ T5962] usb 5-1: Manufacturer: syz
[  136.055649][ T5962] usb 5-1: SerialNumber: syz
[  136.066345][ T5962] usb 5-1: config 0 descriptor??
[  136.100371][ T6495] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  136.117093][ T5962] hub 5-1:0.0: bad descriptor, ignoring hub
[  136.123088][ T5962] hub 5-1:0.0: probe with driver hub failed with error -5
[  136.400699][ T6515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  136.421970][ T6515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  137.069257][ T6523] fuse: Bad value for 'fd'
[  137.205597][    T9] usb 3-1: new full-speed USB device number 17 using dummy_hcd
[  137.245896][ T5962] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  137.398457][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  137.411252][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  137.426738][ T5962] usb 2-1: Using ep0 maxpacket: 32
[  137.435938][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  137.458927][ T5962] usb 2-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  137.481317][ T5962] usb 2-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  137.502941][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64
[  137.524037][ T5962] usb 2-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  137.548806][    T9] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1
[  137.558758][ T5962] usb 2-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  137.576267][    T9] usb 3-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3
[  137.588871][    T9] usb 3-1: Product: syz
[  137.595004][    T9] usb 3-1: Manufacturer: syz
[  137.601270][    T9] usb 3-1: SerialNumber: syz
[  137.613904][ T5962] usb 2-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  137.649608][ T5962] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.873628][ T5962] usb 2-1: Product: syz
[  137.909597][    T9] usb 3-1: config 0 descriptor??
[  137.916238][ T5962] usb 2-1: Manufacturer: syz
[  137.923086][ T6519] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  137.945710][ T6530] fuse: Bad value for 'fd'
[  137.950547][ T5962] usb 2-1: SerialNumber: syz
[  137.980964][    C0] imon 2-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  138.048914][ T5962] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:155.0/input/input8
[  138.073595][   T12] raw-gadget.0 gadget.4: failed to queue suspend event
[  138.094392][ T6495] raw-gadget.0 gadget.4: failed to queue disconnect event
[  138.126769][ T5917] usb 5-1: USB disconnect, device number 8
[  138.145665][    T9] rc_core: IR keymap rc-imon-rsc not found
[  138.151553][    T9] Registered IR keymap rc-empty
[  138.361328][ T6537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  138.371662][ T6537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  138.389893][    T9] rc rc0: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  138.464326][ T5962] imon:send_packet: packet tx failed (-71)
[  138.485924][    T9] input: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input7
[  138.558542][ T5962] imon 2-1:155.0: panel buttons/knobs setup failed
[  138.565196][ T5962] imon 2-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  138.795692][ T5962]  (id 0x00)
[  138.911863][    T9] usb 3-1: USB disconnect, device number 17
[  139.115842][ T5962] rc_core: IR keymap rc-imon-pad not found
[  139.164130][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  139.164148][   T30] audit: type=1326 audit(1775813657.170:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.164922][ T5962] Registered IR keymap rc-empty
[  139.225179][ T5962] imon 2-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  139.236136][ T5962] imon 2-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  139.246075][   T30] audit: type=1326 audit(1775813657.250:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.264763][ T5962] imon:send_packet: packet tx failed (-71)
[  139.319863][   T30] audit: type=1326 audit(1775813657.310:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.373031][   T30] audit: type=1326 audit(1775813657.310:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.403999][   T30] audit: type=1326 audit(1775813657.310:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.416211][ T5962] imon 2-1:155.0: remote input dev register failed
[  139.434089][   T30] audit: type=1326 audit(1775813657.310:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.457476][ T5962] imon 2-1:155.0: imon_init_intf0: rc device setup failed
[  139.465898][   T30] audit: type=1326 audit(1775813657.310:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.515843][   T30] audit: type=1326 audit(1775813657.310:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.593981][   T30] audit: type=1326 audit(1775813657.310:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.616475][  T924] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  139.633531][ T5962] imon 2-1:155.0: unable to initialize intf0, err 0
[  139.657599][   T30] audit: type=1326 audit(1775813657.310:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.185" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  139.668639][ T5962] imon:imon_probe: failed to initialize context!
[  139.724192][ T5962] imon 2-1:155.0: unable to register, err -19
[  139.764059][ T5962] usb 2-1: USB disconnect, device number 11
[  139.808361][  T924] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  139.817947][  T924] usb 1-1: config 0 has no interface number 0
[  139.862754][  T924] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.892040][  T924] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.912216][  T924] usb 1-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  139.933676][  T924] usb 1-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  139.944176][  T924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.955831][  T924] usb 1-1: config 0 descriptor??
