last executing test programs:

10.558126235s ago: executing program 2 (id=2793):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000001340)={{0x0, 0x4, 0x2, 0x5, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
r2 = getpid()
r3 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
prlimit64(r2, 0x9, 0x0, 0x0)
syz_open_dev$vbi(&(0x7f0000000080), 0x0, 0x2)
ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0x9, 0x7, 0x0, 0x0, 0x5, 0x3, 0xfffffffffffffffc, 0x800000]})
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b8970000000f23c80f21f866350c00a0000f23f89d0f326635000400000f302e8dcc0f23742e3b5753baf80466b8f494f78e66efbafc0c66b83ac80000666fda6509", 0x46}], 0x1, 0x1a, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f0000000040)={0x9, {0xa15c, 0x404, 0x7, 0xffffffff}})
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x13, &(0x7f0000000000)=0x800, 0x4)
r8 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x1, 0x13580, 0x0, 0x1ff}, &(0x7f0000000100)=<r9=>0x0, &(0x7f0000000280)=<r10=>0x0)
syz_io_uring_submit(r9, r10, &(0x7f0000000000)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x1})
io_uring_enter(r8, 0x55, 0x84a23, 0xf, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_INITMSG(r7, 0x84, 0x2, &(0x7f00000001c0), &(0x7f0000000200)=0x8)
read(r7, &(0x7f0000000040)=""/148, 0xffffff96)
r11 = syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)={{0x12, 0x1, 0x141, 0x30, 0xf5, 0x69, 0x20, 0x5ac, 0x219, 0xf072, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x55, 0x7, 0x1, 0x3, 0x49, 0x2, 0x0, [], [{{0x9, 0x5, 0x82, 0x3, 0x400, 0x0, 0x33, 0x81}}]}}]}}]}}, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
syz_usb_control_io$uac1(r11, 0x0, &(0x7f0000000940)={0x44, &(0x7f0000000700)={0x0, 0x0, 0x8, "6ea70d97457f2301"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x6b}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x89}]}], {0x14}}, 0x64}}, 0x0)

9.08409034s ago: executing program 4 (id=2795):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg0\x00', 0x4000})
prctl$PR_GET_NO_NEW_PRIVS(0x27)
prctl$PR_GET_NO_NEW_PRIVS(0x27)
prctl$PR_GET_NO_NEW_PRIVS(0x27)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_GET_NO_NEW_PRIVS(0x27)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="440000001000010028bd7000fddbdf2500000000", @ANYRES32=r1, @ANYBLOB="100a050022380300240012800b0001006970766c616e0000140002"], 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x20040040)

8.892190277s ago: executing program 4 (id=2796):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000180)=[@in6={0xa, 0x4e24, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x5}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r3=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000280)='\x00', 0x1}], 0x2, &(0x7f00000000c0)=[@sndinfo={0x20, 0x84, 0x2, {0xa, 0x4, 0x3eb, 0x220000b, r3}}], 0x20}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r4, 0x4018480c, &(0x7f0000000080)={0x2, 0x200, 0x10002})

7.618199156s ago: executing program 2 (id=2799):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0))
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r2 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0x64000ba6)
inotify_add_watch(r4, &(0x7f0000000180)='./control\x00', 0xa4000960)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000000)=0xffff0018)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x4004000}, 0x40080)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19)
sched_setattr(r2, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r7, 0x10e, 0x1, 0x0, 0x0)
close(r7)
write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000300)='connect aa:aa:aa:aa:aa:11 1', 0x1b)

6.795686305s ago: executing program 4 (id=2801):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df", 0x69}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a58a32d021d", 0xd3}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b55669170d96224c8fd12762ad7f2a635040cde08fb0cdfb05e646af483235ca7dab9", 0xe6}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)}}, {{0x0, 0x0, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000680)="08ce454517ca124225c41ab87e94f80f1a901164f50f2467332973df3f70a604bcd21cd340fd", 0x26}], 0x2}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000005c0)="33ca667d023ea8f11964db8dba", 0xd}, {&(0x7f0000000b40)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e7760112d01b2746540dc8a0e9087bde26b530a321fd36ffcbeddbc482d96b9f47e195afe70b764b941e9590c8cfb377d923eaffee045993ff1eb3757b9ec29b8416714cab16f748d946c85b6680", 0x89}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982dfb14eaaa45b139ccc18952a1c1cbde3bb0d4882d72aa508b511b9a3e2b1a11b96aa29650279ca66b2ba92df4f9dcfa322ddd79d8a4da49182ac4d0c7078b2c2c2860e680276da35f952bc9627ab64d475aaeda4e896f04ffbb48983f29cee0574f219acb18778a0b17db40bca0c7102e8d6cbe0d66420a2d836efe9d4932605ad6852bd15bcfbee0fbc22bf79d08512bb8e4ef67004391f17b9723bd61bca96a861833bd415fafb468a205feb866aeaf0057b5d4c2eb5bed757aa6c8a38fd86de6e06bfce036465e63c9a9ae4512985474edbcd3c7ef50e74b4f6091a649cd04c6e14bc7238327edf829e0cca29f", 0x29c}], 0x3}}], 0x4, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

5.897705619s ago: executing program 1 (id=2804):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df", 0x69}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a58a32d021d", 0xd3}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b55669170d96224c8fd12762ad7f2a635040cde08fb0cdfb05e646af483235ca7dab9", 0xe6}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)}}, {{0x0, 0x0, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000680)="08ce454517ca124225c41ab87e94f80f1a901164f50f2467332973df3f70a604bcd21cd340", 0x25}], 0x2}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000005c0)="33ca667d023ea8f11964db8dba", 0xd}, {&(0x7f0000000b40)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e7760112d01b2746540dc8a0e9087bde26b530a321fd36ffcbeddbc482d96b9f47e195afe70b764b941e9590c8cfb377d923eaffee045993ff1eb3757b9ec29b8416714cab16f748d946c85b66802f01", 0x8b}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982dfb14eaaa45b139ccc18952a1c1cbde3bb0d4882d72aa508b511b9a3e2b1a11b96aa29650279ca66b2ba92df4f9dcfa322ddd79d8a4da49182ac4d0c7078b2c2c2860e680276da35f952bc9627ab64d475aaeda4e896f04ffbb48983f29cee0574f219acb18778a0b17db40bca0c7102e8d6cbe0d66420a2d836efe9d4932605ad6852bd15bcfbee0fbc22bf79d08512bb8e4ef67004391f17b9723bd61bca96a861833bd415fafb468a205feb866aeaf0057b5d4c2eb5bed757aa6c8a38fd86de6e06bfce036465e63c9a9ae4512985474edbcd3c7ef50e74b4f6091a649cd04c6e14bc7238327edf829e0cca29fe837fd76e49b464933e40cf9799696fdb694a785a4aa7fc9342d32fd2fda5c5f81286dad13a17ac495bafefc5ec9b5ddbd744f879c00635c79d26b8131d7daadb26e5c4d0293ba696d29b1d80be0898263a1b157049fe222f2d2ba85b2dfa5cded7e372edf6bda18ecea8a75be58e19dba91c255561e21128277a8e00fd7c329ef4662494485775223d42803e25eed8f85765465159cdeb91515181a98eb465ddfb367ea9810d414fefc32e6b989bc539e02ca0129911022ec5670fbdc88b7420ab833350964f440aee90b1cc7eee831c3774c1087f8140193056a395839e11bd0aeb1adc4ef26a39d78c18bb33b254ee07c55d8936d659ab6728f69ee81b7fa5e988b6e2b619d91246e8b76b1457f2c9c68cda5bd621b34a70df162e5e6ea5da87ef309f71523b44d5d8f29d8a764c494191c6252bd0ee5b5ffc3cb49e3feeba2b399f7e44a069f61b856fc425998369df61c51c096995e6f014e6f2c7663809e79420cddf676ae77f7524555b83c3efbe99322d8241d14e5ae73dd178024c0d86a664b83c8c8729ed492431f3af1d5e259e8f8996b211dbd4f7e56f7dc3be7c1b253ce3eb97627d140d9e9e1a076738a08144d6bc07e77749327fb4933400a9af9b1a44fb2011522a79f093b065697995adace0022db7f4cc5c54cd867b6f96051e40a1dee3b1e2f177368d7a16c4176a633dd7f1fbee483983aed82514476799860454093b0f78b310ab3274f3e6064e4b0bf2c6cc04c468c11907569ac2ddb9dc0827a7f4e76221c87972a8975c3cb8f5f5e05d84b6a13b12639d71ebafc190807d93519ac5ecc014f245cef2dccef6995e4bf08ce2d8c5ae137c9e5f9816e9b6c00ec06dfcc437cfac706c2731a1446ffe7b75cc0aadbaaf58220b117be676896a6c352e9b2cfe3aad1a7cc5ee13528f1024be62441440956c31afa", 0x53a}], 0x3}}], 0x4, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

5.72200328s ago: executing program 4 (id=2806):
socket(0x2, 0x3, 0xff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge_slave_1\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c00000010000104000000000000070000000000", @ANYRES32=r2, @ANYBLOB="00000000000000005c001280110001006272696467655f736c61766500000000440005800500050000000000050020000100000005000800000000000600", @ANYRES8=r0], 0x7c}}, 0x80)

5.721336278s ago: executing program 1 (id=2807):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a0104fffffff5000000000a0000040900010073797a310000070008000540000000020900020073797a290000000008000a"], 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)

5.315916787s ago: executing program 1 (id=2808):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async)
r1 = accept4(r0, 0x0, 0x0, 0x80000)
socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x30}}, 0x0) (async)
r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0) (async, rerun: 32)
socket$inet6_sctp(0xa, 0x1, 0x84) (rerun: 32)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1, 0xc}) (async, rerun: 64)
syz_io_uring_complete(r3) (async, rerun: 64)
io_uring_enter(r2, 0x3426, 0x0, 0xa, 0x0, 0x0) (async)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0x2d, 0x2, 0x2, "d569e8e1dd2f1ae97ee8589301f453a0c04b1410b2eafa4496ba216b1e8ac11e"}) (async)
r6 = socket$unix(0x1, 0x2, 0x0) (async, rerun: 32)
r7 = landlock_create_ruleset(&(0x7f0000000080)={0x100, 0x0, 0x1}, 0x18, 0x0) (rerun: 32)
landlock_restrict_self(r7, 0x0) (async)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000240)={'ip6gre0\x00', &(0x7f0000000400)={'syztnl1\x00', <r9=>0x0, 0x2f, 0x38, 0x40, 0x7, 0x1, @private2, @local, 0x8000, 0x1, 0xffffff22, 0x83b9}})
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="21002b000008000b000300000008003c000100000008003100ffffff7f080031000100000008000300", @ANYRES32=r9, @ANYBLOB="0500290001000000"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async)
r10 = landlock_create_ruleset(&(0x7f0000000080)={0x8000}, 0x18, 0x0)
landlock_restrict_self(r10, 0x0) (async)
bind$unix(r6, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) (async, rerun: 64)
r11 = socket$unix(0x1, 0x2, 0x0) (rerun: 64)
connect$unix(r11, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r12 = syz_open_dev$loop(&(0x7f0000000000), 0x400000002, 0x0) (async)
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r12, 0x4c0a, &(0x7f00000002c0)={r13, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x97ffffffffffffff, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})

5.208694629s ago: executing program 1 (id=2809):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x54, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000280)={[0xfffffffffffffff9, 0xaf3, 0x400, 0xfffffffffffffffb, 0x3, 0x5, 0x5, 0x0, 0x101, 0xd5, 0x80, 0x7f, 0x9, 0x4, 0x1, 0x7], 0xdddd0000, 0x3b496})
r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f0000000040)={0x80000, 0x80000002, 0x2, {0xb, @pix_mp={0x1, 0x5be7, 0x50323234, 0x1, 0x8, [{0x80000004, 0x4}, {0x40007ff, 0xb322}, {0x10000001, 0xfffffc00}, {0x4, 0x7fd}, {0x1, 0x20b}, {0x4, 0x489aa92e}, {0x405}, {0xff, 0x3}], 0x1, 0xb, 0x2, 0x0, 0x2}}, 0xfffffffd})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.196096758s ago: executing program 4 (id=2810):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = add_key$fscrypt_v1(&(0x7f0000002200), &(0x7f0000002280)={'fscrypt:', @auto=[0xfaaec1632d5c82b, 0x32, 0x61, 0x0, 0x38, 0x36, 0x38, 0x31, 0x33, 0x61, 0x63, 0x0, 0x37, 0x36, 0x36, 0x62]}, &(0x7f00000022c0)={0x0, "66981e0ff077826dc9e1273c7c010ce490c724d834f3b77a05dd96e13f09212d0206396fe3e4b69787b529ef990f76b032cee68f3efaa285b2bce35ab77f7302", 0x19}, 0x48, 0xfffffffffffffff8)
r4 = add_key$keyring(&(0x7f0000002340), &(0x7f0000002380)={'syz', 0x0}, 0x0, 0x0, r3)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r5)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000240)='asymmetric\x00', &(0x7f0000000080)=@chain={'key_or_keyring:', r6})
r7 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, r7)
keyctl$KEYCTL_MOVE(0x1e, r2, r4, r6, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000001c0)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="24000000180009000000000000000000020000006e0000010000000008000500ac1414"], 0x24}}, 0x0)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1181})
r10 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x200000000000000, &(0x7f00000001c0)="d6"})
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f0000000640)={0x10, 0x0, &(0x7f0000000e00)=[@request_death={0x400c6313}], 0x0, 0x0, 0x0})

4.794097182s ago: executing program 0 (id=2812):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00'})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)

4.595316141s ago: executing program 0 (id=2813):
openat$sw_sync_info(0xffffff9c, 0x0, 0x10000, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x78, 0x0, 0x10002, {0x8, 0xe54, 0x0, {0x400000000, 0x0, 0x0, 0x0, 0x200000000, 0xfffffffffffffffe, 0x2, 0x9, 0x5, 0x8000, 0x400000, 0x0, 0x0, 0x1ff, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x0, 0x2, 0x0, 0x42}) (fail_nth: 1)

4.327940923s ago: executing program 1 (id=2814):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x11, 0x3}})
r1 = openat$sw_sync_info(0xffffff9c, 0x0, 0x10000, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x37}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r4 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r5, <r6=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r4, 0xc01864b0, &(0x7f0000000000)={r5, r6, 0x0, 0x0, 0x3})
r7 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={@map, 0x1f, 0x0, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x0, &(0x7f00000000c0), &(0x7f0000000100)=[0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r8=>0x0}, 0x40)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r9=>0x0})
r10 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_tracing={0x1a, 0x21, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x7}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}, @map_fd={0x18, 0x4}, @tail_call, @ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx={0x18, 0x1, 0x5, 0x0, 0x8}, @tail_call, @map_fd={0x18, 0x2, 0x1, 0x0, 0x1}, @func={0x85, 0x0, 0x1, 0x0, 0x3}]}, &(0x7f0000000240)='GPL\x00', 0xfffffffd, 0x46, &(0x7f0000000400)=""/70, 0x41000, 0x57, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xbfe5, 0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000480)=[{0x5, 0x1, 0xb, 0xc}, {0x5, 0x5, 0x2, 0xc}, {0x3, 0x4, 0x4, 0xc}, {0x4, 0x5, 0x1, 0xb}, {0x3, 0x2, 0xc, 0x9}, {0x1, 0x2, 0x4, 0x9}], 0x10, 0x8}, 0x94)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@ifindex=r9, r7, 0x26, 0xc, 0x0, @void, @value=r10, @void, @void, r8}, 0x20)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000003c0)={@fallback=r2, r3, 0x7, 0xc, 0x0, @void, @value=r3, @void, @void, r8}, 0x20)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000140)={0xe, <r11=>0x0}, 0x8)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000000)={@map=r1, r1, 0x35, 0x30, 0x0, @void, @void, @void, @value=r11, r8}, 0x20)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x78, 0x0, 0x10002, {0x8, 0xe54, 0x0, {0x400000000, 0x0, 0x0, 0x0, 0x200000000, 0xfffffffffffffffe, 0x2, 0x9, 0x5, 0x8000, 0x400000, 0x0, 0x0, 0x1ff, 0x2}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r12 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r12, 0x0, 0x0)
syz_usb_control_io(r12, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r13 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r13, 0xd01c4813, &(0x7f0000000100)={0x2, 0xffffffff, 0x0, 0x2, 0x0, 0x42})

