last executing test programs:

12.309015994s ago: executing program 0 (id=1608):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01", @ANYBLOB="f7"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r1 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = memfd_create(&(0x7f00000004c0)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7?\xfe?[\xdb9\xef\x9fb$aZ\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16T~\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x99aW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-g\xa3', 0x6)
fallocate(r4, 0x3, 0x0, 0x2)
syz_io_uring_submit(r2, r3, &(0x7f0000000080)=@IORING_OP_POLL_ADD={0x6, 0x8, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x8000}})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000100)={r0, 0x8, 0x3ff, 0x4})
io_setup(0x2, &(0x7f00000003c0)=<r6=>0x0)
r7 = openat$urandom(0xffffffffffffff9c, &(0x7f0000001640), 0x0, 0x0)
io_submit(r6, 0x1, &(0x7f0000000580)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7, r7, &(0x7f0000000400)="71d4e0de9e646bce688c15df0ff0bce7f79bfc29cef8d3783b6e856a8240d041d00a", 0x22, 0x2}])
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x422b81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000240)={0x7, 0x1, 0x0, 'queue0\x00', 0x9})
sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000200000a70010000060a090400000000000000000200000048000480440001800a00010072656469720000003400028008000240000000150800024000000004080003400000002b0800014000000014080001400000000a08000340000000150900010073797a30000000000900020073797a3200000000fa000740"], 0x1ac}}, 0x0)
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)

10.834940164s ago: executing program 4 (id=1616):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
r1 = open(&(0x7f0000000080)='./bus\x00', 0x400169042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r1, 0x0)
r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
epoll_create(0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x50b00}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@newtclass={0x7c, 0x28, 0x200, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x8, 0x3}, {0x8, 0xfff1}, {0x4, 0x5}}, [@TCA_RATE={0x6, 0x5, {0xa, 0x5c}}, @tclass_kind_options=@c_qfq={{0x8}, {0x34, 0x2, [@TCA_QFQ_LMAX={0x8, 0x2, 0x8}, @TCA_QFQ_LMAX={0x8, 0x2, 0x200}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x4}, @TCA_QFQ_LMAX={0x8, 0x2, 0xffffff42}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x6}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x6}]}}, @tclass_kind_options=@c_clsact={0xb}, @TCA_RATE={0x6, 0x5, {0xa, 0xa}}]}, 0x7c}, 0x1, 0x0, 0x0, 0xb2f8b2893d2862ab}, 0x20040001)
ftruncate(r2, 0x81fd)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000000), 0x1670e68)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020)

9.311122684s ago: executing program 1 (id=1626):
r0 = socket$inet6(0xa, 0x3, 0x0)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d240f0100000000000000000006241a0000000c241b4800050000050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
mbind(&(0x7f00000c7000/0x2000)=nil, 0x2000, 0x8003, &(0x7f0000000000)=0x6, 0x4, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
read$FUSE(r3, &(0x7f0000002140)={0x2020}, 0x2020)
bind$alg(r2, 0x0, 0x0)
r4 = syz_open_procfs(0xffffffffffffffff, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing', 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r5}, 0x8)
write$6lowpan_enable(r4, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
unshare(0x8040600)
r6 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r6, 0x400, 0x0)
pwritev2(r2, 0x0, 0x0, 0x38, 0xfffffff2, 0x7)
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x40800)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
r7 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
preadv(r7, &(0x7f0000000600)=[{&(0x7f0000000280)=""/206, 0xce}, {&(0x7f0000000380)=""/208, 0xd0}, {&(0x7f00000001c0)=""/65, 0x41}, {&(0x7f0000000480)=""/144, 0x90}, {&(0x7f0000000540)=""/149, 0x95}], 0x5, 0x10, 0x6)
syz_usb_control_io(r1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x100)
close_range(r0, 0xffffffffffffffff, 0x0)

9.180574003s ago: executing program 0 (id=1627):
syz_emit_ethernet(0xbe, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$inet_dccp(0x2, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x37, 0x301, 0x270bd24, 0x25dfdbfc, {0x3}}, 0x14}}, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x842, 0x0)
pselect6(0x40, &(0x7f0000000580), 0x0, &(0x7f0000000d00)={0xd0}, 0x0, 0x0)
close(r1)
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x7079, 0x20, 0x2, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000480))
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001000000000000000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000001008000140000000020900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a0000000000000000b51ac1a73bc94bf8c4752fdbdb"], 0x78}}, 0x0)
r6 = socket$kcm(0x2, 0x1, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x143e81, 0x0)
r8 = dup(r7)
fallocate(r8, 0x11, 0x0, 0x74000)
shutdown(r6, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)

8.870277436s ago: executing program 4 (id=1628):
socket$inet6(0xa, 0x3, 0x79)
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xc7, &(0x7f0000000100)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, '@@\x00', 0x91, 0x11, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, {[], {0x0, 0xe22, 0x91, 0x0, @wg=@data={0x4, 0x1ff, 0x401, "9b1ee96405b874aa2f7837b96d1accdbf296ed2c6a0b9521d601854bc690c9174e63842652284742d7816536804c8f4b44da7b6a115e0ca6c71a7bb3453bc1c53f24510d1f608dc1df04235d4bc9bf32a2e03737bd4742d83735ac6964d6e375ef0ec6a429303fe87aa02db3fcede58bb9d53df98090e4cec7"}}}}}}}, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r4=>0x0})
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000005c0)={@dev={0xfe, 0x80, '\x00', 0x40}, @remote, @remote, 0x3, 0x2, 0x5, 0x400, 0xb7, 0xc20022, r4})
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f00000083c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x5422)
syz_emit_ethernet(0x86, &(0x7f0000000200)={@link_local, @dev, @val={@val={0x88a8, 0x0, 0x1, 0x3}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private2, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8, {0x0, 0x0, 0x0, 0x80}}]}]}}}}}}}, 0x0)

8.555593173s ago: executing program 4 (id=1630):
socket$l2tp(0x2, 0x2, 0x73)
r0 = socket(0x2c, 0x80002, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r0)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r2=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x1d, r2}, 0x10, &(0x7f0000000240)={&(0x7f0000000180)=@can={{0x2}, 0x7, 0x1, 0x0, 0x0, "80808f9cbcca58af"}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x1000)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x8, 0x0, 0x3, 0xfffffffffffffffd, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

8.282172023s ago: executing program 0 (id=1632):
ioctl(0xffffffffffffffff, 0x8b27, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)})
rt_sigsuspend(0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x20902, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
read(0xffffffffffffffff, &(0x7f0000000380)=""/189, 0x8) (fail_nth: 2)

7.931099246s ago: executing program 0 (id=1633):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[], 0x24}}, 0x40000)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r2 = syz_open_dev$vim2m(&(0x7f00000000c0), 0xd2, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000280)=0x2)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000001fc0)={0x45, 0x6, 0x0, {0x4000005, 0x3, 0x6b, 0x0, '/sys/kernel/debug/sync/info\x00'}}, 0x45)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ac1000/0x3000)=nil, 0x3000, 0x2000000, 0x5d031, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
r5 = openat$kvm(0x0, &(0x7f0000000000), 0x10b200, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000008000, 0x0, 0xd4}, 0x0)

7.600598805s ago: executing program 4 (id=1635):
socket(0x3, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r2, 0xc0305615, &(0x7f0000000140)={0x0, {0xfffffff7, 0x8}})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0)
syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0)
r3 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00'})
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
dup2(r2, r0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f00000003c0)={0x48, 0x2, r5})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x10c, &(0x7f0000000180), 0x0, 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r7 = openat$cgroup_type(r6, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r7, &(0x7f0000000280), 0x9)
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r5, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
ioctl$IOMMU_IOAS_UNMAP$ALL(r4, 0x3b86, 0x0)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x600000}, 0xc, &(0x7f0000000280)={0x0}}, 0x20)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4080)

6.736316193s ago: executing program 3 (id=1637):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x129c81, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000200)={0x0, 0x6, 0x8, 0x6, 0x1, "42361f9b1000007e4f00000020453c00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$BTRFS_IOC_QGROUP_CREATE(r1, 0x4010942a, 0x0)

6.000630326s ago: executing program 1 (id=1639):
socket$packet(0x11, 0x3, 0x300)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = syz_usb_connect(0x0, 0x3c, &(0x7f0000000380)=ANY=[@ANYBLOB="120101000814c910be0632a2f333010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_connect$cdc_ncm(0x6, 0x75, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x63, 0x2, 0x1, 0x6, 0xc0, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x8}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x3, 0x2dc, 0x69}, {0x6, 0x24, 0x1a, 0x9, 0xc}, [@network_terminal={0x7, 0x24, 0xa, 0xe7, 0x7, 0x2, 0xb1}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x3, 0x2, 0x7}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0x81, 0x1, 0x99}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x1, 0x5b}}}}}}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x110, 0x8, 0x98, 0xd, 0x20, 0x4}, 0x10, &(0x7f00000000c0)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0x2, 0x80, 0x2c, 0x2, 0x1, 0x37}]}, 0x3, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x415}}, {0x74, &(0x7f0000000140)=@string={0x74, 0x3, "0f23a0fd769b9436731ee1b32db2acb0326a4dad2e51be498d6ff8d2852c0e41d3354bb6de918d6070f33d7dae0d787b64eacde2faaa1bac154dfdfd35ae129cd954f3bd6f9962bc34fcc9fea73ed7a4d30dae4a2a52db75876e3bab7d0247c3128726ef4c6407d84bf004da3fd94e7e1bd3"}}, {0xd4, &(0x7f00000003c0)=@string={0xd4, 0x3, "6a0f06fe105ab2feaef3ecd4f2c8d588617aacd940ba63b9a939e88200fa39415feefbd8f6779ce854a4a96bbb93bfe9858dc0b5ac3a6f2c3f5f387a53d6af73a5564bbed91779d4fdb01c1cb567e77b51e57a396b7b08c192353a5fd4f7104dd4fc03732f0690de01b6ed2200639cdce5452a4f5d81ccab3a2477ada0ae45737f2293a8a8d491d5207702d79a2bec857486ebb5d5d34e7ab6f9d820960e1691243caaf3635851a59e08d9d10a645495e02810f9e237be9d7f8976676c0a919b63ad2ee9edccd86ffe8da9691da364c1e955"}}]})
syz_usb_connect$cdc_ncm(0x5, 0x7e, &(0x7f0000000200)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x2, 0x1, 0x5, 0x50, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "f4d3f03c"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x7, 0xfffc, 0x6, 0x1}, {0x6, 0x24, 0x1a, 0x1, 0x12}, [@mbim={0xc, 0x24, 0x1b, 0x4, 0x0, 0xa, 0x9, 0x9, 0xa}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0xb8, 0x6, 0x80}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xff, 0x1, 0x5a}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x8, 0x20, 0x1}}}}}}}]}}, &(0x7f0000000900)={0xa, &(0x7f00000002c0)={0xa, 0x6, 0x201, 0x1, 0x0, 0xe, 0x20}, 0x41, &(0x7f00000004c0)={0x5, 0xf, 0x41, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x6, 0x2, 0x6, 0x1d1b}, @generic={0x32, 0x10, 0xf, "7a3590f2c6ba115b9dfb839758243fcf9dbed2987ad6abb1a994c27520882e6a92ccb184a624a8c374560ef4caf885"}]}, 0x6, [{0x102, &(0x7f0000000540)=@string={0x102, 0x3, "5537631d3c656cfd3b02aa6b7e515066785d2e2bec0db56aa6ee0fb574ae857d6d6f2b2d4212aca81b71befbb0338345ee258de352616ee891df580f932515ecf9876e4b49795364ec2753582fa8a86ecee05bc66a6867d3d3ffbd731f4a4e5f5af9581677b6b269c4cd56ac08e69367d3f5d1bd03c24348f8109dc3b3ed436d137c6a96f923b2ecc111ef2618ecc952e7523378bf9b110decc5873a0281318dfe79bd198da93e04685e275cf6d85ff2139374d01321b78664b36aa013b31c8e95da3d594f107820a9bb95be51c0d928ab1f22a02abb5ea88cb9be876c1d867f2624a8a14bfe9ada12e87a65bcdd0191de8a82b135481545bbadea1b6704fb58"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x44a}}, {0xd1, &(0x7f0000000680)=@string={0xd1, 0x3, "c1d8559e5ca10abfb2ea517e0c89b96f682fe2fd3b69f8dafba636f114cc78ed428f038964eb84844b0b11a58ee05960fe944f01b8d8602a9f13bd03fac75f9611bee22499a1fed1fbf00a3b2918ebff51a7944ee32357a90df877b4fe87f368dd9a2b3e39fe1451a0b96ac8e690c43ac4a593b8b0ec64500edc77982c699d1347ee169d2fb98a7d254b9013ae9c34e9cd81bfb70ce5acfd91a0e778aaf2bfe5e5ab670c591a98b0db919ed4e620375e11f3dee8cdce520de37435b0c03de1defd17fa62b41a5ed4b426c15df75e0a"}}, {0x4, &(0x7f0000000780)=@lang_id={0x4, 0x3, 0x804}}, {0xcb, &(0x7f00000007c0)=@string={0xcb, 0x3, "210722854b21afa9da066ae5aba149426890bbd138d5d3c5c5ecee6b5d4bf6fdd5cc99046716e8864ac7bb0036fd560d08a3393a29b17550b329ac62ee98c29fb674870bc3d658228eaaaa178e2d30b2ec56443274ac249d2d112cc25bfc655a2ffcb4a5670300e28f69261bb33d7f85d362871311ef92581cdd8e7214def63535182c70a72753eea9bc25e59e499cb4d838e58469692de277920edac3b76c847ccdfc7d748eab35f9bf55c73bf6da8adef22ed90715fb7c6b56823bb21bb312ec70950a6612895b3d"}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0xdca4}}]})
r1 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003ac9bcc20d118af1ebb5a0102030109022400010700800b0904"], &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000000e80)={0x84, &(0x7f00000002c0)=ANY=[@ANYBLOB="400d21000000de"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x0, 0x30}, 0x0, 0x0})
syz_usb_connect(0x0, 0x36, 0x0, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r2, 0x0, 0x0)
read$char_usb(r2, 0x0, 0x0)

5.998542339s ago: executing program 3 (id=1640):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f000043f000/0x18000)=nil, &(0x7f0000000500)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd25479024a676b21b3adc5e463c9effbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953584db11b7f89ec68098eafa48cebd6882a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56f335e2373b2cde5600db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
read$FUSE(r3, &(0x7f0000003800)={0x2020, 0x0, <r6=>0x0}, 0x2020)
ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000540)={0xa48, 0x4, {0xffffffffffffffff}, {<r7=>0xffffffffffffffff}, 0x8000})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f0000000580)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, <r8=>0x0}}, './file0\x00'})
write$FUSE_STATX(r5, &(0x7f0000000d00)={0x130, 0x0, r6, {0x4, 0x8, 0x0, '\x00', {0x1, 0x3, 0x1de, 0xdb2e, r7, r8, 0x1000, '\x00', 0x3ff, 0x9, 0x81, 0x1, {0x5, 0x4}, {0x7, 0x6fc}, {0x0, 0x8000}, {0x2, 0x6}, 0xd, 0x9, 0x7, 0x3}}}, 0x130)
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r9, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast1, 0x5}, 0x1c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2dc, 0x30, 0x300, 0x70bd2d, 0x25dfdbff, {}, [{0x2c8, 0x1, [@m_skbedit={0x294, 0x19, 0x0, 0x0, {{0xc}, {0x44, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x3, 0xa}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xa}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x1}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x1, 0x1, 0xffffffffeffffffb, 0x7, 0x101}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x4}]}, {0x225, 0x6, "de616dd9ce3b892bb6fafca061bed3e644dcf9151f4527045657b89def02bb9cad6c62f8293cff1e7df3eb0803889f2fd92b151ed17ab9007c47463bf4e7afe47ab1d24292b0103cbbc15977a51c0ae02a16535a666c86a6321ae76cba859e771aa7d0ff9fa033e50e56e0f68419fd47894ab8f8d473fc2af5fc18fb9399fdbb44bce22ac4c64feea69875f61ef4f46591d0547ce0f025b0a5f6dc470fd9635a05e318fa41b23e07582b3128621edbf17703923cea8b079f042f9924f50ce06116fc38e34430e0a4b60e7144cccb31d0a0457e528dd78226b2989e534df535b22243ec2971118b283cebb23130d1622a675cabf8788d71473f98949841ab1c34d28257f4b10e6eec198365490620753627951432cf82875ec0fccc70181d74035e141d4bbdd59571d5c3fa68b6a9365539b7e734e38e7083fe43b3104f03a618c99dc38b7b166c71dcda72645a7ddd09b867d20ef1d0f2154c6c2af7bfc13509c92a055f4ba6134cf5124359fccca93ea9ef30597c542c2e259bbd96051f001127d7e760711d895b0ae2dabbb4385da14ffe779acd84bec05fb4fc35fefad1a62e114c5f2ca5c6e884ddd618acecb553d05d8ec7fb455e2684ed4d3c3df3c35bee69ce9725b115e33db46d4e5bd2a8ae4f24dba98c591727df378df0d23973fa54f572e566542393b6b21bff1a529d926884544b0d35ccbed2b2eb088971e6e03c1b9d3b2429d16eedf8dcdba98f7687b2263d4cd00c2c9068f66c9cd37b9038c0"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_sample={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x2dc}}, 0x0)
r10 = socket(0x10, 0x803, 0x0)
sendto(r10, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r10, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
sendmsg(r9, &(0x7f00000000c0)={0x0, 0x952c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)

4.561839185s ago: executing program 3 (id=1642):
syz_emit_ethernet(0xbe, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$inet_dccp(0x2, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x37, 0x301, 0x270bd24, 0x25dfdbfc, {0x3}}, 0x14}}, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x842, 0x0)
pselect6(0x40, &(0x7f0000000580), 0x0, &(0x7f0000000d00)={0xd0}, 0x0, 0x0)
close(r1)
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x7079, 0x20, 0x2, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000480))
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001000000000000000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000001008000140000000020900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a0000000000000000b51ac1a73bc94bf8c4752fdbdb"], 0x78}}, 0x0)
r6 = socket$kcm(0x2, 0x1, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x143e81, 0x0)
r8 = dup(r7)
fallocate(r8, 0x11, 0x0, 0x74000)
shutdown(r6, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)

4.020157694s ago: executing program 0 (id=1643):
r0 = syz_open_procfs(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$media(&(0x7f0000000040), 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r3, &(0x7f0000000c40)={0x2000000b})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000040)=0xa, 0x4)
r5 = syz_open_dev$loop(&(0x7f0000000180), 0x47ffffa, 0x20000)
ioctl$LOOP_SET_DIRECT_IO(r5, 0x4c08, 0x7fff)
sendto$inet6(r4, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x9, @mcast2, 0x5}, 0x1c)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0)
write$tcp_mem(r6, &(0x7f0000000280)={0x7, 0x2d, 0xffffffffffffffff, 0x3a, 0x0, 0x2c}, 0x48)
r7 = openat$vcsu(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b"], 0x0)
r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
close(r8)
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB="66643d297de688ccf587a24f114551bff3d40e02500feb9a2ca81af494d47a19438437a8ae1ad6c8e9337bfe0fcc2eca7a8e7b2cca688b3bb876060f49c449f50b59ff437590fcdb7b31bf5f4ab130a48e3b013fe33698b876853aae6059b5cfc349e832e7e6eadbedafa3327fbe67877178992b55d5a7095562c2d07353926c258d1b14fed778150c866f58a01665d9bc421b59d300e76960e5d08e52ae79a07c173b854a564095df", @ANYRESHEX=r9, @ANYBLOB=',rootmode=00000000000000000040000,use', @ANYRESDEC=0x0, @ANYBLOB=',grou', @ANYRESDEC=0x0, @ANYBLOB=',\x00'], 0x0, 0x0, 0x0)
write$FUSE_LSEEK(r9, 0x0, 0x0)
read$FUSE(r7, &(0x7f0000002440)={0x2020}, 0x2020)