[  140.099019][ T5962] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  140.145734][ T5938] usb 3-1: new full-speed USB device number 18 using dummy_hcd
[  140.209994][  T924] usbhid 1-1:0.1: can't add hid device: -71
[  140.235850][  T924] usbhid 1-1:0.1: probe with driver usbhid failed with error -71
[  140.297365][ T5962] usb 2-1: Using ep0 maxpacket: 8
[  140.304912][ T5962] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  140.347886][ T5938] usb 3-1: unable to read config index 0 descriptor/start: -61
[  140.355963][ T5938] usb 3-1: can't read configurations, error -61
[  140.362358][ T5962] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  140.362409][ T5962] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  140.362453][ T5962] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  140.362477][ T5962] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.404445][ T5962] usbtmc 2-1:16.0: bulk endpoints not found
[  140.483684][  T924] usb 1-1: USB disconnect, device number 7
[  140.632631][ T6568] trusted_key: encrypted_key: insufficient parameters specified
[  140.649704][ T5938] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  140.671389][ T6551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  140.693532][ T6551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  141.115757][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  141.151454][  T924] usb 2-1: USB disconnect, device number 12
[  141.175173][ T5938] usb 3-1: unable to read config index 0 descriptor/start: -61
[  141.183950][ T5938] usb 3-1: can't read configurations, error -61
[  141.207408][ T5938] usb usb3-port1: attempt power cycle
[  141.565632][ T5938] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  141.634853][  T924] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  141.679865][ T5938] usb 3-1: unable to read config index 0 descriptor/start: -61
[  141.689289][ T5938] usb 3-1: can't read configurations, error -61
[  141.905977][ T5938] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  141.944399][  T924] usb 2-1: Using ep0 maxpacket: 8
[  141.960834][  T924] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  141.977702][ T5938] usb 3-1: unable to read config index 0 descriptor/start: -61
[  141.985436][ T5938] usb 3-1: can't read configurations, error -61
[  141.996057][ T5938] usb usb3-port1: unable to enumerate USB device
[  142.008833][  T924] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  142.039992][  T924] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  142.107520][    T9] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  142.156468][  T924] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  142.181808][  T924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.222728][  T924] usbtmc 2-1:16.0: bulk endpoints not found
[  142.271334][  T924] usb 2-1: USB disconnect, device number 13
[  142.285163][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  142.295260][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  142.323599][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  142.385411][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.396156][   T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  142.677230][   T24] usb 4-1: Using ep0 maxpacket: 32
[  142.677598][    T9] usb 1-1: usb_control_msg returned -32
[  142.729513][    T9] usbtmc 1-1:16.0: can't read capabilities
[  142.742918][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  142.769166][   T24] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  142.779381][   T24] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  142.887806][   T24] usb 4-1: Product: syz
[  142.942613][   T24] usb 4-1: Manufacturer: syz
[  142.978577][   T24] usb 4-1: SerialNumber: syz
[  143.024275][   T24] usb 4-1: config 0 descriptor??
[  143.088127][ T6576] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  143.112351][   T24] hub 4-1:0.0: bad descriptor, ignoring hub
[  143.147381][   T24] hub 4-1:0.0: probe with driver hub failed with error -5
[  143.496060][   T24] usb 4-1: USB disconnect, device number 14
[  143.935720][   T24] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  144.116205][   T24] usb 4-1: Using ep0 maxpacket: 32
[  144.134111][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  144.166904][   T24] usb 4-1: string descriptor 0 read error: -22
[  144.175325][   T24] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  144.200759][   T24] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  144.243920][   T24] usb 4-1: config 0 descriptor??
[  144.259418][ T6576] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  144.281501][   T24] hub 4-1:0.0: bad descriptor, ignoring hub
[  144.295712][   T24] hub 4-1:0.0: probe with driver hub failed with error -5
[  144.597414][ T5910] usb 4-1: USB disconnect, device number 15
[  144.754912][ T5910] usb 1-1: USB disconnect, device number 8
[  146.100030][ T5910] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  146.182700][    T9] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  146.367843][    T9] usb 4-1: unable to read config index 0 descriptor/start: -61
[  146.375733][ T5910] usb 5-1: Using ep0 maxpacket: 16
[  146.389451][    T9] usb 4-1: can't read configurations, error -61
[  146.398797][ T5910] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.409980][ T5910] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.432576][ T5910] usb 5-1: config 0 interface 0 has no altsetting 0
[  146.440918][ T5910] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00
[  146.450934][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.476469][ T5910] usb 5-1: config 0 descriptor??
[  146.545794][    T9] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  146.700177][ T6613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  146.709318][ T6613] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  146.738590][    T9] usb 4-1: unable to read config index 0 descriptor/start: -61
[  146.750589][    T9] usb 4-1: can't read configurations, error -61
[  146.758295][    T9] usb usb4-port1: attempt power cycle
[  146.923776][ T6613] netlink: 48 bytes leftover after parsing attributes in process `syz.4.200'.
[  147.057993][   T30] kauditd_printk_skb: 133 callbacks suppressed
[  147.058013][   T30] audit: type=1326 audit(1775813665.070:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.090765][   T30] audit: type=1326 audit(1775813665.070:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.113752][    T9] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  147.122435][   T30] audit: type=1326 audit(1775813665.070:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.143454][ T6613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  147.153437][   T30] audit: type=1326 audit(1775813665.080:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.189922][ T6613] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  147.198885][    T9] usb 4-1: unable to read config index 0 descriptor/start: -61
[  147.207632][    T9] usb 4-1: can't read configurations, error -61
[  147.218130][   T30] audit: type=1326 audit(1775813665.080:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.252343][   T30] audit: type=1326 audit(1775813665.080:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.321430][   T30] audit: type=1326 audit(1775813665.080:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.395065][    T9] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  147.477869][    T9] usb 4-1: unable to read config index 0 descriptor/start: -61
[  147.486741][    T9] usb 4-1: can't read configurations, error -61
[  147.494060][    T9] usb usb4-port1: unable to enumerate USB device
[  147.506580][   T30] audit: type=1326 audit(1775813665.080:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.548287][   T30] audit: type=1326 audit(1775813665.080:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.572943][   T30] audit: type=1326 audit(1775813665.080:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6622 comm="syz.2.206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc10419c819 code=0x7ffc0000
[  147.791606][ T6633] netlink: 104 bytes leftover after parsing attributes in process `syz.1.211'.