4.281599869s ago: executing program 2 (id=2815):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="5c5eafd3ae55a73702d6befaee97f47f4be65587e1fca708cee084691e4587d887a5eaab43ac5edc4886496910cd7a153cd84b93208c7b1a625b3ea990092389b19dab4f61e30ee60a4d7e51ffc9a5accbe20844356dd0ce192542d5e58d80657b3b5fb7a3d39337df", 0x69}, {&(0x7f0000000800)="104b0b7073fbd7f77a847bdbfdf6da474f700bf113b18d16d8380f42e296b49f1326c7d0d97be798e205654b8a885df6ee57ec7b690491c55ca484b54170549c7a72b8a579005ffcb0b309dae34571b17126534a763ca881f12d750072abc05a7cb8f0e32fc3ec3ed14c3322630ae8e710fb68299cbb5accee8813185c77248ddec7b5688599f1bfccbec448bc6ce5c139c2095da22c9d7edf7bfa1392c76ab0dddf4db130420df295ea16aa3e841d50dc813025315eea3990c2de68e835c4fec57e2dd70f47b58472c2f915de1a58a32d021d", 0xd3}, {&(0x7f0000000cc0)="91ebffffff7f7d8625547e6fdcfb96c1d9b461ad7581ce705ad7203fb9e00e70512c27e5d5980dbbdb9d8dd381060e0f5bd279f6b8d9109f8e5b1ad6402331e7e4ba5a0300ee40f4ed347c7997c0c822b355f310b659f42003566ffc26878858a5f20373da0b75bed8465da60f840979b6b18d0cbeb297ce3e1e34d46e9e28b416e60e9f9dceb059bd608a506d563315b1a9c536f6ca7ec68acd35c32cdace2471dce1452c62550a9bf975bb6adf889077c111c77030761c0f5d6baccf58dd38bdc0889b55669170d96224c8fd12762ad7f2a635040cde08fb0cdfb05e646af483235ca7dab9", 0xe6}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000680)="08ce454517ca124225c41ab87e94f80f1a901164f50f2467332973df3f70a604bcd21cd340fd", 0x26}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000005c0)="33ca667d023ea8f11964db8dba", 0xd}, {&(0x7f0000000b40)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e7760112d01b2746540dc8a0e9087bde26b530a321fd36ffcbeddbc482d96b9f47e195afe70b764b941e9590c8cfb377d923eaffee045993ff1eb3757b9ec29b8416714cab16f748d946c85b66802f01", 0x8b}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982dfb14eaaa45b139ccc18952a1c1cbde3bb0d4882d72aa508b511b9a3e2b1a11b96aa29650279ca66b2ba92df4f9dcfa322ddd79d8a4da49182ac4d0c7078b2c2c2860e680276da35f952bc9627ab64d475aaeda4e896f04ffbb48983f29cee0574f219acb18778a0b17db40bca0c7102e8d6cbe0d66420a2d836efe9d4932605ad6852bd15bcfbee0fbc22bf79d08512bb8e4ef67004391f17b9723bd61bca96a861833bd415fafb468a205feb866aeaf0057b5d4c2eb5bed757aa6c8a38fd86de6e06bfce036465e63c9a9ae4512985474edbcd3c7ef50e74b4f6091a649cd04c6e14bc7238327edf829e0cca29fe837fd76e49b464933e40cf9799696fdb694a785a4aa7fc9342d32fd2fda5c5f81286dad13a17ac495bafefc5ec9b5ddbd744f879c00635c79d26b8131d7daadb26e5c4d0293ba696d29b1d80be0898263a1b157049fe222f2d2ba85b2dfa5cded7e372edf6bda18ecea8a75be58e19dba91c255561e21128277a8e00fd7c329ef4662494485775223d42803e25eed8f85765465159cdeb91515181a98eb465ddfb367ea9810d414fefc32e6b989bc539e02ca0129911022ec5670fbdc88b7420ab833350964f440aee90b1cc7eee831c3774c1087f8140193056a395839e11bd0aeb1adc4ef26a39d78c18bb33b254ee07c55d8936d659ab6728f69ee81b7fa5e988b6e2b619d91246e8b76b1457f2c9c68cda5bd621b34a70df162e5e6ea5da87ef309f71523b44d5d8f29d8a764c494191c6252bd0ee5b5ffc3cb49e3feeba2b399f7e44a069f61b856fc425998369df61c51c096995e6f014e6f2c7663809e79420cddf676ae77f7524555b83c3efbe99322d8241d14e5ae73dd178024c0d86a664b83c8c8729ed492431f3af1d5e259e8f8996b211dbd4f7e56f7dc3be7c1b253ce3eb97627d140d9e9e1a076738a08144d6bc07e77749327fb4933400a9af9b1a44fb2011522a79f093b065697995adace0022db7f4cc5c54cd867b6f96051e40a1dee3b1e2f177368d7a16c4176a633dd7f1fbee483983aed82514476799860454093b0f78b310ab3274f3e6064e4b0bf2c6cc04c468c11907569ac2ddb9dc0827a7f4e76221c87972a8975c3cb8f5f5e05d84b6a13b12639d71ebafc190807d93519ac5ecc014f245cef2dccef6995e4bf08ce2d8c5ae137c9e5f9816e9b6c00ec06dfcc437cfac706c2731a1446ffe7b75cc0aadbaaf58220b117be676896a6c352e9b2cfe3aad1a7cc5ee13528f1024be62441440956c31afa", 0x53a}], 0x3}}], 0x4, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

2.808033777s ago: executing program 2 (id=2817):
r0 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0xfffc, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={<r1=>0x0, 0xf52, 0x4, [0x9, 0x0, 0x8000, 0x80]}, &(0x7f0000000040)=0x10)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000001c0)={r1, @in6={{0xa, 0x4e24, 0x612, @private0, 0xb0a}}, 0x7, 0x304}, &(0x7f0000000080)=0x90)
recvmmsg(r0, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
recvmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x12040)

2.807746963s ago: executing program 3 (id=2818):
fsopen(&(0x7f00000005c0)='ocfs2_dlmfs\x00', 0x1) (async)
getdents64(0xffffffffffffffff, &(0x7f00000000c0)=""/183, 0xb7) (async)
socket$inet(0x2, 0x4000000000000001, 0x0) (async)
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x34f}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) (async)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x2f, 0x5, 0x0, 0x4}]}, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) (async)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xe8)
close(r4)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000001840), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, &(0x7f00000019c0)={0x0, 0x0, &(0x7f0000001980)={&(0x7f0000000600)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000000000000000210000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000d0087006c321881d21900a35f64726f70730000000005008300000000008a78c1eb51a0e65e56857dfb3ee2e4a89794ea7c295cc9b2b4e94a7710fa00f4567220f69f21eb78a19d3991e38d12c846d7c9fcd4d05a06ce03c9856a8bb18691be7df49391939dde89b761e1d3a17507e9fa1d068756a3f4f032a03d29db882ed15917ff27994d2888c0fc318feee569f282619040138712468db4e5fcb1f7"], 0x4c}}, 0x0) (async)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="b808bf97", @ANYRES16=r6, @ANYBLOB="010028bd7000fbdbdf254a0000000f00a8007365636f6e646e616d650000080001007063690011000200303030303a30303a31302e30000000000f00a8007365636f6e646e616d6500000e00a80066697273746e616d65000000080003000300000008000300020000000f00a8007365636f6e646e616d6500000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000300020000000f00a8007365636f6e646e616d650000"], 0xb8}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) (async)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r3, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x9c, r6, 0x300, 0x70bd2a, 0x25dfdbfe, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x8}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x9, 0x7}}]}, 0x9c}, 0x1, 0x0, 0x0, 0x20040814}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x8, &(0x7f0000000000)=[{0x80, 0xa2, 0x9, 0xfffffffc}, {0x6, 0x1, 0xf3, 0x8}, {0x5, 0x7a, 0x8, 0x1}, {0x3, 0x4, 0x9, 0x9e94}, {0x3, 0x2, 0x8, 0x7fb}, {0x4, 0x0, 0x93, 0x9}, {0x7, 0x3, 0x1, 0xc}, {0x3, 0x6, 0x5, 0x3800000}]})
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r0, 0x47b4, 0x3ad5, 0x60, 0x0, 0x0)

2.613966837s ago: executing program 0 (id=2819):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = memfd_secret(0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0)
ftruncate(r0, 0x51a9497)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0xeb5}}]}}) (fail_nth: 50)

2.436210019s ago: executing program 3 (id=2820):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x20, &(0x7f0000000240)=[@in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e24, @multicast1}]}, &(0x7f00000002c0)=0x10)

1.944098704s ago: executing program 4 (id=2821):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
r3 = socket(0x1e, 0x4, 0x0)
connect$tipc(r3, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x1, 0x4}}, 0x10)
sendfile(r3, r2, 0x0, 0x8010002b)

1.912115275s ago: executing program 0 (id=2822):
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x4}, 0x8)
sendmmsg$inet6(r2, &(0x7f0000002640)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4}, 0x1c, &(0x7f0000000540)=[{&(0x7f0000000100)="b22041a342", 0x5}], 0x1}}, {{&(0x7f00000005c0)={0xa, 0x4e22, 0x6, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1ff}, 0x1c, &(0x7f0000000b00)=[{&(0x7f0000000600)="b5cf31", 0x3}], 0x1}}], 0x2, 0x20000000)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000180)={0x0, 0x4, 0x9417}, 0x8)
r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x480, 0xbbaa, 0x2, 0x0, 0x0, {0x6}, {0x200, 0x5}, {0x4000000}, {0x0, 0xa}, 0x1, 0x3f0, 0x0, 0xd613, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20000000})
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000140), &(0x7f0000000240)=0x8)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
r5 = dup(r0)
get_mempolicy(&(0x7f00000000c0), &(0x7f00000001c0), 0x6, &(0x7f0000001000/0x1000)=nil, 0x2)
write$UHID_INPUT(r5, &(0x7f0000001040)={0xc, {"a2e3ad214fc752f91b3d1a0987f70e06d038e7ff7fc6e5539b3272078b089b080f384b090890e0878f0e1ac6e7049b334d959b669a240d5b67f3988f7ef3195201c0ffe8d178708c523c921b1b5d500f0d30090936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc90da8196c28d920bab05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d21487b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a158b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae7183cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a799567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461600000000000000206ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cef3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f86b8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a75500000000d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)

1.835806526s ago: executing program 3 (id=2823):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'bridge_slave_1\x00'})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x0)

1.67601731s ago: executing program 2 (id=2824):
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
close(r1)
r2 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r2, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r2, 0x29, 0xd1, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', <r4=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r4, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c0005"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
splice(r0, 0x0, r3, 0x0, 0x10d00, 0xf)

1.506042587s ago: executing program 3 (id=2825):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'syztnl1\x00', 0x0, 0x8, 0x7800, 0x7fffffff, 0x401, {{0xa, 0x4, 0x0, 0x9, 0x28, 0x66, 0x0, 0x4, 0x2f, 0x0, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x44, 0x14, 0x48, 0x1, 0xe, [{@dev={0xac, 0x14, 0x14, 0x15}, 0x5}, {@local, 0xf}]}]}}}}})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000600)={[&(0x7f00000003c0)='\x00', &(0x7f0000000480)='\\+\x00']})

1.408468761s ago: executing program 2 (id=2826):
r0 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(r0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat$audio(0xffffff9c, 0x0, 0x402, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x8)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
migrate_pages(0x0, 0x8, &(0x7f0000000280)=0x9, &(0x7f00000003c0)=0x3)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000b40)=[{0x0}, {&(0x7f0000000b80)}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0xc0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0)
r3 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0x8a5, 0x93, 0x1, 0x2, 0xd59f80, 0x19ef, 0x6, 0x19ef, 0x3, 0x4, 0x27ff, 0x2800, 0x2, 0xbb6, 0x0, 0x8, {0x8, 0xffffffff}, 0xd0, 0x9}})
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000840)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key(&(0x7f00000003c0)='rxrpc\x00', 0x0, &(0x7f0000000bc0), 0x0, r4)

1.212147606s ago: executing program 3 (id=2827):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x48}}, 0x0)

617.831672ms ago: executing program 0 (id=2828):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000799f00008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d5c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c000080080003400000000220000b801c0001800a0001006c696d69740000000c0002800800044000000015"], 0xe0}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000019580)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8800000000000000000000000000010c0002800500010000000000080007400000000b1800068014000400200100"/171], 0xac}}, 0x840)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)={0xac, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}]}, 0xac}}, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x80, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xe}}], 0x20)
sendto$inet(r0, &(0x7f0000000000)="9b", 0x1, 0x4044850, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)

586.595943ms ago: executing program 1 (id=2829):
r0 = socket(0x10, 0x803, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000)
getsockname$packet(r0, &(0x7f0000000740)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000900)=0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x41, 0x107, 0x0, 0x7, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @nested={0x4, 0x90}]}]}, 0x28}}, 0x4010)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000100001042cbd700000000000000000007870d05d6795edbc197ac99230b593313bb9c96feb378321e98d42ef0065bc5a81c30a424fd95f7ae56f76b662f9fef63442593526b90d000000ce8c95d44cb32cd7f2de2ff2894d9661ac4b00e226d1a2f1f1f871cc4cb516cf3bae4784ae12dec9256df2022a465e5110a22342d1d6251db79912c5b3e4b910b1e6e43e6a143b2810f73a38a86b7fa93bc609d80a8275d23cb95a923fcd86e0dd1d19920f37a8dd2b5323eb346cef0c8ba96e1aff6cbc02c0cce60d04e513c0a5ce6b6f8072467aa66c", @ANYRES32=r2, @ANYBLOB="0000000014110000180012800b000100697036746e6c00000800028004001300"], 0x38}}, 0x0)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r4, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r5 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
write$hidraw(r5, &(0x7f00000001c0)='.F', 0x2)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=r2, @ANYBLOB="000100008e8404002c0012800b000100697036746e6c00001c0002800800080035000800080014002e00000006000f00a9"], 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x20004090)