3.431664489s ago: executing program 3 (id=1644):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x208400, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x14, 0x38, 0x9, 0x0, 0x0, {0x1}}, 0x14}}, 0x40)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000580)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x48439}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x8, 0x3, 0x60}]}}}]}, 0x3c}}, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001180)=ANY=[@ANYBLOB="e36e50fbf09bd4e9f4df681388ca055fc3de98612623faa88703f649a611b494166a5e96940c14977662707a1bf940f929d34d96a2d9b833413e5121cfc578488641a49bf07e95e29ec55a64c104fd23c8d321e6ba2c85a8122154163429181ac1ea688d621d6785df18f37e4438ba49ee7314230c8c474e03d91ec1e404d10874589773b820b4b3e712dca53b3cc76b67f1b23dcd34c6cd7ba31c339cb39eff6142fa9ad35bb637a6b7ee5b7d04e7f2b4b9a1c8a34dc75bb9c6eafbb9f4d2188e5ea72069cf99a7cf0c7d9832e13a4c02a95445d7d9207709efb66ea390d1f578deb750d685624249c6c16aef7b1a651f8f4d3288c73edb64c60ffb91fd7f573913992e4bf441262731204d44a5bd3056e20b127a0953ca2d61295c8c6b85e8f0d2241c4d443cd6cf750d1af298d41286548a0184b64ab3c2d97fe7d8fb23b27f6567ad9b852f71527b9ac3b468c6fed9c66181f95669ab00568f733307603372d906a90c92c86c8b23db5b7604306f5fa2b57fef7d7a78593ebc6a36422033002affbbcfa8cae970d061b53d9963ea12e91fd3bbea6f548f8abc7ed718b7e09a5b59dc7381f61ee5f8b6685b18fabd0383c65a71935e159e33c802bf23d9757a964b06637119aa9d01e4742b95f29089bca191928792b4d198a7d9a752b3eb828fb72c4c3a845c935d88b404dc7dcc4018bd4b65ef66b31074ebf6a6abc8af86880fa0070eed138fcfeb16b9e581fe2681982be5650960f838df583550b9e532d0a1356c158a41747c5db2eb31ce1d59fe7530d71691ac5cd8cf410e288a279d656a884fb29f32133d7bf1ae40904a34c2842d358db143778b699753e3f4aa6c2ac1521dce405e8b6969183e386623120b3b2dcd063a506f826c826c2a9846dabe384a8b0414f0dacab9d863763c4a074ec0a29488db0c28c1f1317ab5e2ea2bb6840f5250cd0e19eaef7d82d43b7fb4bc421408f82a083f3a0fea927332bca86c112877d8193e2e91b10d3a796dc8e98fba5893abc01d84bcc3c879fd9d67e821305ab2463b7ac6ae3de3156fbe1bdd35cc8561130700ffb0912567a3dbdf0f3ab390a61c260d6affd068fb8d9d7c682851b2edcf6aa7d979caa50b8bfd0f5ccda102fa7f0cd86d76d01239709cbc8f8615780f8c8c94302beb0042bd2747fc114e4cb53959db721e42bebd288eaab6eb98f24f8e8e03f823380def2e97ca5ecdf1d02276b3d97498d8ae3d11134b8c783d3b5b70986dbfb4c6f683c42157f6362889720add09c57d9c5f1a413d1e9b64bfbd01d5b7d7c95ab291d38729bbb06efb5c28c3f92e87c285a69941b3bcb08d387e66bcfccd64a95d2285e308ad59bb664fa6d165b52c1b9585eec2e3915e5deb00a6f251737cebfbe74f5bad6df2e94a89005e9430ede5710062dce7af5108f4eb44219bca04832d14fbcc505977361140075832ecf8b519ec3e6260df62d59524240531c44033028f8cd4031812b42fb523067a07a9bdeef63afe1c87ccfd5f33898d33de71144f7865ec5b1f4b47b362b294e820f1b9dfefddbf8a6860ba5cb43b1ced6a505e14e96a86d81533c68b9f013da11dd3e43af2f2702cbe4bf6f9d6352bd7ac1154f00efef6f7461b2eadaa51e5b20dea1d66b12852e27a556b66ffa004b639e295bfab87a568db8405ec0f6fa007ca14454c60d264d15d7e349c31e9d90671b9f159d98a8deb20e672df554ca61a8736cec19c5aec061ab995e83355e121d538999d01b08709bd4f97a87704bbe22c3d35c35f5e8ca6b4bcb38cdf12dc6abdf1df17ecb544c71266d517473c122fb4b5f400b0e9374c0415ba4a19393161722707a0ab60701e084b74fe0cfd3d436056f2403c08fa9deca7cc0dc260e324fec46c8568f4d86605a8fc57117ac508fa8daef865e72308385418cc1476b994e8d083df4692b89f99a3134b02d06229576921c70f760802413d8479796f6be47b979e89457ef080888cedf9f35542044422e267297e9bb286cc31a6bc36dd7ae238d61ea86f5099de8ca4b71c39f9e0295825547dd4164f1ec71cf73c9efda400ee4d523b8e6a2f2f2a6f04bea89cb27b0a91a097ea9dd9789824ae3ac6e514da3cfdc445607b43fc50e11e5b3d32ebe753d4f8b742eea5a4220f54a94cbc92ac86f0c797e687475723b80fb4a30c0af27f7686b02d690077a09f547e0439e0945d12168693f1e4a5bf7b09f1ea9ee78d8dbc8c8f6e43027c663774a4fe4eb1bf4b52d99098b5688fd6f2560e21f51412e4356ce845db88b70d9de89c3215900c7dbac3f432387c7f6f6558d36ca8a68c9eea6f1da8f397026f38386f0702276a8b6bb053e4792115f66d3a9c7fe9738e388595c4439a784c86eb21828189217659725acc16dabbfecd7f9358501ffd6c9c18c5fb68f9b8f998e859f338266330876c0ebe03ac2b82e553bcf8793f1b77e4283f45abba287b2624463aea7f48c4d0faa09f8de1e4f4a646ceff2079f2fff8a2aeed9743f69968b7e1be5ff46ccd7c1280805cabc929a90f1fc34a5486a6f2d25099fbb8e4c68bbfe9f98ea97dc3e4d950103e1989e7e97ff5a0251ec117621eaf7072990c9e3aa8af5ed20b741f272abe3d16770152130eae795fe17aeef50fb1381c3f6a244362d169ea8bb205f1fb21222c0ceeef8d25e524af62ca45007e6aac2b7e3c9239ba7f9204cd1acd943f95cf8dc7fbe3766d4535ad4b637d5ccca8b94d8166c9e203309a80a4e737fbbeee899ca99f2148defc9b488984ae2451d842ef1f130f1799940a12e507ceef7b5e58b407935c0de3eb2955627ecd524e7c85c706ee69075ecc2b645ebbb2166d6dbd352c43b4681f189c7cefc46ba637241e3b4068b0264c0305dc9a5c2bd5164b1e3d3021823d20d41ab73f1dc4f3d0905496acc99046a04bbdc1ee5574f3450ddf042ae80f35907e91964125875585703aae1791220b97b9bc863af9fd14276310ecb5965c7f5803ed91bdf2c7f41fe2002bbc1b236168b8fb35f28e01debca698bf64968edc53167475f47e327c78ac4e8b2c838e8fe1a3e95e8ff627581704fd9e1024fc0e43ac6a30ec5ba78a21ce03139043611aeb1244835e0aaed0365c416fb6113cbb3911518f95b6cc6d68a633642561acbf307a2fb1d8960169e8450a7a6c9f8375706c01b2b971a6b85f98074c4b0a02954552f32c7ccc093802a260ffe81be4d641fb4b14d7ecf438ab31b157ae79c9a089a299259d651ddd01043bf9f63f3530baa55324d906f8439b12b417f62aba6b97130d401b70a531018f9300c12eafe30299c4fddc66399d338ab9992da50f337bcb6811df05f682f524fe1c920c3868da96d9357939f1a0c314fb53e34eff14611662e1fe8b6fda749f3eabf4e6c432812c024fbc9880d32f56a151a42a224ec64ca51ef3b8630ccc88ea6815146d0d8482c9081fa7594608887697aaae5ea4bda27e75a40c82d2485ee57b14e25770c8647225fe4d00be816e7980d9da549e8ca2fcdd419aa8c88e8ad33f5315eed1a45529927b1e9780d3957089b7fed83df50271cfcd8605e54e2f26cf472f8070da7a003e8ffa28d5e1bbf0e265b1fde806db7bf0fc0fe7b32635ce5bf7cfc1a79c25eb22aa4c8a6fb644f45a0c0657cfc5c4b7382ca7f674a2f4c6bcab52379d56c0696fbfe9c2f3ad875699ef2a350daf2dfd22b88e7da60bf0c0e6dde20e2f4b184858d54aac2ea614603f844332856bdf737492a40f08ece1522c75658c1fe87bcea2ffc37e3f6ac936eb75852c657d3eedf1a4318cc5e10e5acc39b360b3cc57e3e6447b0de87c073602f9372005c7400803011cbb81aa18742c2e072eb7a7aa333c686c00a2b44989a2963744c028c39a64b4ff2cbd641a2dde1668b7a7b50117f05b74172174dd1600c3e2a4cf758db3b989a276ae85d13380adb30c1be95f335e2a751126b45242b612a9496b821efe5e493eca5e32222ba6f3a26d37fa576b10a7c97c505a599af4bca38ef222ccd6c3b9abb572b4c0bf60f9907bc83cc67670aad360550daa4012c6ade77df049ece53cc822c5960e863fb5d3017708fb42d50eacc629d8bc486e5fa68297d1e53ee5bdf228ae32e20d567fba73ec2abf044d7a8ae7ab1ba0f948562fd02333f5bcea12a4f480cffdcaf81924692efe423bca58decebf509ba8877248e7dc7e3568c2ec3afd030d7b23c90f329ffa9ca176813df3bc7e96a56c577b2d1b8fcd0a8c32c8d8467542f3f57e885b6ac5ec2b1357fc34d35b13066bd20939b67df45a200aa9bf80e4a95f452b1430ef28523f96d260e2e97e36fc69de2f0b58c9be68d4d86aac47598499cd56986a1911d0f444fcab49fc4bcdaca304814740f9d9f634adab50910bda2d98ed09aa7533484c5e51e1502c88082549775ed2cd70caae9544f7afb8ae8433798841471dc2f7f0887bdf649e038086f0ecf0b3bb075284ec3ee4f660ed5ea7183f3e214e1fbcbc07e8324761def2263c1a5cd68a39b0e2f831f470fe8a9fe25da49b8ecd26e49c657bd3d598a2072697b9234f32195cfb64f458d585d9b01082856a817733f4c68e3e0c9868a4176dbba80c41b70bda0f1508264dfca860e8d1e1bd084d040b9cac8bf54618b03f78de6b04b4c0e803d91db88989fab56a6ed3a58669ec83d4d7416485b6a7fdebe0623f623535b7695b4297ef1c649397aa2897e55dc3ff74f1a53d446a4efca30e3c638edc2a42d56b59f8fcd7066066fb8aba6c38eef6fbf0e79021c37106e8f02d5ccfad7aebc0fc05e8f458feb15a3ba6f72a6beeb7d0fe0cbfb908d66c00c6ea8c318bb2a0e1f64fd1baa9c3d026ac2de38e5deab55fbe9593086146ba46f99bd4e3cd1470eb9380c094e7ba169fb28635aad89ec6ff2752a30455c60c34e0f42452830bbd70d182a144f59a2eb08e654c8c24c63a159ed173a11ffe5d96f87fe12cec18491832ac4b3035479a8625c33a62802ee1cade5c90930ef817495a3028118d2c81f9c886bf30eac7e7ae0970f8906de3bf2a3fa4759658484a5112f646ee6d456ab83d992d9e83b9b5780faa71710230d158e0dd808bab9bfa390302a4c501ec910a00246d158ae091f0988dc4bef8a1166de8c3562dd0331a67d2cd93f323b5e2511bfb904fa1a71b662e1c428cbfd6cd2a56cf66cbded635aec31ad5038235ac20a5d6766c01625b06cd1d83f74b9c839526f2fb1bb6f5907dc9b0ae2bce57c3ac936b41e3996d21e7dfe6a47f59005cbd4ae56211c070c23be929e50878496974946c4a52bc034a3fae69366b704503aef84d6206e3f91bb5a17a5500482b19bf01ddb66a010c5d04ae38be027b0bd506201bde93921439c1c23f2010ecb9dfc3c30f5101929898faa7ffcbb6deb4101e5e435a94c88dcf0d45c29347c2873fbb8e33fd4b1b32f95bd39860c766a13a31477ba6c60627d12233b7b7b3290d0ae16ee803cd8854fbe20ae5bfac1205f82db68c1ab42d3a1f09ce0391797fe0a5f08aa14cdf28859d893a7753fddfa689b9927f8146f79e93fbc86e7e77c27740286deebe822f716ee0d65b0033c682a99ec5e21ae0bbfd056a4231ab60228d72eeee1eefd322175b8b08831de619c553b493238c0455a05512153bb652fa45c159c332d9ba0f72cafee2e05450f630196780542552292803112a3b9ac11e1026f9feca070bc9b41fc7e28408b3eafe8ad85495e517b1bb5356a0831c8c17ecf76986e1afc54ea8b3ec47f8eaf9afb2b907166614a6c79ecd79eecb514ec29c25e1a00088502ff73e5e72924fb70efd", @ANYRES64=r3, @ANYRES32=r1], 0x20)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r4, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x1, 'queue0\x00'})
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000340)={0x1, &(0x7f0000000000)=[{0x6, 0xf, 0x0, 0x7fff8000}]})
close_range(r6, 0xffffffffffffffff, 0x0)
r7 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x80802, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000b00)={0x4, "a9acd29c080063467526aeb5ab2c7b9ca5fa07448139ede6dc04270ee04200", <r8=>0xffffffffffffffff})
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x20104, 0x4, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r7, 0xc0285700, &(0x7f0000000000)={0x100, "56b9595931028deda525e19bdeffaf31060000006500", <r9=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r8, 0xc0303e03, &(0x7f0000000780)={"10628c1965c61e00", r9})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$SW_SYNC_IOC_INC(r7, 0x40045701, &(0x7f0000000400)=0x6)
pselect6(0x40, &(0x7f0000000140)={0x11, 0xfffffffffffffffc, 0x8, 0xffffffff, 0xfffffffffffffffe, 0x0, 0x4, 0xfffffffffffffc01}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad, 0x0, 0x40}, 0x0, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000380)=ANY=[@ANYBLOB="2b687567db0da165746c62202b6465766963616974202b706572665f6576656e74202d72646d612016667265657ae93dfe7b11c6a09e561333f64dd893ffc0b475bc057c15e8287ac793ff5c3f0be4950037a42872d6b07f8065c142495fc7d2b21e0400ac17a2a63adf81a793d02005ee7a691e29ab71e27b200120578caac233f8a5c14cee9df707f0a40238fa5bb1444cbf063c7e2e599b76409bfc166eb024732eac7006842e57c7be3ef67629c770182829fdb89145208e18b8e3"], 0x3c)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x40000c4)

3.29846009s ago: executing program 4 (id=1645):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x350, 0x30, 0x100, 0x70bd2b, 0x25dfdbff, {}, [{0x33c, 0x1, [@m_skbedit={0x128, 0x19, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x10, 0xa}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xd}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x1}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x1, 0x1, 0xffffffffeffffffb, 0x6, 0x101}}]}, {0xca, 0x6, "de616dd9ce3b892bb6fafca061bed3e644dcf9151f4527045657b89def02bb9cad6c62f8293cff1e7df3eb0803889f2fd92b151ed17ab9007c47463bf4e7afe47ab1d24292b0103cbbc15977a51c0ae02a16535a666c86a6321ae76cba859e771aa7d0ff9fa033e50e56e0f68419fd47894ab8f8d473fc2af5fc18fb9399fdbb44bce22ac4c64feea69875f61ef4f46591d0547ce0f025b0a5f6dc470fd9635a05e318fa41b23e07582b3128621edbf17703923cea8b079f042f9924f50ce06116fc38e34430"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_xt={0x1c8, 0x11, 0x0, 0x0, {{0x7}, {0x19c, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x81b8}, @TCA_IPT_INDEX={0x8, 0x3, 0x5}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0xa82}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_INDEX={0x8, 0x3, 0xf6f}, @TCA_IPT_TARG={0x115, 0x6, {0xde5, 'security\x00', 0xfd, 0x6, "58b896ab865a267227e5b6ccd1d68ce8a894e5a4f8d74d244cc3937e2e2ea90902bf182af3278d89ce0874f4c5c16c31e865315f129a786341331a399c6bbc4776be84587cfde5f66b761518b33763ec1ac76ceca73f7c4b884b6734b971370a0767cbfffe13bd986a3a072d1f61a88dd3ca11b366ab1f296a044677f09dbac87bf344826528f298d21c4144ebeaf4ac69403b60f46ad8e918a7a25d22eb93ebe2c86c20690f85128387321091ad898099e0efd740345261e848850acdee9be5e1574fead30dfc85a45b2de54f9a2c172c1ce21e6c1cb5ea8d23eed156b98c9cf129689324ea2e01186626"}}]}, {0x6, 0x6, "51eb"}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_sample={0x48, 0x10, 0x0, 0x0, {{0xb}, {0x4}, {0x19, 0x6, "5c284c3a3976241974df53e1d3b1cccfebd3f123de"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x350}}, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$kcm(0x29, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x8}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
socket$nl_route(0x10, 0x3, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb1000008747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb80035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22383e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485a4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2245eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e4c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad64c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc590800", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8000, 0x100000, r2, 0xffffffffffffffff, 0x400e, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x5, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d44ebb40ec188832cf690102030109021b00010000000009040000010e01000009058103"], 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r4, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f00000004c0)=[@in6={0xa, 0x0, 0x0, @local, 0x1}], 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @local}], 0x1c)
r5 = socket(0x28, 0x803, 0x0)
sendto(r5, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

2.680728682s ago: executing program 1 (id=1646):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a44000010400010902600042010000000904"], 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0xc, &(0x7f0000000000), 0x4)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000340)=@ccm_128={{0x304}, "d66318499b06e26b", "f4cf0f397c00", "18018d78", "e7898cbe6f1fa337"}, 0x28)
r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x4420c0, 0x0)
ioctl$IOMMU_VFIO_GET_API_VERSION(r4, 0x3b64)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

2.473853794s ago: executing program 3 (id=1647):
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x1)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/packet\x00')
read$FUSE(r1, &(0x7f0000000540)={0x2020}, 0x2020)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_ADD_TX_TS(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x44, r2, 0x800, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0xde58}, @NL80211_ATTR_ADMITTED_TIME={0x6, 0xd4, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x44}, 0x1, 0x0, 0x0, 0x14}, 0x20080)
close(r0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r3, 0x0)
shutdown(r0, 0x1)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/net', 0x0, 0x0)
fcntl$notify(r4, 0x402, 0x28)
bind$inet6(r4, &(0x7f0000000240)={0xa, 0x4e22, 0x80000001, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4}, 0x1c)
getsockopt$inet6_mtu(r4, 0x29, 0x17, &(0x7f0000000100), &(0x7f0000000340)=0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
ioctl$EVIOCGMASK(r6, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
ioctl$EVIOCGSW(r6, 0x8040451b, &(0x7f0000000440)=""/247)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/rcu_expedited', 0x8400, 0x0)
r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000000100000024000180060005004e2300b90600010002001b0008000300ac1414aa0800060001000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)

1.737640839s ago: executing program 3 (id=1648):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_delrule={0x38, 0x21, 0x1, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_PROTOCOL={0x5, 0x15, 0x3}, @FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'macvtap0\x00'}]}, 0x38}}, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r4, 0x84, 0x15, &(0x7f0000000080)={0x1}, 0x1)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000057eb0020fd070400fa8e0102030109021b00020000000009044a0000ff4868000904"], 0x0)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000100)=0x800009, 0x4)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r5=>0x0})
sendto$packet(r2, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14)

1.580784279s ago: executing program 2 (id=1650):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x135)
r1 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e22, 0x0, @private2}}}, 0x108)
r2 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00')
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x111, 0x0)

1.575319162s ago: executing program 2 (id=1651):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r1, 0x1, 0x7, &(0x7f0000000340), 0x4)
sendmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000000)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
r2 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r2, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e23, @empty}}, 0xe4b, 0x8, 0x8000, 0x4, 0x10, 0x1, 0xe}, 0x9c)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sysvipc/sem\x00', 0x0, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000200)='memory.swap.current\x00', 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e22, 0x80000001, @empty, 0x2}}, 0xc, 0x3}, 0x90)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r5, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r5, &(0x7f0000000c80)={'syz0\x00', {0x0, 0xfffc}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000]}, 0x45c)
syz_clone3(&(0x7f0000000640)={0x40180000, &(0x7f0000000300), &(0x7f0000000380)=<r6=>0x0, &(0x7f0000000400), {0x14}, &(0x7f0000000540)=""/251, 0xfb, &(0x7f0000001c80)=""/4096, &(0x7f0000000440)=[0xffffffffffffffff], 0x1, {r4}}, 0x58)
r7 = syz_open_procfs$namespace(r6, &(0x7f0000000480)='ns/cgroup\x00')
setns(r7, 0x0)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r5, 0x5501)

1.2162796s ago: executing program 1 (id=1652):
sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x80080)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x9, 0x0, 0x81, 0xffffffff})
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000002c0)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0xd5, 0x9, 0xb, 0x7, 0x4000000, 0x5, "d3a947f7cc4f17752c8dfa9c8dec4402385a8c4133732d226ab956f89d14836e73baee22ef108abba86710beee622a882c0ee70015d456ca25f79e3ea731c41c07ca7eb324a4c79f6bb88a40d461144774c7a25c40032a0850fe9dc9aacd5f59c9a82e98f69bee08d66da3efb4eabc8758673480820f1a5b97c2964dfb97e1ac3885d81b8aaf8b674ba29c2e278089287c2071f0cf06c12a7847ffafed30cbdda261846deb6123e5636b644431897f0289ac01ce1a9473987d16c4ebc371a64df55a39bd8c5d1e5d6ed35ff21b390b087e7eb6adb7"}}, 0x1ed)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r2, 0x1, 0xc, &(0x7f0000000200)=0xfffffffc, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0x40044103, &(0x7f0000000080))

908.790303ms ago: executing program 1 (id=1653):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_GET_DEVICE_ATTR_vm(r3, 0x4018aee2, &(0x7f00000002c0)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000001c0)={0x92c8, 0x800}})

814.486651ms ago: executing program 0 (id=1654):
syz_emit_ethernet(0xbe, &(0x7f00000000c0)=ANY=[], 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$inet_dccp(0x2, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x37, 0x301, 0x270bd24, 0x25dfdbfc, {0x3}}, 0x14}}, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
pipe2$9p(&(0x7f0000000240), 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x842, 0x0)
pselect6(0x40, &(0x7f0000000580), 0x0, &(0x7f0000000d00)={0xd0}, 0x0, 0x0)
close(r1)
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x7079, 0x20, 0x2, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$LOOP_GET_STATUS64(0xffffffffffffffff, 0x4c05, &(0x7f0000000480))
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001000000000000000000060a0b040000000000000000020000002400048020000180070001006374000014000280080002400000001008000140000000020900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a0000000000000000b51ac1a73bc94bf8c4752fdbdb"], 0x78}}, 0x0)
r6 = socket$kcm(0x2, 0x1, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x143e81, 0x0)
r8 = dup(r7)
fallocate(r8, 0x11, 0x0, 0x74000)
shutdown(r6, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)

766.125016ms ago: executing program 1 (id=1655):
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="120100002ec6601037210100352a010203010902120001000000000904"], 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x42801, 0x0) (fail_nth: 8)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
listen(r0, 0xfff)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000000)={0x2005, 0x2200000, 0x7, 0x0, 0x0, 0xfffffffe})
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000140)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffff", 0x40}], 0x1)

292.789632ms ago: executing program 2 (id=1656):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x20, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001c80)="50e2d0e8f7c79f56fe316075d1848c2846a50934836763ae403f35dbe8580de2c59113798cdc8a74dc21020f4e97e9ac22768c9b7d9aca64aa97212a1826646b4a19ebd05d3e7cbae0f91b621e6ac8e60d7d39df4febd1a8e2a737845dccfdbecde934165ded16e411da023b9fba7840a8e50b7f909cc9d51522dc4ac3075e975b35681f8d16915a3d248396f134273ff13a72f082839bd3021d4f0a5550671bb7d267d74dc8a800f3f7e8be6daea4379e76bc978e801fbd9d83544776580baa62d6156cc3aaec4b79a8ecc46317f48f62ff039722c87db0cd54d937de47619f530c29622e55176b5dfbbd084521a28e89488f57a6d3c19c2df39243d73425d52f0a42cc4a01e39f3c24ecd0e22d696d59320e4ee7d111d3abac17ebfc8aa6bb910c8d1d92efe391d372130bfccdec653e41694e86c79164f36b1ac9fc2812a7944f8b08f6780b102f71f4dc7232c83d20a4aa83db3e540a063f7f13360b6435b755f4af598016caf933a76bf2f2897b04a1efe5793b62c87532ba7fc740372ea2918a0dca9de22c336f6b4ab77b1047e00d693585263f938791e5bf228f297896d3a90f4e87c53e42589eba922b3770644a9a199bd95fca9d25416417924b7b594e88cb3e0b3d48014993d64636c82533a49c239a2305b4e9fe43f2ab23aa972ecfd7bd1eefb2d9f8117a8711e5f4c84704b761fdac68a8ae0e0e2d69bcd3ee3b3101a14459b9aac31b693130e809b72e9a8722029a6ee71faf89daa40d3a98476aeeb172b14d452a38475599d5f8243ff49bbc4fd4341ee82c77d0f7e3a93fb89d9c826697f86a7ed404d82fd358d919af26580bed09ce5f694c7fb2919b181ff08da24a7a95523b67b45098c233abdac18a7816bc2e56092f0f8fc300d44f0c181b7bc103b03fe978410816b1ec59a52f2d08a895028dc4559983701ce75a60ccdec67401e1208ca3f4032aeb7536f6cfb3f9fb1f2fa8e67adcfc8690e904599860f707b1be70a49f60e01e8fd3f46165cd186808e0536bde9356dea4ce245a9cc3293a2c7e42d96c953526d3639bd2a1c05a41bac3b5f6481bcfd77800", 0x2ff}], 0x1}, 0x44080)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x40001, 0x0, 0xfffffffffffffe0e)