[  147.825119][ T6633] xt_hashlimit: size too large, truncated to 1048576
[  147.861461][ T5910] usbhid 5-1:0.0: can't add hid device: -71
[  147.864848][ T6635] x_tables: ip6_tables: udplite match: only valid for protocol 136
[  147.878123][ T5910] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  148.010188][ T5910] usb 5-1: USB disconnect, device number 9
[  148.057514][ T6642] syzkaller0: entered promiscuous mode
[  148.065360][ T6642] syzkaller0: entered allmulticast mode
[  148.086684][ T6642] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  148.094211][ T6642] IPv6: NLM_F_CREATE should be set when creating new route
[  148.101770][ T6642] IPv6: NLM_F_CREATE should be set when creating new route
[  148.550662][ T6644] loop9: detected capacity change from 0 to 7
[  148.558702][ T6644] buffer_io_error: 23 callbacks suppressed
[  148.558716][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.574729][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.636173][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.644121][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.652434][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.660785][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.668906][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.697483][ T6644] ldm_validate_partition_table(): Disk read failed.
[  148.704203][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.819192][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.868563][ T6644] Buffer I/O error on dev loop9, logical block 0, async page read
[  148.913731][ T6644] Dev loop9: unable to read RDB block 0
[  148.945936][ T6644]  loop9: unable to read partition table
[  148.963773][ T6644] loop9: partition table beyond EOD, truncated
[  148.971280][ T6644] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  148.971280][ T6644] 
) failed (rc=-5)
[  149.053036][ T6653] FAULT_INJECTION: forcing a failure.
[  149.053036][ T6653] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  149.066483][ T6653] CPU: 0 UID: 0 PID: 6653 Comm: syz.1.218 Not tainted syzkaller #0 PREEMPT(full) 
[  149.066506][ T6653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  149.066516][ T6653] Call Trace:
[  149.066522][ T6653]  <TASK>
[  149.066528][ T6653]  dump_stack_lvl+0xe8/0x150
[  149.066554][ T6653]  should_fail_ex+0x412/0x560
[  149.066582][ T6653]  _copy_to_user+0x31/0xb0
[  149.066603][ T6653]  ucma_create_id+0x2de/0x380
[  149.066629][ T6653]  ? __pfx_ucma_create_id+0x10/0x10
[  149.066664][ T6653]  ucma_write+0x24e/0x2f0
[  149.066688][ T6653]  ? __pfx_ucma_write+0x10/0x10
[  149.066711][ T6653]  ? security_file_permission+0x75/0x260
[  149.066733][ T6653]  ? rw_verify_area+0x255/0x4d0
[  149.066753][ T6653]  vfs_writev+0x4bd/0x990
[  149.066775][ T6653]  ? __pfx_ucma_write+0x10/0x10
[  149.066801][ T6653]  ? __pfx_vfs_writev+0x10/0x10
[  149.066833][ T6653]  ? __fget_files+0x2a/0x420
[  149.066850][ T6653]  ? __fget_files+0x3a0/0x420
[  149.066863][ T6653]  ? __fget_files+0x2a/0x420
[  149.066882][ T6653]  do_writev+0x154/0x2e0
[  149.066905][ T6653]  ? __pfx_do_writev+0x10/0x10
[  149.066934][ T6653]  do_syscall_64+0x14d/0xf80
[  149.066955][ T6653]  ? trace_irq_disable+0x3b/0x150
[  149.066968][ T6653]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.066983][ T6653]  ? clear_bhb_loop+0x40/0x90
[  149.067002][ T6653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.067017][ T6653] RIP: 0033:0x7f355859c819
[  149.067032][ T6653] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  149.067044][ T6653] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  149.067061][ T6653] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[  149.067072][ T6653] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000011
[  149.067082][ T6653] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[  149.067091][ T6653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  149.067100][ T6653] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[  149.067122][ T6653]  </TASK>
[  149.206382][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  149.815526][ T5910] usb 2-1: new low-speed USB device number 14 using dummy_hcd
[  150.508149][ T5910] usb 2-1: LPM exit latency is zeroed, disabling LPM.
[  150.558428][ T5910] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  150.590808][ T5910] usb 2-1: string descriptor 0 read error: -22
[  150.597815][ T5910] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  150.607133][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.648544][ T5910] usb 2-1: bad CDC descriptors
[  151.181356][ T5962] usb 2-1: USB disconnect, device number 14
[  151.865559][ T5962] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  151.924489][ T6708] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  151.931945][ T6708] IPv6: NLM_F_CREATE should be set when creating new route
[  151.939242][ T6708] IPv6: NLM_F_CREATE should be set when creating new route
[  152.035853][ T5962] usb 4-1: Using ep0 maxpacket: 8
[  152.066773][ T5962] usb 4-1: config 1 has an invalid interface association descriptor of length 2, skipping
[  152.085570][   T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  152.122348][ T5962] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  152.164363][ T5962] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3
[  152.218217][ T5910] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  152.265976][   T24] usb 5-1: Using ep0 maxpacket: 16
[  152.283127][   T24] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  152.298121][   T24] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  152.322084][   T24] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  152.348170][ T5962] usb 4-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  152.356100][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  152.366546][ T5962] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.385701][   T24] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  152.399207][ T5962] usb 4-1: Product: syz
[  152.403462][ T5962] usb 4-1: Manufacturer: syz
[  152.414059][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.428726][ T5962] usb 4-1: SerialNumber: syz
[  152.448748][ T5910] usb 3-1: Using ep0 maxpacket: 32
[  152.608971][ T5910] usb 3-1: unable to get BOS descriptor or descriptor too short
[  152.635729][ T5910] usb 3-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40
[  152.653510][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.673872][   T24] usb 5-1: config 0 descriptor??