548.410547ms ago: executing program 3 (id=2830):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000e40), 0x0, 0x40080c1)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000005c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0), r3)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003640)={&(0x7f0000000100)={0x30, r4, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000004)
stat(0x0, &(0x7f0000000140))
syz_io_uring_setup(0x3d9e, &(0x7f0000000200)={0x0, 0x200086f7, 0x80, 0x0, 0x4003b6}, &(0x7f0000002000), &(0x7f0000000040))
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000010400000000fbffffff00000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000300792a9225", @ANYRES32=0x0], 0x3c}}, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x218240, 0x110)
read$FUSE(r6, &(0x7f000000a280)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_INIT(r6, &(0x7f0000004200)={0x50, 0x0, r7, {0x7, 0x1f, 0x40000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0x50)
syz_fuse_handle_req(r6, &(0x7f00000021c0)="cab1f92d585917232bcfa47f91900c936355a83b5a41f6f43bd8b0d1a1e13674b6a8596a8376e6851e0b96decd071d92ce4887ddad2b82183858d82c7d11948024607d92ec0f1c23a4e755f29fa557d1353a3ced680f530e822eed64b4d1aaf20d1320f3583cadb9dfde95993487f96bc290dc10cfccc5ec8ea864590fc1678b79b0a36c9668b27ae142d22c305496881af0d0546076ec21e31bdab2465010e779e7140036d2b12f59b971792cfed8d07f0b8ae13ee944268f573ec11c1b14d53880a64fd2fdbe981f4d9af8863191efc03a39d5a3f19badf65dd49443297b38bf0c009eafad5879cb78e63b00e961de7d7180941f0d1e87a2635294bcb4619e9d84be1816784325d23fcb9c66388b586c8e719f3edfa2aa37cc3f6511add854c10fe546d1c11f11eeaff24cecc0d47ec8fd336ec08470f06227e4a9410074a3d715eb6a697b04bdfeda0b6753d880d012ef8fada7f4ed649ca214609e31cace9a33937813012e4c1b787d8f71ce9b495a69e5c8810ff9954b7b96743dcdd7e52ebbf526f339d3c8ad2550326d3a396de5ac90787b352feabe013c4044ca813344c97f836851d6daf2de3a8b07a61d1052bd302a641706af7629a042dc2f0374671b287f1325763e1818beba9f7cab9e25d6f8749f7dea4c5ef684723d33938aca32e19b1c6a6237d899fb397e9023764b3f4d6399885533a802e4d3ca76f2e0234ed6d7257f8cebddc900af88cc21ee2816513045e92f71fc8523894d684678f17b5fdb4adeda98fc019c0ba05efeffeff3bbda1d6d84a98002a74237cb8d13cb30d8a9a7e47e4da8273a47df4e6ea53036b5b154b9597e6eb00fcad29ed04a820b1ce807bf1818344122a6f0aac52d24426feeba0af56925cb4a1e70a84251f2b4d4693e689518a0e159647b5b60a62db699a25275520c208652ce4401bb5dcd633e7c889758d3d213f4dbe69c9bb76e80b6e892bb5f5809e042ee5cb1982a2373b1886711d1e68d0bc3d4c9d69ac605432bf84cd81104e77c71cd7c0708244fc9428edd52f8cc8f3023b4c6d3bbad7a9b874111098c4652b34c428a8f789c5e5f3f84354ab7afec1a7b11d2a34771ebad2f15c169a61b431c8a1cca9ca1596fce65242d03814ebf977da9bbde5707b22b5002cce68bd0f6d196df341c96bd0cf0916b8775e75021663ea82c99a90b844cc5f8b6c56b21b1fbbbf6fb40ed0c29ee4ecc2998df2cbe3a4d75025ef73dd9f3aa5bc7aa694fe573a73453c9ff873d0a8840afd91be319181836de45260b4e252394edae58f840858a9b64f0ff37bb1820031e563250e62ceea5a7c4d2cd4d5d10e57176fcf576e774920db06b36ea02f9cae9c1087bd1866fb4bcf7fbf393093b339860a61c61248000a2a1bbc982fa691e311fa1bf2a38afdf08b574eed0df42bdc30c3db7cdcb71687f48070077f91fef93e8e47e248d3e53e8a79fcb5a8f8aa39b3bfa2dd88d5c5840d517ae8c132d423a37a8be3301d62a99753bc72f674205a11850e045430abbdc4e68223a93c76d6d2f1d646af10a15705793e2fc5a532af3dda88f52063a091f1f79cd5a5b23ea7742b149eab1aa43c21c2f15227a1f94b5580adbb1e1c49ade49d6e8b838cff43aa2426651817f479252c8ef7af9e4a5ad33839be6c15b50016c59f13c26cfca796cfc01207acc69e9d3952f6e71c975bc77d5a001f6f6c044770f54d86a4518a4898e3136988d643dd2de907859f0b4d4de2a2d461ba5e05cff49eda86772799b2e7947fdbb89fc5b0347e87f1b9dbb94842cc1457d07f3e0c41342510f5ccb551cdf0fcac1a758041bff75812de1b2abf341ed5f667c9b0581d2c33e0b17f1b46c2287399c62252edb9c1cf2b80b7a1b4c3c903aa4cf5332a2998b9072f61f589ae5df1168f8d18e98fce2bec1d5d876f9757017b73495a4e8f4f2423cde8875aa8c95a9ce180cac6690657b8a70e5541d5ef46575cd74e063759fe4889f4d9737a6c9732f8b7f7836508814093b9bdac5733938e761b3642910d4df0b646c1b9583a502246988e9ab78de3d011e8590e48eadfcdb70c8aad6dfbe1dbd3ef20d9ba393db4e6cf91e3bb4e84883c60dc20ed974a5decde12d3c5a1c9a00999f8eefc244465f518425820b9713cbfc6027f427b9cd8756edec5b3a0301a01ebb12c6d412ee3422aeb8b291619f62f4ce41511156f73e54b5097051ea777af7cb73b36e1274ce1a3892007466cc793eb0515b8984acb99c04c7eaa51e175bd73d99bc0c67c8ea84d808a7906a6ad330ba2c9651b2ab82d0781a969873dcddb068c15b7899fd560a1c3d44b34e81cce079c46fd86522052659e2c3151c79a8ccab1dfcdb91f53ca067ea1b2aa507278e4166e817eb0d7dea67cde1598a1bdb76a8caf82add2b43fdd10bf80b0d2f32365849c425d6ac3d2d88a76378d23961eb96c8422e785ea61f33e4daec02393d51f44b177755749fe84b43f5246d20177800af05752af524265f34f62bd5167fa647d2118aa905a1af53f07e7447bee29675cc23f547339af140c0818aa974ca16da33e767d508e4f56726c7076acce57a9957d08348ef84a39188e800ca44682fccaa9ee1b42e1aaf7738dced1dce3ef2dadfcba2863f36b5f8080ed22539b5176bc2c57e52e4cfde659c1ce9e179c79f85d60ca51c7453dad593190b19a1be8f5c5b0249d70079f10f9d0f07f25a98bd95e6e6f71101842b55347ee008d58522e8f7598c1636c58fd20984a6bb17fd47e7db4bc72854054e7900cac4174cf0b4eda2406842955fd8a2ba00ea4d490dbbab02d659cea4c449d9ee37c8f35daa4740b3273693ee2c1b00965a79d18ad98ae92bf2e1ea84ff1e6181937d38765cb353c6223ead1257d88a8844cb0be17aecc2dd56b78dcd6e2999fe695db248dd68275a5ad0f223a4629b17a040a766b2bd2376d77a422375de14a3daaf4fee92f23ca831452826bc66d0cee2049acbde07bdbb6ce228147f9ed4f9437301e8ca9e1ace0684700e9623a1534212d4c557712a3196d86c86077e97172d7e89436e95e1d7e7629d5bc908e346e504839498890210ca15bea51bb2840f1275d36b99490ff0706aa3ca9e89f33fd99df863acc3bca504c15501ba9d987999ee118f47b7737d2dfe73ab257d680f983da1f5fd5975491ad966989f7b15e76e4e6b1a2987801adb3b7cd4cb1d2c9d0454429c2955643c8fb82ccf8e93051cc10081f8181af0d143deee686f67ec42db1e9914ed047e4bf0006af01028e3839451fa3e17d33586022c63cafaf6d0fc773c96143473316988d32f9943d7477604a27ae4b8a7093bee2cefe10cc02109c748d0676692a2411e5c3b4c4c1b9ac7f9b71a1a7126dacf4615e8c9c3d38f536e8b32e37f406b3dc44db80a00d6e423deec869edb32a411986be1517b6ea45e1f984a6fbd08edb25a305122fe5a90cc46af48ebc36433a1f27f43d85492ea60fd2f43125e7328da93f7aad97f97910112fed7ae7b1785822356a525df1f3ab4637b68d92ecd8d7f234973c686fb11821bb1de5f8459b57892f1dae08aae1924ee60a904d7be6e6611ec3d00002152ab7e0c29c7bf124dbec9a6eff25e619d89c27d187e3ffff63c996c33f4b7e967b607f36a8ac8dba6beb43395c9c9b2e3e36de29b07f9c2d60cdfd1d02813d4e508c56b99405b752758a01cc25bb5436ea1efd52c536fa1d2fb1cd9b1ee006d42b58600be2c1aba59c480cb6e9224d7a4df920598950634033087d3e356f35cd2f8b021d30f4ba79bc60eb6715c6c9bed84648552395cffa97c8cdb8f562f8f127f0e6f86dc61fab11ff782560d88cf2872d0e07a27f38120a0831a93c377298c2ed4fe180eb078422e5f030540fd21ebd414e6c42f1fa5491b5b8fdcada476376732edbfd66e10a475e2c0a43ccf6a41f7879f4577e987695d8d5097f6920fbe2b9ac2cb424de7afded1b5b7db89f3612c487770d58a7bb7517f1fa7a98ff6db3778d40c5f36b27d233a0c18587220f900f4a8e867e33e24c1981acb3445de995132d8fcc58f79ddb1475ba69c464071e95c0707c396c0b1b710cceb51efba5f30a271cd456d5f7216d90b412156ecb01dd41f15ac31980649c5eabc7fbb085a38318d43b0683cba055deb9dde4dc4584935473508837c1023993d50b434b311f126df6a0be0653b97a97bbc9b165098dac8dfd6ed6f033ccf7b32cfa3292296222aebfaec4dcd5066b66be45696067dfab907e2984f1bb6067c170e0617e245c9c09a85a061c4b7e2873ce0571b48d557007d5c7ddf5cc2ffa533e2a3975f3687a6d08a09dc1d285cfed129ec887d70bb5aded429b676c242d57c8f36721bf5732b1f25eced0ffedba7254486c9caab3fb3e0ad3b2dc332a06dadd39e5483a314b1d3086cc198b6b6b272fb56e35e0388b1dcddd484fde0ef9d855ca7bd98ebf0f686cec7d5e37f7b5dffbe4ab28c4422adbaef0c45649b0b830dfff90bbea3b7103ea9dd87d856ba7c5bb485319eecc71acc943c733f489ad72e13b1b232cd1eb4ce87917daad4b0405c9905f7a35501c75332d9acb36057715a6abd0958061fda860c00000000bc9aeac4f47acd022927c381012150fed83a99c2d7b268ff2e1c8d162d3feae2c5bdee747aa10566a94f13d4e1a00a4043bd179310e72ec8e4c68659be77907bba82fc416a72c0d2076821f77e8afdbeac769195a01515ab45ba73ec85a2f8a52146dbbc8d585def095aef4e4491362b596a84d2e9fd0131de2c72b71c4bd239146011eaa209957b2bb3f74bf2f42a17440749688d66a18a9d4a7d1e2bbb34dbb2a45460e69a1ec43467665c59438d35fe9b04a94e408ec4bcf7ba1a25bfc287d6189b65711904be9860f8a68d1bab99eed54890f963caef1fa0179224b650f090f67dca59f1241c2a25bc921d522f61e57d2bad88c057d3f7729499a0391fca3a62b27cc0a9b976da3eef333d88ad128ea757697ffdd50633b66b73ea3ddb565bc3d8780f9c0bb2347551969aaa500e7c030da2a92eb3f78d88b91eb547dba2e9be7ab2aa617f0890c39c73c8c2b35ff7ec529f6b8d08e3fcf2630e454bdb6474185ae72ba69310654c9c0b3ba158fe223954e1d46f9d27b0a4e090b0084918b2964bdcee31d258325b89ef96790ed1df4842b482023f1d22fb3e01280f1c8616153035f10bd65de57c1fa7d5a17e77b12e348bd3019092ef548c5249694168dd24df8a7318eccd779da4f547e9f162f484eb3ab9f5bd196f6b68656725d2624b61d09f73586753a1fb7eeb1721973f8e15522487f1dd1412b0f4846801d1abbfe53b755f15047981b162a1de04d52b4d4762ac877e4d718619e8cdba16df688fe95bdc9a1ee99c21004ba7e72985752d89d6892a4169296703fde314457f014ed89c129a4c83b5bee0bb93cb69a83313442837bc03679ee317cf8d1b908b70fae1b1461a398f310ac073642f954ab39e0eda329a94a5c12cf262ca4a25831dbc10aecf83d9d54776c379c230bb488cd6c9295bc31cfab61eb9b5486726f5c854db8aad2642d4468643f3bc8b25cdc9fda7aad04b06b61b185868a44acd46a0bd8debc1e431f19aeddfa3d0e480949bd361f6c988744acafae954c140192306c3066e8e434f70e8cd67b65a59923d166a95ca5e0515e2059e1f1aa9a74bfd49e4e37638bfa6b6117b790c4ec7f536d046c38f8ab6eedac1713bcb8860a18cac43e9add3c68c3ce5d17fbf76e966afcd3ed7795540650e093d39926f5e3719156baa54307b4f5e934f24951b3644a7657e798525d3f1207b28527a5bcdeb33e296c6c0e9e1757941ddd24a0d15c9a21918514a3143ef3fc2e775345ea10aeba6767686e9cfa646da377e88fd759a33ff20c9b258fd37d063d02fe22f090c5e324b507cd3bc42248a7abb2c7d0b1b85ecb5a67bf53a2f25d139ea523808678942e1588fd677df161b67b563a446a2cc69d9126fbf308258a13fcd6f53d92d9947311e3de4fa5acd7c2684d9eb3b4feb024e05bbf090836d92e30b68df6a7619542c9acbbb69dc73c781bdc7ef4b25c2af77186f493a5038a56508cc56b7085e13f4264e02a2a3bb515e15301371520481302f2367c883a5ac503ae4269cbbc8fb2f0f77ecaea7b8af04bc24aa90f677a72bbecfdb225864714344a8fd1c07ef664abaefe53bd76ba12c8bf45860a316812af87348682ee7005ac6a00523f4313102742ee5502d8c61c3321d1b872780192f4d00b12b38d0aedd34619c42f49b81d7bddc4ca481ed8f448bc3ad98b13f7176748838d623e007a24948480e978b80ce67ec952eca613091ad4f81cd521b2851bb8b2a6b1da0420eca80aecac9c0887988e1f29906c9ce65b990a00f22ba6f115a7a0001f511ec35dbcd401130173fded8b2e23365caf3d6d7c8f404383f16fcd76b17c220f88c1fe96211bd92c5803c63d9537a2ceb258508d9b1d74ca43174eaefd677ed6db63bb3d7712c9558c7879fbe67b7396c721407953db9dad13291f96d7d0290ad56cf1f65ccf58d3f5b8ba1f78f81d86ae0ea50926ff352d73629da44a6d31598dcdcf81355faed4f5a6ad8cc39d4a414b97f193c896bd3c270097cc96e4a5e36ca9a56a27c52a03decc4837d7b008acc1fd2724f97e0e9591afb5de3af3ec5fc16e1bee79098cc94d638375d69ae5065bedaed575e11b1b0a4d1189830856e8d48a6c50bf18cb9f8919fd8a55ad0b2f7d8c096c7f549fec8e1522be0de2a69699afe47e899ac6d5405c08e2e374326808ba76259d85b971dcce55aceed11583603dd280fd15c8e7b206e8bade3f6d83c6041838ea8b489fb9f92ab220ad5d3cd2af3f45cb2df7094d550b2cfea314469943a159e12c01897a7cc42904eeb24cc507e7ce7ffb4d22efdcd5cb5d75975582e14960fb0f2b83cb774faea32dfba7ed0e8b6a749785166cb5c77dde7498f67f7f20d0b85a7fe6e7f8a8e3f95bd795165f36440d84434cef17f81697816030e3a86bf003272ca4868ab935fa0d465fb10637a706c9fd04fa4d4eb421e87aa6628a1d6174833af4dbfceab7fc5989550c0847bf27a5243e3b318fffde95d11cf507bc4e092180dd228df9f89d193a160d50c223309eae580a09f2e78855f17f8ad25c1f5814becdfca7948c7045b242e22d5efab676fe717eb34d2f0fcb77289c8b12caadd2377b7ccdcfab61900971b4a2ac132587174117428739ebb109fa133e483956bd499dfa530cbb3d1df42309f6f0755b043d85776807f25c3b4b518a2274671eb38f3e82ad4397377f85201771877a7cc43b838791a4d4d655ecadf03d8c1687e961c83dbb64c4d54d4b745a3abca7e381a00c6f51f48f6f7ce29ec656d89a1fab216675febedfe6b08c35add5aeb8cf6c0b226d309a222e1783e45e560f6ea64bf7706787f199116341f874321b52b1135830ab8979ae5546aad4ecfdac0045d4d15b4ed2fe26e484793db6aa61d40333355fa96ac5d1b8a5b5fc033475cba14f344007bfd82deb64b5c2eda6c0d528e4de0c21802d6b27554c0e2090f2c4ebd19208ce904cc02756b44bb2f8ebc1d37961c0957a4815487cbf76fdbe1f2b77b563a5663a00952c92579399f7acc1d41d9289ea0345f02f6f760ced802c8e0b14760a43dd04e6c371ceab9f5cb3617cd7ab31457b6821c6a4f34b243fba61f5c553e58ca253d5723382cf5d3f8357347ee2af2d48d86367f993e4b80b849dd3f50b2a89338af97e11b9a796ae2548856cce01334bca0c558e160f16e74699c7eaefd699acdf4d5019bf70f2d9c083f62b5254262f05c01dba59b1779502d3ad310a3039447d730a2cebb1242331a9849921c07336e985a844c55ce6129a650b3fd7cbda52a0cfdf0ef566f24adb8c959e442e9d5663fa16561b185cfb18355863d9b9f91c3829c4b0ba580668402a7a100fcd4a4e901b660863a9537f46e4f36446945e8f62e53e8282ccd7cfe14fca161d7daf592188eb2e11e275f616f4e692db8f318e8fb635d1a2582a3c8ad3050995f4cd810c04b23aaa6b26a2276133b443280f0526c9b1c016a7fdc052eff91d167b2813ec4f868c2da5fd9568da148e0ced0229f415716c1caddba880efa2017a82829125e734b96333da0b15340c149b50be86e3017bdaae3d80ae51c35df37e67684e81b5933cc41127fe6155089b53901f9ae3eb1d592eb3fc244ce6555d3d69922dd3dcefecbba207fcbd5144a5ff97bf2216c046348a633284db59c10662350c7484ced762f353cd01a971c88d0eabb68eef856d585e8f5a684dc948b094754362ba8d606f85a755a27895ff5b6b4ea0387574afdf362a43b5535a2838b3f00f24612b9ae47e95f15d8b828efe56152d77871cfda0e0ff9936db3fe9c49f0d0f5ef9b71b81efd2e92d0166a4970254950a51235b66866d5402740adaa584e892572a6f46714704660cfbcaa56cc27cb538a908d1ee2fc7adaa674ce7a717f6e0481a2374f768fa3df8368bf4281bce6f9777f958f36502908d7c921ba745d0cc16b8a9a67f15c26d4b005788b1e90b19cc13f3e925fc14ef31d624c7500710d8f80e5bd4b14dd6bf70c210db6077c69d2d1751fe999442502d3542be12b732e3793e6c5e5c33a15a792ea344b0ed0be1ebb1d4e896e3e62d8d85afad2ae134dabc4f0d3fc719c6245d3bfafa42f0cdc9c0d5c4ba5c20b9da975bfd2f211bee8589ce1dc9652c2c3cee2a5e8a00049e42afe4403a905b60e0dcda1120d32ce36b91719d6308c93dfaa16c23a3b37e88194778be77d5e9e64b39477b76b4644ca32525b73bcf1fd9dc9af7776f2149e368053c58e1c93e1ec4575cb5e0b2da61d5e6b19436f3c095cdb4af4ddfc3364975700e5ff5275f9336b8cb3b959a1cd94f6b9c3a33f35e9ba4b7fea0466edf54e5e2e06a79bd170392c02b09749f3d111ef60baa8016dbf9ba581beab2c43d094add0d7fb7e16f198f3050641255f30a57c3045c1b51dd6e5d65613167596365b9c67aaa36fc89c44fbc4c8c96c328554a63a15511b04692651dd5e30780caf0dfce976c665e7b05fa6143914837bc82fb9d9dc5a1660e28a697e8a0a32eb8db109c5a045243d86ea11847fb64ec450112d77ecba32de418629a4ea2ae3f7ed3625b26def5c19813a6386ab4e43838c1fad3d4e92dfd7d3f98b3cf46d6e20304851899c59661e9639f3ff52fa023114907d930d74d605f3f7c5fd9ebb446d807e96cf3bf3517e369dc98f489026ec035a86f3719e1e50a48c0381f7fd2a7eea1d3a09ef7a0ba50b2ae28c2c955db4761ac005226ebc0c18d108e8ac066371be249b80eed88afee799411a50381cacb2d5164f0827720eb9d11b5cc548c2e145291dfbc5d4f70646dfbca077ce8ad3a3f8c627021295cbef70f5013c53e8fce32116e678a7b1dc535d43b429d330e9193f8de1a6c1da4353a86bc722ef1cffe59a012ff9c5f45b85e55ebdaa6b36a519c544ef8a86095e522d7dfbb9cac41e826fcc4bc676297141195f839ebcd8f64599fb15856960f97bc70d2336507d5060282d0988f354eb757c6f4b0ee77e2c0889e5336633ac28e2651c98e7f2fa4c163f8fc196b6798c1400c46710abed12a33a95afa56c7fe55de0b48cc984c80f6d98d212daeefdbcb457217b3962436e481d70967cab6b0943d5da59021ea9fbebf66e86943e029ef95d46d347b834098e1c8fb4c35d15945bc2e336f74c6c80430ad5fc4f5b9c6b41245ecf151eea90763ce3e09e050ae1c0925fa7a5ddbb7f210226cdcf9ee406041b73a5988646b90ed382d08e7a147078f9de025f5617017ec70f65dd25d7ccdb47ad7209474f4ca461ca46f0afe3cb405c3b72d320016d01b62def93fa4fa5a34df145c526fc497329a9e29ce17a929893f7beb417c88804418271dbeb51115821db4737b9cc467f190209649f543675defbf95640d20cdd124e85788b703213f4e99b4f36b74b5d44b67b7bc995ba133da4ae92f3a3db49c9ec039e0285001fc16760da0d07552e1ad621a4bac6d0b6409316e8a78273b79aa70df0e3ca024336d42c530550be8c68897bfa6a44f595bf5be48f8b25b48825ebcba815db4b3124522bc71e3970dbcafd479a6dab40f745a655cc3f9dd5aeb046d25baaaa160ba21f8b3c0292329ae107483c8caafcd70d041facfbf705dda95370a91879fc0ab9132e3b7b02cad69417178c4f34909df7a373bacb289476c25c901be7b52aabfdfcb3415ef3a565c7de2f0128c63e16984e2e98ad23e06b890f22894ebeceefdb472192e501e2c791232933b52ea4b9c4e9fe3654b8b1e08048fbcf58fada1cd49ca6658ce6ecd12102d90c81eac26090efa36514553abb298f7cf1a43bd6d473c1436b6be9e87445de726cfffb00c72de49db0585d677d5b245e15f9a53b4c258ba2fd67d38afd9ccd0d409c0bad675fcfbc1f4e5166fd1b29203274f758f55a266b8f7c9ec8ef1dd4913727fa392ce6b11baf902ea708adddd836982a609718c1dfb810aee6f21e47c27dc6b4eeebe5fc21aae6fe7d2908679c873e2aa45a1ee14cd7e10586216d5e17cdbfacd4bfedf00b7ba7fc46d4ac90667329ba76b4fcc6b991a55c9ed159a2fb9525c975bc0aa4a291fdde14a78b95adcde52fcb5a893ee7b4df6631b3ed5a9d9d9ebe36c7cedea777a9e67faad7f7004f0a820aeb6636f24685a15d12abc639aab2233b36584670c667f9e7a3fe1195d35b268d1052d5b4c9625dc963640c2c5e6c37d36acc31755b34f3ee2af7b7ba5dbe105322a3741c567c9edd817f6488fe69301b19481fe2e2cf74b19d4b224598b0ce1fa151fa1ef3d69aaeaab397a5eac72e0b969a09b85e3258e891db207393bc281afa93468b29b7e55cc2decf8292fc68e1a02b2faa873a846680992b37a548c8f724c0125027faa58be5b2836206cc34c063b50270d7fc968dab0d38072ca90bdef91119b72ab417d811d2f32bd41e6ab2bc5b5293f92f7a0a4f172bfea5403cd418db95e1a4232f78f6afd3d13978e206d85fa9ebe2abe444db065d03b6169bc9f0dbfc19237a74bd13c1ef844f839b20018fdaf1be6f1a171f6f3ce2205fdcce38330b88ceba0c5eae812e12be99993d265f806e61ec42c9527287967a1c3b27afb1edc35a5d17bb7f4d20ea708c62c9170ba2ab710f2d7f5dca7b33e0f9434cf0b6ee846fc8bc45d39f252ec682732fb090f46032491155d83a30894a259e037e57de7523481bcc2d704d8d728fbdf048df30f7e4861f62b8e63de47b3838b5062ccd2c125bc581024ea76bd4b1f53057f37d329f7861a2a70fd3b6d6fe252a1b892192ed75c585ab809f702e27e237c4aa2dc947585c2086eeaa29c3ff7e02cb7d3a0aa3a8156d2897daa9c45a2e28ba14fd40c8a3a058805e4b5b10641c3c25b9ab80cce83206b13a1e2bc362eb5ab7e0e677c01fc0486aa32862ad0afa4f1cc8496b961a0eec71c26ad107ead599d8ddd59d85adceb3ea442efcf8ed64f4c66547344dc81ef5b6ac102434395203f58d59656d41dcc192774d70f4f2964e304efde831126d402a240325e603347aa43626b5eb69b0", 0x2000, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x90, 0x0, 0x0, {0x1, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xfffffffffffffffc, 0xdffffffffffffffe, 0x9, 0x0, 0x0, 0x0, 0x0, 0xa000, 0xfffffffd, 0x0, 0xee01, 0x7, 0x800000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000df0d000000000000000000000000f2fc0000000000ffffffffffffff000000000000000000000000000000da6380c00000000000000a000000000000000000000080400000000000000000080000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c00000000000000ffffffff00"/165], 0xfc}}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000b80)=@migrate={0x118, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@mcast2, 0x4e21, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@broadcast, 0xff, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2={0xfc, 0x2, '\x00', 0x20}, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}, @user_kmaddress={0x2c, 0x13, {@in=@multicast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x2}}]}, 0x118}}, 0x44)