236.05874ms ago: executing program 2 (id=1657):
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r1, &(0x7f0000000440)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x1, {{0x1, 0x3}}}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000080)="b978e0ec421cb1102c0d174b9fce0c9041f89bf4052986bd2236913f88839482685e120163a91654c27a6fbc4bf73332de7682712b5751c58e4528d1d8a23fdebf674db15b51a36efdf4bdad2f519f1f92fdeb1371a5dfdd5e7e0662b98d893d2773d33db60fab545bc478352fb51d5727cb4d431f94c53701268288dded05e3691892eab00e19d000153ba504b8c0b67e1b480248d3ea9cf189ddbb2799ca71f600f82c5354c9a8ce86c819f4d750e1329320c0231cf7831c0d833468cf1259ebea3aad97ab56ca1bcb19689ab7f6e51917d08ec11a0fbc912be6e3d742d01b3274e0f07408f6932067fecb54c2ac17e903a20776f19e", 0xf7}, {&(0x7f0000000180)="af", 0x1}, {&(0x7f00000001c0)="1fc7224477113d797ee7f787b1a0572869803c4bb2647a46693de3da7e47908bff18a4f301223ecd9e6e71bda878fa740f4ecb134645c6f543d0f7d9849844f7d20d8211c48eb6f10ade90", 0x4b}, {&(0x7f0000000240)="721b96e86641b63489b3bb77275189bce63f831c653728c3196fa83e851762c746e8a0d883e8f830fb7756785b35fb03ebb5818c2a72263bb03e3550831f11d5718a8d4be8b44b3da86864e29b3236df23a805aed49feb1deef891c459a8cf7727f5d0d9231968b4ee3ccdb397b5ac4f5ad385ee3d340195cf3c180dfe25bd282f9462", 0x83}, {&(0x7f0000000300)="056779a9d2d0718c8e6e50883f7d6460f289d56a0ce37737293072cf6ff269d094f4073d67cbc9e701953da3b0", 0x2d}], 0x5, &(0x7f00000003c0)="4623b587ce2190b95a6a9cc918e98c0cb71885243525d8f6fcc5022bb092791c75cc6e97dae365b288cbb128967db12927f6fc7091bbb76cfedd1ebeaa5556993cc9b7ce1d404db13a209b6153e9f2ab4f248e1b9af6c5ebc1ddcb124f60462df9", 0x61, 0x4090}, 0x40000)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000480)={<r2=>0x0, 0x1f, "e85f02ade452920104c496acf1ea77b0694cb23565a68f4cd662d658df6530"}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000500)={<r3=>r2, 0x5}, &(0x7f0000000540)=0x8)
r4 = accept4(r0, &(0x7f0000000580)=@hci, &(0x7f0000000600)=0x80, 0x80000)
preadv(r1, &(0x7f00000007c0)=[{&(0x7f0000000640)=""/117, 0x75}, {&(0x7f00000006c0)=""/210, 0xd2}], 0x2, 0x3, 0x5)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000800), &(0x7f0000000840)={'U-', 0x7}, 0x16, 0x1)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000a00)={0xffffffffffffffff, 0x58, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0}}, 0x10)
sendto$packet(r4, &(0x7f0000000880)="a4c422297df6b4022439a3626e503f013e4091b4bce744c86208dd90dc2a2806ca4989ca9ccc5a0a5da19e30ec9090f9b983c0c08936a8aef85e0f2d68ba5d1eefc7ec853f6284986003e8c8a3761221a76643e9474b4f9b13aaa73fbb78a7c102862eb38b0c75b816226bfa8b0e9e881e8f51605a2a361c7cdbb0511de3c3f17764363ecd2c6a71c63b9b439de094bb362f63060e98cf8d696aef594bc3feb45f15c6a5b4df2dd0d383cccc6b0d5b07a5285171a588b5e0452652971913ec5e7313d69187035520e0c5275f60e6f73a46551e26a38060807577c01e", 0xdc, 0x80, &(0x7f0000000a40)={0x11, 0xf7, r6, 0x1, 0x4, 0x6, @local}, 0x14)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000a80)={'wlan0\x00'})
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000ac0)={{0x1, 0x1, 0x18, <r7=>0xffffffffffffffff, {0x0, 0xd4a}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000b00)={{0x1, 0x1, 0x18, <r8=>r5, {0x4}}, './file0\x00'})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000b40)=@base={0x1, 0x4, 0x6, 0x5, 0x20801, r7, 0x100, '\x00', 0x0, r8, 0x1, 0x1, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000bc0)='/proc/consoles\x00', 0x0, 0x0)
setsockopt$inet_opts(r7, 0x0, 0x0, &(0x7f0000000c00)="f93582725e91742ddbadbe4bcaa10065623106b850ba0ef579e705020432582963247da42b31cccf8fef3395e61b070cf43d4b6de581bc1904c66ad310e28d1f09dfc7c0b1c5d1ca7993635ad67cd985b43ffd8dd6d9e7d1f3a0364c8f6e2ae534965db77735e2292e58b8d6", 0x6c)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000cc0), r8)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000d00)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r8, &(0x7f0000001380)={&(0x7f0000000c80)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000001340)={&(0x7f0000000d40)={0x5cc, r11, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x16f5, 0x73}}}}, [@NL80211_ATTR_TX_RATES={0x23c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x54, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xc, 0x36, 0x6, 0x0, 0x16, 0x4, 0x1, 0x0, 0x16, 0x16, 0x60, 0x0, 0x1b, 0x1, 0x36, 0x3, 0x6, 0x48, 0xb, 0x36, 0x5, 0x12, 0x16, 0x48, 0x0, 0x36, 0x9]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x2, 0x288f, 0xfee0, 0x4, 0x2f, 0x1, 0x7]}}, @NL80211_TXRATE_HT={0x19, 0x2, [{0x2, 0x7}, {0x4, 0x8}, {0x1, 0x6}, {0x6, 0x6}, {0x4, 0x6}, {0x3, 0x6}, {0x6, 0x1}, {0x7, 0x2}, {0x7, 0xa}, {0x1, 0x5}, {0x3, 0x7}, {0x7, 0x2}, {0x4, 0x6}, {0x6, 0x6}, {0x0, 0x2}, {0x6, 0x4}, {0x1}, {0x6}, {0x1, 0x1}, {0x3, 0x1}, {0x4, 0xa}]}]}, @NL80211_BAND_2GHZ={0x80, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x8c0, 0x3f9, 0x7ff, 0x5, 0x7, 0x80, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x80}, @NL80211_TXRATE_HT={0x4d, 0x2, [{}, {0x7, 0x7}, {0x7, 0xa}, {0x0, 0x8}, {0x6, 0x1}, {0x4, 0x3}, {0x6, 0x3}, {0x7, 0x7}, {0x4, 0xa}, {0x3, 0x5}, {0x7, 0x5}, {0x3, 0x8}, {0x2, 0x6}, {0x1, 0x7}, {}, {0x2, 0x7}, {0x6}, {0x5, 0x5}, {0x4, 0x5}, {0x5, 0x6}, {0x1, 0x3}, {0x4, 0x9}, {0x7, 0x8}, {0x0, 0xa}, {0x3}, {0x4, 0x8}, {0x0, 0x1}, {0x3, 0x6}, {0x1}, {0x5, 0x4}, {0x0, 0x2}, {0x3, 0x3}, {}, {0x0, 0x8}, {0x1, 0xa}, {0x1, 0xa}, {0x0, 0x2}, {0x0, 0x6}, {0x2, 0x1}, {0x5, 0x4}, {0x7}, {0x5, 0x3}, {0x2, 0x5}, {0x2, 0x9}, {0x6, 0x8}, {0x0, 0x8}, {0x3, 0x9}, {0x6, 0x9}, {0x0, 0x4}, {0x1}, {0x1, 0x1}, {0x6, 0x4}, {0x2, 0xa}, {0x2, 0x7}, {0x5, 0x6}, {0x0, 0x9}, {0x7}, {0x2, 0x9}, {0x4, 0x9}, {0x1, 0x1}, {0x7, 0x4}, {0x5, 0x1}, {0x1, 0x5}, {0x2, 0x9}, {0x5, 0x1}, {0x3}, {0x1, 0x8}, {0x1, 0x7}, {0x4, 0x2}, {}, {0x0, 0x6}, {0x0, 0x8}, {0x4, 0x3}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_2GHZ={0x44, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x48]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xffc0, 0x200, 0x5, 0xb, 0x2, 0x8, 0x3, 0x822c]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x4]}]}, @NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xdf5, 0x0, 0x80, 0x5e6, 0xff7f, 0x1, 0x0, 0x9]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x7ff, 0x7, 0x2a8, 0x81, 0x8, 0x800, 0xfff4]}}, @NL80211_TXRATE_HT={0x45, 0x2, [{0x0, 0x8}, {0x2, 0x6}, {0x4, 0x6}, {0x5, 0x8}, {0x3, 0x2}, {0x0, 0x4}, {0x6, 0x4}, {0x6, 0x9}, {0x3, 0x6}, {0x1, 0x5}, {0x4, 0x2}, {0x7}, {0x0, 0x8}, {0x7, 0x6}, {0x1, 0x7}, {0x1, 0x1}, {0x7, 0x1}, {0x4, 0xa}, {0x0, 0x7}, {0x3}, {0x1, 0x7}, {0x7, 0xa}, {0x1, 0x7}, {0x2, 0x2}, {0x0, 0x1}, {0x5, 0x2}, {0x0, 0xa}, {0x0, 0x6}, {0x7}, {0x4, 0x6}, {0x3, 0x5}, {0x1, 0x9}, {0x0, 0x6}, {0x3}, {0x4, 0x7}, {0x2, 0x7}, {0x1}, {0x2, 0x1}, {0x1, 0x7}, {0x0, 0x9}, {0x0, 0x7}, {0x0, 0xa}, {0x1}, {0x1, 0x5}, {0x2, 0xa}, {0x5}, {0x0, 0x7}, {0x2, 0x9}, {0x0, 0x8}, {0x3, 0x3}, {0x7, 0x7}, {0x2, 0x2}, {0x3, 0xa}, {0x2, 0x1}, {0x5, 0x1}, {0x3, 0x8}, {0x5, 0x2}, {0x1, 0x7}, {0x6, 0xa}, {0x5, 0x10}, {0x4, 0x5}, {0x1, 0x5}, {0x0, 0x9}, {0x4, 0x4}, {0x5}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_2GHZ={0x58, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x35, 0x2, [{0x0, 0x8}, {0x0, 0x9}, {0x0, 0x1}, {0x3}, {0x5, 0x6}, {0x0, 0x4}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x5, 0x7}, {0x3, 0x4}, {0x4, 0x2}, {0x7, 0x5}, {0x2, 0xa}, {0x5}, {0x1, 0x5}, {0x0, 0x9}, {0x0, 0x3}, {0x0, 0x4}, {0x1}, {0x2, 0x4}, {0x6, 0x2}, {0x5, 0x8}, {0x3, 0x7}, {0x0, 0x4}, {0x4, 0x3}, {0x1, 0x1}, {0x4, 0x5}, {0x2, 0x6}, {0x3, 0x3}, {0x4, 0x6}, {0x6}, {0x0, 0x8}, {0x7, 0x7}, {0x7, 0x4}, {0x0, 0x2}, {0x1, 0x4}, {0x2, 0x7}, {0x6}, {0x5, 0x1}, {0x1, 0x4}, {0x4, 0x2}, {0x1, 0x9}, {0x2, 0x6}, {0x6, 0x1}, {0x4, 0x7}, {0x0, 0x9}, {0x6, 0x1}, {0x7, 0x3}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x3, 0x4, 0x1, 0x7f, 0x3, 0x9, 0x3]}}]}]}, @NL80211_ATTR_TX_RATES={0xa0, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x58, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x101, 0x4, 0x8, 0x7d7, 0x1, 0x6, 0x4]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1ff, 0x200, 0x8, 0x6, 0x3, 0x8, 0x9, 0x6946]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x13, 0x2, [{0x6, 0xa}, {0x0, 0x7}, {0x3, 0x8}, {0x7, 0x1}, {0x5, 0x6}, {0x4, 0xa}, {0x2}, {0x6, 0x3}, {0x5, 0x9}, {0x7, 0x5}, {0x6, 0x4}, {0x7, 0x1}, {0x6, 0x8}, {}, {0x2, 0x5}]}]}, @NL80211_BAND_6GHZ={0x44, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x14, 0x2, [{0x1, 0xa}, {0x7, 0x8}, {0x3, 0x6}, {0x7, 0x9}, {0x2, 0xa}, {0x6, 0x5}, {0x3, 0x3}, {0x3, 0x3}, {0x6, 0x9}, {0x1, 0x4}, {0x5}, {0x2}, {0x4, 0x5}, {0x6, 0x1}, {0x1, 0x3}, {0x2, 0x2}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x1, 0x400, 0xfff8, 0xc, 0xebe, 0x59, 0xe9c]}}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_ATTR_TX_RATES={0x1c8, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x80, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x18, 0x1, [0x16, 0x16, 0x18, 0x9, 0x30, 0x5, 0x36, 0x60, 0x5, 0x18, 0x6, 0x24, 0x16, 0x61, 0x3, 0x9, 0x6c, 0x60, 0x24, 0x4]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0xa, 0x5, 0x8, 0xfff7, 0x6, 0x1800, 0x7fff]}}, @NL80211_TXRATE_HT={0x23, 0x2, [{0x0, 0x1}, {0x0, 0x2}, {0x6, 0x6}, {0x3, 0xa}, {0x6, 0x9}, {0x2, 0x2}, {0x7}, {0x7, 0x8}, {0x6, 0x9}, {0x3, 0x8}, {0x5, 0x1}, {0x0, 0xa}, {0x4, 0x6}, {0x2, 0x3}, {0x6, 0x2}, {0x0, 0x6}, {0x1, 0x5}, {0x2, 0x6}, {0x0, 0x9}, {0x1, 0x7}, {0x2, 0x1}, {0x7, 0x3}, {0x3, 0x7}, {0x1, 0x5}, {}, {0x5, 0x3}, {0x0, 0x6}, {0x5, 0x9}, {0x5}, {0x5, 0x7}, {0x1, 0xa}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xfff0, 0x5, 0x9, 0xe, 0x81, 0xb, 0x5, 0x200]}}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x0, 0x7}, {0x1, 0x2}, {0x2, 0x4}, {0x5, 0x9}, {0x7, 0x5}, {0x6, 0x5}, {0x7, 0x7}, {0x2, 0x3}, {0x2}, {0x0, 0xa}, {0x1}, {0x3, 0x2}, {0x1, 0x3}, {0x1, 0x6}, {0x0, 0x4}, {0x6, 0x9}, {0x1, 0xa}, {0x7, 0x3}, {0x2, 0x5}, {0x7, 0x5}]}]}, @NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}, @NL80211_BAND_2GHZ={0x60, 0x0, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x7, 0x1, 0x32, 0xf5db, 0x9, 0x7, 0x1]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x2, 0xc8, 0x8000, 0x3, 0x1400, 0x3, 0x5]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x23, 0x1, [0x1, 0x5, 0x3, 0x2, 0x2, 0x36, 0x1, 0x18, 0x18, 0x4, 0x1b, 0xc, 0xb, 0x24, 0x1b, 0x36, 0x2, 0x3, 0x16, 0x7c, 0x3, 0xb, 0xb, 0x75, 0x30, 0x6c, 0x36, 0x18, 0x60, 0x2, 0x1]}]}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}]}, @NL80211_BAND_6GHZ={0x4c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HT={0x11, 0x2, [{0x0, 0x3}, {0x6, 0x7}, {0x2, 0x5}, {0x6, 0xa}, {0x0, 0x5}, {0x0, 0xa}, {0x5, 0x2}, {0x4, 0x4}, {0x5, 0x8}, {0x2, 0xa}, {0x7, 0x7}, {0x2, 0x9}, {0x5}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x80, 0x122, 0x246, 0x0, 0x9, 0xa, 0x5, 0x6]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}]}, @NL80211_BAND_6GHZ={0x84, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7ad3, 0x7fff, 0x1, 0x800, 0x4000, 0x9, 0x9, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x1, 0x1, 0xf, 0x5, 0x8, 0x8, 0x6, 0x70]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_LEGACY={0x1c, 0x1, [0x3, 0x12, 0x22, 0x9, 0x6, 0x24, 0x36, 0x6c, 0x79, 0x48, 0xc, 0x1b, 0x4, 0x18, 0x18, 0x12, 0x30, 0xb, 0x6, 0x0, 0x5, 0x6, 0xc, 0x6c]}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x24, 0x18, 0x30, 0x13, 0x18, 0x18, 0x50, 0x6c, 0x36, 0x5, 0x3, 0x3, 0x6c, 0x16]}, @NL80211_TXRATE_LEGACY={0x17, 0x1, [0x30, 0x6, 0x60, 0x6c, 0x48, 0xb, 0x60, 0x9, 0x24, 0x1, 0x5, 0xc, 0x5, 0x9, 0x1b, 0x48, 0x16, 0x24, 0x1]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}]}]}, @NL80211_ATTR_TX_RATES={0xa0, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x3, 0x2, 0x7, 0x156, 0x0, 0x1, 0x7]}}]}, @NL80211_BAND_60GHZ={0xc, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_5GHZ={0x78, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x8, 0x3, 0x126f, 0x4, 0x81, 0x4, 0x8, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x2f, 0x2, [{0x4, 0x6}, {0x6, 0x4}, {0x1, 0x5}, {0x1, 0x1}, {0x3, 0x8}, {0x3, 0x6}, {0x6, 0x5}, {0x1}, {0x3, 0x9}, {0x1, 0x7}, {0x1, 0x1}, {0x7, 0x6}, {0x4, 0x4}, {0x4, 0x8}, {0x6, 0x5}, {0x5}, {0x5, 0x9}, {0x5}, {0x2}, {}, {0x3, 0x6}, {0x1, 0x7}, {0x5, 0x3}, {0x4, 0x2}, {0x5, 0xa}, {0x2, 0x7}, {0x6, 0x9}, {0x4, 0xa}, {0x5, 0x4}, {0x3, 0x7}, {0x7}, {0x5, 0xa}, {0x4, 0x4}, {0x4, 0x3}, {0x6, 0x4}, {0x1, 0xa}, {0x5, 0x5}, {0x4, 0x1}, {0x0, 0x7}, {0x5, 0x1}, {0x1, 0x6}, {0x4}, {0x1, 0x5}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x3, 0x3, 0x24, 0x0, 0x40, 0x0, 0x837, 0xb]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x9, 0x7, 0x0, 0xaab, 0x284, 0xffff, 0x8]}}]}]}, @NL80211_ATTR_TX_RATES={0x60, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x14, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xd, 0x7, 0x0, 0x4, 0x1000, 0x5, 0x401, 0x800]}}, @NL80211_TXRATE_LEGACY={0xf, 0x1, [0x48, 0x9, 0x48, 0x0, 0x3, 0x1, 0x9, 0xb, 0x6c, 0x12, 0xc]}]}, @NL80211_BAND_60GHZ={0x14, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}]}, 0x5cc}, 0x1, 0x0, 0x0, 0x4}, 0x376d0d6004ddaf24)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r9, 0x80047213, &(0x7f00000013c0))
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r10, 0x8982, &(0x7f0000001400)={0x2, 'veth0_to_bridge\x00', {0x4c5}, 0x1})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001480)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_START_NAN(r10, &(0x7f0000001580)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001540)={&(0x7f00000014c0)={0x64, r11, 0x300, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x5b}, @NL80211_ATTR_BANDS={0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x4}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x8}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x6}, @NL80211_ATTR_BANDS={0x8, 0xef, 0x1}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x3}, @NL80211_ATTR_NAN_MASTER_PREF={0x5, 0xee, 0x40}]}, 0x64}, 0x1, 0x0, 0x0, 0x400a800}, 0x1)
ioctl$TIOCGSID(r10, 0x5429, &(0x7f00000015c0)=<r14=>0x0)
ptrace$getregset(0x4204, r14, 0x2, &(0x7f0000001700)={&(0x7f0000001600)=""/209, 0xd1})
r15 = socket$inet6_sctp(0xa, 0x7, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r15, 0x84, 0x72, &(0x7f0000001740)={r3, 0x4, 0x10}, 0xc)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r7, 0x18, &(0x7f0000001780)={0x6, r9, 0x2, {0xa453, 0x7f}, 0xe2}, 0x1)
ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f00000017c0))

114.859696ms ago: executing program 2 (id=1658):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_MPATH(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x1c, r3, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40800) (fail_nth: 8)

12.909921ms ago: executing program 2 (id=1659):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x410281, 0x0)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x1, 0x4800003e, r1, 0x0)
dup2(r2, r1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x8, 0x4})
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r4=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000100)={0x3, r4, 0xffffffff, 0x200000, 0xa, 0x1ff, 0x1})