[  152.695120][ T5910] usb 3-1: Product: syz
[  152.705233][ T5910] usb 3-1: Manufacturer: syz
[  152.718504][ T5910] usb 3-1: SerialNumber: syz
[  153.165491][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  153.180251][ T6700] sg_write: data in/out 262111/92 bytes for SCSI command 0x69-- guessing data in;
[  153.180251][ T6700]    program syz.3.230 not setting count and/or reply_len properly
[  153.235519][   T24] hid (null): usage index exceeded
[  153.254790][   T24] hid (null): unknown global tag 0xd
[  153.272908][   T24] hid (null): global environment stack underflow
[  153.295157][   T24] hid (null): unknown global tag 0xe
[  153.333544][   T24] hid (null): usage index exceeded
[  153.426076][   T24] usb 5-1: USB disconnect, device number 10
[  153.484358][ T5910] usb 3-1: USB disconnect, device number 22
[  153.633773][ T5882] udevd[5882]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  153.686154][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  153.857659][    T9] usb 1-1: config 160 has an invalid interface number: 200 but max is 0
[  153.868730][    T9] usb 1-1: config 160 has no interface number 0
[  153.896224][    T9] usb 1-1: config 160 interface 200 has no altsetting 0
[  153.923680][    T9] usb 1-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  153.940463][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.011579][    T9] usb 1-1: Product: syz
[  154.062873][    T9] usb 1-1: Manufacturer: syz
[  154.626679][    T9] usb 1-1: SerialNumber: syz
[  155.023143][    T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  155.050885][ T5962] usb 4-1: USB disconnect, device number 20
[  155.072881][    T9] usb 1-1: MIDIStreaming interface descriptor not found
[  155.112261][ T6736] netlink: 20 bytes leftover after parsing attributes in process `syz.4.242'.
[  155.183527][   T30] kauditd_printk_skb: 124 callbacks suppressed
[  155.183548][   T30] audit: type=1326 audit(1775813673.190:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  155.298362][   T30] audit: type=1326 audit(1775813673.190:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  155.398550][   T30] audit: type=1326 audit(1775813673.250:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  155.421541][   T30] audit: type=1326 audit(1775813673.250:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  155.444439][   T30] audit: type=1326 audit(1775813673.250:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  155.465767][    T9] usb 1-1: USB disconnect, device number 9
[  155.578838][   T30] audit: type=1326 audit(1775813673.250:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  155.660459][   T30] audit: type=1326 audit(1775813673.250:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  155.698625][ T6747] FAULT_INJECTION: forcing a failure.
[  155.698625][ T6747] name failslab, interval 1, probability 0, space 0, times 0
[  155.711551][  T924] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  155.770907][ T6747] CPU: 1 UID: 0 PID: 6747 Comm: syz.0.247 Not tainted syzkaller #0 PREEMPT(full) 
[  155.770938][ T6747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  155.770952][ T6747] Call Trace:
[  155.770961][ T6747]  <TASK>
[  155.770969][ T6747]  dump_stack_lvl+0xe8/0x150
[  155.771005][ T6747]  should_fail_ex+0x412/0x560
[  155.771046][ T6747]  should_failslab+0xa8/0x100
[  155.771075][ T6747]  ? skb_clone+0x212/0x3a0
[  155.771106][ T6747]  kmem_cache_alloc_noprof+0x87/0x650
[  155.771130][ T6747]  ? __netlink_lookup+0xc6/0x8b0
[  155.771163][ T6747]  skb_clone+0x212/0x3a0
[  155.771197][ T6747]  __netlink_deliver_tap+0x404/0x850
[  155.771233][ T6747]  ? netlink_deliver_tap+0x2e/0x1b0
[  155.771259][ T6747]  netlink_deliver_tap+0x19c/0x1b0
[  155.771285][ T6747]  netlink_unicast+0x7e3/0x9b0
[  155.771328][ T6747]  ? __pfx_netlink_unicast+0x10/0x10
[  155.771365][ T6747]  ? netlink_sendmsg+0x650/0xb40
[  155.771387][ T6747]  ? skb_put+0x11b/0x210
[  155.771417][ T6747]  netlink_sendmsg+0x813/0xb40
[  155.771452][ T6747]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.771481][ T6747]  ? aa_sock_msg_perm+0xf1/0x1b0
[  155.771517][ T6747]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  155.771547][ T6747]  ____sys_sendmsg+0x972/0x9f0
[  155.771625][ T6747]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.771665][ T6747]  ? import_iovec+0x73/0xa0
[  155.771695][ T6747]  ___sys_sendmsg+0x2a5/0x360
[  155.771731][ T6747]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.771797][ T6747]  ? __fget_files+0x2a/0x420
[  155.771817][ T6747]  ? __fget_files+0x3a0/0x420
[  155.771848][ T6747]  __x64_sys_sendmsg+0x1bd/0x2a0
[  155.771880][ T6747]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  155.771925][ T6747]  ? __pfx_ksys_write+0x10/0x10
[  155.771963][ T6747]  do_syscall_64+0x14d/0xf80
[  155.771993][ T6747]  ? trace_irq_disable+0x3b/0x150
[  155.772013][ T6747]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.772035][ T6747]  ? clear_bhb_loop+0x40/0x90
[  155.772062][ T6747]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.772085][ T6747] RIP: 0033:0x7f4aa639c819
[  155.772105][ T6747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  155.772125][ T6747] RSP: 002b:00007f4aa71c7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.772148][ T6747] RAX: ffffffffffffffda RBX: 00007f4aa6615fa0 RCX: 00007f4aa639c819
[  155.772165][ T6747] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  155.772179][ T6747] RBP: 00007f4aa71c7090 R08: 0000000000000000 R09: 0000000000000000
[  155.772193][ T6747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.772206][ T6747] R13: 00007f4aa6616038 R14: 00007f4aa6615fa0 R15: 00007f4aa673fa48
[  155.772241][ T6747]  </TASK>
[  155.840089][   T30] audit: type=1326 audit(1775813673.250:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  156.025782][  T924] usb 4-1: Using ep0 maxpacket: 32
[  156.099296][ T6750] FAULT_INJECTION: forcing a failure.