0s ago: executing program 0 (id=2831):
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="580000000101010200000000000000000a0000000c00198008000200050000000600124400030000300002802c00018014000300fe8000000000000000000000000000bb14000400fe880000000000000000aac2000000"], 0x58}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, "a730b801"}, 0x0, 0x1, {0x0}})
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000140)={0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0100000000000000560000000000000066ba2000b0e2ee"], 0x6e})
ioctl$KVM_SET_IRQCHIP(r4, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x0, 0x180, 0x4, 0x0, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x55, 0x0, 0x4], 0x1, 0x344214})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x6a, 0x0, 0x0, 0x20, 0x0, 0x0, 0x6c, 0x80000001, 0x8000000000000, 0x80000004000080, 0x0, 0x8, 0x0, 0x4, 0x0, 0x8001], 0x1, 0x3c4210})
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000840)={"9263f0eefee8452b4b5a8676beff6bf5b92d09ce950ac04214a5461b1548f651bcc2293134da3c4c8b99b93ae260e48c8d459c00ec4a450b1fae9c9d9b207b1b910928cdcc711055528b6208660de299a52b7b2083a18483e195bda4fa32deeee50f9b5cd146f00e7f9aa48eb57d24d424fee039df488bc3f551f128f7ad785e6d99737be60bdfd1093c2eeae87a61f3075ceb7a90f4c856f6f30ee2500e97d67d6e5fed27f0b5e63450fd5d928b35582ee67117adca9d49df3e2720e3b8e347e08f39cfe9ba40bfc3a8d4a6e52b5c9a91d072e5e8df69beec7b65289fdf9c6e70093330b3441cbb34e3a661fbf1c02daca8e6cc2d254d4eaa0e130cf53a4b309c9f6329954733091eef625e9d680411b21238efb920d938141be69a96c0fbc77c6a7525cc39efddfd5eefcd6d7615f2f11425cff2faa59b705928762c753824f3d9856efe7c8e6adb2f46019f6cd596e8ae63d382a72d88274d3c0ba15653c0f433ce6eb17245d2af3f6a30fa22212c1f435178856f968e704bb7aa88bd31dc3acc522156348621ad34940407b2aada005033bddff547f07698e466f63006844ce38f6a3fcd00f78fdc8253fab2e0732ba21dea0a4ce8fedaf4636ff6d5b63a4a242d24b47d6588ff2309d5b07666f3604e78d145af1211e1f13d858d4e1fb2d99b4695245f51946e4a444df080f4dfe6a6dc321acd9aa23425cdf07df70eaad9644efcd2511199efc198c89c69d05bca5202432b878899c8184e99010d7fedb18963451930263707e7ba75e0d0fdf2b6e76139e5a760cb04d4ad1385c8ef192ad79f879fcb833df3aae63c886346941b0f07fb1194aa483ff043a89a679568fad89c62bbc7d379e2adc3fa0a0c4b0deefe01647871b45978f65b8078f174ddef48758652c1bb212829869a0a6c4abe22d7cc3f6c9c40a5d049d22f2582cd3ce4291dff2eef4a9a7cd9a14b74d9c9abb0c804120bc450e18c4d807c86d8a0c682c6feee31fb5a68987f8218ec1baada382a5e0d6c3f415bd9f14c018328d5d38cd4ca5edd24811c4e0fdc2600ef42260ec416d789ecb548887c2c955b8856714e45940422cfb4cff231825f7bb34f3d914a7cfcc7709bf1d716e27c8180b0b0ea0322ebfe6c474c419dbf33c55ea710be246f4c2582ef12b26d1059557c3f6efcea17147e016294aeab35a80545f69cc211a4cdaded1a2e4c06b6dc76d393e2347f399c43459dc837a14fe0109e79487b32c8568394ffe894c8475abb06d3c8776323ce9d684eb2b868c3c8f68de366f214176880f85d2c7b50a0b30f42913d97a745cabcfa061bd4164a719cfb19b6ea47fc9fa75c7771e7b8e442a1c899bede7f36b5845196ff21f77d7b9fa705bf09d33f835dc889cbb350290bd61df7e4a68b4bb441f261ee8f6df553b32d03d523c091a9532415f7b53275d35606738e"})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000000000)={0xeffffffa, 0xb, 0xfffffffc, 0xfffffffc, 0x7f, "db5909003a7f000700"})
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000040)={0x0, 0x40000000, 0x0, 0x0, 0x83, "00000000000000000000ffff00"})
r6 = syz_open_pts(r2, 0x400)
r7 = dup3(r6, r2, 0x0)
read$FUSE(r7, &(0x7f0000003f80)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

 usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  669.428762][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  669.428782][   T30] audit: type=1326 audit(1753321032.627:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14181 comm="syz.4.2335" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7fc00000
[  669.468550][T10107] usb 2-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  669.518601][T10107] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  669.527721][T10107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  670.025162][T14235] netlink: 'syz.2.2350': attribute type 28 has an invalid length.
[  670.046361][T14235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2350'.
[  671.872926][T10098] usb 2-1: USB disconnect, device number 80
[  671.892410][T14218] delete_channel: no stack
[  672.368385][T14264] syz.1.2359 (14264): drop_caches: 1
[  673.012212][T14264] syz.1.2359 (14264): drop_caches: 1
[  673.060365][T14275] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2361'.
[  673.104223][T14275] batman_adv: batadv0: Removing interface: dummy0
[  673.137606][T14275] bridge_slave_0: left promiscuous mode
[  673.178684][T14275] bridge0: port 1(bridge_slave_0) entered disabled state
[  673.210102][T14275] bridge_slave_1: left promiscuous mode
[  673.217059][T14269] syz.1.2359 (14269): drop_caches: 1
[  673.250047][T14275] bridge0: port 2(bridge_slave_1) entered disabled state
[  673.338190][T14275] bond0: (slave bond_slave_0): Releasing backup interface
[  673.413250][T14275] bond0: (slave bond_slave_1): Releasing backup interface
[  673.471563][T14275] batman_adv: batadv0: Removing interface: batadv_slave_0
[  673.509167][T14275] batman_adv: batadv0: Removing interface: batadv_slave_1
[  673.812944][T14283] macsec2: entered promiscuous mode
[  673.859172][T14283] hsr0: entered promiscuous mode
[  673.873375][T14283] macsec2: entered allmulticast mode
[  673.881364][T14283] hsr0: entered allmulticast mode
[  673.886623][T14283] hsr_slave_0: entered allmulticast mode
[  673.895954][T14283] hsr_slave_1: entered allmulticast mode
[  673.910533][T14283] hsr0: left allmulticast mode
[  673.915575][T14283] hsr_slave_0: left allmulticast mode
[  673.927062][T14283] hsr_slave_1: left allmulticast mode
[  673.934346][T14283] hsr0: left promiscuous mode
[  674.613715][T14300] netlink: 'syz.1.2368': attribute type 2 has an invalid length.
[  674.759661][T10098] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  675.031655][T10098] usb 5-1: config 160 has an invalid interface number: 52 but max is 0
[  675.048473][T10098] usb 5-1: config 160 has no interface number 0
[  675.081073][T10098] usb 5-1: config 160 interface 52 has no altsetting 0
[  675.113267][T10098] usb 5-1: New USB device found, idVendor=ad15, idProduct=0725, bcdDevice=47.e1
[  675.126479][T10098] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.144396][T10098] usb 5-1: Product: syz
[  675.154604][T10098] usb 5-1: Manufacturer: syz
[  675.164261][T10098] usb 5-1: SerialNumber: syz
[  675.570268][T10098] usb 5-1: bad CDC descriptors
[  675.599306][T10098] usb 5-1: USB disconnect, device number 100
[  675.955989][T14329] x_tables: duplicate underflow at hook 1
[  677.488525][ T5936] usb 4-1: new low-speed USB device number 72 using dummy_hcd
[  677.658608][ T5936] usb 4-1: device descriptor read/64, error -71
[  677.908457][ T5936] usb 4-1: new low-speed USB device number 73 using dummy_hcd
[  678.078450][T10098] usb 1-1: new full-speed USB device number 86 using dummy_hcd
[  678.078553][ T5936] usb 4-1: device descriptor read/64, error -71
[  678.330085][ T5936] usb usb4-port1: attempt power cycle
[  678.343172][T10098] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 15
[  678.372588][T10098] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  678.414949][T10098] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  678.439593][T10098] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  678.544968][T10098] usb 1-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  678.564407][T10098] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.589004][T10098] usb 1-1: Product: syz
[  678.593264][T10098] usb 1-1: Manufacturer: syz
[  678.615949][T14383] macvlan1: entered promiscuous mode
[  678.631335][T10098] usb 1-1: SerialNumber: syz
[  678.681056][ T5936] usb 4-1: new low-speed USB device number 74 using dummy_hcd
[  678.695354][T10098] usb 1-1: config 0 descriptor??
[  678.706463][T14383] veth1_to_hsr: entered promiscuous mode
[  678.717161][T14370] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  678.759264][ T5936] usb 4-1: device descriptor read/8, error -71
[  678.946467][T14370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  678.960038][T14370] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  679.031569][   T30] audit: type=1326 audit(1753321042.137:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.125825][ T5936] usb 4-1: new low-speed USB device number 75 using dummy_hcd
[  679.186777][T14389] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2402'.
[  679.208599][   T30] audit: type=1326 audit(1753321042.137:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.220320][ T5936] usb 4-1: device descriptor read/8, error -71
[  679.246365][   T30] audit: type=1326 audit(1753321042.137:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.328474][T10107] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  679.351131][   T30] audit: type=1326 audit(1753321042.137:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.368973][ T5936] usb usb4-port1: unable to enumerate USB device
[  679.375473][   T30] audit: type=1326 audit(1753321042.137:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.404430][   T30] audit: type=1326 audit(1753321042.137:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.499705][   T30] audit: type=1326 audit(1753321042.137:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.534182][T10107] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  679.576688][T10107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  679.605251][T10107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  679.615426][   T30] audit: type=1326 audit(1753321042.137:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.685190][T10107] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  679.699912][   T30] audit: type=1326 audit(1753321042.147:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.727117][T10107] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  679.748752][T10107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.777571][T10107] usb 3-1: config 0 descriptor??
[  679.790884][   T30] audit: type=1326 audit(1753321042.147:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14366 comm="syz.0.2394" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  679.813501][    C0] vkms_vblank_simulate: vblank timer overrun
[  680.250496][T10107] plantronics 0003:047F:FFFF.001C: ignoring exceeding usage max
[  680.296196][T10107] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  680.909923][T14410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  680.976735][T14410] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.003664][T10098] powermate: Expected payload of 3--6 bytes, found 64 bytes!
[  681.017596][T14410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.079983][T10098] input: Griffin SoundKnob as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input35
[  681.101012][T14410] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.117233][T14410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  681.147555][T14410] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  681.183399][    C1] powermate: config urb returned -71
[  681.189177][    C1] powermate: config urb returned -71
[  681.194665][    C1] powermate: config urb returned -71
[  681.200231][    C1] powermate: config urb returned -71
[  681.286461][T10098] usb 1-1: USB disconnect, device number 86
[  681.292476][    C1] powermate 1-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  681.868778][T10098] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  682.065286][T10098] usb 1-1: config 252 has an invalid interface number: 254 but max is 0
[  682.073980][T10098] usb 1-1: config 252 has an invalid descriptor of length 0, skipping remainder of the config
[  682.138417][T10098] usb 1-1: config 252 has no interface number 0
[  682.144775][T10098] usb 1-1: config 252 interface 254 has no altsetting 0
[  682.269786][T10098] usb 1-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=46.29
[  682.279166][T10098] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.287231][T10098] usb 1-1: Product: syz
[  682.314797][T10069] usb 3-1: USB disconnect, device number 77
[  682.366604][T10098] usb 1-1: Manufacturer: syz
[  682.383665][T10098] usb 1-1: SerialNumber: syz
[  682.450322][T10098] bfusb 1-1:252.254: probe with driver bfusb failed with error -5
[  682.652201][T10069] usb 1-1: USB disconnect, device number 87
[  683.275385][T14441] netlink: 'syz.2.2415': attribute type 4 has an invalid length.
[  683.447404][T14441] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2415'.
[  683.502013][T14441] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  684.326130][T14451] FAULT_INJECTION: forcing a failure.
[  684.326130][T14451] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  684.377011][T14451] CPU: 0 UID: 0 PID: 14451 Comm: syz.4.2420 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  684.377047][T14451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  684.377057][T14451] Call Trace:
[  684.377064][T14451]  <TASK>
[  684.377071][T14451]  dump_stack_lvl+0x189/0x250
[  684.377095][T14451]  ? __pfx____ratelimit+0x10/0x10
[  684.377114][T14451]  ? __pfx_dump_stack_lvl+0x10/0x10
[  684.377133][T14451]  ? __pfx__printk+0x10/0x10
[  684.377153][T14451]  ? __might_fault+0xb0/0x130
[  684.377182][T14451]  should_fail_ex+0x414/0x560
[  684.377201][T14451]  _copy_from_iter+0x1db/0x16f0
[  684.377223][T14451]  ? rcu_is_watching+0x15/0xb0
[  684.377241][T14451]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  684.377262][T14451]  ? __pfx__copy_from_iter+0x10/0x10
[  684.377283][T14451]  ? __build_skb_around+0x257/0x3e0
[  684.377307][T14451]  ? netlink_sendmsg+0x642/0xb30
[  684.377327][T14451]  ? skb_put+0x11b/0x210
[  684.377350][T14451]  netlink_sendmsg+0x6b2/0xb30
[  684.377378][T14451]  ? __pfx_netlink_sendmsg+0x10/0x10
[  684.377401][T14451]  ? aa_sock_msg_perm+0x94/0x160
[  684.377419][T14451]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  684.377434][T14451]  ? __pfx_netlink_sendmsg+0x10/0x10
[  684.377456][T14451]  __sock_sendmsg+0x219/0x270
[  684.377475][T14451]  ____sys_sendmsg+0x505/0x830
[  684.377493][T14451]  ? __pfx_____sys_sendmsg+0x10/0x10
[  684.377513][T14451]  ? import_iovec+0x74/0xa0
[  684.377536][T14451]  ___sys_sendmsg+0x21f/0x2a0
[  684.377551][T14451]  ? __pfx____sys_sendmsg+0x10/0x10
[  684.377589][T14451]  ? __fget_files+0x2a/0x420
[  684.377601][T14451]  ? __fget_files+0x3a0/0x420
[  684.377621][T14451]  __x64_sys_sendmsg+0x19b/0x260
[  684.377637][T14451]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  684.377676][T14451]  ? __pfx_ksys_write+0x10/0x10
[  684.377694][T14451]  ? rcu_is_watching+0x15/0xb0
[  684.377715][T14451]  ? do_syscall_64+0xbe/0x3b0
[  684.377736][T14451]  do_syscall_64+0xfa/0x3b0
[  684.377758][T14451]  ? lockdep_hardirqs_on+0x9c/0x150
[  684.377774][T14451]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.377789][T14451]  ? clear_bhb_loop+0x60/0xb0
[  684.377807][T14451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.377822][T14451] RIP: 0033:0x7fb56b98e9a9
[  684.377835][T14451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  684.377848][T14451] RSP: 002b:00007fb56b7f7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  684.377864][T14451] RAX: ffffffffffffffda RBX: 00007fb56bbb5fa0 RCX: 00007fb56b98e9a9
[  684.377875][T14451] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  684.377885][T14451] RBP: 00007fb56b7f7090 R08: 0000000000000000 R09: 0000000000000000
[  684.377894][T14451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  684.377903][T14451] R13: 0000000000000000 R14: 00007fb56bbb5fa0 R15: 00007fb56bcdfa28
[  684.377925][T14451]  </TASK>
[  685.248440][   T30] kauditd_printk_skb: 77 callbacks suppressed
[  685.248461][   T30] audit: type=1326 audit(1753321048.277:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  685.296808][   T30] audit: type=1326 audit(1753321048.277:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  685.397951][   T30] audit: type=1326 audit(1753321048.277:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  685.506107][   T30] audit: type=1326 audit(1753321048.277:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  685.674142][   T30] audit: type=1326 audit(1753321048.287:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  685.704464][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  685.710950][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  686.166395][   T30] audit: type=1326 audit(1753321048.287:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  686.239915][   T30] audit: type=1326 audit(1753321048.287:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  686.304995][   T30] audit: type=1326 audit(1753321048.297:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  686.376859][   T30] audit: type=1326 audit(1753321048.297:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  686.407002][T14494] Invalid logical block size (8223)
[  686.501448][   T30] audit: type=1326 audit(1753321048.297:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14454 comm="syz.4.2423" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  686.998402][T10069] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[  687.160043][T10069] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  687.182542][T10069] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  687.216382][T10069] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  687.242241][T10069] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  687.280802][T10069] usb 4-1: SerialNumber: syz
[  687.794407][T10069] usb 4-1: 0:2 : does not exist
[  687.836021][T10069] usb 4-1: unit 5: unexpected type 0x0e
[  687.921872][T10069] usb 4-1: USB disconnect, device number 76
[  688.043313][ T6079] udevd[6079]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  688.248544][T10107] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  688.570221][T10107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  688.617385][T10107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  688.628757][T10107] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccb, bcdDevice= 0.00
[  688.638019][T10107] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0
[  688.657427][T10107] usb 3-1: Manufacturer: syz
[  688.668142][T10107] usb 3-1: config 0 descriptor??
[  688.928459][ T5936] usb 4-1: new low-speed USB device number 77 using dummy_hcd
[  689.089934][ T5936] usb 4-1: Invalid ep0 maxpacket: 64
[  689.218535][ T5936] usb 4-1: new low-speed USB device number 78 using dummy_hcd
[  689.368552][ T5936] usb 4-1: Invalid ep0 maxpacket: 64
[  689.451295][ T5936] usb usb4-port1: attempt power cycle
[  689.798568][ T5936] usb 4-1: new low-speed USB device number 79 using dummy_hcd
[  689.907882][ T5936] usb 4-1: Invalid ep0 maxpacket: 64
[  690.058519][ T5936] usb 4-1: new low-speed USB device number 80 using dummy_hcd
[  690.129382][ T5936] usb 4-1: Invalid ep0 maxpacket: 64
[  690.144407][ T5936] usb usb4-port1: unable to enumerate USB device
[  690.778596][T10069] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  690.825032][   T10] kworker/0:1 (10) used greatest stack depth: 13624 bytes left
[  690.944155][T10069] usb 2-1: Using ep0 maxpacket: 32
[  690.962037][T10069] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  690.966936][T10107] usbhid 3-1:0.0: can't add hid device: -71
[  691.000596][T10069] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  691.000941][T10107] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  691.051702][T10069] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  691.081733][T10069] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.088193][T10107] usb 3-1: USB disconnect, device number 78
[  691.149363][T10069] usb 2-1: config 0 descriptor??
[  691.498610][T10107] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  691.648448][T10107] usb 3-1: Using ep0 maxpacket: 8
[  691.670320][T10107] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  691.714388][T10107] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  691.760836][T10107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  691.780484][T10069] savu 0003:1E7D:2D5A.001D: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  691.795008][T10107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  691.806052][T14547] program syz.3.2446 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  691.841223][T10107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  691.874471][T10107] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  691.975758][T10107] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  692.004085][T10107] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.057103][T10107] usb 3-1: Product: syz
[  692.081307][T10107] usb 3-1: Manufacturer: syz
[  692.098086][T10107] usb 3-1: SerialNumber: syz
[  692.118847][T10107] usb 3-1: config 0 descriptor??
[  692.133169][T14540] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  692.187018][T10107] ati_remote 3-1:0.0: ati_remote_probe: Unexpected endpoint_out
[  692.397002][T14540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  692.408720][T14540] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  692.548427][T10069] usb 3-1: USB disconnect, device number 79
[  692.678804][T10098] usb 2-1: USB disconnect, device number 81
[  693.288627][T10107] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  693.468194][T10107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  693.498939][T10107] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  693.520666][T14562] binder: BINDER_SET_CONTEXT_MGR already set
[  693.526794][T14562] binder: 14560:14562 ioctl 4018620d 200000000040 returned -16
[  693.540793][T14562] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2450'.
[  693.564897][T10107] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  693.597856][T10107] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.656666][T10107] usb 4-1: config 0 descriptor??
[  693.721868][T14564] fuse: Bad value for 'rootmode'
[  694.140761][T10107] cm6533_jd 0003:0D8C:0022.001E: unknown main item tag 0x0
[  694.222455][T10107] cm6533_jd 0003:0D8C:0022.001E: unknown main item tag 0x0
[  694.266826][T10107] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.001E/input/input36
[  694.392856][T10107] cm6533_jd 0003:0D8C:0022.001E: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  695.558531][T10107] usb 4-1: reset high-speed USB device number 81 using dummy_hcd
[  695.908420][T10105] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  696.089338][T10105] usb 1-1: Using ep0 maxpacket: 16
[  696.104308][T14599] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2461'.
[  696.146571][T10105] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  696.158244][T10105] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00
[  696.299686][T10105] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.328379][T10105] usb 1-1: config 0 descriptor??
[  696.482866][T14608] netlink: set zone limit has 8 unknown bytes
[  696.493640][T14608] FAULT_INJECTION: forcing a failure.
[  696.493640][T14608] name failslab, interval 1, probability 0, space 0, times 0
[  696.532199][T14608] CPU: 0 UID: 0 PID: 14608 Comm: syz.3.2465 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  696.532232][T14608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  696.532246][T14608] Call Trace:
[  696.532256][T14608]  <TASK>
[  696.532266][T14608]  dump_stack_lvl+0x189/0x250
[  696.532301][T14608]  ? __pfx____ratelimit+0x10/0x10
[  696.532329][T14608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  696.532355][T14608]  ? __pfx__printk+0x10/0x10
[  696.532390][T14608]  ? ref_tracker_alloc+0x318/0x460
[  696.532416][T14608]  should_fail_ex+0x414/0x560
[  696.532436][T14608]  should_failslab+0xa8/0x100
[  696.532460][T14608]  kmem_cache_alloc_noprof+0x73/0x3c0
[  696.532481][T14608]  ? skb_clone+0x212/0x3a0
[  696.532500][T14608]  skb_clone+0x212/0x3a0
[  696.532518][T14608]  __netlink_deliver_tap+0x404/0x850
[  696.532550][T14608]  ? netlink_deliver_tap+0x2e/0x1b0
[  696.532573][T14608]  netlink_deliver_tap+0x19c/0x1b0
[  696.532608][T14608]  netlink_sendskb+0x68/0x140
[  696.532629][T14608]  ovs_ct_limit_cmd_set+0x968/0xb00
[  696.532650][T14608]  ? __nla_parse+0x40/0x60
[  696.532671][T14608]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  696.532688][T14608]  ? genl_family_rcv_msg_attrs_parse+0x212/0x2a0
[  696.532716][T14608]  genl_family_rcv_msg_doit+0x212/0x300
[  696.532738][T14608]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  696.532764][T14608]  ? bpf_lsm_capable+0x9/0x20
[  696.532784][T14608]  ? security_capable+0x7e/0x2e0
[  696.532806][T14608]  genl_rcv_msg+0x60e/0x790
[  696.532827][T14608]  ? __pfx_genl_rcv_msg+0x10/0x10
[  696.532841][T14608]  ? ref_tracker_free+0x63a/0x7d0
[  696.532857][T14608]  ? __pfx_ovs_ct_limit_cmd_set+0x10/0x10
[  696.532879][T14608]  ? __pfx_ref_tracker_free+0x10/0x10
[  696.532904][T14608]  netlink_rcv_skb+0x205/0x470
[  696.532926][T14608]  ? __pfx_genl_rcv_msg+0x10/0x10
[  696.532944][T14608]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  696.532993][T14608]  ? down_read+0x1ad/0x2e0
[  696.533025][T14608]  genl_rcv+0x28/0x40
[  696.533040][T14608]  netlink_unicast+0x759/0x8e0
[  696.533068][T14608]  netlink_sendmsg+0x805/0xb30
[  696.533095][T14608]  ? __pfx_netlink_sendmsg+0x10/0x10
[  696.533119][T14608]  ? aa_sock_msg_perm+0x94/0x160
[  696.533137][T14608]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  696.533153][T14608]  ? __pfx_netlink_sendmsg+0x10/0x10
[  696.533174][T14608]  __sock_sendmsg+0x219/0x270
[  696.533195][T14608]  ____sys_sendmsg+0x505/0x830
[  696.533213][T14608]  ? __pfx_____sys_sendmsg+0x10/0x10
[  696.533233][T14608]  ? import_iovec+0x74/0xa0
[  696.533256][T14608]  ___sys_sendmsg+0x21f/0x2a0
[  696.533272][T14608]  ? __pfx____sys_sendmsg+0x10/0x10
[  696.533312][T14608]  ? __fget_files+0x2a/0x420
[  696.533324][T14608]  ? __fget_files+0x3a0/0x420
[  696.533345][T14608]  __x64_sys_sendmsg+0x19b/0x260
[  696.533361][T14608]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  696.533382][T14608]  ? __pfx_ksys_write+0x10/0x10
[  696.533400][T14608]  ? rcu_is_watching+0x15/0xb0
[  696.533431][T14608]  ? do_syscall_64+0xbe/0x3b0
[  696.533460][T14608]  do_syscall_64+0xfa/0x3b0
[  696.533486][T14608]  ? lockdep_hardirqs_on+0x9c/0x150
[  696.533503][T14608]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.533518][T14608]  ? clear_bhb_loop+0x60/0xb0
[  696.533536][T14608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.533550][T14608] RIP: 0033:0x7fea8498e9a9
[  696.533563][T14608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  696.533575][T14608] RSP: 002b:00007fea857f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  696.533590][T14608] RAX: ffffffffffffffda RBX: 00007fea84bb5fa0 RCX: 00007fea8498e9a9
[  696.533601][T14608] RDX: 0000000000004010 RSI: 0000200000000000 RDI: 0000000000000003
[  696.533611][T14608] RBP: 00007fea857f9090 R08: 0000000000000000 R09: 0000000000000000