0s ago: executing program 4 (id=1660):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv6_newroute={0x30, 0x18, 0x1, 0x70bd2c, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @loopback}]}, 0x30}}, 0x0)

kernel console output (not intermixed with test programs):

robe with driver cdc_wdm failed with error -22
[  387.604405][ T5896] usb 2-1: USB disconnect, device number 99
[  387.784088][T10246] netlink: 'syz.2.1291': attribute type 16 has an invalid length.
[  387.800851][T10246] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1291'.
[  387.996779][   T47] usb 4-1: new full-speed USB device number 73 using dummy_hcd
[  388.134389][T10252] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.150664][T10252] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.164460][   T47] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  388.186508][   T47] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  388.194673][T10252] fuse: Bad value for 'fd'
[  388.201024][   T47] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  388.214816][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  388.234084][   T47] usb 4-1: SerialNumber: syz
[  388.256603][ T5888] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  388.288324][   T47] usb 4-1: 0:2 : does not exist
[  388.420753][ T5888] usb 5-1: config 0 has no interfaces?
[  388.429112][ T5888] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  388.439453][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.576550][ T5888] usb 5-1: Product: syz
[  388.603658][ T5888] usb 5-1: Manufacturer: syz
[  388.640723][ T5888] usb 5-1: SerialNumber: syz
[  388.654334][T10256] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1294'.
[  388.694248][ T5888] usb 5-1: config 0 descriptor??
[  388.935509][T10248] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1290'.
[  388.974083][T10259] netlink: 'syz.1.1294': attribute type 2 has an invalid length.
[  389.185501][T10262] netlink: 'syz.1.1295': attribute type 21 has an invalid length.
[  389.276539][T10262] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1295'.
[  389.289569][T10262] netlink: 'syz.1.1295': attribute type 5 has an invalid length.
[  389.290264][ T5896] usb 4-1: USB disconnect, device number 73
[  389.318011][T10262] netlink: 'syz.1.1295': attribute type 6 has an invalid length.
[  389.350471][T10262] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1295'.
[  389.871249][T10270] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  389.901679][T10271] xt_NFQUEUE: number of total queues is 0
[  389.922427][T10271] FAULT_INJECTION: forcing a failure.
[  389.922427][T10271] name failslab, interval 1, probability 0, space 0, times 0
[  389.978805][T10271] CPU: 0 UID: 0 PID: 10271 Comm: syz.0.1297 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  389.978839][T10271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  389.978853][T10271] Call Trace:
[  389.978862][T10271]  <TASK>
[  389.978871][T10271]  dump_stack_lvl+0x241/0x360
[  389.978907][T10271]  ? __pfx_dump_stack_lvl+0x10/0x10
[  389.978935][T10271]  ? __pfx__printk+0x10/0x10
[  389.978965][T10271]  ? __pfx___might_resched+0x10/0x10
[  389.979008][T10271]  should_fail_ex+0x424/0x570
[  389.979040][T10271]  should_failslab+0xac/0x100
[  389.979070][T10271]  __kmalloc_cache_noprof+0x73/0x370
[  389.979100][T10271]  ? sctp_auth_asoc_copy_shkeys+0x13b/0x580
[  389.979124][T10271]  sctp_auth_asoc_copy_shkeys+0x13b/0x580
[  389.979151][T10271]  sctp_association_new+0x15ad/0x2540
[  389.979187][T10271]  sctp_connect_new_asoc+0x31c/0x700
[  389.979215][T10271]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  389.979238][T10271]  ? sctp_sendmsg+0xf30/0x3620
[  389.979266][T10271]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  389.979289][T10271]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  389.979321][T10271]  sctp_sendmsg+0x2009/0x3620
[  389.979359][T10271]  ? __pfx_sctp_sendmsg+0x10/0x10
[  389.979385][T10271]  ? aa_sk_perm+0x96f/0xac0
[  389.979416][T10271]  ? inet_sendmsg+0x330/0x390
[  389.979449][T10271]  __sock_sendmsg+0x1a6/0x270
[  389.979473][T10271]  __sys_sendto+0x365/0x4c0
[  389.979502][T10271]  ? __pfx___sys_sendto+0x10/0x10
[  389.979537][T10271]  ? __fget_files+0x2a/0x420
[  389.979563][T10271]  ? ksys_write+0x275/0x2d0
[  389.979596][T10271]  __x64_sys_sendto+0xde/0x100
[  389.979632][T10271]  do_syscall_64+0xf3/0x230
[  389.979654][T10271]  ? clear_bhb_loop+0x45/0xa0
[  389.979677][T10271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.979698][T10271] RIP: 0033:0x7fa5cb18d169
[  389.979716][T10271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.979735][T10271] RSP: 002b:00007fa5cbff2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  389.979759][T10271] RAX: ffffffffffffffda RBX: 00007fa5cb3a5fa0 RCX: 00007fa5cb18d169
[  389.979775][T10271] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000004
[  389.979789][T10271] RBP: 00007fa5cbff2090 R08: 0000200000000080 R09: 0000000000000010
[  389.979804][T10271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.979817][T10271] R13: 0000000000000000 R14: 00007fa5cb3a5fa0 R15: 00007fa5cb4cfa28
[  389.979843][T10271]  </TASK>
[  390.244569][T10270] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2
[  390.260520][T10270] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0
[  390.450397][    T9] usb 5-1: USB disconnect, device number 96
[  390.852822][T10284] netlink: 'syz.4.1302': attribute type 16 has an invalid length.
[  390.861776][T10284] netlink: 64138 bytes leftover after parsing attributes in process `syz.4.1302'.
[  390.992157][T10294] netlink: 'syz.4.1305': attribute type 10 has an invalid length.
[  391.034236][T10294] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  391.066685][ T5888] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  391.228159][ T5888] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  391.236884][ T5888] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  391.262987][ T5888] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  391.273066][ T5888] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.289169][ T5888] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  391.298700][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  391.307466][ T5888] usb 2-1: Product: syz
[  391.311889][ T5888] usb 2-1: Manufacturer: syz
[  391.341249][ T5888] cdc_wdm 2-1:1.0: skipping garbage
[  391.352182][ T5888] cdc_wdm 2-1:1.0: skipping garbage
[  391.372512][ T5888] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  391.576092][ T5888] usb 2-1: USB disconnect, device number 100
[  391.785346][T10304] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1307'.
[  391.815165][T10304] [U] Õϳž|Úbcžå²tN|µúM™"„7Uú“cyù°©´Õ^7ú#ƒ\kÑ?—§b+]òw5¦\iÄ%ßÞÙ±³*½¬EÝ©'g—z»«®Õà®ÆÊs’½Ç…˜+핹_ð3' Õ¯
[  392.122481][T10306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  392.134097][T10306] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  392.215502][T10311] batman_adv: batadv0: Interface deactivated: dummy0
[  392.222921][T10311] batman_adv: batadv0: Removing interface: dummy0
[  392.355948][T10315] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  392.585920][T10323] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  392.604578][T10323] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  392.614424][T10323] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0
[  392.836492][    T9] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  392.997886][    T9] usb 5-1: too many configurations: 32, using maximum allowed: 8
[  393.016739][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  393.024769][    T9] usb 5-1: can't read configurations, error -61
[  393.176741][    T9] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  393.378494][    T9] usb 5-1: too many configurations: 32, using maximum allowed: 8
[  393.398203][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  393.406332][    T9] usb 5-1: can't read configurations, error -61
[  393.415717][    T9] usb usb5-port1: attempt power cycle
[  393.756628][    T9] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  393.821109][    T9] usb 5-1: too many configurations: 32, using maximum allowed: 8
[  393.840181][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  393.859880][    T9] usb 5-1: can't read configurations, error -61
[  394.012100][T10341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  394.023909][    T9] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  394.040209][T10341] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  394.063939][    T9] usb 5-1: too many configurations: 32, using maximum allowed: 8
[  394.083133][T10341] fuse: Bad value for 'fd'
[  394.147472][    T9] usb 5-1: unable to read config index 0 descriptor/start: -61
[  394.155949][    T9] usb 5-1: can't read configurations, error -61
[  394.166574][    T9] usb usb5-port1: unable to enumerate USB device
[  394.556793][ T5896] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[  394.786042][ T5896] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  394.875305][ T5896] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  394.895591][ T5896] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  394.913158][ T5896] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  394.947955][T10304] [U] ãÙ]ÍpØ)I5-ÍA¾\ue¾5ˆGÿaj*I_cص³ÍR]…“ˆŽŽb­´s,Ï{ŽèŠà£{
[  394.955434][ T5896] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  394.965558][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  394.991880][ T5896] usb 2-1: Product: syz
[  395.003073][ T5896] usb 2-1: Manufacturer: syz
[  395.024490][ T5896] cdc_wdm 2-1:1.0: skipping garbage
[  395.030668][ T5896] cdc_wdm 2-1:1.0: skipping garbage
[  395.045285][ T5896] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  395.248387][ T5896] usb 2-1: USB disconnect, device number 101
[  396.084108][T10356] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1322'.
[  396.106268][T10356] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1322'.
[  396.130882][T10356] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1322'.
[  396.174148][T10357] syz.1.1322 (10357): drop_caches: 2
[  396.195875][T10357] syz.1.1322 (10357): drop_caches: 2
[  396.537543][ T5889] usb 2-1: new high-speed USB device number 102 using dummy_hcd
[  396.709943][ T5889] usb 2-1: Using ep0 maxpacket: 16
[  396.717712][ T5889] usb 2-1: too many configurations: 60, using maximum allowed: 8
[  396.739494][ T5889] usb 2-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  396.750993][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  396.761737][ T5889] usb 2-1: Product: syz
[  396.770673][ T5889] usb 2-1: Manufacturer: syz
[  396.780668][ T5889] usb 2-1: SerialNumber: syz
[  396.795103][ T5889] usb 2-1: config 0 descriptor??
[  396.834433][ T5889] pwc: Philips SPC 880NC USB webcam detected.
[  397.030930][T10356] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.116947][T10356] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.137984][T10374] tls_set_device_offload_rx: netdev not found
[  397.170433][T10374] usb usb1: usbfs: process 10374 (syz.0.1328) did not claim interface 0 before use
[  397.189849][T10376] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  397.201696][T10376] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0
[  397.216681][ T5889] pwc: Warning: more than 1 configuration available.
[  397.227586][ T5889] pwc: Failed to set LED on/off time (-71)
[  397.234919][ T5889] pwc: send_video_command error -71
[  397.240342][ T5889] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  397.248168][ T5889] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  397.268447][ T5889] usb 2-1: USB disconnect, device number 102
[  397.836493][ T5889] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[  398.018331][ T5889] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  398.042217][ T5889] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  398.065000][ T5889] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  398.097463][ T5889] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  398.124115][ T5889] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  398.138804][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  398.149152][T10396] FAULT_INJECTION: forcing a failure.
[  398.149152][T10396] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.171587][ T5889] usb 4-1: Product: syz
[  398.176273][ T5889] usb 4-1: Manufacturer: syz
[  398.184438][T10396] CPU: 0 UID: 0 PID: 10396 Comm: syz.2.1336 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  398.184468][T10396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  398.184481][T10396] Call Trace:
[  398.184489][T10396]  <TASK>
[  398.184498][T10396]  dump_stack_lvl+0x241/0x360
[  398.184534][T10396]  ? __pfx_dump_stack_lvl+0x10/0x10
[  398.184563][T10396]  ? __pfx__printk+0x10/0x10
[  398.184599][T10396]  should_fail_ex+0x424/0x570
[  398.184634][T10396]  _copy_from_user+0x2d/0xb0
[  398.184661][T10396]  input_event_from_user+0x211/0x510
[  398.184697][T10396]  ? __pfx_input_event_from_user+0x10/0x10
[  398.184732][T10396]  ? input_inject_event+0xd9/0x360
[  398.184758][T10396]  evdev_write+0x4c4/0x7d0
[  398.184795][T10396]  ? __pfx_evdev_write+0x10/0x10
[  398.184833][T10396]  ? bpf_lsm_file_permission+0x9/0x10
[  398.184865][T10396]  ? rw_verify_area+0x246/0x630
[  398.184889][T10396]  ? __pfx_evdev_write+0x10/0x10
[  398.184918][T10396]  vfs_write+0x2bc/0xd10
[  398.184951][T10396]  ? __pfx_vfs_write+0x10/0x10
[  398.184976][T10396]  ? __fget_files+0x2a/0x420
[  398.184997][T10396]  ? __fget_files+0x2a/0x420
[  398.185018][T10396]  ? __fget_files+0x39d/0x420
[  398.185037][T10396]  ? __fget_files+0x2a/0x420
[  398.185062][T10396]  ksys_write+0x19d/0x2d0
[  398.185089][T10396]  ? __pfx_ksys_write+0x10/0x10
[  398.185118][T10396]  ? do_syscall_64+0xb6/0x230
[  398.185143][T10396]  do_syscall_64+0xf3/0x230
[  398.185158][T10396]  ? clear_bhb_loop+0x45/0xa0
[  398.185176][T10396]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.185190][T10396] RIP: 0033:0x7f9e0298d169
[  398.185204][T10396] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.185217][T10396] RSP: 002b:00007f9e037ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  398.185234][T10396] RAX: ffffffffffffffda RBX: 00007f9e02ba5fa0 RCX: 00007f9e0298d169
[  398.185245][T10396] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004
[  398.185255][T10396] RBP: 00007f9e037ce090 R08: 0000000000000000 R09: 0000000000000000
[  398.185265][T10396] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.185274][T10396] R13: 0000000000000000 R14: 00007f9e02ba5fa0 R15: 00007f9e02ccfa28
[  398.185292][T10396]  </TASK>
[  398.442226][ T5889] cdc_wdm 4-1:1.0: skipping garbage
[  398.447538][ T5889] cdc_wdm 4-1:1.0: skipping garbage
[  398.452841][ T5889] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  398.506696][ T5888] usb 2-1: new full-speed USB device number 103 using dummy_hcd
[  398.564257][T10403] tls_set_device_offload_rx: netdev not found
[  398.573432][T10403] usb usb1: usbfs: process 10403 (syz.2.1339) did not claim interface 0 before use
[  398.703603][ T5888] usb 2-1: config 0 has an invalid interface number: 48 but max is 0
[  398.716074][ T5888] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  398.736558][ T5888] usb 2-1: config 0 has no interface number 0
[  398.768416][ T5888] usb 2-1: too many endpoints for config 0 interface 48 altsetting 120: 48, using maximum allowed: 30
[  398.780662][ T5888] usb 2-1: config 0 interface 48 altsetting 120 has 0 endpoint descriptors, different from the interface descriptor's value: 48
[  398.794833][ T5888] usb 2-1: config 0 interface 48 has no altsetting 0
[  398.872809][ T5896] usb 4-1: USB disconnect, device number 74
[  398.884572][T10410] xt_hashlimit: size too large, truncated to 1048576
[  398.910499][ T5888] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a
[  398.919789][ T5889] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  398.942479][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.966303][ T5888] usb 2-1: Product: syz
[  398.978067][ T5888] usb 2-1: Manufacturer: syz
[  398.995344][ T5888] usb 2-1: SerialNumber: syz
[  399.035451][ T5888] usb 2-1: config 0 descriptor??
[  399.110107][ T5889] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  399.151373][ T5889] usb 5-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  399.211575][ T5889] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  399.294084][ T5888] usb 2-1: USB disconnect, device number 103
[  399.311179][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.569279][T10406] fuse: Bad value for 'fd'
[  399.604297][T10425] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  399.613830][T10425] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0
[  400.584850][T10442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  400.640758][T10442] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  400.696762][T10442] loop9: detected capacity change from 0 to 7
[  400.704470][T10442] buffer_io_error: 2 callbacks suppressed
[  400.704485][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  400.783071][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  400.820873][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  400.823463][T10443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  400.882736][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  400.894484][T10443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  400.910895][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  400.930139][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  400.941620][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  400.951998][T10442] ldm_validate_partition_table(): Disk read failed.
[  400.961101][T10445] tls_set_device_offload_rx: netdev not found
[  400.969880][T10445] usb usb1: usbfs: process 10445 (syz.0.1350) did not claim interface 0 before use
[  401.019852][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  401.044140][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  401.127358][T10442] Buffer I/O error on dev loop9, logical block 0, async page read
[  401.135432][T10442] Dev loop9: unable to read RDB block 0
[  401.175398][T10442]  loop9: unable to read partition table
[  401.188388][T10449] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1352'.
[  401.210302][T10442] loop9: partition table beyond EOD, truncated
[  401.223311][T10442] loop_reread_partitions: partition scan of loop9 (þ被x󟣑– ) failed (rc=-5)
[  401.234055][T10449] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1352'.
[  401.244222][T10449] netlink: 204 bytes leftover after parsing attributes in process `syz.1.1352'.
[  401.360132][T10449] syz.1.1352 (10449): drop_caches: 2
[  401.373529][T10449] syz.1.1352 (10449): drop_caches: 2
[  401.576945][ T5889] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[  401.726505][ T5889] usb 2-1: Using ep0 maxpacket: 16
[  401.732542][ T5889] usb 2-1: too many configurations: 60, using maximum allowed: 8
[  401.756191][ T5889] usb 2-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  401.765429][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  401.773740][ T5889] usb 2-1: Product: syz
[  401.778053][ T5889] usb 2-1: Manufacturer: syz
[  401.782679][ T5889] usb 2-1: SerialNumber: syz
[  401.789207][ T5889] usb 2-1: config 0 descriptor??
[  401.798362][ T5889] pwc: Philips SPC 880NC USB webcam detected.
[  401.846940][   T47] usb 4-1: new full-speed USB device number 75 using dummy_hcd
[  401.871945][T10457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  401.880692][T10457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.008392][   T47] usb 4-1: config 0 has an invalid interface number: 2 but max is 0
[  402.023708][   T47] usb 4-1: config 0 has no interface number 0
[  402.030670][   T47] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  402.045644][   T47] usb 4-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=fc.88
[  402.051982][T10449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  402.059909][   T47] usb 4-1: New USB device strings: Mfr=255, Product=1, SerialNumber=3
[  402.073350][   T47] usb 4-1: Product: syz
[  402.078659][T10449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  402.082258][   T47] usb 4-1: Manufacturer: syz
[  402.103993][   T47] usb 4-1: SerialNumber: syz
[  402.104383][ T5889] pwc: Warning: more than 1 configuration available.
[  402.119045][   T47] usb 4-1: config 0 descriptor??
[  402.120842][ T5889] pwc: Failed to set LED on/off time (-71)
[  402.130590][ T5889] pwc: send_video_command error -71
[  402.135850][ T5889] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  402.147352][ T5889] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  402.165943][ T5889] usb 2-1: USB disconnect, device number 104
[  402.249906][ T5896] usb 5-1: USB disconnect, device number 101
[  402.370363][T10462] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  402.392522][T10463] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1354'.
[  402.440005][   T47] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  402.476669][T10465] futex_wake_op: syz.4.1358 tries to shift op by 32; fix this program
[  402.496346][   T47] snd-usb-audio 4-1:0.2: probe with driver snd-usb-audio failed with error -12
[  402.529800][   T47] usb 4-1: USB disconnect, device number 75
[  402.541093][ T6410] udevd[6410]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  402.690232][T10471] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  402.700071][T10471] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0
[  403.279819][T10476] netlink: 356 bytes leftover after parsing attributes in process `syz.3.1361'.
[  404.028938][T10476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1361'.
[  404.542813][T10496] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  405.032963][   T47] usb 2-1: new high-speed USB device number 105 using dummy_hcd
[  405.241335][   T47] usb 2-1: device descriptor read/64, error -71
[  405.506972][   T47] usb 2-1: new high-speed USB device number 106 using dummy_hcd
[  405.636922][   T47] usb 2-1: device descriptor read/64, error -71
[  405.716586][ T5888] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  405.747710][   T47] usb usb2-port1: attempt power cycle
[  405.843977][T10517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  405.852800][T10517] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  405.886615][ T5888] usb 4-1: Using ep0 maxpacket: 8
[  405.897747][ T5888] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 240, changing to 11
[  405.912562][ T5888] usb 4-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.926453][ T5888] usb 4-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  405.939529][ T5888] usb 4-1: config 0 interface 0 has no altsetting 0
[  405.946223][ T5888] usb 4-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00
[  405.955415][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.966701][ T5888] usb 4-1: config 0 descriptor??
[  406.086554][   T47] usb 2-1: new high-speed USB device number 107 using dummy_hcd
[  406.111628][T10523] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1379'.
[  406.120216][   T47] usb 2-1: device descriptor read/8, error -71
[  406.133940][T10523] [U] Õϳž|Úbcžå²tN|µúM™"„7Uú“cyù°©´Õ^7ú#ƒ\kÑ?—§b+]òw5¦\iÄ%ßÞÙ±³*½¬EÝ©'g—z»«®Õà®ÆÊs’½Ç…˜+핹_ð3' Õ¯
[  406.189583][ T5888] elecom 0003:056E:011C.0026: item fetching failed at offset 2/5
[  406.198805][ T5888] elecom 0003:056E:011C.0026: probe with driver elecom failed with error -22
[  406.366586][   T47] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[  406.387152][   T47] usb 2-1: device descriptor read/8, error -71
[  406.406705][    T9] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  406.415302][T10526] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  406.498779][   T47] usb usb2-port1: unable to enumerate USB device
[  406.579588][    T9] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  406.588910][    T9] usb 5-1: config 1 has no interface number 1
[  406.595081][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  406.609128][    T9] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 7
[  406.622366][    T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=8101, bcdDevice= 0.40
[  406.636064][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.644302][    T9] usb 5-1: Product: syz
[  406.648680][    T9] usb 5-1: Manufacturer: syz
[  406.653303][    T9] usb 5-1: SerialNumber: syz