[  156.099296][ T6750] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.165822][ T6750] CPU: 0 UID: 0 PID: 6750 Comm: syz.2.248 Not tainted syzkaller #0 PREEMPT(full) 
[  156.165854][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  156.165868][ T6750] Call Trace:
[  156.165877][ T6750]  <TASK>
[  156.165887][ T6750]  dump_stack_lvl+0xe8/0x150
[  156.165922][ T6750]  should_fail_ex+0x412/0x560
[  156.165971][ T6750]  _copy_from_user+0x2d/0xb0
[  156.165999][ T6750]  vti6_siocdevprivate+0x1f2/0x7a0
[  156.166031][ T6750]  ? __pfx_vti6_siocdevprivate+0x10/0x10
[  156.166079][ T6750]  ? full_name_hash+0xb0/0xe0
[  156.166120][ T6750]  dev_ifsioc+0xba6/0x1280
[  156.166155][ T6750]  dev_ioctl+0x84c/0x1150
[  156.166184][ T6750]  sock_ioctl+0x75f/0x7f0
[  156.166220][ T6750]  ? __pfx_sock_ioctl+0x10/0x10
[  156.166255][ T6750]  ? __fget_files+0x3a0/0x420
[  156.166275][ T6750]  ? __fget_files+0x2a/0x420
[  156.166299][ T6750]  ? bpf_lsm_file_ioctl+0x9/0x20
[  156.166329][ T6750]  ? __pfx_sock_ioctl+0x10/0x10
[  156.166361][ T6750]  __se_sys_ioctl+0xfc/0x170
[  156.166391][ T6750]  do_syscall_64+0x14d/0xf80
[  156.166420][ T6750]  ? trace_irq_disable+0x3b/0x150
[  156.166440][ T6750]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.166463][ T6750]  ? clear_bhb_loop+0x40/0x90
[  156.166490][ T6750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.166513][ T6750] RIP: 0033:0x7fc10419c819
[  156.166532][ T6750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  156.166552][ T6750] RSP: 002b:00007fc10506c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  156.166585][ T6750] RAX: ffffffffffffffda RBX: 00007fc104415fa0 RCX: 00007fc10419c819
[  156.166601][ T6750] RDX: 0000200000000140 RSI: 00000000000089f1 RDI: 0000000000000003
[  156.166615][ T6750] RBP: 00007fc10506c090 R08: 0000000000000000 R09: 0000000000000000
[  156.166629][ T6750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  156.166642][ T6750] R13: 00007fc104416038 R14: 00007fc104415fa0 R15: 00007fc10453fa48
[  156.166676][ T6750]  </TASK>
[  156.470737][ T6223] udevd[6223]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  156.538577][  T924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  156.550324][   T30] audit: type=1326 audit(1775813673.250:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  156.572990][   T30] audit: type=1326 audit(1775813673.250:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6739 comm="syz.0.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4aa639c819 code=0x7ffc0000
[  156.784139][  T924] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  156.830091][ T6761] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  157.023225][  T924] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  157.045305][  T924] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.366250][  T924] usb 4-1: config 0 descriptor??
[  157.384044][  T924] hub 4-1:0.0: USB hub found
[  157.596094][  T924] hub 4-1:0.0: 1 port detected
[  158.636341][ T1218] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  158.766397][ T6773] FAULT_INJECTION: forcing a failure.