[  696.533619][T14608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  696.533628][T14608] R13: 0000000000000000 R14: 00007fea84bb5fa0 R15: 00007fea84cdfa28
[  696.533650][T14608]  </TASK>
[  696.923255][    C0] vkms_vblank_simulate: vblank timer overrun
[  696.986075][T14604] netlink: 'syz.1.2464': attribute type 4 has an invalid length.
[  696.995387][T14604] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2464'.
[  697.183044][T10105] aquacomputer_d5next 0003:0C70:F00E.001F: hidraw1: USB HID v0.83 Device [HID 0c70:f00e] on usb-dummy_hcd.0-1/input0
[  697.391478][ T5936] usb 4-1: USB disconnect, device number 81
[  697.751622][T10105] usb 1-1: USB disconnect, device number 88
[  698.699158][T14635] FAULT_INJECTION: forcing a failure.
[  698.699158][T14635] name failslab, interval 1, probability 0, space 0, times 0
[  698.756031][T14635] CPU: 0 UID: 0 PID: 14635 Comm: syz.2.2471 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  698.756054][T14635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  698.756064][T14635] Call Trace:
[  698.756070][T14635]  <TASK>
[  698.756078][T14635]  dump_stack_lvl+0x189/0x250
[  698.756100][T14635]  ? __pfx____ratelimit+0x10/0x10
[  698.756117][T14635]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.756135][T14635]  ? __pfx__printk+0x10/0x10
[  698.756160][T14635]  ? __pfx___might_resched+0x10/0x10
[  698.756176][T14635]  ? fs_reclaim_acquire+0x7d/0x100
[  698.756195][T14635]  should_fail_ex+0x414/0x560
[  698.756214][T14635]  ? alloc_netdev_mqs+0xa6/0x11e0
[  698.756230][T14635]  should_failslab+0xa8/0x100
[  698.756254][T14635]  __kvmalloc_node_noprof+0x161/0x5f0
[  698.756294][T14635]  ? alloc_netdev_mqs+0xa6/0x11e0
[  698.756308][T14635]  ? snprintf+0xda/0x120
[  698.756332][T14635]  ? __pfx_ip6_tnl_dev_setup+0x10/0x10
[  698.756350][T14635]  alloc_netdev_mqs+0xa6/0x11e0
[  698.756365][T14635]  ? __pfx_ip6_tnl_dev_setup+0x10/0x10
[  698.756381][T14635]  ? __pfx_snprintf+0x10/0x10
[  698.756412][T14635]  rtnl_create_link+0x31f/0xd10
[  698.756447][T14635]  rtnl_newlink_create+0x25c/0xb00
[  698.756474][T14635]  ? __pfx_aa_get_newest_label+0x10/0x10
[  698.756494][T14635]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  698.756515][T14635]  ? rtnl_newlink+0x8db/0x1c70
[  698.756537][T14635]  ? __pfx___mutex_lock+0x10/0x10
[  698.756561][T14635]  ? ns_capable+0x8a/0xf0
[  698.756581][T14635]  rtnl_newlink+0x16d6/0x1c70
[  698.756612][T14635]  ? __pfx_rtnl_newlink+0x10/0x10
[  698.756631][T14635]  ? is_bpf_text_address+0x26/0x2b0
[  698.756653][T14635]  ? __lock_acquire+0xab9/0xd20
[  698.756678][T14635]  ? __lock_acquire+0xab9/0xd20
[  698.756708][T14635]  ? is_bpf_text_address+0x26/0x2b0
[  698.756726][T14635]  ? is_bpf_text_address+0x292/0x2b0
[  698.756741][T14635]  ? is_bpf_text_address+0x26/0x2b0
[  698.756759][T14635]  ? kernel_text_address+0xa5/0xe0
[  698.756782][T14635]  ? __lock_acquire+0xab9/0xd20
[  698.756814][T14635]  ? __pfx_rtnl_newlink+0x10/0x10
[  698.756833][T14635]  rtnetlink_rcv_msg+0x7cc/0xb70
[  698.756855][T14635]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  698.756874][T14635]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  698.756906][T14635]  netlink_rcv_skb+0x205/0x470
[  698.756927][T14635]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  698.756948][T14635]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  698.756978][T14635]  ? netlink_deliver_tap+0x2e/0x1b0
[  698.756999][T14635]  ? netlink_deliver_tap+0x2e/0x1b0
[  698.757023][T14635]  netlink_unicast+0x759/0x8e0
[  698.757051][T14635]  netlink_sendmsg+0x805/0xb30
[  698.757079][T14635]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.757102][T14635]  ? aa_sock_msg_perm+0x94/0x160
[  698.757119][T14635]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  698.757135][T14635]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.757156][T14635]  __sock_sendmsg+0x219/0x270
[  698.757177][T14635]  ____sys_sendmsg+0x505/0x830
[  698.757196][T14635]  ? __pfx_____sys_sendmsg+0x10/0x10
[  698.757217][T14635]  ? import_iovec+0x74/0xa0
[  698.757241][T14635]  ___sys_sendmsg+0x21f/0x2a0
[  698.757256][T14635]  ? __pfx____sys_sendmsg+0x10/0x10
[  698.757297][T14635]  ? __fget_files+0x2a/0x420
[  698.757310][T14635]  ? __fget_files+0x3a0/0x420
[  698.757331][T14635]  __x64_sys_sendmsg+0x19b/0x260
[  698.757346][T14635]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  698.757368][T14635]  ? __pfx_ksys_write+0x10/0x10
[  698.757385][T14635]  ? rcu_is_watching+0x15/0xb0
[  698.757411][T14635]  ? do_syscall_64+0xbe/0x3b0
[  698.757431][T14635]  do_syscall_64+0xfa/0x3b0
[  698.757447][T14635]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.757462][T14635]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.757477][T14635]  ? clear_bhb_loop+0x60/0xb0
[  698.757496][T14635]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.757510][T14635] RIP: 0033:0x7f477d38e9a9
[  698.757523][T14635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  698.757535][T14635] RSP: 002b:00007f477e227038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  698.757551][T14635] RAX: ffffffffffffffda RBX: 00007f477d5b5fa0 RCX: 00007f477d38e9a9
[  698.757561][T14635] RDX: 0000000020004090 RSI: 0000200000000280 RDI: 0000000000000004
[  698.757571][T14635] RBP: 00007f477e227090 R08: 0000000000000000 R09: 0000000000000000
[  698.757580][T14635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  698.757588][T14635] R13: 0000000000000000 R14: 00007f477d5b5fa0 R15: 00007f477d6dfa28
[  698.757610][T14635]  </TASK>
[  699.192586][    C0] vkms_vblank_simulate: vblank timer overrun
[  699.962662][T14648] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2477'.
[  700.765990][T14664] syz.4.2481 (14664): drop_caches: 1
[  701.236026][T14676] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2484'.
[  701.245989][T14676] netlink: 200 bytes leftover after parsing attributes in process `syz.0.2484'.
[  701.538533][T10098] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  701.705257][T14661] syz.4.2481 (14661): drop_caches: 1
[  701.742069][T10098] usb 1-1: Using ep0 maxpacket: 8
[  701.769023][T10098] usb 1-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56
[  701.791099][T10098] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.809597][T10098] usb 1-1: config 0 descriptor??
[  701.825102][T10098] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  701.838104][T10098] ftdi_sio ttyUSB0: unknown device type: 0x256
[  701.851212][T14686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2489'.
[  701.887042][T14685] usb usb8: usbfs: process 14685 (syz.1.2488) did not claim interface 0 before use
[  701.959362][   T30] kauditd_printk_skb: 37 callbacks suppressed
[  701.959380][   T30] audit: type=1326 audit(1753321065.167:1961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  701.991766][T14689] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2490'.
[  702.073057][   T30] audit: type=1326 audit(1753321065.197:1962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  702.198698][T10098] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  702.202992][   T30] audit: type=1326 audit(1753321065.197:1963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  702.229252][T10105] usb 2-1: new high-speed USB device number 82 using dummy_hcd
[  702.253462][T14696] netlink: 1 bytes leftover after parsing attributes in process `syz.2.2492'.
[  702.462915][   T30] audit: type=1326 audit(1753321065.197:1964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fea8498d310 code=0x7ffc0000
[  702.561504][   T30] audit: type=1326 audit(1753321065.197:1965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  702.584385][T10105] usb 2-1: Using ep0 maxpacket: 32
[  702.607208][T10105] usb 2-1: config 0 has an invalid interface number: 223 but max is 0
[  702.634752][T10105] usb 2-1: config 0 has no interface number 0
[  702.666369][T10105] usb 2-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=10.fe
[  702.683013][T10105] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  702.696523][   T30] audit: type=1326 audit(1753321065.197:1966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  702.734848][T14703] FAULT_INJECTION: forcing a failure.
[  702.734848][T14703] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  702.744644][T10105] usb 2-1: Product: syz
[  702.773183][T10105] usb 2-1: Manufacturer: syz
[  702.848034][T14703] CPU: 0 UID: 0 PID: 14703 Comm: syz.3.2495 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  702.848070][T14703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  702.848083][T14703] Call Trace:
[  702.848092][T14703]  <TASK>
[  702.848109][T14703]  dump_stack_lvl+0x189/0x250
[  702.848140][T14703]  ? __pfx____ratelimit+0x10/0x10
[  702.848158][T14703]  ? __pfx_dump_stack_lvl+0x10/0x10
[  702.848182][T14703]  ? __pfx__printk+0x10/0x10
[  702.848210][T14703]  ? __might_fault+0xb0/0x130
[  702.848251][T14703]  should_fail_ex+0x414/0x560
[  702.848277][T14703]  _copy_from_user+0x2d/0xb0
[  702.848306][T14703]  input_event_from_user+0xb2/0x280
[  702.848330][T14703]  ? __pfx_input_event_from_user+0x10/0x10
[  702.848358][T14703]  ? input_inject_event+0xbc/0x320
[  702.848391][T14703]  evdev_write+0x2a6/0x480
[  702.848418][T14703]  ? __pfx_evdev_write+0x10/0x10
[  702.848441][T14703]  ? bpf_lsm_file_permission+0x9/0x20
[  702.848465][T14703]  ? security_file_permission+0x75/0x290
[  702.848498][T14703]  ? rw_verify_area+0x258/0x650
[  702.848525][T14703]  ? __pfx_evdev_write+0x10/0x10
[  702.848548][T14703]  vfs_write+0x27e/0xa90
[  702.848586][T14703]  ? __pfx_vfs_write+0x10/0x10
[  702.848617][T14703]  ? __fget_files+0x2a/0x420
[  702.848640][T14703]  ? __fget_files+0x2a/0x420
[  702.848658][T14703]  ? __fget_files+0x3a0/0x420
[  702.848676][T14703]  ? __fget_files+0x2a/0x420
[  702.848705][T14703]  ksys_write+0x145/0x250
[  702.848737][T14703]  ? __pfx_ksys_write+0x10/0x10
[  702.848763][T14703]  ? rcu_is_watching+0x15/0xb0
[  702.848796][T14703]  ? do_syscall_64+0xbe/0x3b0
[  702.848827][T14703]  do_syscall_64+0xfa/0x3b0
[  702.848849][T14703]  ? lockdep_hardirqs_on+0x9c/0x150
[  702.848873][T14703]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.848895][T14703]  ? clear_bhb_loop+0x60/0xb0
[  702.848923][T14703]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.848945][T14703] RIP: 0033:0x7fea8498e9a9
[  702.848965][T14703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  702.848984][T14703] RSP: 002b:00007fea857f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  702.849007][T14703] RAX: ffffffffffffffda RBX: 00007fea84bb5fa0 RCX: 00007fea8498e9a9
[  702.849023][T14703] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000004
[  702.849037][T14703] RBP: 00007fea857f9090 R08: 0000000000000000 R09: 0000000000000000
[  702.849050][T14703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  702.849063][T14703] R13: 0000000000000000 R14: 00007fea84bb5fa0 R15: 00007fea84cdfa28
[  702.849103][T14703]  </TASK>
[  702.909505][   T30] audit: type=1326 audit(1753321065.197:1967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  702.978865][T10105] usb 2-1: SerialNumber: syz
[  703.153099][   T30] audit: type=1326 audit(1753321065.197:1968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  703.175508][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.183681][   T30] audit: type=1326 audit(1753321065.197:1969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  703.221885][   T30] audit: type=1326 audit(1753321065.197:1970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14688 comm="syz.3.2490" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  703.244285][    C1] vkms_vblank_simulate: vblank timer overrun
[  703.413305][T10105] usb 2-1: config 0 descriptor??
[  703.636272][T10105] usb 2-1: USB disconnect, device number 82
[  704.088774][T10107] usb 1-1: USB disconnect, device number 89
[  704.096075][T10107] ftdi_sio 1-1:0.0: device disconnected
[  704.314395][T14718] kAFS: unable to lookup cell '/,'
[  704.666043][T14730] netlink: 'syz.3.2505': attribute type 10 has an invalid length.
[  704.695444][T14730] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2505'.
[  704.725290][T14730] dummy0: entered promiscuous mode
[  704.751260][T14730] batman_adv: batadv0: Interface deactivated: dummy0
[  704.758064][T14730] batman_adv: batadv0: Removing interface: dummy0
[  704.773136][T14730] bridge0: port 3(dummy0) entered blocking state
[  704.782991][T14730] bridge0: port 3(dummy0) entered disabled state
[  704.794759][T14730] bridge0: port 3(dummy0) entered blocking state
[  704.801310][T14730] bridge0: port 3(dummy0) entered forwarding state
[  705.035388][T14743] FAULT_INJECTION: forcing a failure.
[  705.035388][T14743] name failslab, interval 1, probability 0, space 0, times 0
[  705.054306][T14743] CPU: 1 UID: 0 PID: 14743 Comm: syz.3.2510 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  705.054337][T14743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  705.054350][T14743] Call Trace:
[  705.054359][T14743]  <TASK>
[  705.054369][T14743]  dump_stack_lvl+0x189/0x250
[  705.054400][T14743]  ? __pfx____ratelimit+0x10/0x10
[  705.054424][T14743]  ? __pfx_dump_stack_lvl+0x10/0x10
[  705.054448][T14743]  ? __pfx__printk+0x10/0x10
[  705.054479][T14743]  ? __pfx___might_resched+0x10/0x10
[  705.054504][T14743]  ? fs_reclaim_acquire+0x7d/0x100
[  705.054530][T14743]  should_fail_ex+0x414/0x560
[  705.054558][T14743]  should_failslab+0xa8/0x100
[  705.054591][T14743]  __kmalloc_cache_noprof+0x70/0x3d0
[  705.054619][T14743]  ? sctp_stream_init_ext+0x57/0x180
[  705.054648][T14743]  sctp_stream_init_ext+0x57/0x180
[  705.054675][T14743]  sctp_sendmsg_to_asoc+0x12fd/0x1810
[  705.054705][T14743]  ? __asan_memcpy+0x40/0x70
[  705.054738][T14743]  ? sctp_assoc_add_peer+0xcfa/0x13b0
[  705.054783][T14743]  ? sctp_connect_new_asoc+0x3f0/0x690
[  705.054814][T14743]  ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10
[  705.054846][T14743]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  705.054888][T14743]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  705.054920][T14743]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  705.054949][T14743]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[  705.054985][T14743]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  705.055008][T14743]  ? security_sctp_bind_connect+0x7e/0x2e0
[  705.055044][T14743]  sctp_sendmsg+0x1941/0x2810
[  705.055088][T14743]  ? __pfx_sctp_sendmsg+0x10/0x10
[  705.055123][T14743]  ? aa_sk_perm+0x81e/0x950
[  705.055149][T14743]  ? __pfx_aa_sk_perm+0x10/0x10
[  705.055174][T14743]  ? sock_rps_record_flow+0x19/0x410
[  705.055201][T14743]  ? inet_sendmsg+0x2f4/0x370
[  705.055224][T14743]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  705.055250][T14743]  __sock_sendmsg+0x19c/0x270
[  705.055279][T14743]  __sys_sendto+0x3bd/0x520
[  705.055312][T14743]  ? __pfx___sys_sendto+0x10/0x10
[  705.055339][T14743]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  705.055378][T14743]  ? __fget_files+0x3a0/0x420
[  705.055409][T14743]  ? ksys_write+0x22a/0x250
[  705.055439][T14743]  ? __pfx_ksys_write+0x10/0x10
[  705.055464][T14743]  ? rcu_is_watching+0x15/0xb0
[  705.055495][T14743]  __x64_sys_sendto+0xde/0x100
[  705.055528][T14743]  do_syscall_64+0xfa/0x3b0
[  705.055552][T14743]  ? lockdep_hardirqs_on+0x9c/0x150
[  705.055575][T14743]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.055596][T14743]  ? clear_bhb_loop+0x60/0xb0
[  705.055621][T14743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  705.055642][T14743] RIP: 0033:0x7fea8498e9a9
[  705.055661][T14743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  705.055679][T14743] RSP: 002b:00007fea857f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  705.055702][T14743] RAX: ffffffffffffffda RBX: 00007fea84bb5fa0 RCX: 00007fea8498e9a9
[  705.055717][T14743] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000003
[  705.055731][T14743] RBP: 00007fea857f9090 R08: 0000200000000040 R09: 0000000000000010
[  705.055745][T14743] R10: 0000000004044850 R11: 0000000000000246 R12: 0000000000000002
[  705.055757][T14743] R13: 0000000000000000 R14: 00007fea84bb5fa0 R15: 00007fea84cdfa28
[  705.055790][T14743]  </TASK>
[  705.381673][    C1] vkms_vblank_simulate: vblank timer overrun
[  708.622273][T14796] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  708.864385][T14810] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  708.880778][T14798] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2524'.
[  708.927741][T14813] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2526'.
[  709.206128][T14817] FAULT_INJECTION: forcing a failure.
[  709.206128][T14817] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  709.240964][T14817] CPU: 1 UID: 0 PID: 14817 Comm: syz.1.2528 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  709.240995][T14817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  709.241008][T14817] Call Trace:
[  709.241016][T14817]  <TASK>
[  709.241024][T14817]  dump_stack_lvl+0x189/0x250
[  709.241052][T14817]  ? __pfx____ratelimit+0x10/0x10
[  709.241076][T14817]  ? __pfx_dump_stack_lvl+0x10/0x10
[  709.241100][T14817]  ? __pfx__printk+0x10/0x10
[  709.241129][T14817]  ? __might_fault+0xb0/0x130
[  709.241166][T14817]  should_fail_ex+0x414/0x560
[  709.241194][T14817]  _copy_from_iter+0x1db/0x16f0
[  709.241224][T14817]  ? rcu_is_watching+0x15/0xb0
[  709.241250][T14817]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  709.241280][T14817]  ? __pfx__copy_from_iter+0x10/0x10
[  709.241308][T14817]  ? __build_skb_around+0x257/0x3e0
[  709.241341][T14817]  ? netlink_sendmsg+0x642/0xb30
[  709.241369][T14817]  ? skb_put+0x11b/0x210
[  709.241401][T14817]  netlink_sendmsg+0x6b2/0xb30
[  709.241440][T14817]  ? __pfx_netlink_sendmsg+0x10/0x10
[  709.241473][T14817]  ? aa_sock_msg_perm+0x94/0x160
[  709.241497][T14817]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  709.241519][T14817]  ? __pfx_netlink_sendmsg+0x10/0x10
[  709.241549][T14817]  __sock_sendmsg+0x219/0x270
[  709.241577][T14817]  ____sys_sendmsg+0x505/0x830
[  709.241602][T14817]  ? __pfx_____sys_sendmsg+0x10/0x10
[  709.241631][T14817]  ? import_iovec+0x74/0xa0
[  709.241664][T14817]  ___sys_sendmsg+0x21f/0x2a0
[  709.241684][T14817]  ? __pfx____sys_sendmsg+0x10/0x10
[  709.241750][T14817]  ? __fget_files+0x2a/0x420
[  709.241768][T14817]  ? __fget_files+0x3a0/0x420
[  709.241798][T14817]  __x64_sys_sendmsg+0x19b/0x260
[  709.241821][T14817]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  709.241852][T14817]  ? __pfx_ksys_write+0x10/0x10
[  709.241877][T14817]  ? rcu_is_watching+0x15/0xb0
[  709.241905][T14817]  ? do_syscall_64+0xbe/0x3b0
[  709.241934][T14817]  do_syscall_64+0xfa/0x3b0
[  709.241960][T14817]  ? lockdep_hardirqs_on+0x9c/0x150
[  709.241983][T14817]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  709.242003][T14817]  ? clear_bhb_loop+0x60/0xb0
[  709.242029][T14817]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  709.242049][T14817] RIP: 0033:0x7f093678e9a9
[  709.242068][T14817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  709.242086][T14817] RSP: 002b:00007f09375e4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  709.242108][T14817] RAX: ffffffffffffffda RBX: 00007f09369b5fa0 RCX: 00007f093678e9a9
[  709.242123][T14817] RDX: 00000000040c0080 RSI: 00002000000002c0 RDI: 0000000000000003
[  709.242136][T14817] RBP: 00007f09375e4090 R08: 0000000000000000 R09: 0000000000000000
[  709.242149][T14817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  709.242160][T14817] R13: 0000000000000000 R14: 00007f09369b5fa0 R15: 00007f0936adfa28
[  709.242191][T14817]  </TASK>
[  709.530819][    C1] vkms_vblank_simulate: vblank timer overrun
[  709.856832][T14824] kvm: user requested TSC rate below hardware speed
[  709.872974][T14832] program syz.4.2535 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  709.882996][T14824] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2856151591 (22849212728 ns) > initial count (5743301600 ns). Using initial count to start timer.
[  710.038401][T10105] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  710.339894][T10105] usb 3-1: device descriptor read/64, error -71
[  711.048746][T10105] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  711.226760][T10105] usb 3-1: device descriptor read/64, error -71
[  711.429291][T10105] usb usb3-port1: attempt power cycle
[  711.798606][T10105] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  711.846492][T10105] usb 3-1: device descriptor read/8, error -71
[  712.268469][T10105] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  712.307250][T10105] usb 3-1: device descriptor read/8, error -71
[  712.445680][T10105] usb usb3-port1: unable to enumerate USB device
[  712.841475][T14854] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2540'.
[  712.886309][T14854] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2540'.
[  713.517607][T14875] netlink: 65051 bytes leftover after parsing attributes in process `syz.0.2547'.
[  713.573170][T14878] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2548'.
[  714.628957][T10105] usb 2-1: new high-speed USB device number 83 using dummy_hcd
[  714.761135][T10105] usb 2-1: device descriptor read/64, error -71
[  715.077112][T10105] usb 2-1: new high-speed USB device number 84 using dummy_hcd
[  715.238388][T10105] usb 2-1: device descriptor read/64, error -71
[  715.348877][T10105] usb usb2-port1: attempt power cycle
[  715.688557][T10105] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[  715.709299][T10105] usb 2-1: device descriptor read/8, error -71
[  715.785976][T14901] x_tables: duplicate underflow at hook 1
[  715.960522][T10105] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  716.120718][T10105] usb 2-1: device descriptor read/8, error -71
[  716.230299][T10105] usb usb2-port1: unable to enumerate USB device
[  716.930362][   T30] kauditd_printk_skb: 179 callbacks suppressed
[  716.930383][   T30] audit: type=1326 audit(1753321080.137:2150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.028712][T10105] usb 1-1: new full-speed USB device number 90 using dummy_hcd
[  717.061650][   T30] audit: type=1326 audit(1753321080.167:2151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.087861][   T30] audit: type=1326 audit(1753321080.167:2152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.110796][   T30] audit: type=1326 audit(1753321080.167:2153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.144534][   T30] audit: type=1326 audit(1753321080.167:2154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.199926][   T30] audit: type=1326 audit(1753321080.167:2155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.227132][   T30] audit: type=1326 audit(1753321080.167:2156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.261117][   T30] audit: type=1326 audit(1753321080.167:2157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.311062][T14938] 8021q: VLANs not supported on caif0
[  717.352369][T14925] 8021q: VLANs not supported on caif0
[  717.363469][T14939] sit0: entered promiscuous mode
[  717.370374][T14939] netlink: 'syz.1.2566': attribute type 3 has an invalid length.
[  717.378583][T10105] usb 1-1: unable to get BOS descriptor or descriptor too short
[  717.389532][T14939] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2566'.
[  717.442398][T10105] usb 1-1: unable to read config index 0 descriptor/start: -71
[  717.452994][T10105] usb 1-1: can't read configurations, error -71