[  406.660449][T10523] raw-gadget.4 gadget.4: fail, usb_ep_enable returned -22
[  407.227437][T10522] [U] ãÙ]ÍpØ)I5-ÍA¾\ue¾5ˆGÿaj*I_cص³ÍR]…“ˆŽŽb­´s,Ï{ŽèŠà£{
[  407.234518][    T9] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  407.246119][    T9] usb 5-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  407.270137][    T9] usb 5-1: USB disconnect, device number 102
[  407.558259][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  407.567251][T10539] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1384'.
[  408.393655][T10554] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2
[  408.485900][T10554] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0
[  408.531157][ T5888] usb 4-1: USB disconnect, device number 76
[  408.666741][ T5896] usb 2-1: new low-speed USB device number 109 using dummy_hcd
[  408.817224][ T5896] usb 2-1: no configurations
[  408.821884][ T5896] usb 2-1: can't read configurations, error -22
[  408.966630][ T5896] usb 2-1: new low-speed USB device number 110 using dummy_hcd
[  409.160287][ T5896] usb 2-1: no configurations
[  409.191549][ T5896] usb 2-1: can't read configurations, error -22
[  409.211645][ T5896] usb usb2-port1: attempt power cycle
[  409.304798][T10582] fuse: Bad value for 'fd'
[  409.445291][T10585] input: syz0 as /devices/virtual/input/input35
[  409.566496][ T5896] usb 2-1: new low-speed USB device number 111 using dummy_hcd
[  409.618737][ T5896] usb 2-1: no configurations
[  409.623406][ T5896] usb 2-1: can't read configurations, error -22
[  409.691891][T10596] netlink: 'syz.2.1403': attribute type 21 has an invalid length.
[  409.717031][T10596] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1403'.
[  409.747597][T10596] netlink: 'syz.2.1403': attribute type 5 has an invalid length.
[  409.776990][T10596] netlink: 'syz.2.1403': attribute type 6 has an invalid length.
[  409.790406][ T5896] usb 2-1: new low-speed USB device number 112 using dummy_hcd
[  409.805114][T10596] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1403'.
[  409.843039][ T5896] usb 2-1: no configurations
[  409.850953][ T5896] usb 2-1: can't read configurations, error -22
[  409.854802][T10609] FAULT_INJECTION: forcing a failure.
[  409.854802][T10609] name failslab, interval 1, probability 0, space 0, times 0
[  409.875570][T10609] CPU: 0 UID: 0 PID: 10609 Comm: syz.0.1408 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  409.875603][T10609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  409.875617][T10609] Call Trace:
[  409.875625][T10609]  <TASK>
[  409.875634][T10609]  dump_stack_lvl+0x241/0x360
[  409.875672][T10609]  ? __pfx_dump_stack_lvl+0x10/0x10
[  409.875702][T10609]  ? __pfx__printk+0x10/0x10
[  409.875732][T10609]  ? __pfx___might_resched+0x10/0x10
[  409.875758][T10609]  should_fail_ex+0x424/0x570
[  409.875793][T10609]  should_failslab+0xac/0x100
[  409.875833][T10609]  kmem_cache_alloc_lru_noprof+0x7d/0x390
[  409.875865][T10609]  ? __d_alloc+0x31/0x740
[  409.875893][T10609]  __d_alloc+0x31/0x740
[  409.875920][T10609]  d_alloc+0x4b/0x190
[  409.875945][T10609]  lookup_one_qstr_excl+0xe1/0x3a0
[  409.875970][T10609]  filename_create+0x28b/0x490
[  409.876000][T10609]  ? __pfx_filename_create+0x10/0x10
[  409.876028][T10609]  ? __virt_addr_valid+0x183/0x530
[  409.876061][T10609]  do_mknodat+0x1af/0x600
[  409.876081][T10609]  ? __check_object_size+0x478/0x720
[  409.876114][T10609]  ? __pfx_do_mknodat+0x10/0x10
[  409.876148][T10609]  ? getname_flags+0x1e2/0x530
[  409.876170][T10609]  __x64_sys_mknod+0x8c/0xa0
[  409.876196][T10609]  do_syscall_64+0xf3/0x230
[  409.876218][T10609]  ? clear_bhb_loop+0x45/0xa0
[  409.876243][T10609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.876264][T10609] RIP: 0033:0x7fa5cb18d169
[  409.876282][T10609] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.876300][T10609] RSP: 002b:00007fa5cbff2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[  409.876324][T10609] RAX: ffffffffffffffda RBX: 00007fa5cb3a5fa0 RCX: 00007fa5cb18d169
[  409.876346][T10609] RDX: 0000000000000700 RSI: 00000000ffffc000 RDI: 00002000000002c0
[  409.876361][T10609] RBP: 00007fa5cbff2090 R08: 0000000000000000 R09: 0000000000000000
[  409.876378][T10609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.876389][T10609] R13: 0000000000000000 R14: 00007fa5cb3a5fa0 R15: 00007fa5cb4cfa28
[  409.876414][T10609]  </TASK>
[  409.881092][ T5896] usb usb2-port1: unable to enumerate USB device
[  410.225229][T10620] fuse: Bad value for 'fd'
[  410.976909][ T5896] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  411.128031][ T5896] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  411.146629][ T5896] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  411.162759][ T5896] usb 4-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00
[  411.172451][ T5896] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.183986][ T5896] usb 4-1: config 0 descriptor??
[  411.193922][ T5896] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  411.405342][ T5896] usb 4-1: USB disconnect, device number 77
[  411.674052][T10643] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1420'.
[  411.765210][T10645] FAULT_INJECTION: forcing a failure.
[  411.765210][T10645] name failslab, interval 1, probability 0, space 0, times 0
[  411.792100][T10647] [U] Õϳž|Úbcžå²tN|µúM™"„7Uú“cyù°©´Õ^7ú#ƒ\kÑ?—§b+]òw5¦\iÄ%ßÞÙ±³*½¬EÝ©'g—z»«®Õà®ÆÊs’½Ç…˜+핹_ð3' Õ¯
[  411.794457][T10645] CPU: 0 UID: 0 PID: 10645 Comm: syz.2.1419 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  411.794492][T10645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  411.794507][T10645] Call Trace:
[  411.794516][T10645]  <TASK>
[  411.794525][T10645]  dump_stack_lvl+0x241/0x360
[  411.794565][T10645]  ? __pfx_dump_stack_lvl+0x10/0x10
[  411.794595][T10645]  ? __pfx__printk+0x10/0x10
[  411.794627][T10645]  ? __pfx___might_resched+0x10/0x10
[  411.794655][T10645]  should_fail_ex+0x424/0x570
[  411.794690][T10645]  should_failslab+0xac/0x100
[  411.794724][T10645]  kmem_cache_alloc_node_noprof+0x7d/0x3b0
[  411.794757][T10645]  ? __alloc_skb+0x1c2/0x480
[  411.794798][T10645]  __alloc_skb+0x1c2/0x480
[  411.794829][T10645]  ? __pfx___alloc_skb+0x10/0x10
[  411.794865][T10645]  tipc_msg_build+0x14a/0x1050
[  411.794905][T10645]  ? tipc_node_find+0x43c/0x5a0
[  411.794934][T10645]  ? tipc_node_find+0xb7/0x5a0
[  411.794962][T10645]  ? __pfx_tipc_msg_build+0x10/0x10
[  411.795002][T10645]  ? tipc_node_get_mtu+0x22e/0x2d0
[  411.795034][T10645]  __tipc_sendmsg+0x1e5d/0x3490
[  411.795079][T10645]  ? __pfx___tipc_sendmsg+0x10/0x10
[  411.795110][T10645]  ? kasan_save_track+0x51/0x80
[  411.795135][T10645]  ? kasan_save_track+0x3f/0x80
[  411.795158][T10645]  ? __kasan_kmalloc+0x9d/0xb0
[  411.795185][T10645]  ? __kmalloc_noprof+0x28e/0x4d0
[  411.795214][T10645]  ? sock_kmalloc+0xd7/0x160
[  411.795244][T10645]  ? cmsghdr_from_user_compat_to_kern+0x30b/0x980
[  411.795270][T10645]  ? ____sys_sendmsg+0x1ad/0x870
[  411.795298][T10645]  ? __sys_sendmsg_sock+0x29/0x40
[  411.795326][T10645]  ? io_sendmsg+0x1e8/0x590
[  411.795345][T10645]  ? __io_issue_sqe+0x1c9/0x3a0
[  411.795373][T10645]  ? io_issue_sqe+0x1cb/0xe90
[  411.795402][T10645]  ? io_submit_sqes+0xa85/0x1ce0
[  411.795431][T10645]  ? __se_sys_io_uring_enter+0x2cd/0x3560
[  411.795462][T10645]  ? do_syscall_64+0xf3/0x230
[  411.795483][T10645]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.795507][T10645]  ? aa_label_sk_perm+0x4f4/0x6d0
[  411.795535][T10645]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  411.795567][T10645]  ? look_up_lock_class+0x7b/0x170
[  411.795590][T10645]  ? register_lock_class+0x54/0x330
[  411.795641][T10645]  ? __local_bh_enable_ip+0x168/0x200
[  411.795674][T10645]  ? __pfx_woken_wake_function+0x10/0x10
[  411.795707][T10645]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  411.795738][T10645]  ? do_raw_spin_unlock+0x13c/0x8b0
[  411.795782][T10645]  ? __pfx_tipc_sendmsg+0x10/0x10
[  411.795811][T10645]  tipc_sendmsg+0x55/0x70
[  411.795843][T10645]  __sock_sendmsg+0x221/0x270
[  411.795868][T10645]  ____sys_sendmsg+0x53c/0x870
[  411.795904][T10645]  ? __pfx_____sys_sendmsg+0x10/0x10
[  411.795947][T10645]  __sys_sendmsg_sock+0x29/0x40
[  411.795976][T10645]  io_sendmsg+0x1e8/0x590
[  411.796005][T10645]  __io_issue_sqe+0x1c9/0x3a0
[  411.796038][T10645]  io_issue_sqe+0x1cb/0xe90
[  411.796072][T10645]  ? __pfx_io_issue_sqe+0x10/0x10
[  411.796102][T10645]  ? io_sendmsg_prep+0x34c/0xa50
[  411.796131][T10645]  io_submit_sqes+0xa85/0x1ce0
[  411.796186][T10645]  __se_sys_io_uring_enter+0x2cd/0x3560
[  411.796225][T10645]  ? rcu_read_lock_any_held+0xbb/0x160
[  411.796253][T10645]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  411.796282][T10645]  ? vfs_write+0xb29/0xd10
[  411.796315][T10645]  ? ksys_write+0x24e/0x2d0
[  411.796346][T10645]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  411.796390][T10645]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  411.796414][T10645]  ? __fget_files+0x2a/0x420
[  411.796439][T10645]  ? __fget_files+0x2a/0x420
[  411.796465][T10645]  ? fput+0x9b/0xd0
[  411.796486][T10645]  ? ksys_write+0x275/0x2d0
[  411.796520][T10645]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  411.796555][T10645]  do_syscall_64+0xf3/0x230
[  411.796579][T10645]  ? clear_bhb_loop+0x45/0xa0
[  411.796604][T10645]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.796626][T10645] RIP: 0033:0x7f9e0298d169
[  411.796646][T10645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.796666][T10645] RSP: 002b:00007f9e037ce038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  411.796692][T10645] RAX: ffffffffffffffda RBX: 00007f9e02ba5fa0 RCX: 00007f9e0298d169
[  411.796709][T10645] RDX: 0000000000000000 RSI: 0000000000000092 RDI: 0000000000000003
[  411.796724][T10645] RBP: 00007f9e037ce090 R08: 0000000000000000 R09: 0000000000000000
[  411.796739][T10645] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  411.796753][T10645] R13: 0000000000000000 R14: 00007f9e02ba5fa0 R15: 00007f9e02ccfa28
[  411.796789][T10645]  </TASK>
[  412.397910][T10653] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  412.408763][T10653] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  412.486145][T10653] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1422'.
[  412.557201][ T5891] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  412.718753][ T5891] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  412.738373][ T5891] usb 5-1: config 1 has no interface number 1
[  412.757002][ T5891] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  412.783485][ T5891] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 7
[  412.801063][ T5891] usb 5-1: New USB device found, idVendor=1d6b, idProduct=8101, bcdDevice= 0.40
[  412.814675][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.823847][ T5891] usb 5-1: Product: syz
[  412.843678][ T5891] usb 5-1: Manufacturer: syz
[  412.849068][ T5891] usb 5-1: SerialNumber: syz
[  412.863528][T10643] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  412.918720][T10666] hub 1-0:1.0: USB hub found
[  412.936906][T10666] hub 1-0:1.0: 1 port detected
[  412.986648][ T5888] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[  413.196917][   T47] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  413.270362][ T5888] usb 2-1: config 0 has no interfaces?
[  413.428572][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  413.613238][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  413.627600][T10674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.641353][T10674] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.660356][ T5888] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  413.669720][   T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  413.788798][   T47] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  413.806527][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.877064][ T5838] Bluetooth: hci3: unexpected event for opcode 0x2040
[  413.906711][   T47] usb 1-1: Product: syz
[  413.911081][   T47] usb 1-1: Manufacturer: syz
[  413.915774][   T47] usb 1-1: SerialNumber: syz
[  413.928964][   T47] usb 1-1: config 0 descriptor??
[  414.083987][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.108387][ T5888] usb 2-1: Product: syz
[  414.112623][ T5888] usb 2-1: Manufacturer: syz
[  414.125215][ T5888] usb 2-1: SerialNumber: syz
[  414.139907][   T47] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  414.208502][ T5888] usb 2-1: config 0 descriptor??
[  414.462982][T10657] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1424'.
[  414.478024][   T47] usb 1-1: USB disconnect, device number 62
[  414.766076][ T5891] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  414.776054][T10642] [U] ãÙ]ÍpØ)I5-ÍA¾\ue¾5ˆGÿaj*I_cص³ÍR]…“ˆŽŽb­´s,Ï{ŽèŠà£{
[  414.791872][ T5891] usb 5-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  414.877195][ T5891] usb 5-1: USB disconnect, device number 103
[  414.950311][T10679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  414.970839][T10679] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  415.087098][ T5837] udevd[5837]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  415.507955][T10693] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  415.533094][T10693] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2
[  415.646780][T10693] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0
[  415.659200][    T9] usb 2-1: USB disconnect, device number 113
[  416.236345][T10705] syz_tun: entered allmulticast mode
[  416.346670][    T9] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  416.508603][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  416.520083][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  416.612858][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  416.630950][    T9] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  416.643882][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.653651][    T9] usb 5-1: Product: syz
[  416.660227][    T9] usb 5-1: Manufacturer: syz
[  416.665028][    T9] usb 5-1: SerialNumber: syz
[  416.702413][    T9] usb 5-1: config 0 descriptor??
[  416.918539][    T9] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  417.136091][T10702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1441'.
[  417.146515][ T5891] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  417.155013][    T9] usb 5-1: USB disconnect, device number 104
[  417.326868][ T5891] usb 1-1: Using ep0 maxpacket: 8
[  417.453690][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  417.469247][ T5891] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  417.520855][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  417.536966][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  417.546827][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  417.617186][ T5891] usb 1-1: New USB device found, idVendor=1870, idProduct=0001, bcdDevice=e6.7f
[  417.632251][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.641039][ T5891] usb 1-1: Product: syz
[  417.645557][ T5891] usb 1-1: Manufacturer: syz
[  417.655482][ T5891] usb 1-1: SerialNumber: syz
[  417.673446][ T5891] usb 1-1: config 0 descriptor??
[  417.695409][ T5891] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -8
[  417.895621][    T9] usb 1-1: USB disconnect, device number 63
[  418.324781][T10730] netlink: 356 bytes leftover after parsing attributes in process `syz.3.1451'.
[  419.227657][   T10] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[  419.386547][   T47] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  419.417862][   T10] usb 2-1: config 0 has no interfaces?
[  419.448539][   T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  419.468027][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.476082][   T10] usb 2-1: Product: syz
[  419.497740][   T10] usb 2-1: Manufacturer: syz
[  419.502538][   T10] usb 2-1: SerialNumber: syz
[  419.529856][   T10] usb 2-1: config 0 descriptor??
[  419.546637][   T47] usb 1-1: Using ep0 maxpacket: 16
[  419.563439][   T47] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  419.584676][   T47] usb 1-1: config 0 interface 0 has no altsetting 0
[  419.595278][T10730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1451'.
[  419.867639][   T24] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  419.879962][   T47] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d
[  419.894547][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.903906][   T47] usb 1-1: Product: syz
[  419.911536][   T47] usb 1-1: Manufacturer: syz
[  419.916265][   T47] usb 1-1: SerialNumber: syz
[  419.924081][   T47] usb 1-1: config 0 descriptor??
[  419.937871][   T47] hub 1-1:0.0: bad descriptor, ignoring hub
[  419.943915][   T47] hub 1-1:0.0: probe with driver hub failed with error -5
[  420.031484][   T47] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  420.055630][   T68] usb 1-1: Failed to submit usb control message: -71
[  420.073384][   T68] usb 1-1: unable to send the bmi data to the device: -71
[  420.094158][   T68] usb 1-1: unable to get target info from device
[  420.108592][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  420.119800][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  420.130359][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  420.144152][   T68] usb 1-1: could not get target info (-71)
[  420.152598][   T24] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  420.162557][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.171031][   T24] usb 5-1: Product: syz
[  420.175409][   T24] usb 5-1: Manufacturer: syz
[  420.181265][   T24] usb 5-1: SerialNumber: syz
[  420.189176][   T24] usb 5-1: config 0 descriptor??
[  420.206552][   T68] usb 1-1: could not probe fw (-71)
[  420.276816][    T9] usb 1-1: USB disconnect, device number 64
[  420.410492][   T24] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  420.484433][T10760] FAULT_INJECTION: forcing a failure.
[  420.484433][T10760] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  420.511818][T10760] CPU: 0 UID: 0 PID: 10760 Comm: syz.2.1460 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  420.511852][T10760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  420.511867][T10760] Call Trace:
[  420.511877][T10760]  <TASK>
[  420.511887][T10760]  dump_stack_lvl+0x241/0x360
[  420.511925][T10760]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.511954][T10760]  ? __pfx__printk+0x10/0x10
[  420.511989][T10760]  should_fail_ex+0x424/0x570
[  420.512023][T10760]  _copy_to_user+0x31/0xb0
[  420.512051][T10760]  simple_read_from_buffer+0xdc/0x170
[  420.512087][T10760]  proc_fail_nth_read+0x1ef/0x260
[  420.512112][T10760]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  420.512138][T10760]  ? rw_verify_area+0x246/0x630
[  420.512161][T10760]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  420.512195][T10760]  vfs_read+0x21f/0xb90
[  420.512224][T10760]  ? __pfx___mutex_lock+0x10/0x10
[  420.512247][T10760]  ? __pfx_vfs_read+0x10/0x10
[  420.512274][T10760]  ? __fget_files+0x2a/0x420
[  420.512295][T10760]  ? __fget_files+0x39d/0x420
[  420.512314][T10760]  ? __fget_files+0x2a/0x420
[  420.512341][T10760]  ksys_read+0x19d/0x2d0
[  420.512368][T10760]  ? __pfx_ksys_read+0x10/0x10
[  420.512391][T10760]  ? arch_syscall_is_vdso_sigreturn+0x125/0x1a0
[  420.512416][T10760]  ? syscall_user_dispatch+0x4e/0x90
[  420.512441][T10760]  do_syscall_64+0xf3/0x230
[  420.512463][T10760]  ? clear_bhb_loop+0x45/0xa0
[  420.512486][T10760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.512508][T10760] RIP: 0033:0x7f9e0298bb7c
[  420.512527][T10760] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  420.512546][T10760] RSP: 002b:00007f9e037ce030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  420.512570][T10760] RAX: ffffffffffffffda RBX: 00007f9e02ba5fa0 RCX: 00007f9e0298bb7c
[  420.512587][T10760] RDX: 000000000000000f RSI: 00007f9e037ce0a0 RDI: 0000000000000003
[  420.512602][T10760] RBP: 00007f9e037ce090 R08: 0000000000000000 R09: 0000000000000000
[  420.512615][T10760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.512629][T10760] R13: 0000000000000000 R14: 00007f9e02ba5fa0 R15: 00007f9e02ccfa28
[  420.512656][T10760]  </TASK>
[  420.760858][T10755] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1459'.
[  420.780262][   T10] usb 5-1: USB disconnect, device number 105
[  421.326945][   T24] usb 2-1: USB disconnect, device number 114
[  421.438213][   T30] kauditd_printk_skb: 44 callbacks suppressed
[  421.438230][   T30] audit: type=1326 audit(1743223120.351:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10773 comm="syz.4.1465" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x0
[  422.147756][   T24] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  422.351811][   T24] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  422.380164][   T24] usb 5-1: config 0 interface 0 has no altsetting 0
[  422.409646][   T24] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  422.428789][   T24] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  422.486973][   T24] usb 5-1: Product: syz
[  422.494979][   T24] usb 5-1: Manufacturer: syz
[  422.507176][   T24] usb 5-1: SerialNumber: syz
[  422.528189][   T24] usb 5-1: config 0 descriptor??
[  422.538398][   T24] usb 5-1: selecting invalid altsetting 0
[  422.740316][   T24] usb 5-1: USB disconnect, device number 106
[  422.799065][ T5888] usb 1-1: new full-speed USB device number 65 using dummy_hcd
[  422.869556][T10799] FAULT_INJECTION: forcing a failure.
[  422.869556][T10799] name failslab, interval 1, probability 0, space 0, times 0
[  422.882997][T10799] CPU: 0 UID: 0 PID: 10799 Comm: syz.1.1475 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  422.883027][T10799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  422.883040][T10799] Call Trace:
[  422.883047][T10799]  <TASK>
[  422.883056][T10799]  dump_stack_lvl+0x241/0x360
[  422.883092][T10799]  ? __pfx_dump_stack_lvl+0x10/0x10
[  422.883119][T10799]  ? __pfx__printk+0x10/0x10
[  422.883147][T10799]  ? __pfx___might_resched+0x10/0x10
[  422.883172][T10799]  should_fail_ex+0x424/0x570
[  422.883213][T10799]  should_failslab+0xac/0x100
[  422.883242][T10799]  __kmalloc_noprof+0xdf/0x4d0
[  422.883270][T10799]  ? snd_pcm_hw_refine+0x978/0x1b80
[  422.883309][T10799]  snd_pcm_hw_refine+0x978/0x1b80
[  422.883335][T10799]  ? __kmalloc_cache_noprof+0x236/0x370
[  422.883364][T10799]  ? snd_pcm_oss_change_params_locked+0xb30/0x4150
[  422.883386][T10799]  ? snd_pcm_oss_get_active_substream+0x1cc/0x280
[  422.883420][T10799]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[  422.883469][T10799]  ? __kasan_kmalloc+0x9d/0xb0
[  422.883494][T10799]  ? snd_interval_refine+0x56d/0x900
[  422.883518][T10799]  snd_pcm_oss_change_params_locked+0xd73/0x4150
[  422.883558][T10799]  ? __pfx_count_memcg_event_mm+0x10/0x10
[  422.883577][T10799]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  422.883601][T10799]  ? snd_pcm_oss_get_active_substream+0x140/0x280
[  422.883637][T10799]  ? lockdep_hardirqs_on+0x9d/0x150
[  422.883660][T10799]  snd_pcm_oss_get_active_substream+0x1cc/0x280
[  422.883690][T10799]  snd_pcm_oss_set_format+0x176/0x5e0
[  422.883717][T10799]  ? __pfx_snd_pcm_oss_set_format+0x10/0x10
[  422.883748][T10799]  snd_pcm_oss_ioctl+0xe8b/0x10b0
[  422.883772][T10799]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  422.883793][T10799]  ? __fget_files+0x2a/0x420
[  422.883829][T10799]  ? __fget_files+0x2a/0x420
[  422.883851][T10799]  ? __fget_files+0x2a/0x420
[  422.883873][T10799]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  422.883904][T10799]  __se_sys_ioctl+0xf1/0x160
[  422.883931][T10799]  do_syscall_64+0xf3/0x230
[  422.883954][T10799]  ? clear_bhb_loop+0x45/0xa0
[  422.883977][T10799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.883998][T10799] RIP: 0033:0x7f003518d169
[  422.884016][T10799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.884035][T10799] RSP: 002b:00007f003603a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  422.884057][T10799] RAX: ffffffffffffffda RBX: 00007f00353a5fa0 RCX: 00007f003518d169
[  422.884072][T10799] RDX: 0000200000000080 RSI: 00000000c0045005 RDI: 0000000000000003
[  422.884086][T10799] RBP: 00007f003603a090 R08: 0000000000000000 R09: 0000000000000000
[  422.884099][T10799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.884112][T10799] R13: 0000000000000000 R14: 00007f00353a5fa0 R15: 00007f00354cfa28
[  422.884138][T10799]  </TASK>
[  423.458519][ T5888] usb 1-1: config 2 has an invalid interface number: 1 but max is 0