[  158.766397][ T6773] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.780247][ T6773] CPU: 0 UID: 0 PID: 6773 Comm: syz.4.254 Not tainted syzkaller #0 PREEMPT(full) 
[  158.780278][ T6773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  158.780288][ T6773] Call Trace:
[  158.780295][ T6773]  <TASK>
[  158.780333][ T6773]  dump_stack_lvl+0xe8/0x150
[  158.780379][ T6773]  should_fail_ex+0x412/0x560
[  158.780420][ T6773]  strncpy_from_user+0x36/0x2b0
[  158.780453][ T6773]  do_getname+0x77/0x250
[  158.780495][ T6773]  do_sys_openat2+0xca/0x200
[  158.780533][ T6773]  ? __pfx_do_sys_openat2+0x10/0x10
[  158.780566][ T6773]  ? ksys_write+0x242/0x270
[  158.780595][ T6773]  ? __pfx_ksys_write+0x10/0x10
[  158.780617][ T6773]  __x64_sys_openat+0x138/0x170
[  158.780663][ T6773]  do_syscall_64+0x14d/0xf80
[  158.780694][ T6773]  ? trace_irq_disable+0x3b/0x150
[  158.780713][ T6773]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.780734][ T6773]  ? clear_bhb_loop+0x40/0x90
[  158.780761][ T6773]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.780777][ T6773] RIP: 0033:0x7fa33219c819
[  158.780792][ T6773] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  158.780825][ T6773] RSP: 002b:00007fa332fdc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  158.780849][ T6773] RAX: ffffffffffffffda RBX: 00007fa332416180 RCX: 00007fa33219c819
[  158.780865][ T6773] RDX: 0000000000000000 RSI: 0000200000004280 RDI: ffffffffffffff9c
[  158.780878][ T6773] RBP: 00007fa332fdc090 R08: 0000000000000000 R09: 0000000000000000
[  158.780891][ T6773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.780910][ T6773] R13: 00007fa332416218 R14: 00007fa332416180 R15: 00007fa33253fa48
[  158.780934][ T6773]  </TASK>
[  159.156520][ T1218] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD4, changing to 0x84
[  159.173438][ T1218] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 51544, setting to 1024
[  159.198562][ T1218] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x84 has invalid maxpacket 1024
[  159.258475][ T1218] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  159.283374][ T5962] usb 4-1: USB disconnect, device number 21
[  159.328384][ T1218] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.345531][ T1218] usb 3-1: Product: syz
[  159.350044][ T1218] usb 3-1: Manufacturer: syz
[  159.354781][ T1218] usb 3-1: SerialNumber: syz
[  159.411025][ T1218] usb 3-1: config 0 descriptor??
[  159.418098][ T6769] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  159.752467][ T6769] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  159.815069][ T6783] FAULT_INJECTION: forcing a failure.
[  159.815069][ T6783] name failslab, interval 1, probability 0, space 0, times 0
[  159.908362][ T6783] CPU: 0 UID: 0 PID: 6783 Comm: syz.1.257 Not tainted syzkaller #0 PREEMPT(full) 
[  159.908394][ T6783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  159.908408][ T6783] Call Trace:
[  159.908417][ T6783]  <TASK>
[  159.908426][ T6783]  dump_stack_lvl+0xe8/0x150
[  159.908462][ T6783]  should_fail_ex+0x412/0x560
[  159.908502][ T6783]  should_failslab+0xa8/0x100
[  159.908534][ T6783]  __kmalloc_noprof+0xe8/0x760
[  159.908560][ T6783]  ? do_sys_poll+0x313/0x1120
[  159.908597][ T6783]  do_sys_poll+0x313/0x1120
[  159.908646][ T6783]  ? __pfx_do_sys_poll+0x10/0x10
[  159.908676][ T6783]  ? __lock_acquire+0x6b5/0x2cf0
[  159.908707][ T6783]  ? is_bpf_text_address+0x26/0x2b0
[  159.908831][ T6783]  ? set_user_sigmask+0xcd/0x1c0
[  159.908860][ T6783]  ? __pfx_set_user_sigmask+0x10/0x10
[  159.908888][ T6783]  ? kmem_cache_free+0x187/0x630
[  159.908911][ T6783]  ? fd_install+0x94/0x3d0
[  159.908940][ T6783]  ? do_sys_openat2+0x14c/0x200
[  159.908979][ T6783]  __se_sys_ppoll+0x209/0x2b0
[  159.909016][ T6783]  ? __pfx___se_sys_ppoll+0x10/0x10
[  159.909047][ T6783]  ? __pfx_ksys_write+0x10/0x10
[  159.909079][ T6783]  ? __x64_sys_ppoll+0x20/0xc0
[  159.909112][ T6783]  do_syscall_64+0x14d/0xf80
[  159.909141][ T6783]  ? trace_irq_disable+0x3b/0x150
[  159.909161][ T6783]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.909184][ T6783]  ? clear_bhb_loop+0x40/0x90
[  159.909211][ T6783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.909233][ T6783] RIP: 0033:0x7f355859c819
[  159.909253][ T6783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  159.909282][ T6783] RSP: 002b:00007f35593d9028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  159.909305][ T6783] RAX: ffffffffffffffda RBX: 00007f3558815fa0 RCX: 00007f355859c819
[  159.909322][ T6783] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  159.909336][ T6783] RBP: 00007f35593d9090 R08: 0000000000000000 R09: 0000000000000000
[  159.909350][ T6783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  159.909363][ T6783] R13: 00007f3558816038 R14: 00007f3558815fa0 R15: 00007f355893fa48
[  159.909397][ T6783]  </TASK>
[  160.619531][ T6792] netlink: 8 bytes leftover after parsing attributes in process `syz.4.259'.
[  161.087093][ T6804] syzkaller1: entered promiscuous mode
[  161.141866][ T6804] syzkaller1: entered allmulticast mode
[  161.225798][ T6806] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  161.276892][ T5910] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  161.292557][ T5962] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  161.467605][ T5910] usb 4-1: Using ep0 maxpacket: 32
[  161.480326][ T5910] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  161.490664][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.502810][ T5962] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.516247][ T5962] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  161.530174][ T5910] usb 4-1: config 0 descriptor??
[  161.540103][ T5962] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.553604][ T5910] as10x_usb: device has been detected
[  161.564856][ T5910] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  161.576611][ T5962] usb 5-1: config 0 descriptor??