[  717.516577][   T30] audit: type=1326 audit(1753321080.187:2158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  717.664939][   T30] audit: type=1326 audit(1753321080.187:2159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14929 comm="syz.4.2565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb56b98e9a9 code=0x7ffc0000
[  718.967927][T14973] loop2: detected capacity change from 0 to 7
[  718.982673][ T6079] Dev loop2: unable to read RDB block 7
[  718.992394][ T6079]  loop2: AHDI p2 p3
[  718.996525][ T6079] loop2: partition table partially beyond EOD, truncated
[  719.020993][T14974] netlink: 'syz.0.2574': attribute type 4 has an invalid length.
[  719.029041][T14974] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2574'.
[  719.039540][ T6079] loop2: p3 start 335544320 is beyond EOD, truncated
[  719.063976][T14973] Dev loop2: unable to read RDB block 7
[  719.073842][T14973]  loop2: AHDI p2 p3
[  719.085686][T14973] loop2: partition table partially beyond EOD, truncated
[  719.098464][T10105] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  719.120125][T14974] openvswitch: : Dropping previously announced user features
[  719.157253][T14973] loop2: p3 start 335544320 is beyond EOD, truncated
[  719.261317][T10105] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  719.274502][T10105] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.317671][T10105] usb 5-1: config 0 descriptor??
[  719.757341][T10105] usb 5-1: Cannot read MAC address
[  719.768669][T10105] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61
[  719.826210][T14989] input: syz1 as /devices/virtual/input/input37
[  719.974373][T14995] sit0: left promiscuous mode
[  719.991929][T14995] veth1_vlan: left allmulticast mode
[  720.363005][T15007] program syz.1.2585 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  721.269663][T15018] tipc: Enabling of bearer <eth:s> rejected, failed to enable media
[  721.478856][T15026] Cannot find del_set index 286 as target
[  721.915932][T10098] usb 5-1: USB disconnect, device number 102
[  721.918558][T10105] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  722.168197][T10105] usb 3-1: device descriptor read/64, error -71
[  722.450814][T10105] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  722.620059][T10105] usb 3-1: device descriptor read/64, error -71
[  722.729069][T10105] usb usb3-port1: attempt power cycle
[  723.238590][T10105] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  723.259479][T10105] usb 3-1: device descriptor read/8, error -71
[  723.620362][T10105] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  723.648947][T10105] usb 3-1: device descriptor read/8, error -71
[  723.948515][T10105] usb usb3-port1: unable to enumerate USB device
[  725.228614][T10098] usb 5-1: new full-speed USB device number 103 using dummy_hcd
[  725.460130][T10098] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  725.472767][T10098] usb 5-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00
[  725.492214][T10098] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.713138][T10098] usb 5-1: config 0 descriptor??
[  725.808982][T10107] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[  726.038772][T10105] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  726.138369][T10107] usb 2-1: device descriptor read/64, error -71
[  726.408412][T10107] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  726.478465][T10105] usb 4-1: Using ep0 maxpacket: 32
[  726.518467][T10105] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  726.534173][T10105] usb 4-1: config 0 has no interface number 0
[  726.567009][T10105] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  726.589432][T10105] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.611412][T10105] usb 4-1: Product: syz
[  726.615707][T10105] usb 4-1: Manufacturer: syz
[  726.635592][T10105] usb 4-1: SerialNumber: syz
[  726.722966][T10107] usb 2-1: device descriptor read/64, error -71
[  726.779197][T10105] usb 4-1: config 0 descriptor??
[  726.827960][T10105] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  726.839857][T10107] usb usb2-port1: attempt power cycle
[  726.854326][T10098] usbhid 5-1:0.0: can't add hid device: -71
[  726.867291][T10098] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  726.897584][T10098] usb 5-1: USB disconnect, device number 103
[  727.036489][T10105] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  727.083868][T15095] netlink: 'syz.2.2615': attribute type 1 has an invalid length.
[  727.094598][T15095] netlink: 'syz.2.2615': attribute type 2 has an invalid length.
[  727.095130][T10105] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  727.188504][T10107] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[  727.278683][T10107] usb 2-1: device descriptor read/8, error -71
[  727.294198][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short
[  727.398548][T10098] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  727.518612][T10107] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[  727.559476][T10107] usb 2-1: device descriptor read/8, error -71
[  727.597687][T10098] usb 3-1: Using ep0 maxpacket: 8
[  727.615661][T10098] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  727.628433][T10098] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  727.657628][T10098] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  727.685043][T10098] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  727.695302][T10098] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  727.714814][T10098] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  727.724250][T10098] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.857475][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  727.858404][T10069] usb 4-1: USB disconnect, device number 82
[  727.898770][T10069] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  727.916233][T10107] usb usb2-port1: unable to enumerate USB device
[  727.934172][T10069] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  727.961367][T10069] quatech2 4-1:0.51: device disconnected
[  727.975127][T10098] usb 3-1: GET_CAPABILITIES returned 0
[  727.984484][T10098] usbtmc 3-1:16.0: can't read capabilities
[  728.745312][T15126] dlm: no locking on control device
[  728.802494][T15126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2625'.
[  729.382560][   T30] kauditd_printk_skb: 92 callbacks suppressed
[  729.382580][   T30] audit: type=1326 audit(1753321092.577:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  729.446013][   T30] audit: type=1326 audit(1753321092.577:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  729.602920][   T30] audit: type=1326 audit(1753321092.577:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  729.603013][T15139] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2630'.
[  729.673300][   T30] audit: type=1326 audit(1753321092.577:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  729.964262][T15139] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2630'.
[  730.063097][   T30] audit: type=1326 audit(1753321092.577:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  730.105886][   T30] audit: type=1326 audit(1753321092.577:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f502678d310 code=0x7ffc0000
[  730.159464][   T30] audit: type=1326 audit(1753321092.577:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  730.238541][   T30] audit: type=1326 audit(1753321092.577:2259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  730.261967][T10069] usb 3-1: USB disconnect, device number 88
[  730.273041][   T30] audit: type=1326 audit(1753321092.577:2260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  730.300999][   T30] audit: type=1326 audit(1753321092.577:2261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15130 comm="syz.0.2628" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f502678e9a9 code=0x7ffc0000
[  732.466396][T15171] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2637'.
[  732.761392][T15169] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2636'.
[  732.818383][T10069] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  732.988358][T10069] usb 3-1: Using ep0 maxpacket: 32
[  733.017694][T10069] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  733.035119][T10069] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  733.049126][T10069] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  733.143102][T10069] usb 3-1: Product: syz
[  733.190465][T10069] usb 3-1: Manufacturer: syz
[  733.241536][T15173] netlink: set zone limit has 8 unknown bytes
[  733.248921][T10069] usb 3-1: SerialNumber: syz
[  733.289012][T10069] usb 3-1: config 0 descriptor??
[  733.309325][T15167] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  733.339309][T10069] hub 3-1:0.0: bad descriptor, ignoring hub
[  733.369771][T10069] hub 3-1:0.0: probe with driver hub failed with error -5
[  733.465742][T15175] netlink: set zone limit has 8 unknown bytes
[  733.498736][T15175] FAULT_INJECTION: forcing a failure.
[  733.498736][T15175] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  733.598727][T15175] CPU: 0 UID: 0 PID: 15175 Comm: syz.0.2642 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  733.598752][T15175] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  733.598763][T15175] Call Trace:
[  733.598770][T15175]  <TASK>
[  733.598777][T15175]  dump_stack_lvl+0x189/0x250
[  733.598801][T15175]  ? __pfx____ratelimit+0x10/0x10
[  733.598819][T15175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  733.598837][T15175]  ? __pfx__printk+0x10/0x10
[  733.598867][T15175]  should_fail_ex+0x414/0x560
[  733.598887][T15175]  _copy_to_user+0x31/0xb0
[  733.598915][T15175]  simple_read_from_buffer+0xe1/0x170
[  733.598941][T15175]  proc_fail_nth_read+0x1df/0x250
[  733.598958][T15175]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  733.598976][T15175]  ? rw_verify_area+0x258/0x650
[  733.598995][T15175]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  733.599010][T15175]  vfs_read+0x200/0x980
[  733.599034][T15175]  ? __pfx___mutex_lock+0x10/0x10
[  733.599052][T15175]  ? __pfx_vfs_read+0x10/0x10
[  733.599072][T15175]  ? __fget_files+0x2a/0x420
[  733.599089][T15175]  ? __fget_files+0x3a0/0x420
[  733.599101][T15175]  ? __fget_files+0x2a/0x420
[  733.599121][T15175]  ksys_read+0x145/0x250
[  733.599142][T15175]  ? __pfx_ksys_read+0x10/0x10
[  733.599159][T15175]  ? rcu_is_watching+0x15/0xb0
[  733.599181][T15175]  ? do_syscall_64+0xbe/0x3b0
[  733.599202][T15175]  do_syscall_64+0xfa/0x3b0
[  733.599218][T15175]  ? lockdep_hardirqs_on+0x9c/0x150
[  733.599235][T15175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.599250][T15175]  ? clear_bhb_loop+0x60/0xb0
[  733.599268][T15175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  733.599290][T15175] RIP: 0033:0x7f502678d3bc
[  733.599304][T15175] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  733.599318][T15175] RSP: 002b:00007f5027563030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  733.599335][T15175] RAX: ffffffffffffffda RBX: 00007f50269b5fa0 RCX: 00007f502678d3bc
[  733.599346][T15175] RDX: 000000000000000f RSI: 00007f50275630a0 RDI: 0000000000000004
[  733.599356][T15175] RBP: 00007f5027563090 R08: 0000000000000000 R09: 0000000000000000
[  733.599365][T15175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  733.599375][T15175] R13: 0000000000000000 R14: 00007f50269b5fa0 R15: 00007f5026adfa28
[  733.599397][T15175]  </TASK>
[  734.458548][T10107] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  734.623835][T10107] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  734.636937][T10107] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  734.647191][T10107] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  734.660022][T10107] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.824592][ T5936] usb 2-1: new full-speed USB device number 91 using dummy_hcd
[  735.137454][ T5936] usb 2-1: device descriptor read/64, error -71
[  735.320530][T15204] FAULT_INJECTION: forcing a failure.
[  735.320530][T15204] name failslab, interval 1, probability 0, space 0, times 0
[  735.346732][T15204] CPU: 1 UID: 0 PID: 15204 Comm: syz.3.2651 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  735.346763][T15204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  735.346777][T15204] Call Trace:
[  735.346786][T15204]  <TASK>
[  735.346796][T15204]  dump_stack_lvl+0x189/0x250
[  735.346827][T15204]  ? __pfx____ratelimit+0x10/0x10
[  735.346851][T15204]  ? __pfx_dump_stack_lvl+0x10/0x10
[  735.346876][T15204]  ? __pfx__printk+0x10/0x10
[  735.346900][T15204]  ? rcu_is_watching+0x15/0xb0
[  735.346938][T15204]  should_fail_ex+0x414/0x560
[  735.346965][T15204]  should_failslab+0xa8/0x100
[  735.346997][T15204]  kmem_cache_alloc_noprof+0x73/0x3c0
[  735.347025][T15204]  ? skb_clone+0x212/0x3a0
[  735.347052][T15204]  skb_clone+0x212/0x3a0
[  735.347089][T15204]  __netlink_deliver_tap+0x404/0x850
[  735.347132][T15204]  ? netlink_deliver_tap+0x2e/0x1b0
[  735.347162][T15204]  netlink_deliver_tap+0x19c/0x1b0
[  735.347192][T15204]  netlink_dump+0x91c/0xe60
[  735.347232][T15204]  ? __pfx_netlink_dump+0x10/0x10
[  735.347276][T15204]  ? kmem_cache_free+0x18f/0x400
[  735.347310][T15204]  netlink_recvmsg+0x676/0xa30
[  735.347362][T15204]  ? __pfx_netlink_recvmsg+0x10/0x10
[  735.347394][T15204]  ? __lock_acquire+0xab9/0xd20
[  735.347414][T15204]  ? aa_sock_msg_perm+0x94/0x160
[  735.347439][T15204]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  735.347461][T15204]  ? security_socket_recvmsg+0x7e/0x2e0
[  735.347490][T15204]  ? __pfx_netlink_recvmsg+0x10/0x10
[  735.347519][T15204]  sock_recvmsg+0x229/0x270
[  735.347549][T15204]  ____sys_recvmsg+0x1c9/0x460
[  735.347579][T15204]  ? __pfx_____sys_recvmsg+0x10/0x10
[  735.347616][T15204]  ? import_iovec+0x74/0xa0
[  735.347649][T15204]  ___sys_recvmsg+0x1b5/0x510
[  735.347676][T15204]  ? __pfx____sys_recvmsg+0x10/0x10
[  735.347723][T15204]  ? __fget_files+0x3a0/0x420
[  735.347752][T15204]  do_recvmmsg+0x307/0x770
[  735.347782][T15204]  ? __pfx_do_recvmmsg+0x10/0x10
[  735.347814][T15204]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  735.347857][T15204]  __x64_sys_recvmmsg+0x190/0x240
[  735.347882][T15204]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  735.347901][T15204]  ? rcu_is_watching+0x15/0xb0
[  735.347930][T15204]  ? do_syscall_64+0xbe/0x3b0
[  735.347958][T15204]  do_syscall_64+0xfa/0x3b0
[  735.347980][T15204]  ? lockdep_hardirqs_on+0x9c/0x150
[  735.348002][T15204]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.348022][T15204]  ? clear_bhb_loop+0x60/0xb0
[  735.348047][T15204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.348074][T15204] RIP: 0033:0x7fea8498e9a9
[  735.348093][T15204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  735.348110][T15204] RSP: 002b:00007fea857f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  735.348133][T15204] RAX: ffffffffffffffda RBX: 00007fea84bb5fa0 RCX: 00007fea8498e9a9
[  735.348148][T15204] RDX: 0000000000000008 RSI: 0000200000002c00 RDI: 0000000000000003
[  735.348160][T15204] RBP: 00007fea857f9090 R08: 0000000000000000 R09: 0000000000000000
[  735.348173][T15204] R10: 0000000040010020 R11: 0000000000000246 R12: 0000000000000001
[  735.348186][T15204] R13: 0000000000000000 R14: 00007fea84bb5fa0 R15: 00007fea84cdfa28
[  735.348235][T15204]  </TASK>
[  735.718426][ T5936] usb 2-1: new full-speed USB device number 92 using dummy_hcd
[  735.858480][ T5936] usb 2-1: device descriptor read/64, error -71
[  735.968735][ T5936] usb usb2-port1: attempt power cycle
[  736.318583][T10069] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  736.318583][ T5936] usb 2-1: new full-speed USB device number 93 using dummy_hcd
[  736.345157][ T5936] usb 2-1: device descriptor read/8, error -71
[  736.478377][T10069] usb 4-1: Using ep0 maxpacket: 16
[  736.485661][T10069] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has an invalid bInterval 0, changing to 7
[  736.496834][T10069] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0
[  736.508802][T10069] usb 4-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82
[  736.520785][T10069] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.529003][T10069] usb 4-1: Product: syz
[  736.533456][T10069] usb 4-1: Manufacturer: syz
[  736.538191][T10069] usb 4-1: SerialNumber: syz
[  736.545985][T10069] usb 4-1: config 0 descriptor??
[  736.557585][T10069] kobil_sct 4-1:0.0: KOBIL USB smart card terminal converter detected
[  736.569584][T10069] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  736.588881][ T5936] usb 2-1: new full-speed USB device number 94 using dummy_hcd
[  736.622217][ T5936] usb 2-1: device descriptor read/8, error -71
[  736.738893][ T5936] usb usb2-port1: unable to enumerate USB device
[  736.757176][ T5936] usb 4-1: USB disconnect, device number 83
[  736.767349][ T5936] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  736.782761][ T5936] kobil_sct 4-1:0.0: device disconnected
[  737.164454][T10069] usb 1-1: USB disconnect, device number 92
[  737.190539][T15186] delete_channel: no stack
[  737.529611][T15218] FAULT_INJECTION: forcing a failure.
[  737.529611][T15218] name failslab, interval 1, probability 0, space 0, times 0
[  737.571494][T15218] CPU: 1 UID: 0 PID: 15218 Comm: syz.3.2657 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  737.571526][T15218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  737.571540][T15218] Call Trace:
[  737.571549][T15218]  <TASK>
[  737.571559][T15218]  dump_stack_lvl+0x189/0x250
[  737.571590][T15218]  ? __pfx____ratelimit+0x10/0x10
[  737.571614][T15218]  ? __pfx_dump_stack_lvl+0x10/0x10
[  737.571639][T15218]  ? __pfx__printk+0x10/0x10
[  737.571674][T15218]  ? __pfx___might_resched+0x10/0x10
[  737.571704][T15218]  should_fail_ex+0x414/0x560
[  737.571733][T15218]  should_failslab+0xa8/0x100
[  737.571766][T15218]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  737.571796][T15218]  ? __alloc_skb+0x112/0x2d0
[  737.571831][T15218]  __alloc_skb+0x112/0x2d0
[  737.571866][T15218]  netlink_dump+0x1b1/0xe60
[  737.571909][T15218]  ? __pfx_netlink_dump+0x10/0x10
[  737.571952][T15218]  ? genl_start+0x499/0x6c0
[  737.571984][T15218]  __netlink_dump_start+0x5cb/0x7e0
[  737.572047][T15218]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  737.572077][T15218]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  737.572099][T15218]  ? genl_get_cmd+0x67f/0x910
[  737.572122][T15218]  ? __pfx___mutex_lock+0x10/0x10
[  737.572154][T15218]  ? __pfx_genl_start+0x10/0x10
[  737.572174][T15218]  ? __pfx_genl_dumpit+0x10/0x10
[  737.572194][T15218]  ? __pfx_genl_done+0x10/0x10
[  737.572233][T15218]  genl_rcv_msg+0x5da/0x790
[  737.572264][T15218]  ? __pfx_genl_rcv_msg+0x10/0x10
[  737.572285][T15218]  ? ref_tracker_free+0x63a/0x7d0
[  737.572307][T15218]  ? __pfx_tipc_nl_node_dump_link+0x10/0x10
[  737.572337][T15218]  ? __pfx_ref_tracker_free+0x10/0x10
[  737.572372][T15218]  netlink_rcv_skb+0x205/0x470
[  737.572403][T15218]  ? __pfx_genl_rcv_msg+0x10/0x10
[  737.572427][T15218]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  737.572476][T15218]  ? down_read+0x1ad/0x2e0
[  737.572505][T15218]  genl_rcv+0x28/0x40
[  737.572524][T15218]  netlink_unicast+0x759/0x8e0
[  737.572564][T15218]  netlink_sendmsg+0x805/0xb30
[  737.572604][T15218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  737.572639][T15218]  ? aa_sock_msg_perm+0x94/0x160
[  737.572665][T15218]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  737.572687][T15218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  737.572718][T15218]  __sock_sendmsg+0x219/0x270
[  737.572748][T15218]  ____sys_sendmsg+0x505/0x830
[  737.572774][T15218]  ? __pfx_____sys_sendmsg+0x10/0x10
[  737.572805][T15218]  ? import_iovec+0x74/0xa0
[  737.572839][T15218]  ___sys_sendmsg+0x21f/0x2a0
[  737.572861][T15218]  ? __pfx____sys_sendmsg+0x10/0x10
[  737.572921][T15218]  ? __fget_files+0x2a/0x420
[  737.572940][T15218]  ? __fget_files+0x3a0/0x420
[  737.572971][T15218]  __x64_sys_sendmsg+0x19b/0x260
[  737.572995][T15218]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  737.573026][T15218]  ? __pfx_ksys_write+0x10/0x10
[  737.573051][T15218]  ? rcu_is_watching+0x15/0xb0
[  737.573083][T15218]  ? do_syscall_64+0xbe/0x3b0
[  737.573112][T15218]  do_syscall_64+0xfa/0x3b0
[  737.573146][T15218]  ? lockdep_hardirqs_on+0x9c/0x150
[  737.573169][T15218]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.573189][T15218]  ? clear_bhb_loop+0x60/0xb0
[  737.573215][T15218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.573236][T15218] RIP: 0033:0x7fea8498e9a9
[  737.573255][T15218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  737.573274][T15218] RSP: 002b:00007fea857f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  737.573297][T15218] RAX: ffffffffffffffda RBX: 00007fea84bb5fa0 RCX: 00007fea8498e9a9
[  737.573312][T15218] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[  737.573326][T15218] RBP: 00007fea857f9090 R08: 0000000000000000 R09: 0000000000000000
[  737.573339][T15218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  737.573351][T15218] R13: 0000000000000000 R14: 00007fea84bb5fa0 R15: 00007fea84cdfa28
[  737.573384][T15218]  </TASK>
[  738.079732][ T5936] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  738.126236][T10105] usb 3-1: USB disconnect, device number 89
[  738.250443][ T5936] usb 1-1: Using ep0 maxpacket: 32
[  738.263134][ T5936] usb 1-1: config 0 interface 0 has no altsetting 0
[  738.274627][ T5936] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  738.287919][ T5936] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.306658][ T5936] usb 1-1: Product: syz
[  738.395030][ T5936] usb 1-1: Manufacturer: syz
[  738.400046][ T5936] usb 1-1: SerialNumber: syz
[  738.566729][T15232] usb usb8: usbfs: process 15232 (syz.2.2661) did not claim interface 0 before use
[  738.585049][ T5936] usb 1-1: config 0 descriptor??
[  738.625960][T15236] fuse: Bad value for 'group_id'
[  738.631762][T15236] fuse: Bad value for 'group_id'
[  739.002287][ T5936] gs_usb 1-1:0.0: Configuring for 1 interfaces
[  739.262563][T15217] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2656'.
[  739.319858][T15217] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2656'.
[  739.429770][ T5936] gs_usb 1-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO)
[  739.454803][ T5936] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71
[  739.593092][ T5936] usb 1-1: USB disconnect, device number 93
[  739.728447][T10069] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  740.085334][T10069] usb 3-1: Using ep0 maxpacket: 16
[  740.356629][   T30] kauditd_printk_skb: 18 callbacks suppressed
[  740.356645][   T30] audit: type=1326 audit(1753321103.187:2280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  740.480971][T10069] usb 3-1: config 0 has an invalid interface number: 68 but max is 0
[  740.571701][T10069] usb 3-1: config 0 has no interface number 0
[  740.610639][T10069] usb 3-1: config 0 interface 68 altsetting 0 endpoint 0x81 has invalid maxpacket 32258, setting to 64
[  740.622005][   T30] audit: type=1326 audit(1753321103.187:2281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  740.668708][   T30] audit: type=1326 audit(1753321103.197:2282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  740.691343][T10069] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  740.691375][T10069] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.691396][T10069] usb 3-1: Product: syz