[  423.467033][ T5888] usb 1-1: config 2 has no interface number 0
[  423.473170][ T5888] usb 1-1: config 2 interface 1 has no altsetting 0
[  423.488855][ T5888] usb 1-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=47.78
[  423.498164][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.519334][ T5888] usb 1-1: Product: syz
[  423.525926][ T5888] usb 1-1: Manufacturer: syz
[  423.530710][ T5888] usb 1-1: SerialNumber: syz
[  423.610076][T10802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  423.626765][T10802] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  423.636557][   T24] usb 4-1: new full-speed USB device number 78 using dummy_hcd
[  424.178296][   T24] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  424.250604][   T24] usb 4-1: config 0 has no interface number 0
[  424.283888][   T24] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  424.317986][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.353767][   T24] usb 4-1: config 0 descriptor??
[  424.379020][   T24] usb 4-1: selecting invalid altsetting 1
[  424.385988][   T24] dvb_ttusb_budget: ttusb_init_controller: error
[  424.432317][   T24] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  424.439900][T10793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  424.490782][T10793] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  424.548855][   T24] DVB: Unable to find symbol cx22700_attach()
[  424.636835][ T5888] snd-usb-audio 1-1:2.1: probe with driver snd-usb-audio failed with error -22
[  424.666350][ T5888] snd-usb-us122l 1-1:2.1: usb_set_interface error
[  424.686923][ T5888] snd-usb-us122l 1-1:2.1: probe with driver snd-usb-us122l failed with error -22
[  424.689581][   T24] DVB: Unable to find symbol tda10046_attach()
[  424.712281][ T5888] usb 1-1: USB disconnect, device number 65
[  424.740255][   T24] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  424.785756][T10819] netlink: 'syz.4.1480': attribute type 5 has an invalid length.
[  424.982728][   T24] usb 4-1: USB disconnect, device number 78
[  425.108655][ T5852] udevd[5852]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:2.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  425.737027][   T24] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  425.759980][T10826] netlink: 'syz.1.1483': attribute type 16 has an invalid length.
[  425.771014][T10826] netlink: 64138 bytes leftover after parsing attributes in process `syz.1.1483'.
[  425.907924][   T24] usb 4-1: config 0 has an invalid interface number: 185 but max is 0
[  425.917595][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  426.007930][   T24] usb 4-1: config 0 has no interface number 0
[  426.022893][T10836] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  426.090299][   T24] usb 4-1: config 0 interface 185 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  426.103680][T10836] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  426.145095][   T24] usb 4-1: config 0 interface 185 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 16
[  426.300069][   T24] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=d2.82
[  426.310016][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.324708][   T24] usb 4-1: Product: syz
[  426.376888][   T24] usb 4-1: Manufacturer: syz
[  426.383412][   T24] usb 4-1: SerialNumber: syz
[  426.411499][   T24] usb 4-1: config 0 descriptor??
[  426.448162][   T24] usb 4-1: bad CDC descriptors
[  426.479050][   T24] usb 4-1: unsupported MDLM descriptors
[  426.665897][   T10] usb 4-1: USB disconnect, device number 79
[  426.682070][T10841] FAULT_INJECTION: forcing a failure.
[  426.682070][T10841] name failslab, interval 1, probability 0, space 0, times 0
[  426.704676][T10841] CPU: 0 UID: 0 PID: 10841 Comm: syz.0.1487 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  426.704710][T10841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  426.704723][T10841] Call Trace:
[  426.704731][T10841]  <TASK>
[  426.704740][T10841]  dump_stack_lvl+0x241/0x360
[  426.704775][T10841]  ? __pfx_dump_stack_lvl+0x10/0x10
[  426.704803][T10841]  ? __pfx__printk+0x10/0x10
[  426.704831][T10841]  ? kfree+0x54/0x430
[  426.704858][T10841]  ? __pfx___might_resched+0x10/0x10
[  426.704886][T10841]  should_fail_ex+0x424/0x570
[  426.704919][T10841]  should_failslab+0xac/0x100
[  426.704949][T10841]  kmem_cache_alloc_noprof+0x78/0x390
[  426.704978][T10841]  ? skb_clone+0x20c/0x390
[  426.705011][T10841]  skb_clone+0x20c/0x390
[  426.705042][T10841]  netlink_trim+0x19d/0x2e0
[  426.705076][T10841]  netlink_broadcast_filtered+0x76/0x12a0
[  426.705098][T10841]  ? __pfx___alloc_skb+0x10/0x10
[  426.705129][T10841]  ? qdisc_notify+0x2ec/0x4b0
[  426.705159][T10841]  nlmsg_notify+0xfb/0x1c0
[  426.705187][T10841]  tc_modify_qdisc+0x1d35/0x2420
[  426.705235][T10841]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  426.705261][T10841]  ? __mutex_lock+0x380/0x10c0
[  426.705284][T10841]  ? aa_get_newest_label+0x101/0x6f0
[  426.705326][T10841]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  426.705354][T10841]  rtnetlink_rcv_msg+0x7c2/0xd70
[  426.705375][T10841]  ? rtnetlink_rcv_msg+0x1ba/0xd70
[  426.705398][T10841]  ? rcu_preempt_deferred_qs_irqrestore+0x8c6/0xcb0
[  426.705429][T10841]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  426.705461][T10841]  netlink_rcv_skb+0x208/0x480
[  426.705481][T10841]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  426.705504][T10841]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  426.705537][T10841]  ? netlink_deliver_tap+0x2e/0x1b0
[  426.705559][T10841]  ? __rcu_read_unlock+0xa1/0x110
[  426.705588][T10841]  netlink_unicast+0x7f8/0x9a0
[  426.705625][T10841]  ? __pfx_netlink_unicast+0x10/0x10
[  426.705654][T10841]  ? __virt_addr_valid+0x45f/0x530
[  426.705693][T10841]  ? __phys_addr_symbol+0x2f/0x70
[  426.705719][T10841]  ? __check_object_size+0x478/0x720
[  426.705753][T10841]  netlink_sendmsg+0x8e8/0xce0
[  426.705784][T10841]  ? __pfx_netlink_sendmsg+0x10/0x10
[  426.705811][T10841]  ? aa_sock_msg_perm+0x91/0x160
[  426.705837][T10841]  ? __pfx_netlink_sendmsg+0x10/0x10
[  426.705858][T10841]  __sock_sendmsg+0x221/0x270
[  426.705882][T10841]  ____sys_sendmsg+0x53c/0x870
[  426.705916][T10841]  ? __pfx_____sys_sendmsg+0x10/0x10
[  426.705942][T10841]  ? __fget_files+0x2a/0x420
[  426.705964][T10841]  ? __fget_files+0x2a/0x420
[  426.705990][T10841]  __sys_sendmsg+0x271/0x360
[  426.706021][T10841]  ? __pfx___sys_sendmsg+0x10/0x10
[  426.706084][T10841]  ? do_syscall_64+0xb6/0x230
[  426.706109][T10841]  do_syscall_64+0xf3/0x230
[  426.706130][T10841]  ? clear_bhb_loop+0x45/0xa0
[  426.706155][T10841]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  426.706175][T10841] RIP: 0033:0x7fa5cb18d169
[  426.706194][T10841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  426.706213][T10841] RSP: 002b:00007fa5cbff2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  426.706237][T10841] RAX: ffffffffffffffda RBX: 00007fa5cb3a5fa0 RCX: 00007fa5cb18d169
[  426.706253][T10841] RDX: 0000000000004000 RSI: 0000200000000040 RDI: 0000000000000003
[  426.706267][T10841] RBP: 00007fa5cbff2090 R08: 0000000000000000 R09: 0000000000000000
[  426.706281][T10841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  426.706294][T10841] R13: 0000000000000000 R14: 00007fa5cb3a5fa0 R15: 00007fa5cb4cfa28
[  426.706321][T10841]  </TASK>
[  427.811816][T10849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1491'.
[  428.069375][T10864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.092750][T10864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.225942][T10869] netlink: 'syz.0.1497': attribute type 1 has an invalid length.
[  428.273446][T10871] FAULT_INJECTION: forcing a failure.
[  428.273446][T10871] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  428.288430][T10871] CPU: 0 UID: 0 PID: 10871 Comm: syz.0.1498 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  428.288454][T10871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  428.288464][T10871] Call Trace:
[  428.288470][T10871]  <TASK>
[  428.288476][T10871]  dump_stack_lvl+0x241/0x360
[  428.288503][T10871]  ? __pfx_dump_stack_lvl+0x10/0x10
[  428.288523][T10871]  ? __pfx__printk+0x10/0x10
[  428.288548][T10871]  should_fail_ex+0x424/0x570
[  428.288571][T10871]  _copy_from_user+0x2d/0xb0
[  428.288591][T10871]  copy_msghdr_from_user+0xb3/0x580
[  428.288610][T10871]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  428.288626][T10871]  ? __fget_files+0x2a/0x420
[  428.288642][T10871]  ? __fget_files+0x2a/0x420
[  428.288660][T10871]  __sys_sendmmsg+0x361/0x7b0
[  428.288686][T10871]  ? __pfx___sys_sendmmsg+0x10/0x10
[  428.288723][T10871]  ? rcu_read_lock_any_held+0xbb/0x160
[  428.288741][T10871]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  428.288761][T10871]  ? vfs_write+0xb29/0xd10
[  428.288783][T10871]  ? ksys_write+0x24e/0x2d0
[  428.288801][T10871]  ? __mutex_unlock_slowpath+0x229/0x800
[  428.288832][T10871]  ? ksys_write+0x275/0x2d0
[  428.288855][T10871]  __x64_sys_sendmmsg+0xa0/0xb0
[  428.288885][T10871]  do_syscall_64+0xf3/0x230
[  428.288900][T10871]  ? clear_bhb_loop+0x45/0xa0
[  428.288918][T10871]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  428.288932][T10871] RIP: 0033:0x7fa5cb18d169
[  428.288946][T10871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  428.288958][T10871] RSP: 002b:00007fa5cbff2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  428.288975][T10871] RAX: ffffffffffffffda RBX: 00007fa5cb3a5fa0 RCX: 00007fa5cb18d169
[  428.288986][T10871] RDX: 0000000000000002 RSI: 0000200000000900 RDI: 0000000000000004
[  428.288996][T10871] RBP: 00007fa5cbff2090 R08: 0000000000000000 R09: 0000000000000000
[  428.289006][T10871] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  428.289016][T10871] R13: 0000000000000000 R14: 00007fa5cb3a5fa0 R15: 00007fa5cb4cfa28
[  428.289034][T10871]  </TASK>
[  429.240783][T10900] netlink: 'syz.3.1507': attribute type 21 has an invalid length.
[  429.248852][T10900] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1507'.
[  429.270873][T10897] tls_set_device_offload_rx: netdev not found
[  429.306708][T10900] netlink: 'syz.3.1507': attribute type 5 has an invalid length.
[  429.388470][T10900] netlink: 'syz.3.1507': attribute type 6 has an invalid length.
[  429.396298][T10900] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1507'.
[  429.517585][T10911] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1509'.
[  429.538542][T10911] unsupported nlmsg_type 40
[  429.814378][   T30] audit: type=1326 audit(1743223128.721:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  429.886567][   T30] audit: type=1326 audit(1743223128.721:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  429.917158][   T30] audit: type=1326 audit(1743223128.721:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  429.944319][   T30] audit: type=1326 audit(1743223128.721:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  429.977574][T10918] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  429.997136][T10918] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.022605][   T30] audit: type=1326 audit(1743223128.721:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  430.070856][   T30] audit: type=1326 audit(1743223128.721:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  430.097235][   T30] audit: type=1326 audit(1743223128.721:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  430.121698][   T30] audit: type=1326 audit(1743223128.721:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  430.209923][   T30] audit: type=1326 audit(1743223128.771:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  430.249147][   T30] audit: type=1326 audit(1743223128.771:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.4.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7fc00000
[  430.785813][T10931] FAULT_INJECTION: forcing a failure.
[  430.785813][T10931] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  430.849105][T10931] CPU: 1 UID: 0 PID: 10931 Comm: syz.4.1516 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  430.849139][T10931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  430.849152][T10931] Call Trace:
[  430.849161][T10931]  <TASK>
[  430.849170][T10931]  dump_stack_lvl+0x241/0x360
[  430.849205][T10931]  ? __pfx_dump_stack_lvl+0x10/0x10
[  430.849234][T10931]  ? __pfx__printk+0x10/0x10
[  430.849270][T10931]  should_fail_ex+0x424/0x570
[  430.849305][T10931]  _copy_from_user+0x2d/0xb0
[  430.849331][T10931]  __keyctl_dh_compute+0x1ff/0xf80
[  430.849364][T10931]  ? kstrtouint+0xfc/0x190
[  430.849382][T10931]  ? __pfx___keyctl_dh_compute+0x10/0x10
[  430.849412][T10931]  ? __lock_acquire+0xad5/0xd80
[  430.849465][T10931]  keyctl_dh_compute+0x109/0x160
[  430.849502][T10931]  ? __pfx_keyctl_dh_compute+0x10/0x10
[  430.849534][T10931]  ? ksys_write+0x24e/0x2d0
[  430.849562][T10931]  __se_sys_keyctl+0x3fc/0x940
[  430.849583][T10931]  ? __pfx___se_sys_keyctl+0x10/0x10
[  430.849605][T10931]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  430.849627][T10931]  ? __fget_files+0x2a/0x420
[  430.849648][T10931]  ? __fget_files+0x2a/0x420
[  430.849672][T10931]  ? fput+0x9b/0xd0
[  430.849691][T10931]  ? ksys_write+0x275/0x2d0
[  430.849724][T10931]  ? __x64_sys_keyctl+0x20/0xc0
[  430.849745][T10931]  do_syscall_64+0xf3/0x230
[  430.849766][T10931]  ? clear_bhb_loop+0x45/0xa0
[  430.849789][T10931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  430.849808][T10931] RIP: 0033:0x7fa97418d169
[  430.849826][T10931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  430.849845][T10931] RSP: 002b:00007fa974fe6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[  430.849868][T10931] RAX: ffffffffffffffda RBX: 00007fa9743a5fa0 RCX: 00007fa97418d169
[  430.849884][T10931] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000017
[  430.849897][T10931] RBP: 00007fa974fe6090 R08: 0000000000000000 R09: 0000000000000000
[  430.849911][T10931] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  430.849924][T10931] R13: 0000000000000000 R14: 00007fa9743a5fa0 R15: 00007fa9744cfa28
[  430.849950][T10931]  </TASK>
[  431.148689][T10935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.159940][T10937] tls_set_device_offload_rx: netdev not found
[  431.178849][T10932] syz.1.1517 (10932): drop_caches: 2
[  431.188976][T10935] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.193517][T10932] syz.1.1517 (10932): drop_caches: 2
[  431.277918][T10943] netlink: 'syz.3.1522': attribute type 21 has an invalid length.
[  431.285911][T10943] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1522'.
[  431.295700][T10943] netlink: 'syz.3.1522': attribute type 5 has an invalid length.
[  431.304522][T10943] netlink: 'syz.3.1522': attribute type 6 has an invalid length.
[  431.312835][T10943] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1522'.
[  431.366504][   T10] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  431.546479][   T10] usb 2-1: Using ep0 maxpacket: 16
[  431.552546][   T10] usb 2-1: too many configurations: 60, using maximum allowed: 8
[  431.570769][   T10] usb 2-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  431.580723][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  431.593847][   T10] usb 2-1: Product: syz
[  431.598281][   T10] usb 2-1: Manufacturer: syz
[  431.603064][   T10] usb 2-1: SerialNumber: syz
[  431.613733][   T10] usb 2-1: config 0 descriptor??
[  431.622220][   T10] pwc: Philips SPC 880NC USB webcam detected.
[  431.832696][T10932] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  431.853503][T10932] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  431.918214][   T10] pwc: Warning: more than 1 configuration available.
[  431.941737][T10953] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  431.948937][   T10] pwc: Failed to set LED on/off time (-71)
[  431.956978][T10953] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0
[  431.963536][   T10] pwc: send_video_command error -71
[  431.971671][   T10] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  431.984503][   T10] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  432.070610][   T10] usb 2-1: USB disconnect, device number 115
[  432.586791][   T10] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  432.789125][   T10] usb 5-1: config 0 has no interfaces?
[  433.099379][T10967] FAULT_INJECTION: forcing a failure.
[  433.099379][T10967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  433.119432][T10967] CPU: 0 UID: 0 PID: 10967 Comm: syz.1.1528 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  433.119473][T10967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  433.119488][T10967] Call Trace:
[  433.119496][T10967]  <TASK>
[  433.119506][T10967]  dump_stack_lvl+0x241/0x360
[  433.119541][T10967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  433.119569][T10967]  ? __pfx__printk+0x10/0x10
[  433.119605][T10967]  should_fail_ex+0x424/0x570
[  433.119639][T10967]  _copy_from_user+0x2d/0xb0
[  433.119666][T10967]  copy_msghdr_from_user+0xb3/0x580
[  433.119693][T10967]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  433.119711][T10967]  ? __fget_files+0x2a/0x420
[  433.119729][T10967]  ? __fget_files+0x2a/0x420
[  433.119749][T10967]  __sys_sendmmsg+0x361/0x7b0
[  433.119778][T10967]  ? __pfx___sys_sendmmsg+0x10/0x10
[  433.119819][T10967]  ? rcu_read_lock_any_held+0xbb/0x160
[  433.119839][T10967]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  433.119861][T10967]  ? vfs_write+0xb29/0xd10
[  433.119886][T10967]  ? ksys_write+0x24e/0x2d0
[  433.119908][T10967]  ? __mutex_unlock_slowpath+0x229/0x800
[  433.119941][T10967]  ? ksys_write+0x275/0x2d0
[  433.119966][T10967]  __x64_sys_sendmmsg+0xa0/0xb0
[  433.119990][T10967]  do_syscall_64+0xf3/0x230
[  433.120007][T10967]  ? clear_bhb_loop+0x45/0xa0
[  433.120026][T10967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  433.120042][T10967] RIP: 0033:0x7f003518d169
[  433.120057][T10967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  433.120072][T10967] RSP: 002b:00007f0035ff8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  433.120091][T10967] RAX: ffffffffffffffda RBX: 00007f00353a6160 RCX: 00007f003518d169
[  433.120104][T10967] RDX: 0000000000068000 RSI: 0000200000000f40 RDI: 0000000000000003
[  433.120116][T10967] RBP: 00007f0035ff8090 R08: 0000000000000000 R09: 0000000000000000
[  433.120127][T10967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  433.120137][T10967] R13: 0000000000000000 R14: 00007f00353a6160 R15: 00007f00354cfa28
[  433.120157][T10967]  </TASK>
[  433.125051][   T10] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  433.372564][T10974] netlink: 'syz.3.1530': attribute type 9 has an invalid length.
[  433.403045][T10974] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1530'.
[  433.447274][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.455459][   T10] usb 5-1: Product: syz
[  433.459820][   T10] usb 5-1: Manufacturer: syz
[  433.464597][   T10] usb 5-1: SerialNumber: syz
[  433.534255][T10975] netlink: 'syz.3.1530': attribute type 9 has an invalid length.
[  433.534868][   T10] usb 5-1: config 0 descriptor??
[  433.552915][T10975] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1530'.
[  433.961758][T10958] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  433.986790][T10977] tls_set_device_offload_rx: netdev not found
[  435.179570][T10989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1535'.
[  435.240592][T10992] [U] Õϳž|Úbcžå²tN|µúM™"„7Uú“cyù°©´Õ^7ú#ƒ\kÑ?—§b+]òw5¦\iÄ%ßÞÙ±³*½¬EÝ©'g—z»«®Õà®ÆÊs’½Ç…˜+핹_ð3' Õ¯
[  435.526510][ T5889] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  435.562362][T10998] netlink: 356 bytes leftover after parsing attributes in process `syz.3.1537'.
[  435.890153][    T9] usb 5-1: USB disconnect, device number 107
[  435.959088][ T5889] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  435.969397][ T5889] usb 2-1: config 1 has no interface number 1
[  435.977942][ T5889] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  435.994108][ T5889] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 255, changing to 7
[  436.009298][ T5889] usb 2-1: New USB device found, idVendor=1d6b, idProduct=8101, bcdDevice= 0.40
[  436.030423][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.040394][T10998] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  436.049665][T10998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1537'.
[  436.204630][ T5889] usb 2-1: Product: syz
[  436.209521][ T5889] usb 2-1: Manufacturer: syz
[  436.214385][ T5889] usb 2-1: SerialNumber: syz
[  436.243252][T10992] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  436.426471][    T9] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  436.721296][    T9] usb 5-1: config 0 has no interfaces?
[  436.804653][    T9] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  436.813862][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.826644][    T9] usb 5-1: Product: syz
[  436.834213][    T9] usb 5-1: Manufacturer: syz
[  436.970951][    T9] usb 5-1: SerialNumber: syz
[  436.990000][    T9] usb 5-1: config 0 descriptor??
[  437.405155][T10986] [U] ãÙ]ÍpØ)I5-ÍA¾\ue¾5ˆGÿaj*I_cص³ÍR]…“ˆŽŽb­´s,Ï{ŽèŠà£{
[  437.461806][ T5889] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor
[  437.545051][ T5889] usb 2-1: 2:1: invalid format type 0x1001 is detected, processed as PCM
[  437.613415][ T5889] usb 2-1: USB disconnect, device number 116
[  437.890236][ T6410] udevd[6410]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  438.836631][    T9] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  439.350151][    T9] usb 4-1: config 0 has no interfaces?
[  439.368948][    T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  439.386481][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.484277][    T9] usb 4-1: Product: syz
[  439.501904][    T9] usb 4-1: Manufacturer: syz
[  439.526200][    T9] usb 4-1: SerialNumber: syz
[  439.555023][    T9] usb 4-1: config 0 descriptor??
[  439.605324][T11029] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.628743][T11029] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  439.778861][   T24] usb 5-1: USB disconnect, device number 108
[  439.802752][T11018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  439.811612][T11018] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  440.073816][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.080810][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  440.161493][T11034] netlink: 'syz.0.1546': attribute type 7 has an invalid length.
[  440.200751][   T24] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  440.290427][T11034] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1546'.
[  440.382079][   T24] usb 5-1: Using ep0 maxpacket: 32
[  440.389492][   T24] usb 5-1: config 2 has an invalid interface number: 15 but max is 0
[  440.400032][   T24] usb 5-1: config 2 has 2 interfaces, different from the descriptor's value: 1
[  440.506512][   T24] usb 5-1: config 2 has no interface number 1
[  440.518879][   T24] usb 5-1: config 2 interface 15 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  440.533734][T11038] netlink: 356 bytes leftover after parsing attributes in process `syz.2.1547'.
[  440.582790][   T24] usb 5-1: config 2 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  440.621567][   T24] usb 5-1: config 2 interface 0 has no altsetting 0
[  440.736016][   T24] usb 5-1: New USB device found, idVendor=0471, idProduct=0312, bcdDevice=94.69
[  440.762688][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.812367][   T24] usb 5-1: Product: syz
[  440.839293][   T24] usb 5-1: Manufacturer: syz
[  440.880770][   T24] usb 5-1: SerialNumber: syz
[  440.924090][   T24] pwc: Philips PCVC750K (ToUCam Pro Scan) USB webcam detected.
[  440.936611][ T5889] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  441.119276][   T24] pwc: Failed to set LED on/off time (-71)
[  441.213831][ T5889] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  441.224311][ T5889] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  441.235484][   T24] pwc: send_video_command error -71
[  441.241353][   T24] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  441.259107][   T24] Philips webcam 5-1:2.0: probe with driver Philips webcam failed with error -71
[  441.269751][ T5889] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  441.303231][   T24] usb 5-1: USB disconnect, device number 109