[  161.728797][ T5910] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  161.757270][ T6805] ------------[ cut here ]------------
[  161.762820][ T6805] DEBUG_LOCKS_WARN_ON(lock->magic != lock)
[  161.762839][ T6805] WARNING: kernel/locking/mutex.c:593 at __mutex_lock+0x10a4/0x1300, CPU#0: syz.3.267/6805
[  161.779148][ T6805] Modules linked in:
[  161.783216][ T6805] CPU: 0 UID: 0 PID: 6805 Comm: syz.3.267 Not tainted syzkaller #0 PREEMPT(full) 
[  161.793113][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  161.803788][ T6805] RIP: 0010:__mutex_lock+0x10ab/0x1300
[  161.809527][ T6805] Code: 12 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 33 02 00 00 83 3d d9 b8 60 04 00 75 13 48 8d 3d 8c cc 63 04 48 c7 c6 c0 e0 cc 8b <67> 48 0f b9 3a 90 e9 ac f0 ff ff 90 0f 0b 90 e9 73 f4 ff ff 90 0f
[  161.829560][ T6805] RSP: 0018:ffffc90002ec7a20 EFLAGS: 00010246
[  161.835843][ T6805] RAX: 0000000000000000 RBX: 1ffff920005d8f5c RCX: ffff888028ed9e80
[  161.844252][ T6805] RDX: 0000000000000000 RSI: ffffffff8bcce0c0 RDI: ffffffff90152180
[  161.852391][ T6805] RBP: ffffc90002ec7bd8 R08: ffffffff90120dc3 R09: 1ffffffff20241b8
[  161.860729][ T6805] R10: dffffc0000000000 R11: fffffbfff20241b9 R12: ffff8880341c6b60
[  161.868820][ T6805] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.876981][ T6805] FS:  00007f87f89856c0(0000) GS:ffff888125454000(0000) knlGS:0000000000000000
[  161.886644][ T6805] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  161.893303][ T6805] CR2: 0000001b30a63fff CR3: 000000003659a000 CR4: 00000000003526f0
[  161.901951][ T6805] Call Trace:
[  161.905277][ T6805]  <TASK>
[  161.909714][ T6805]  ? __mutex_lock+0x319/0x1300
[  161.914544][ T6805]  ? as102_dvb_dmx_start_feed+0x70/0x290
[  161.920861][ T6805]  ? dmx_section_feed_allocate_filter+0x34f/0x3e0
[  161.927727][ T6805]  ? __pfx___mutex_lock+0x10/0x10
[  161.932778][ T6805]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  161.938684][ T6805]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  161.944797][ T6805]  ? do_raw_spin_lock+0x12b/0x2f0
[  161.950427][ T6805]  as102_dvb_dmx_start_feed+0x70/0x290
[  161.955972][ T6805]  dmx_section_feed_start_filtering+0x518/0x6c0
[  161.962783][ T6805]  dvb_dmxdev_filter_start+0xcf4/0x10e0
[  161.968436][ T6805]  ? dvb_dmxdev_filter_set+0x2d1/0x580
[  161.973963][ T6805]  dvb_demux_do_ioctl+0x470/0x540
[  161.979555][ T6805]  dvb_usercopy+0x199/0x2e0
[  161.984152][ T6805]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  161.989785][ T6805]  ? __pfx_dvb_usercopy+0x10/0x10
[  161.995066][ T6805]  ? __fget_files+0x3a0/0x420
[  161.999920][ T6805]  ? __fget_files+0x2a/0x420
[  162.004934][ T6805]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[  162.010760][ T6805]  dvb_demux_ioctl+0x29/0x40
[  162.015652][ T6805]  __se_sys_ioctl+0xfc/0x170
[  162.020325][ T6805]  do_syscall_64+0x14d/0xf80
[  162.025150][ T6805]  ? trace_irq_disable+0x3b/0x150
[  162.030344][ T6805]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.036964][ T6805]  ? clear_bhb_loop+0x40/0x90
[  162.041792][ T6805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.047786][ T6805] RIP: 0033:0x7f87f7b9c819
[  162.052333][ T6805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  162.072270][ T6805] RSP: 002b:00007f87f8985028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  162.080768][ T6805] RAX: ffffffffffffffda RBX: 00007f87f7e15fa0 RCX: 00007f87f7b9c819
[  162.088827][ T6805] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
[  162.097140][ T6805] RBP: 00007f87f7c32c91 R08: 0000000000000000 R09: 0000000000000000
[  162.105158][ T6805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  162.113561][ T6805] R13: 00007f87f7e16038 R14: 00007f87f7e15fa0 R15: 00007f87f7f3fa48
[  162.122173][ T6805]  </TASK>
[  162.125342][ T6805] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  162.132674][ T6805] CPU: 0 UID: 0 PID: 6805 Comm: syz.3.267 Not tainted syzkaller #0 PREEMPT(full) 
[  162.141971][ T6805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  162.152123][ T6805] Call Trace:
[  162.155425][ T6805]  <TASK>
[  162.158436][ T6805]  vpanic+0x56c/0xa60
[  162.162454][ T6805]  ? __pfx__printk+0x10/0x10
[  162.167094][ T6805]  ? __pfx_vpanic+0x10/0x10
[  162.171633][ T6805]  ? is_bpf_text_address+0x292/0x2b0
[  162.176933][ T6805]  ? is_bpf_text_address+0x26/0x2b0
[  162.182150][ T6805]  panic+0xc5/0xd0
[  162.185913][ T6805]  ? __pfx_panic+0x10/0x10
[  162.190358][ T6805]  __warn+0x315/0x4f0
[  162.194366][ T6805]  ? __mutex_lock+0x10a4/0x1300
[  162.199243][ T6805]  ? __mutex_lock+0x10a4/0x1300
[  162.204116][ T6805]  __report_bug+0x29a/0x540
[  162.209089][ T6805]  ? rcu_is_watching+0x15/0xb0
[  162.213898][ T6805]  ? __mutex_lock+0x10a4/0x1300
[  162.218809][ T6805]  ? __pfx___report_bug+0x10/0x10
[  162.224110][ T6805]  ? __lock_acquire+0x6b5/0x2cf0
[  162.229062][ T6805]  report_bug_entry+0x19a/0x290
[  162.234206][ T6805]  ? __mutex_lock+0x10ab/0x1300
[  162.239105][ T6805]  ? __mutex_lock+0x10b0/0x1300
[  162.244009][ T6805]  handle_bug+0xce/0x200
[  162.248275][ T6805]  exc_invalid_op+0x1a/0x50
[  162.252901][ T6805]  asm_exc_invalid_op+0x1a/0x20
[  162.257844][ T6805] RIP: 0010:__mutex_lock+0x10ab/0x1300
[  162.263401][ T6805] Code: 12 90 48 c1 e8 03 42 0f b6 04 28 84 c0 0f 85 33 02 00 00 83 3d d9 b8 60 04 00 75 13 48 8d 3d 8c cc 63 04 48 c7 c6 c0 e0 cc 8b <67> 48 0f b9 3a 90 e9 ac f0 ff ff 90 0f 0b 90 e9 73 f4 ff ff 90 0f
[  162.283222][ T6805] RSP: 0018:ffffc90002ec7a20 EFLAGS: 00010246
[  162.289311][ T6805] RAX: 0000000000000000 RBX: 1ffff920005d8f5c RCX: ffff888028ed9e80
[  162.297390][ T6805] RDX: 0000000000000000 RSI: ffffffff8bcce0c0 RDI: ffffffff90152180
[  162.305372][ T6805] RBP: ffffc90002ec7bd8 R08: ffffffff90120dc3 R09: 1ffffffff20241b8
[  162.313473][ T6805] R10: dffffc0000000000 R11: fffffbfff20241b9 R12: ffff8880341c6b60
[  162.321576][ T6805] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[  162.329573][ T6805]  ? __mutex_lock+0x319/0x1300
[  162.334363][ T6805]  ? as102_dvb_dmx_start_feed+0x70/0x290
[  162.340096][ T6805]  ? dmx_section_feed_allocate_filter+0x34f/0x3e0
[  162.346528][ T6805]  ? __pfx___mutex_lock+0x10/0x10
[  162.351588][ T6805]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  162.357251][ T6805]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  162.363252][ T6805]  ? do_raw_spin_lock+0x12b/0x2f0
[  162.368315][ T6805]  as102_dvb_dmx_start_feed+0x70/0x290
[  162.373802][ T6805]  dmx_section_feed_start_filtering+0x518/0x6c0
[  162.380118][ T6805]  dvb_dmxdev_filter_start+0xcf4/0x10e0
[  162.385694][ T6805]  ? dvb_dmxdev_filter_set+0x2d1/0x580
[  162.391200][ T6805]  dvb_demux_do_ioctl+0x470/0x540
[  162.396243][ T6805]  dvb_usercopy+0x199/0x2e0
[  162.400770][ T6805]  ? __pfx_dvb_demux_do_ioctl+0x10/0x10
[  162.406332][ T6805]  ? __pfx_dvb_usercopy+0x10/0x10
[  162.411373][ T6805]  ? __fget_files+0x3a0/0x420
[  162.416073][ T6805]  ? __fget_files+0x2a/0x420
[  162.420690][ T6805]  ? __pfx_dvb_demux_ioctl+0x10/0x10
[  162.426002][ T6805]  dvb_demux_ioctl+0x29/0x40
[  162.430641][ T6805]  __se_sys_ioctl+0xfc/0x170
[  162.435337][ T6805]  do_syscall_64+0x14d/0xf80
[  162.439958][ T6805]  ? trace_irq_disable+0x3b/0x150
[  162.445220][ T6805]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.451475][ T6805]  ? clear_bhb_loop+0x40/0x90
[  162.456175][ T6805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.462258][ T6805] RIP: 0033:0x7f87f7b9c819
[  162.466702][ T6805] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  162.486345][ T6805] RSP: 002b:00007f87f8985028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  162.494794][ T6805] RAX: ffffffffffffffda RBX: 00007f87f7e15fa0 RCX: 00007f87f7b9c819
[  162.502871][ T6805] RDX: 0000200000000200 RSI: 00000000403c6f2b RDI: 0000000000000004
[  162.510965][ T6805] RBP: 00007f87f7c32c91 R08: 0000000000000000 R09: 0000000000000000
[  162.518951][ T6805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  162.526935][ T6805] R13: 00007f87f7e16038 R14: 00007f87f7e15fa0 R15: 00007f87f7f3fa48
[  162.534924][ T6805]  </TASK>
[  162.538680][ T6805] Kernel Offset: disabled
[  162.543121][ T6805] Rebooting in 86400 seconds..