[  441.323945][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.535812][T11038] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  441.555994][T11038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1547'.
[  441.707942][T11043] fuse: Bad value for 'fd'
[  441.746238][T11046] netlink: 356 bytes leftover after parsing attributes in process `syz.4.1550'.
[  442.252184][    T9] usb 4-1: USB disconnect, device number 80
[  442.605955][T11046] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  442.663362][T11046] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1550'.
[  443.566782][   T24] usb 2-1: USB disconnect, device number 117
[  444.353283][T11076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  444.372438][T11076] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  444.386528][    T9] usb 4-1: new low-speed USB device number 81 using dummy_hcd
[  444.617649][    T9] usb 4-1: device descriptor read/64, error -71
[  444.896574][    T9] usb 4-1: new low-speed USB device number 82 using dummy_hcd
[  445.036562][    T9] usb 4-1: device descriptor read/64, error -71
[  445.057478][   T24] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  445.180423][    T9] usb usb4-port1: attempt power cycle
[  445.216855][   T24] usb 5-1: Using ep0 maxpacket: 8
[  445.224947][   T24] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  445.268518][T11090] netlink: 'syz.2.1561': attribute type 16 has an invalid length.
[  445.279372][   T24] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  445.279404][T11090] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1561'.
[  445.303025][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  445.313012][   T24] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  445.330879][   T24] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  445.349087][   T24] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  445.360600][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.566446][    T9] usb 4-1: new low-speed USB device number 83 using dummy_hcd
[  445.587169][    T9] usb 4-1: device descriptor read/8, error -71
[  445.610787][   T24] usb 5-1: usb_control_msg returned -32
[  445.643060][   T24] usbtmc 5-1:16.0: can't read capabilities
[  445.684677][T11097] FAULT_INJECTION: forcing a failure.
[  445.684677][T11097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  445.735807][T11097] CPU: 1 UID: 0 PID: 11097 Comm: syz.1.1563 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  445.735831][T11097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  445.735841][T11097] Call Trace:
[  445.735847][T11097]  <TASK>
[  445.735854][T11097]  dump_stack_lvl+0x241/0x360
[  445.735880][T11097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  445.735901][T11097]  ? __pfx__printk+0x10/0x10
[  445.735932][T11097]  should_fail_ex+0x424/0x570
[  445.735956][T11097]  _copy_from_iter+0x211/0x1c70
[  445.735980][T11097]  ? __pfx__copy_from_iter+0x10/0x10
[  445.735997][T11097]  ? __virt_addr_valid+0x183/0x530
[  445.736019][T11097]  ? __virt_addr_valid+0x183/0x530
[  445.736037][T11097]  ? __virt_addr_valid+0x45f/0x530
[  445.736056][T11097]  ? __phys_addr_symbol+0x2f/0x70
[  445.736074][T11097]  ? __check_object_size+0x478/0x720
[  445.736098][T11097]  pfkey_sendmsg+0x248/0x1140
[  445.736130][T11097]  ? __pfx___might_resched+0x10/0x10
[  445.736149][T11097]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  445.736174][T11097]  ? aa_sk_perm+0x96f/0xac0
[  445.736192][T11097]  ? __pfx_aa_sk_perm+0x10/0x10
[  445.736205][T11097]  ? __import_iovec+0x585/0x830
[  445.736224][T11097]  ? aa_sock_msg_perm+0x91/0x160
[  445.736243][T11097]  ? __pfx_pfkey_sendmsg+0x10/0x10
[  445.736263][T11097]  __sock_sendmsg+0x221/0x270
[  445.736280][T11097]  ____sys_sendmsg+0x53c/0x870
[  445.736304][T11097]  ? __pfx_____sys_sendmsg+0x10/0x10
[  445.736324][T11097]  ? __fget_files+0x2a/0x420
[  445.736339][T11097]  ? __fget_files+0x2a/0x420
[  445.736364][T11097]  __sys_sendmmsg+0x3a0/0x7b0
[  445.736399][T11097]  ? __pfx___sys_sendmmsg+0x10/0x10
[  445.736450][T11097]  ? rcu_read_lock_any_held+0xbb/0x160
[  445.736470][T11097]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  445.736490][T11097]  ? vfs_write+0xb29/0xd10
[  445.736512][T11097]  ? ksys_write+0x24e/0x2d0
[  445.736531][T11097]  ? __mutex_unlock_slowpath+0x229/0x800
[  445.736560][T11097]  ? ksys_write+0x275/0x2d0
[  445.736583][T11097]  __x64_sys_sendmmsg+0xa0/0xb0
[  445.736605][T11097]  do_syscall_64+0xf3/0x230
[  445.736627][T11097]  ? clear_bhb_loop+0x45/0xa0
[  445.736645][T11097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.736659][T11097] RIP: 0033:0x7f003518d169
[  445.736673][T11097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  445.736686][T11097] RSP: 002b:00007f003603a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  445.736703][T11097] RAX: ffffffffffffffda RBX: 00007f00353a5fa0 RCX: 00007f003518d169
[  445.736714][T11097] RDX: 00000000000003ef RSI: 0000200000000180 RDI: 0000000000000003
[  445.736724][T11097] RBP: 00007f003603a090 R08: 0000000000000000 R09: 0000000000000000
[  445.736734][T11097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  445.736744][T11097] R13: 0000000000000000 R14: 00007f00353a5fa0 R15: 00007f00354cfa28
[  445.736763][T11097]  </TASK>
[  445.897405][    T9] usb 4-1: new low-speed USB device number 84 using dummy_hcd
[  446.160558][    T9] usb 4-1: device descriptor read/8, error -71
[  446.171752][T11100] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1564'.
[  446.270537][T11102] fuse: Bad value for 'fd'
[  446.284094][T11104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.293484][    T9] usb usb4-port1: unable to enumerate USB device
[  446.309891][T11104] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.594921][T11113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.604229][T11113] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.820744][T11115] usbtmc 5-1:16.0: usb_control_msg returned -71
[  447.189020][T11119] RDS: rds_bind could not find a transport for 2001::, load rds_tcp or rds_rdma?
[  447.251629][T11122] net_ratelimit: 11 callbacks suppressed
[  447.251652][T11122] openvswitch: netlink: Actions may not be safe on all matching packets
[  447.635432][T11125] netlink: 'syz.3.1572': attribute type 16 has an invalid length.
[  447.686782][T11125] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.1572'.
[  448.066428][    T9] usb 5-1: USB disconnect, device number 110
[  448.854118][    T9] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  449.031365][    T9] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  449.090254][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  449.233260][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  449.405431][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  449.415593][   T30] kauditd_printk_skb: 60 callbacks suppressed
[  449.415617][   T30] audit: type=1326 audit(1743223148.311:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11134 comm="syz.0.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5cb18d169 code=0x7ffc0000
[  449.496657][   T30] audit: type=1326 audit(1743223148.311:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11134 comm="syz.0.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5cb18d169 code=0x7ffc0000
[  449.519027][    C1] vkms_vblank_simulate: vblank timer overrun
[  449.574061][    T9] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  449.613198][   T30] audit: type=1326 audit(1743223148.411:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11134 comm="syz.0.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=444 compat=0 ip=0x7fa5cb18d169 code=0x7ffc0000
[  449.635565][    C1] vkms_vblank_simulate: vblank timer overrun
[  449.635589][    T9] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  449.635617][    T9] usb 5-1: Product: syz
[  449.635633][    T9] usb 5-1: Manufacturer: syz
[  449.659944][   T30] audit: type=1326 audit(1743223148.411:335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11134 comm="syz.0.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5cb18d169 code=0x7ffc0000
[  449.682297][    C1] vkms_vblank_simulate: vblank timer overrun
[  449.692554][   T30] audit: type=1326 audit(1743223148.411:336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11134 comm="syz.0.1575" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa5cb18d169 code=0x7ffc0000
[  449.715022][    C1] vkms_vblank_simulate: vblank timer overrun
[  449.744106][    T9] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  449.968983][ T5835] usb 5-1: USB disconnect, device number 111
[  450.038700][T11144] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  450.062900][T11144] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2
[  450.115312][T11144] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0
[  450.826992][ T5835] usb 5-1: new low-speed USB device number 112 using dummy_hcd
[  450.956544][ T5835] usb 5-1: device descriptor read/64, error -71
[  451.096596][   T24] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  451.196565][ T5835] usb 5-1: new low-speed USB device number 113 using dummy_hcd
[  451.267244][   T24] usb 2-1: Using ep0 maxpacket: 32
[  451.274650][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  451.286138][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  451.296696][   T24] usb 2-1: New USB device found, idVendor=0079, idProduct=1843, bcdDevice= 0.00
[  451.305835][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.329421][ T5835] usb 5-1: device descriptor read/64, error -71
[  451.336773][   T24] usb 2-1: config 0 descriptor??
[  451.436789][ T5835] usb usb5-port1: attempt power cycle
[  451.676465][    T9] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  451.757341][   T24] hid_mf 0003:0079:1843.0027: item fetching failed at offset 0/2
[  451.772359][   T24] hid_mf 0003:0079:1843.0027: HID parse failed.
[  451.780255][   T24] hid_mf 0003:0079:1843.0027: probe with driver hid_mf failed with error -22
[  451.793121][ T5835] usb 5-1: new low-speed USB device number 114 using dummy_hcd
[  451.818423][ T5835] usb 5-1: device descriptor read/8, error -71
[  451.836231][    T9] usb 4-1: config 0 has no interfaces?
[  451.861696][    T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  451.920073][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  451.929731][    T9] usb 4-1: Product: syz
[  451.933954][    T9] usb 4-1: Manufacturer: syz
[  451.942725][    T9] usb 4-1: SerialNumber: syz
[  451.950473][    T9] usb 4-1: config 0 descriptor??
[  451.980653][T11157] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.993670][T11157] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  452.013073][   T24] usb 2-1: USB disconnect, device number 118
[  452.106779][ T5835] usb 5-1: new low-speed USB device number 115 using dummy_hcd
[  452.127474][ T5835] usb 5-1: device descriptor read/8, error -71
[  452.236878][ T5835] usb usb5-port1: unable to enumerate USB device
[  452.413817][T11167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  452.428140][T11167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  452.937623][ T5896] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  453.098128][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  453.109961][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  453.119953][ T5896] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  453.133517][ T5896] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  453.143185][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.154181][ T5896] usb 2-1: Product: syz
[  453.160191][ T5896] usb 2-1: Manufacturer: syz
[  453.165013][ T5896] usb 2-1: SerialNumber: syz
[  453.173293][ T5896] usb 2-1: config 0 descriptor??
[  453.384068][ T5896] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  453.654379][T11173] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  453.721455][   T30] audit: type=1326 audit(1743223152.631:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11174 comm="syz.4.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7ffc0000
[  453.744969][   T30] audit: type=1326 audit(1743223152.631:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11174 comm="syz.4.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa97418d169 code=0x7ffc0000
[  453.769840][   T30] audit: type=1326 audit(1743223152.631:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11174 comm="syz.4.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa97418bad0 code=0x7ffc0000
[  453.793102][   T30] audit: type=1326 audit(1743223152.631:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11174 comm="syz.4.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa97418bc1f code=0x7ffc0000
[  453.822296][   T30] audit: type=1326 audit(1743223152.631:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11174 comm="syz.4.1588" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7fa97418d169 code=0x7ffc0000
[  454.385309][    T9] usb 4-1: USB disconnect, device number 85
[  454.421919][ T5896] usb 2-1: USB disconnect, device number 119
[  454.610676][T11185] syzkaller0: entered promiscuous mode
[  454.616237][T11185] syzkaller0: entered allmulticast mode
[  454.837672][ T5896] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  455.014521][ T5896] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  455.034952][ T5896] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  455.058282][ T5896] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  455.107331][ T5896] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  455.160520][ T5896] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  455.174033][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  455.217670][ T5896] usb 2-1: Product: syz
[  455.230805][ T5896] usb 2-1: Manufacturer: syz
[  455.259373][ T5896] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  455.358699][T11193] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  455.367374][T11193] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  455.398437][ T5838] Bluetooth: hci3: unexpected event for opcode 0x2012
[  455.487368][ T5835] usb 2-1: USB disconnect, device number 120
[  455.654754][ T5896] IPVS: starting estimator thread 0...
[  455.762742][T11199] IPVS: using max 29 ests per chain, 69600 per kthread
[  455.899600][ T5889] usb 5-1: new full-speed USB device number 116 using dummy_hcd
[  455.971174][T11201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  455.984696][T11201] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  456.063958][ T5889] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  456.073000][ T5889] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  456.083501][ T5889] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  456.094552][ T5889] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  456.123866][ T5889] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  456.133181][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  456.141572][ T5889] usb 5-1: Product: syz
[  456.154156][ T5889] usb 5-1: Manufacturer: syz
[  456.158935][ T5889] usb 5-1: SerialNumber: syz
[  456.194412][T11203] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  456.516312][T11214] netlink: 'syz.1.1601': attribute type 21 has an invalid length.
[  456.523188][ T5889] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  456.525610][T11214] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1601'.
[  456.556453][ T5889] usb 5-1: 2:1 : unknown format tag 0x0 is detected.  processed as MPEG.
[  456.575391][ T5889] usb 5-1: found format II with max.bitrate = 128, frame size=0
[  456.602119][ T5889] usb 5-1: 2:1: All rates were zero
[  456.608127][T11216] FAULT_INJECTION: forcing a failure.
[  456.608127][T11216] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  456.672038][ T5889] usb 5-1: USB disconnect, device number 116
[  456.679373][T11216] CPU: 1 UID: 0 PID: 11216 Comm: syz.0.1602 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  456.679403][T11216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  456.679416][T11216] Call Trace:
[  456.679424][T11216]  <TASK>
[  456.679433][T11216]  dump_stack_lvl+0x241/0x360
[  456.679469][T11216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  456.679496][T11216]  ? __pfx__printk+0x10/0x10
[  456.679529][T11216]  should_fail_ex+0x424/0x570
[  456.679561][T11216]  _copy_from_user+0x2d/0xb0
[  456.679585][T11216]  copy_msghdr_from_user+0xb3/0x580
[  456.679610][T11216]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  456.679630][T11216]  ? __fget_files+0x2a/0x420
[  456.679653][T11216]  ? __fget_files+0x2a/0x420
[  456.679679][T11216]  __sys_sendmsg+0x20a/0x360
[  456.679708][T11216]  ? __pfx___sys_sendmsg+0x10/0x10
[  456.679782][T11216]  ? do_syscall_64+0xb6/0x230
[  456.679795][T11219] program syz.2.1603 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  456.679807][T11216]  do_syscall_64+0xf3/0x230
[  456.679828][T11216]  ? clear_bhb_loop+0x45/0xa0
[  456.679850][T11216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  456.679872][T11216] RIP: 0033:0x7fa5cb18d169
[  456.679892][T11216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  456.679913][T11216] RSP: 002b:00007fa5cbff2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  456.679938][T11216] RAX: ffffffffffffffda RBX: 00007fa5cb3a5fa0 RCX: 00007fa5cb18d169
[  456.679956][T11216] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005
[  456.679971][T11216] RBP: 00007fa5cbff2090 R08: 0000000000000000 R09: 0000000000000000
[  456.679985][T11216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  456.679999][T11216] R13: 0000000000000000 R14: 00007fa5cb3a5fa0 R15: 00007fa5cb4cfa28
[  456.680027][T11216]  </TASK>
[  456.816430][    C0] vkms_vblank_simulate: vblank timer overrun
[  456.905109][T11222] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  456.915189][T11222] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.449800][T11214] netlink: 'syz.1.1601': attribute type 5 has an invalid length.
[  457.461708][T11214] netlink: 'syz.1.1601': attribute type 6 has an invalid length.
[  457.471649][T11214] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1601'.
[  457.646995][T11240] FAULT_INJECTION: forcing a failure.
[  457.646995][T11240] name failslab, interval 1, probability 0, space 0, times 0
[  457.661794][T11240] CPU: 0 UID: 0 PID: 11240 Comm: syz.1.1607 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  457.661824][T11240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  457.661838][T11240] Call Trace:
[  457.661846][T11240]  <TASK>
[  457.661855][T11240]  dump_stack_lvl+0x241/0x360
[  457.661889][T11240]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.661917][T11240]  ? __pfx__printk+0x10/0x10
[  457.661946][T11240]  ? __pfx___might_resched+0x10/0x10
[  457.661972][T11240]  should_fail_ex+0x424/0x570
[  457.662004][T11240]  should_failslab+0xac/0x100
[  457.662034][T11240]  __kmalloc_noprof+0xdf/0x4d0
[  457.662063][T11240]  ? tomoyo_realpath_from_path+0xc2/0x5e0
[  457.662088][T11240]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  457.662116][T11240]  tomoyo_realpath_from_path+0xcf/0x5e0
[  457.662150][T11240]  tomoyo_path_number_perm+0x245/0x790
[  457.662173][T11240]  ? tomoyo_path_number_perm+0x215/0x790
[  457.662194][T11240]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  457.662219][T11240]  ? ksys_write+0x24e/0x2d0
[  457.662249][T11240]  ? __lock_acquire+0xad5/0xd80
[  457.662292][T11240]  ? __fget_files+0x2a/0x420
[  457.662312][T11240]  ? __fget_files+0x2a/0x420
[  457.662333][T11240]  ? __fget_files+0x2a/0x420
[  457.662356][T11240]  security_file_ioctl+0xc6/0x2a0
[  457.662388][T11240]  __se_sys_ioctl+0x46/0x160
[  457.662414][T11240]  do_syscall_64+0xf3/0x230
[  457.662436][T11240]  ? clear_bhb_loop+0x45/0xa0
[  457.662460][T11240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.662480][T11240] RIP: 0033:0x7f003518d169
[  457.662505][T11240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.662524][T11240] RSP: 002b:00007f003603a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  457.662546][T11240] RAX: ffffffffffffffda RBX: 00007f00353a5fa0 RCX: 00007f003518d169
[  457.662562][T11240] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  457.662575][T11240] RBP: 00007f003603a090 R08: 0000000000000000 R09: 0000000000000000
[  457.662589][T11240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.662601][T11240] R13: 0000000000000000 R14: 00007f00353a5fa0 R15: 00007f00354cfa28
[  457.662627][T11240]  </TASK>
[  457.662636][T11240] ERROR: Out of memory at tomoyo_realpath_from_path.
[  457.715227][T11242] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1610'.
[  457.790143][ T5889] usb 5-1: new high-speed USB device number 117 using dummy_hcd
[  457.963952][ T5889] usb 5-1: unable to get BOS descriptor or descriptor too short
[  457.981933][ T5889] usb 5-1: config 129 has an invalid interface number: 135 but max is 0
[  457.996431][ T5889] usb 5-1: config 129 has an invalid interface number: 5 but max is 0
[  458.004693][ T5889] usb 5-1: config 129 descriptor has 1 excess byte, ignoring
[  458.023991][ T5889] usb 5-1: config 129 has 2 interfaces, different from the descriptor's value: 1
[  458.058003][ T5889] usb 5-1: config 129 has no interface number 0
[  458.064362][ T5889] usb 5-1: config 129 has no interface number 1
[  458.083990][ T5889] usb 5-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  458.097996][ T5889] usb 5-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30
[  458.109641][ T5889] usb 5-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37
[  458.124782][ T5889] usb 5-1: config 129 interface 135 has no altsetting 0
[  458.132160][ T5889] usb 5-1: config 129 interface 5 has no altsetting 0
[  458.150394][ T5889] usb 5-1: string descriptor 0 read error: -22
[  458.157108][ T5889] usb 5-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62
[  458.166228][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.227502][ T5889] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  458.247581][ T5889] usb 5-1: MIDIStreaming interface descriptor not found
[  458.432623][T11234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  458.441753][T11234] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  458.453697][ T5896] usb 5-1: USB disconnect, device number 117
[  459.263113][T11264] netlink: 'syz.1.1617': attribute type 21 has an invalid length.
[  459.272970][T11264] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1617'.
[  459.284765][T11264] netlink: 'syz.1.1617': attribute type 5 has an invalid length.
[  459.295169][T11264] netlink: 'syz.1.1617': attribute type 6 has an invalid length.
[  459.304895][T11264] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1617'.
[  459.358509][T11268] netlink: 'syz.3.1618': attribute type 21 has an invalid length.
[  459.384779][T11268] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1618'.
[  459.397283][T11268] netlink: 'syz.3.1618': attribute type 5 has an invalid length.
[  459.405759][T11268] netlink: 'syz.3.1618': attribute type 6 has an invalid length.
[  459.423533][T11268] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1618'.
[  459.427030][ T5838] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  459.456623][ T5838] Bluetooth: hci3: Injecting HCI hardware error event
[  459.465756][ T5838] Bluetooth: hci3: hardware error 0x00
[  459.584431][T11276] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1620'.
[  459.631341][T11276] [U] Õϳž|Úbcžå²tN|µúM™"„7Uú“cyù°©´Õ^7ú#ƒ\kÑ?—§b+]òw5¦\iÄ%ßÞÙ±³*½¬EÝ©'g—z»«®Õà®ÆÊs’½Ç…˜+핹_ð3' Õ¯
[  459.664655][T11276] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  459.673668][T11276] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  459.871855][T11284] loop4: detected capacity change from 0 to 7
[  459.976653][T11284] Dev loop4: unable to read RDB block 7
[  459.982320][T11284]  loop4: unable to read partition table
[  460.018313][T11284] loop4: partition table beyond EOD, truncated
[  460.048984][T11284] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5)
[  460.216687][    T9] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  460.372594][T11275] [U] ãÙ]ÍpØ)I5-ÍA¾\ue¾5ˆGÿaj*I_cص³ÍR]…“ˆŽŽb­´s,Ï{ŽèŠà£{
[  460.584378][    T9] usb 4-1: config 0 has no interfaces?
[  460.613574][    T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  460.636882][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.649502][    T9] usb 4-1: Product: syz
[  460.653754][    T9] usb 4-1: Manufacturer: syz
[  460.675662][    T9] usb 4-1: SerialNumber: syz
[  460.772587][    T9] usb 4-1: config 0 descriptor??
[  460.926872][   T47] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  461.189202][   T47] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  461.203086][   T47] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  461.228397][   T47] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  461.241234][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.249834][   T47] usb 2-1: Product: syz
[  461.254089][   T47] usb 2-1: Manufacturer: syz
[  461.262788][   T47] usb 2-1: SerialNumber: syz
[  461.338375][T11309] netlink: 'syz.2.1629': attribute type 21 has an invalid length.
[  461.347514][T11309] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1629'.
[  461.357068][T11309] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1629'.
[  461.491064][T11296] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  461.506960][ T5838] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  461.578172][T11314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.599726][T11314] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.648251][T11317] FAULT_INJECTION: forcing a failure.
[  461.648251][T11317] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  461.662608][T11317] CPU: 0 UID: 0 PID: 11317 Comm: syz.0.1632 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  461.662638][T11317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  461.662649][T11317] Call Trace:
[  461.662655][T11317]  <TASK>
[  461.662661][T11317]  dump_stack_lvl+0x241/0x360
[  461.662690][T11317]  ? __pfx_dump_stack_lvl+0x10/0x10
[  461.662719][T11317]  ? __pfx__printk+0x10/0x10
[  461.662752][T11317]  should_fail_ex+0x424/0x570
[  461.662782][T11317]  _copy_from_user+0x2d/0xb0
[  461.662801][T11317]  restore_altstack+0x9a/0x160
[  461.662819][T11317]  ? __pfx_restore_altstack+0x10/0x10
[  461.662838][T11317]  ? arch_do_signal_or_restart+0x4ed/0x840
[  461.662872][T11317]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  461.662903][T11317]  __do_sys_rt_sigreturn+0x19a/0x290
[  461.662933][T11317]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  461.662958][T11317]  ? do_syscall_64+0xb6/0x230
[  461.662975][T11317]  do_syscall_64+0xf3/0x230
[  461.662992][T11317]  ? clear_bhb_loop+0x45/0xa0
[  461.663016][T11317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.663036][T11317] RIP: 0033:0x7fa5cb129359
[  461.663052][T11317] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  461.663069][T11317] RSP: 002b:00007fa5cbff1a80 EFLAGS: 00000293 ORIG_RAX: 000000000000000f
[  461.663088][T11317] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fa5cb129359
[  461.663099][T11317] RDX: 00007fa5cbff1a80 RSI: 00007fa5cbff1bb0 RDI: 0000000000000011
[  461.663109][T11317] RBP: 00007fa5cbff2090 R08: 0000000000000000 R09: 00007fa5cbff1df7
[  461.663119][T11317] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  461.663128][T11317] R13: 0000000000000000 R14: 00007fa5cb3a5fa0 R15: 00007fa5cb4cfa28
[  461.663171][T11317]  </TASK>
[  462.249987][T11323] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.266076][T11296] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  462.313684][T11323] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.523440][   T47] cdc_mbim 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  462.534776][   T47] cdc_mbim 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  462.554643][   T47] cdc_mbim 2-1:1.0: setting rx_max = 2048
[  462.716625][ T5896] usb 5-1: new high-speed USB device number 118 using dummy_hcd
[  462.731893][   T47] cdc_mbim 2-1:1.0: setting tx_max = 184
[  462.745609][   T47] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device
[  462.842054][ T5889] usb 4-1: USB disconnect, device number 86
[  462.963093][   T47] wwan wwan0: port wwan0mbim0 attached
[  462.992456][   T47] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 42:42:42:42:42:42
[  463.043651][ T5896] usb 5-1: config 0 has no interfaces?
[  463.054192][ T5896] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  463.099980][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.150199][ T5896] usb 5-1: Product: syz
[  463.161804][ T5896] usb 5-1: Manufacturer: syz
[  463.211354][ T5896] usb 5-1: SerialNumber: syz
[  463.235760][ T5896] usb 5-1: config 0 descriptor??
[  463.354865][T11340] FAULT_INJECTION: forcing a failure.
[  463.354865][T11340] name failslab, interval 1, probability 0, space 0, times 0
[  463.445098][ T5896] usb 2-1: USB disconnect, device number 121
[  463.456779][T11340] CPU: 0 UID: 0 PID: 11340 Comm: syz.2.1638 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  463.456810][T11340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  463.456824][T11340] Call Trace:
[  463.456831][T11340]  <TASK>
[  463.456840][T11340]  dump_stack_lvl+0x241/0x360
[  463.456875][T11340]  ? __pfx_dump_stack_lvl+0x10/0x10
[  463.456903][T11340]  ? __pfx__printk+0x10/0x10
[  463.456931][T11340]  ? __pfx___might_resched+0x10/0x10
[  463.456959][T11340]  should_fail_ex+0x424/0x570
[  463.456992][T11340]  should_failslab+0xac/0x100
[  463.457023][T11340]  __kmalloc_cache_noprof+0x73/0x370
[  463.457053][T11340]  ? fuse_alloc_inode+0x188/0x230
[  463.457080][T11340]  fuse_alloc_inode+0x188/0x230
[  463.457101][T11340]  ? __pfx_fuse_alloc_inode+0x10/0x10
[  463.457125][T11340]  ? __pfx_fuse_inode_set+0x10/0x10
[  463.457144][T11340]  alloc_inode+0x69/0x1b0
[  463.457173][T11340]  ? __pfx_fuse_inode_eq+0x10/0x10
[  463.457193][T11340]  ? __pfx_fuse_inode_set+0x10/0x10
[  463.457211][T11340]  iget5_locked+0x4a/0xa0
[  463.457234][T11340]  fuse_iget+0x1e1/0xa30
[  463.457271][T11340]  ? __pfx_fuse_iget+0x10/0x10
[  463.457293][T11340]  ? __kmalloc_cache_noprof+0x236/0x370
[  463.457326][T11340]  fuse_lookup_name+0x838/0xa40
[  463.457357][T11340]  ? __pfx_fuse_lookup_name+0x10/0x10
[  463.457389][T11340]  ? percpu_ref_get_many+0x19/0x140
[  463.457420][T11340]  ? percpu_ref_get_many+0x19/0x140
[  463.457454][T11340]  fuse_lookup+0x186/0x5e0
[  463.457480][T11340]  ? __pfx_fuse_lookup+0x10/0x10
[  463.457501][T11340]  ? do_raw_spin_lock+0x151/0x370
[  463.457540][T11340]  ? _raw_spin_unlock+0x28/0x50
[  463.457568][T11340]  ? d_alloc+0x142/0x190
[  463.457593][T11340]  lookup_one_qstr_excl+0x136/0x3a0
[  463.457618][T11340]  do_rmdir+0x299/0x550
[  463.457640][T11340]  ? __virt_addr_valid+0x183/0x530
[  463.457670][T11340]  ? __pfx_do_rmdir+0x10/0x10
[  463.457702][T11340]  ? getname_flags+0x1e2/0x530
[  463.457724][T11340]  __x64_sys_rmdir+0x47/0x50
[  463.457750][T11340]  do_syscall_64+0xf3/0x230
[  463.457770][T11340]  ? clear_bhb_loop+0x45/0xa0
[  463.457795][T11340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.457815][T11340] RIP: 0033:0x7f9e0298d169
[  463.457834][T11340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.457852][T11340] RSP: 002b:00007f9e037ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[  463.457874][T11340] RAX: ffffffffffffffda RBX: 00007f9e02ba5fa0 RCX: 00007f9e0298d169
[  463.457889][T11340] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000040
[  463.457903][T11340] RBP: 00007f9e037ce090 R08: 0000000000000000 R09: 0000000000000000
[  463.457916][T11340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  463.457929][T11340] R13: 0000000000000000 R14: 00007f9e02ba5fa0 R15: 00007f9e02ccfa28
[  463.457956][T11340]  </TASK>
[  463.465345][ T5896] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM
[  463.835953][T11330] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  464.017905][T11351] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2248643489 (17989147912 ns) > initial count (11631199424 ns). Using initial count to start timer.
[  464.632960][ T5896] wwan wwan0: port wwan0mbim0 disconnected
[  465.049744][T11369] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.083299][T11369] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.144566][T11368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  465.158163][T11368] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  465.277845][ T5896] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  465.446489][ T5896] usb 2-1: Using ep0 maxpacket: 16
[  465.469111][ T5896] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  465.478748][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  465.516788][ T5896] usb 2-1: Product: syz
[  465.546947][ T5896] usb 2-1: Manufacturer: syz
[  465.647841][ T5896] usb 2-1: SerialNumber: syz
[  465.668563][ T5896] usb 2-1: config 0 descriptor??
[  466.097785][T11347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.107589][T11347] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.181367][T11347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.249414][T11347] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.364603][ T5896] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  466.377487][ T5896] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  466.395239][ T5896] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  466.404437][ T5896] usb 2-1: media controller created
[  466.429059][ T5896] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  466.521918][ T5889] usb 5-1: USB disconnect, device number 118
[  466.682097][ T5896] zl10353_read_register: readreg error (reg=127, ret==0)
[  466.733836][ T5896] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  466.781741][ T5896] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  466.834736][ T5896] usb 2-1: USB disconnect, device number 122
[  466.931868][ T5896] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  466.947011][ T5889] usb 5-1: new high-speed USB device number 119 using dummy_hcd
[  467.128216][ T5889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.153859][ T5889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  467.198868][ T5889] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  467.213503][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.232444][ T5889] usb 5-1: Product: syz
[  467.244486][ T5889] usb 5-1: Manufacturer: syz
[  467.254092][ T5889] usb 5-1: SerialNumber: syz
[  467.270791][ T5889] usb 5-1: config 0 descriptor??
[  467.293994][ T5889] usb 5-1: Found UVC 0.00 device syz (18ec:3288)
[  467.308183][ T5889] usb 5-1: No valid video chain found.
[  467.416882][ T5896] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[  467.575537][ T5896] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  467.617852][ T5896] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  467.629363][ T5896] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  467.653202][ T5896] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  467.662993][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  467.675330][ T5896] usb 2-1: Product: syz
[  467.685479][ T5896] usb 2-1: Manufacturer: syz
[  468.032361][ T5896] usb 2-1: USB disconnect, device number 123
[  468.304140][T11408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.319788][T11408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  468.597798][T11409] input: syz0 as /devices/virtual/input/input38
[  468.756290][    T9] hid-generic 0009:000B:0007.0028: reserved main item tag 0xd
[  468.787154][    T9] hid-generic 0009:000B:0007.0028: unexpected long global item
[  468.795350][    T9] hid-generic 0009:000B:0007.0028: probe with driver hid-generic failed with error -22
[  468.986577][   T24] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  469.136875][   T24] usb 4-1: Using ep0 maxpacket: 32
[  469.143680][   T24] usb 4-1: config 0 has an invalid interface number: 74 but max is 1
[  469.151889][   T24] usb 4-1: config 0 has no interface number 1
[  469.163210][   T24] usb 4-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa
[  469.172457][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.181054][   T24] usb 4-1: Product: syz
[  469.185285][   T24] usb 4-1: Manufacturer: syz
[  469.190122][   T24] usb 4-1: SerialNumber: syz
[  469.199799][   T24] usb 4-1: config 0 descriptor??
[  469.220086][   T24] snd-usb-audio 4-1:0.74: probe with driver snd-usb-audio failed with error -22
[  469.253742][ T6003] udevd[6003]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.74/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  469.346623][ T5889] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  469.422864][   T24] usb 4-1: USB disconnect, device number 87
[  469.506600][ T5889] usb 2-1: Using ep0 maxpacket: 16
[  469.523028][ T5889] usb 2-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  469.534059][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.545797][ T5889] usb 2-1: Product: syz
[  469.551982][ T5889] usb 2-1: Manufacturer: syz
[  469.559182][ T5889] usb 2-1: SerialNumber: syz
[  469.565758][ T5889] usb 2-1: config 0 descriptor??
[  469.580449][ T5889] as10x_usb: device has been detected
[  469.587788][ T5889] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  469.609590][ T5889] usb 2-1: DVB: registering adapter 2 frontend 0 (Sky IT Digital Key (green led))...
[  469.695595][ T5889] as10x_usb: error during firmware upload part1
[  469.707553][ T5889] Registered device Sky IT Digital Key (green led)
[  469.751732][ T5889] usb 5-1: USB disconnect, device number 119
[  469.778843][T11421] random: crng reseeded on system resumption
[  469.815580][T11421] FAULT_INJECTION: forcing a failure.
[  469.815580][T11421] name failslab, interval 1, probability 0, space 0, times 0
[  469.847848][T11421] CPU: 0 UID: 0 PID: 11421 Comm: syz.1.1655 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  469.847887][T11421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  469.847901][T11421] Call Trace:
[  469.847909][T11421]  <TASK>
[  469.847918][T11421]  dump_stack_lvl+0x241/0x360
[  469.847956][T11421]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.847983][T11421]  ? __pfx__printk+0x10/0x10
[  469.848018][T11421]  should_fail_ex+0x424/0x570
[  469.848052][T11421]  should_failslab+0xac/0x100
[  469.848083][T11421]  __kmalloc_cache_noprof+0x73/0x370
[  469.848113][T11421]  ? async_schedule_node_domain+0x5c/0x110
[  469.848135][T11421]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  469.848166][T11421]  async_schedule_node_domain+0x5c/0x110
[  469.848189][T11421]  dev_cache_fw_image+0x36f/0x3e0
[  469.848216][T11421]  ? irqentry_exit+0x63/0x90
[  469.848235][T11421]  ? lockdep_hardirqs_on+0x9d/0x150
[  469.848257][T11421]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  469.848292][T11421]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  469.848318][T11421]  dpm_for_each_dev+0x58/0xc0
[  469.848347][T11421]  fw_pm_notify+0x254/0x2f0
[  469.848372][T11421]  ? __pfx_fw_pm_notify+0x10/0x10
[  469.848396][T11421]  ? kvm_arch_pm_notifier+0x295/0x340
[  469.848416][T11421]  ? __pfx_autoremove_wake_function+0x10/0x10
[  469.848446][T11421]  ? __mutex_lock+0x380/0x10c0
[  469.848467][T11421]  ? rcu_is_watching+0x15/0xb0
[  469.848494][T11421]  notifier_call_chain+0x1a5/0x3f0
[  469.848520][T11421]  blocking_notifier_call_chain_robust+0xf2/0x1f0
[  469.848549][T11421]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  469.848584][T11421]  pm_notifier_call_chain_robust+0x2c/0x60
[  469.848616][T11421]  snapshot_open+0x132/0x280
[  469.848645][T11421]  ? __pfx_snapshot_open+0x10/0x10
[  469.848666][T11421]  misc_open+0x2cc/0x340
[  469.848698][T11421]  chrdev_open+0x514/0x600
[  469.848730][T11421]  ? __pfx_chrdev_open+0x10/0x10
[  469.848761][T11421]  ? file_set_fsnotify_mode_from_watchers+0x123/0x640
[  469.848796][T11421]  ? __pfx_chrdev_open+0x10/0x10
[  469.848823][T11421]  do_dentry_open+0xdec/0x1960
[  469.848860][T11421]  ? vfs_open+0x31/0x370
[  469.848892][T11421]  vfs_open+0x3b/0x370
[  469.848922][T11421]  path_openat+0x2caf/0x35d0
[  469.848951][T11421]  ? __pfx_kstrtoull+0x10/0x10
[  469.848995][T11421]  ? kasan_save_track+0x51/0x80
[  469.849021][T11421]  ? __pfx_path_openat+0x10/0x10
[  469.849045][T11421]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.849073][T11421]  ? __lock_acquire+0xad5/0xd80
[  469.849107][T11421]  do_filp_open+0x284/0x4e0
[  469.849132][T11421]  ? __pfx_do_filp_open+0x10/0x10
[  469.849155][T11421]  ? do_raw_spin_lock+0x151/0x370
[  469.849211][T11421]  do_sys_openat2+0x12b/0x1d0
[  469.849232][T11421]  ? __pfx_do_sys_openat2+0x10/0x10
[  469.849251][T11421]  ? __fget_files+0x2a/0x420
[  469.849271][T11421]  ? __fget_files+0x2a/0x420
[  469.849296][T11421]  __x64_sys_openat+0x249/0x2a0
[  469.849318][T11421]  ? __pfx___x64_sys_openat+0x10/0x10
[  469.849346][T11421]  ? do_syscall_64+0xb6/0x230
[  469.849370][T11421]  do_syscall_64+0xf3/0x230
[  469.849392][T11421]  ? clear_bhb_loop+0x45/0xa0
[  469.849415][T11421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.849435][T11421] RIP: 0033:0x7f003518d169
[  469.849454][T11421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  469.849483][T11421] RSP: 002b:00007f003603a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  469.849507][T11421] RAX: ffffffffffffffda RBX: 00007f00353a5fa0 RCX: 00007f003518d169
[  469.849523][T11421] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[  469.849539][T11421] RBP: 00007f003603a090 R08: 0000000000000000 R09: 0000000000000000
[  469.849553][T11421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.849565][T11421] R13: 0000000000000000 R14: 00007f00353a5fa0 R15: 00007f00354cfa28
[  469.849592][T11421]  </TASK>
[  470.245128][T11421] 
[  470.247511][T11421] ============================================
[  470.253841][T11421] WARNING: possible recursive locking detected
[  470.259996][T11421] 6.14.0-syzkaller-07540-geff5f16bfd87 #0 Not tainted
[  470.266758][T11421] --------------------------------------------
[  470.272909][T11421] syz.1.1655/11421 is trying to acquire lock:
[  470.278972][T11421] ffffffff8f6f4d08 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x56/0x890
[  470.286909][T11421] 
[  470.286909][T11421] but task is already holding lock:
[  470.294276][T11421] ffffffff8f6f4d08 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x23c/0x2f0
[  470.302583][T11421] 
[  470.302583][T11421] other info that might help us debug this:
[  470.310645][T11421]  Possible unsafe locking scenario:
[  470.310645][T11421] 
[  470.318120][T11421]        CPU0
[  470.321411][T11421]        ----
[  470.324694][T11421]   lock(fw_lock);
[  470.328429][T11421]   lock(fw_lock);
[  470.332277][T11421] 
[  470.332277][T11421]  *** DEADLOCK ***
[  470.332277][T11421] 
[  470.340454][T11421]  May be due to missing lock nesting notation
[  470.340454][T11421] 
[  470.348863][T11421] 5 locks held by syz.1.1655/11421:
[  470.354516][T11421]  #0: ffffffff8f5a6d48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x54/0x340
[  470.363183][T11421]  #1: ffffffff8ebecf28 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x60/0xa0
[  470.373573][T11421]  #2: ffffffff8ec0da70 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xb8/0x1f0
[  470.385614][T11421]  #3: ffffffff8f6f4d08 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x23c/0x2f0
[  470.394947][T11421]  #4: ffffffff8f6eff88 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2b/0xc0
[  470.404309][T11421] 
[  470.404309][T11421] stack backtrace:
[  470.410203][T11421] CPU: 1 UID: 0 PID: 11421 Comm: syz.1.1655 Not tainted 6.14.0-syzkaller-07540-geff5f16bfd87 #0 PREEMPT(full) 
[  470.410227][T11421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  470.410239][T11421] Call Trace:
[  470.410246][T11421]  <TASK>
[  470.410254][T11421]  dump_stack_lvl+0x241/0x360
[  470.410280][T11421]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.410302][T11421]  ? __pfx__printk+0x10/0x10
[  470.410323][T11421]  ? print_lock+0x171/0x1a0
[  470.410342][T11421]  print_deadlock_bug+0x2be/0x2d0
[  470.410361][T11421]  validate_chain+0x928/0x24e0
[  470.410381][T11421]  ? _raw_spin_unlock_irqrestore+0x90/0x140
[  470.410406][T11421]  ? lockdep_hardirqs_on+0x9d/0x150
[  470.410421][T11421]  ? _raw_spin_unlock_irqrestore+0xde/0x140
[  470.410449][T11421]  __lock_acquire+0xad5/0xd80
[  470.410477][T11421]  lock_acquire+0x116/0x2f0
[  470.410500][T11421]  ? assign_fw+0x56/0x890
[  470.410521][T11421]  ? dev_cache_fw_image+0x36f/0x3e0
[  470.410540][T11421]  ? fw_pm_notify+0x254/0x2f0
[  470.410562][T11421]  __mutex_lock+0x1a5/0x10c0
[  470.410578][T11421]  ? assign_fw+0x56/0x890
[  470.410600][T11421]  ? do_sys_openat2+0x12b/0x1d0
[  470.410615][T11421]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.410635][T11421]  ? assign_fw+0x56/0x890
[  470.410653][T11421]  ? __pfx___mutex_lock+0x10/0x10
[  470.410673][T11421]  ? kasan_quarantine_put+0xdc/0x230
[  470.410691][T11421]  ? lockdep_hardirqs_on+0x9d/0x150
[  470.410708][T11421]  assign_fw+0x56/0x890
[  470.410726][T11421]  ? kmem_cache_free+0x197/0x410
[  470.410750][T11421]  ? _request_firmware+0xf08/0x1540
[  470.410770][T11421]  _request_firmware+0xfd1/0x1540
[  470.410795][T11421]  ? __pfx__request_firmware+0x10/0x10
[  470.410814][T11421]  ? do_raw_spin_lock+0x151/0x370
[  470.410840][T11421]  __async_dev_cache_fw_image+0xf3/0x350
[  470.410865][T11421]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  470.410887][T11421]  ? rcu_is_watching+0x15/0xb0
[  470.410905][T11421]  ? kfree+0x54/0x430
[  470.410926][T11421]  ? async_schedule_node_domain+0xa3/0x110
[  470.410942][T11421]  ? async_schedule_node_domain+0x5c/0x110
[  470.410958][T11421]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  470.410980][T11421]  async_schedule_node_domain+0xdc/0x110
[  470.410998][T11421]  dev_cache_fw_image+0x36f/0x3e0
[  470.411019][T11421]  ? irqentry_exit+0x63/0x90
[  470.411033][T11421]  ? lockdep_hardirqs_on+0x9d/0x150
[  470.411049][T11421]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  470.411073][T11421]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  470.411095][T11421]  dpm_for_each_dev+0x58/0xc0
[  470.411116][T11421]  fw_pm_notify+0x254/0x2f0
[  470.411137][T11421]  ? __pfx_fw_pm_notify+0x10/0x10
[  470.411156][T11421]  ? kvm_arch_pm_notifier+0x295/0x340
[  470.411173][T11421]  ? __pfx_autoremove_wake_function+0x10/0x10
[  470.411196][T11421]  ? __mutex_lock+0x380/0x10c0
[  470.411212][T11421]  ? rcu_is_watching+0x15/0xb0
[  470.411231][T11421]  notifier_call_chain+0x1a5/0x3f0
[  470.411252][T11421]  blocking_notifier_call_chain_robust+0xf2/0x1f0
[  470.411273][T11421]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  470.411296][T11421]  pm_notifier_call_chain_robust+0x2c/0x60
[  470.411323][T11421]  snapshot_open+0x132/0x280
[  470.411337][T11421]  ? __pfx_snapshot_open+0x10/0x10
[  470.411353][T11421]  misc_open+0x2cc/0x340
[  470.411378][T11421]  chrdev_open+0x514/0x600
[  470.411403][T11421]  ? __pfx_chrdev_open+0x10/0x10
[  470.411427][T11421]  ? file_set_fsnotify_mode_from_watchers+0x123/0x640
[  470.411454][T11421]  ? __pfx_chrdev_open+0x10/0x10
[  470.411476][T11421]  do_dentry_open+0xdec/0x1960
[  470.411503][T11421]  ? vfs_open+0x31/0x370
[  470.411527][T11421]  vfs_open+0x3b/0x370
[  470.411552][T11421]  path_openat+0x2caf/0x35d0
[  470.411573][T11421]  ? __pfx_kstrtoull+0x10/0x10
[  470.411611][T11421]  ? kasan_save_track+0x51/0x80
[  470.411631][T11421]  ? __pfx_path_openat+0x10/0x10
[  470.411649][T11421]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.411669][T11421]  ? __lock_acquire+0xad5/0xd80
[  470.411694][T11421]  do_filp_open+0x284/0x4e0
[  470.411713][T11421]  ? __pfx_do_filp_open+0x10/0x10
[  470.411731][T11421]  ? do_raw_spin_lock+0x151/0x370
[  470.411763][T11421]  do_sys_openat2+0x12b/0x1d0
[  470.411778][T11421]  ? __pfx_do_sys_openat2+0x10/0x10
[  470.411792][T11421]  ? __fget_files+0x2a/0x420
[  470.411808][T11421]  ? __fget_files+0x2a/0x420
[  470.411825][T11421]  __x64_sys_openat+0x249/0x2a0
[  470.411841][T11421]  ? __pfx___x64_sys_openat+0x10/0x10
[  470.411860][T11421]  ? do_syscall_64+0xb6/0x230
[  470.411878][T11421]  do_syscall_64+0xf3/0x230
[  470.411895][T11421]  ? clear_bhb_loop+0x45/0xa0
[  470.411913][T11421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.411930][T11421] RIP: 0033:0x7f003518d169
[  470.411946][T11421] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  470.411961][T11421] RSP: 002b:00007f003603a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  470.411979][T11421] RAX: ffffffffffffffda RBX: 00007f00353a5fa0 RCX: 00007f003518d169
[  470.411992][T11421] RDX: 0000000000042801 RSI: 00002000000002c0 RDI: ffffffffffffff9c
[  470.412004][T11421] RBP: 00007f003603a090 R08: 0000000000000000 R09: 0000000000000000
[  470.412015][T11421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.412026][T11421] R13: 0000000000000000 R14: 00007f00353a5fa0 R15: 00007f00354cfa28
[  470.412043][T11421]  </TASK>