[  740.691412][T10069] usb 3-1: Manufacturer: syz
[  740.691427][T10069] usb 3-1: SerialNumber: syz
[  740.725461][T10069] usb 3-1: config 0 descriptor??
[  740.761570][T10069] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  741.065429][T11969] usb 3-1: Failed to submit usb control message: -71
[  741.106526][   T30] audit: type=1326 audit(1753321103.197:2283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  741.108915][T10069] usb 3-1: USB disconnect, device number 90
[  741.148462][T11969] usb 3-1: unable to send the bmi data to the device: -71
[  741.226803][T11969] usb 3-1: unable to get target info from device
[  741.264994][T11969] usb 3-1: could not get target info (-71)
[  741.279087][T11969] usb 3-1: could not probe fw (-71)
[  741.317217][   T30] audit: type=1326 audit(1753321103.197:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  741.362228][   T30] audit: type=1326 audit(1753321103.197:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  741.579179][T10105] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[  741.598864][   T30] audit: type=1326 audit(1753321103.197:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  741.694345][   T30] audit: type=1326 audit(1753321103.197:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  741.759508][T10105] usb 2-1: Using ep0 maxpacket: 32
[  741.768497][T10105] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  741.807562][T10105] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  741.849209][T10105] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  741.850059][   T30] audit: type=1326 audit(1753321103.207:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  741.915125][T10105] usb 2-1: Product: syz
[  741.938657][T10105] usb 2-1: Manufacturer: syz
[  741.964614][T10105] usb 2-1: SerialNumber: syz
[  741.997683][T10105] usb 2-1: config 0 descriptor??
[  742.006581][   T30] audit: type=1326 audit(1753321103.207:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15254 comm="syz.3.2668" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  742.037815][T15271] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  742.065875][T10105] hub 2-1:0.0: bad descriptor, ignoring hub
[  742.095193][T10105] hub 2-1:0.0: probe with driver hub failed with error -5
[  742.810449][T15290] vlan0: entered promiscuous mode
[  742.815928][T15290] bridge0: entered promiscuous mode
[  742.988523][T10069] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  743.156425][T10105] usb 2-1: USB disconnect, device number 95
[  743.190700][T10069] usb 5-1: config 0 has no interfaces?
[  743.338120][T10069] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  743.394031][T10069] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.405455][T10069] usb 5-1: Product: syz
[  743.410819][T10069] usb 5-1: Manufacturer: syz
[  743.415705][T10069] usb 5-1: SerialNumber: syz
[  743.492902][T10069] usb 5-1: config 0 descriptor??
[  743.518694][T15294] netlink: 'syz.3.2678': attribute type 10 has an invalid length.
[  743.526558][T15294] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2678'.
[  743.613753][T15296] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2677'.
[  743.659531][T15296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2677'.
[  743.668893][T15296] chnl_net:caif_netlink_parms(): no params data found
[  743.789772][T15288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  743.804790][T15288] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  744.034612][T15305] sg_write: data in/out 8388572/14 bytes for SCSI command 0x0-- guessing data in;
[  744.034612][T15305]    program syz.3.2680 not setting count and/or reply_len properly
[  744.148624][T10069] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  744.215189][T15308] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2682'.
[  744.344267][T10069] usb 3-1: config index 0 descriptor too short (expected 8192, got 77)
[  744.380874][T10069] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  744.398446][T10069] usb 3-1: config 0 has no interfaces?
[  744.407544][T10069] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  744.418024][T10069] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  744.426428][T10069] usb 3-1: Product: syz
[  744.431125][T10069] usb 3-1: Manufacturer: syz
[  744.435925][T10069] usb 3-1: SerialNumber: syz
[  744.515021][T10069] usb 3-1: config 0 descriptor??
[  746.687103][T10069] usb 3-1: USB disconnect, device number 91
[  746.724704][T10105] usb 5-1: USB disconnect, device number 104
[  746.952851][   T30] kauditd_printk_skb: 112 callbacks suppressed
[  746.952875][   T30] audit: type=1326 audit(1753321110.127:2402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.032153][   T30] audit: type=1326 audit(1753321110.127:2403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.128092][   T30] audit: type=1326 audit(1753321110.127:2404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.145344][    C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  747.173416][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  747.180358][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  747.202311][T15350] macvlan0: left allmulticast mode
[  747.228451][   T30] audit: type=1326 audit(1753321110.127:2405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.258687][T15350] netlink: 'syz.4.2696': attribute type 2 has an invalid length.
[  747.344591][   T30] audit: type=1326 audit(1753321110.127:2406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.432936][   T30] audit: type=1326 audit(1753321110.127:2407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.572874][   T30] audit: type=1326 audit(1753321110.127:2408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.595724][   T30] audit: type=1326 audit(1753321110.267:2409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.694942][   T30] audit: type=1326 audit(1753321110.267:2410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  747.767464][   T30] audit: type=1326 audit(1753321110.287:2411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15336 comm="syz.3.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea8498e9a9 code=0x7ffc0000
[  748.458756][T10069] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  748.568366][ T5936] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  748.688477][T10069] usb 5-1: Using ep0 maxpacket: 32
[  748.706134][T10069] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  748.746590][T10069] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  748.787579][T10069] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  748.821477][ T5936] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  748.834959][ T5936] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  748.846059][ T5936] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  748.908311][T10069] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.949577][T10069] usb 5-1: config 0 descriptor??
[  748.990025][ T5936] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.019393][T10069] hub 5-1:0.0: USB hub found
[  749.140671][T15374] Cannot find add_set index 65534 as target
[  749.160723][T10069] hub 5-1:0.0: 26 ports detected
[  749.166288][T10069] hub 5-1:0.0: insufficient power available to use all downstream ports
[  749.618378][T10098] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[  749.816372][T10098] usb 2-1: Using ep0 maxpacket: 8
[  749.829001][T10098] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  749.844326][T10098] usb 2-1: config 0 has no interfaces?
[  749.855900][T10098] usb 2-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  749.889650][T10098] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.981489][T10098] usb 2-1: config 0 descriptor??
[  750.038520][   T24] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  750.284824][T15378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  750.317723][   T24] usb 4-1: Using ep0 maxpacket: 16
[  750.330705][T15378] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  750.331240][T10069] hub 5-1:0.0: hub_hub_status failed (err = -32)
[  750.657382][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  750.697778][T10069] hub 5-1:0.0: config failed, can't get hub status (err -32)
[  750.715489][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  751.210036][T10069] usbhid 5-1:0.0: can't add hid device: -32
[  751.219394][   T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  751.240339][T10069] usbhid 5-1:0.0: probe with driver usbhid failed with error -32
[  751.280147][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  751.319336][T10069] usb 5-1: USB disconnect, device number 105
[  751.341809][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  751.354107][   T24] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  751.363511][   T24] usb 4-1: Manufacturer: syz
[  751.433603][   T24] usb 4-1: config 0 descriptor??
[  751.487753][T10105] usb 2-1: USB disconnect, device number 96
[  752.517951][T15366] delete_channel: no stack
[  752.551087][T10105] usb 1-1: USB disconnect, device number 94
[  752.696745][   T30] kauditd_printk_skb: 72 callbacks suppressed
[  752.696765][   T30] audit: type=1326 audit(1753321115.897:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  752.837686][   T30] audit: type=1326 audit(1753321115.897:2485): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  752.868831][   T30] audit: type=1326 audit(1753321115.937:2486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  752.893124][   T30] audit: type=1326 audit(1753321115.937:2487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  752.956555][   T30] audit: type=1326 audit(1753321115.937:2488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  753.058943][T10105] usb 4-1: USB disconnect, device number 84
[  753.073963][   T30] audit: type=1326 audit(1753321115.937:2489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  753.140228][T15410] netlink: 'syz.4.2714': attribute type 13 has an invalid length.
[  753.154579][T15410] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2714'.
[  753.221600][   T30] audit: type=1326 audit(1753321115.937:2490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  753.262895][   T30] audit: type=1326 audit(1753321115.937:2491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  753.313439][   T30] audit: type=1326 audit(1753321115.937:2492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  753.413925][   T30] audit: type=1326 audit(1753321115.997:2493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15395 comm="syz.1.2712" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f093678e9a9 code=0x7ffc0000
[  754.329074][T15431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2722'.
[  755.301125][T15440] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2720'.
[  755.981282][T15447] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2725'.
[  756.024297][T15445] syz.4.2720 (15445): drop_caches: 2
[  757.228922][ T5936] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  757.290954][T10069] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  757.438583][ T5936] usb 5-1: device descriptor read/64, error -71
[  757.691873][ T5936] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  757.710451][   T30] kauditd_printk_skb: 94 callbacks suppressed
[  757.710465][   T30] audit: type=1326 audit(1753321120.917:2588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  757.728586][T10069] usb 1-1: Using ep0 maxpacket: 32
[  757.776346][T10069] usb 1-1: config 0 has an invalid interface number: 68 but max is 0
[  757.785133][T10069] usb 1-1: config 0 has no interface number 0
[  757.798581][T10069] usb 1-1: config 0 interface 68 altsetting 128 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  757.855507][T10069] usb 1-1: config 0 interface 68 altsetting 128 endpoint 0xF has invalid maxpacket 512, setting to 64
[  757.864333][   T30] audit: type=1326 audit(1753321120.947:2589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  757.889318][ T5936] usb 5-1: device descriptor read/64, error -71
[  757.905351][T10069] usb 1-1: config 0 interface 68 altsetting 128 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  757.931237][   T30] audit: type=1326 audit(1753321120.947:2590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  757.968938][T10069] usb 1-1: config 0 interface 68 has no altsetting 0
[  758.004991][T10069] usb 1-1: New USB device found, idVendor=0711, idProduct=0901, bcdDevice=a8.06
[  758.016377][T10069] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.025082][ T5936] usb usb5-port1: attempt power cycle
[  758.055400][T10069] usb 1-1: Product: syz
[  758.061467][T10069] usb 1-1: Manufacturer: syz
[  758.083358][T10069] usb 1-1: SerialNumber: syz
[  758.130341][T10069] usb 1-1: config 0 descriptor??
[  758.164734][   T30] audit: type=1326 audit(1753321121.027:2591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  758.207968][   T30] audit: type=1326 audit(1753321121.247:2592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  758.290886][   T30] audit: type=1326 audit(1753321121.267:2593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  758.333976][   T30] audit: type=1326 audit(1753321121.267:2594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  758.364705][   T30] audit: type=1326 audit(1753321121.347:2595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  758.405435][T10069] sisusb 1-1:0.68: Invalid USB2VGA device
[  758.410001][ T5936] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  758.417682][T10069] sisusb 1-1:0.68: probe with driver sisusb failed with error -22
[  758.443571][T10069] usb 1-1: USB disconnect, device number 95
[  758.503580][ T5936] usb 5-1: device descriptor read/8, error -71
[  758.727193][   T30] audit: type=1326 audit(1753321121.347:2596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  758.789347][   T30] audit: type=1326 audit(1753321121.567:2597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.4.2727" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb56b98e5ab code=0x7ffc0000
[  758.842161][ T5936] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  758.910674][ T5936] usb 5-1: device descriptor read/8, error -71
[  759.039532][ T5936] usb usb5-port1: unable to enumerate USB device
[  759.274989][T15477] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2731'.
[  760.944030][T15505] netlink: 'syz.1.2737': attribute type 10 has an invalid length.
[  761.113757][T15507] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2738'.
[  761.216384][T15511] Cannot find del_set index 286 as target
[  761.934580][T15523] Invalid logical block size (8255)
[  762.553139][ T5936] IPVS: starting estimator thread 0...
[  762.648565][T15540] IPVS: using max 36 ests per chain, 86400 per kthread
[  763.829024][T15558] netlink: 84 bytes leftover after parsing attributes in process `syz.3.2755'.
[  764.385855][T15562] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2757'.
[  765.565726][T15582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2761'.
[  765.621196][T15582] bond0: option miimon: invalid value (18446744072166047744)
[  765.670033][T15582] bond0: option miimon: allowed values 0 - 2147483647
[  765.886086][T15596] loop6: detected capacity change from 0 to 1
[  765.887041][T15592] netlink: 'syz.0.2767': attribute type 10 has an invalid length.
[  765.905909][ T6079] Dev loop6: unable to read RDB block 1
[  765.911833][ T6079]  loop6: unable to read partition table
[  765.920554][ T6079] loop6: partition table beyond EOD, truncated
[  765.928405][T15596] Dev loop6: unable to read RDB block 1
[  765.934167][T10107] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[  765.941893][T15592] 8021q: adding VLAN 0 to HW filter on device team0
[  765.944735][T15592] bond0: (slave team0): Enslaving as an active interface with an up link
[  765.964833][T15596]  loop6: unable to read partition table
[  765.986216][T15596] loop6: partition table beyond EOD, truncated
[  765.986459][T15602] syzkaller1: entered promiscuous mode
[  765.996188][T15596] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  766.014605][T15602] syzkaller1: entered allmulticast mode
[  766.122875][T10107] usb 2-1: Using ep0 maxpacket: 16
[  766.134555][T10107] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  766.146094][T15607] FAULT_INJECTION: forcing a failure.
[  766.146094][T15607] name failslab, interval 1, probability 0, space 0, times 0
[  766.164174][T10107] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  766.173678][T15607] CPU: 1 UID: 0 PID: 15607 Comm: syz.0.2771 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  766.173716][T15607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  766.173733][T15607] Call Trace:
[  766.173743][T15607]  <TASK>
[  766.173755][T15607]  dump_stack_lvl+0x189/0x250
[  766.173792][T15607]  ? __pfx____ratelimit+0x10/0x10
[  766.173819][T15607]  ? __pfx_dump_stack_lvl+0x10/0x10
[  766.173848][T15607]  ? __pfx__printk+0x10/0x10
[  766.173885][T15607]  ? __pfx___might_resched+0x10/0x10
[  766.173919][T15607]  should_fail_ex+0x414/0x560
[  766.173950][T15607]  should_failslab+0xa8/0x100
[  766.173987][T15607]  kmem_cache_alloc_noprof+0x73/0x3c0
[  766.174019][T15607]  ? vm_area_alloc+0x24/0x140
[  766.174061][T15607]  vm_area_alloc+0x24/0x140
[  766.174097][T15607]  create_init_stack_vma+0x28/0x680
[  766.174131][T15607]  ? do_raw_spin_unlock+0x122/0x240
[  766.174169][T15607]  alloc_bprm+0x476/0x5b0
[  766.174205][T15607]  do_execveat_common+0x1b3/0x6a0
[  766.174251][T15607]  __x64_sys_execveat+0xc4/0xe0
[  766.174285][T15607]  do_syscall_64+0xfa/0x3b0
[  766.174312][T15607]  ? lockdep_hardirqs_on+0x9c/0x150
[  766.174337][T15607]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.174359][T15607]  ? clear_bhb_loop+0x60/0xb0
[  766.174387][T15607]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.174411][T15607] RIP: 0033:0x7f502678e9a9
[  766.174433][T15607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  766.174454][T15607] RSP: 002b:00007f5027542038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  766.174480][T15607] RAX: ffffffffffffffda RBX: 00007f50269b6080 RCX: 00007f502678e9a9
[  766.174496][T15607] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[  766.174513][T15607] RBP: 00007f5027542090 R08: 0000000000001000 R09: 0000000000000000
[  766.174539][T15607] R10: 0000200000004780 R11: 0000000000000246 R12: 0000000000000001
[  766.174554][T15607] R13: 0000000000000000 R14: 00007f50269b6080 R15: 00007f5026adfa28
[  766.174590][T15607]  </TASK>
[  766.695158][T10107] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  766.713844][T10107] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  766.742054][T10107] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  766.787201][T10107] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  766.801622][T10107] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  766.813736][T10107] usb 2-1: Manufacturer: syz
[  766.849023][T10107] usb 2-1: config 0 descriptor??
[  767.343884][T15622] i2c i2c-0: Invalid block read size 255
[  769.228382][T10107] rc_core: IR keymap rc-hauppauge not found
[  769.234558][T10107] Registered IR keymap rc-empty
[  769.258594][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.329570][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.359384][T10107] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  769.413175][T10107] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input38
[  769.446384][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.573217][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.608740][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.708468][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.749864][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.782356][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.808497][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.848504][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.878429][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.898473][T10107] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  769.926722][T10107] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  769.937612][T10107] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  770.025860][T10107] usb 2-1: USB disconnect, device number 97
[  770.345964][T15653] delete_channel: no stack
[  770.458439][T10107] usb 2-1: new low-speed USB device number 98 using dummy_hcd
[  770.484794][T15669] GUP no longer grows the stack in syz.3.2791 (15669): 200000004000-20000000a000 (200000001000)
[  770.525202][T15669] CPU: 0 UID: 0 PID: 15669 Comm: syz.3.2791 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  770.525234][T15669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  770.525249][T15669] Call Trace:
[  770.525259][T15669]  <TASK>
[  770.525269][T15669]  dump_stack_lvl+0x189/0x250
[  770.525305][T15669]  ? __pfx_dump_stack_lvl+0x10/0x10
[  770.525331][T15669]  ? __pfx__printk+0x10/0x10
[  770.525357][T15669]  ? find_vma+0xe7/0x160
[  770.525402][T15669]  __get_user_pages+0x2a60/0x30b0
[  770.525469][T15669]  ? __pfx___get_user_pages+0x10/0x10
[  770.525496][T15669]  ? __gup_longterm_locked+0xbf7/0x15b0
[  770.525524][T15669]  ? down_read_killable+0x1d1/0x350
[  770.525551][T15669]  ? try_get_folio+0x633/0x660
[  770.525585][T15669]  __gup_longterm_locked+0xd66/0x15b0
[  770.525618][T15669]  ? try_grab_folio_fast+0x1be/0x4f0
[  770.525659][T15669]  ? gup_fast_fallback+0x1afc/0x2260
[  770.525692][T15669]  gup_fast_fallback+0x1cd4/0x2260
[  770.525760][T15669]  ? __pfx_gup_fast_fallback+0x10/0x10
[  770.525786][T15669]  ? trace_contention_end+0x39/0x120
[  770.525816][T15669]  ? __mutex_lock+0x330/0xe80
[  770.525846][T15669]  ? is_valid_gup_args+0x11f/0x200
[  770.525877][T15669]  ? get_user_pages_fast+0x4d/0xb0
[  770.525907][T15669]  __iov_iter_get_pages_alloc+0x39a/0xb40
[  770.525948][T15669]  ? __pfx_pipe_clear_nowait+0x10/0x10
[  770.525968][T15669]  ? wait_for_space+0x24d/0x2d0
[  770.526015][T15669]  iov_iter_get_pages2+0x5e/0xa0
[  770.526047][T15669]  __se_sys_vmsplice+0x548/0x10d0
[  770.526105][T15669]  ? wake_up_q+0xca/0x110
[  770.526135][T15669]  ? __pfx___se_sys_vmsplice+0x10/0x10
[  770.526171][T15669]  ? __pfx_futex_wake+0x10/0x10
[  770.526212][T15669]  ? __mm_populate+0x308/0x380
[  770.526255][T15669]  ? vm_mmap_pgoff+0x3f0/0x4c0
[  770.526304][T15669]  ? rcu_is_watching+0x15/0xb0
[  770.526335][T15669]  ? do_syscall_64+0xbe/0x3b0
[  770.526365][T15669]  do_syscall_64+0xfa/0x3b0
[  770.526388][T15669]  ? lockdep_hardirqs_on+0x9c/0x150
[  770.526411][T15669]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.526432][T15669]  ? clear_bhb_loop+0x60/0xb0
[  770.526458][T15669]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  770.526479][T15669] RIP: 0033:0x7fea8498e9a9
[  770.526498][T15669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  770.526516][T15669] RSP: 002b:00007fea857d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000116
[  770.526538][T15669] RAX: ffffffffffffffda RBX: 00007fea84bb6080 RCX: 00007fea8498e9a9
[  770.526554][T15669] RDX: 0000000000000001 RSI: 0000200000000140 RDI: 0000000000000004
[  770.526567][T15669] RBP: 00007fea84a10d69 R08: 0000000000000000 R09: 0000000000000000
[  770.526580][T15669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  770.526592][T15669] R13: 0000000000000000 R14: 00007fea84bb6080 R15: 00007fea84cdfa28
[  770.526625][T15669]  </TASK>
[  770.931681][T10107] usb 2-1: unable to get BOS descriptor or descriptor too short
[  770.940917][T10107] usb 2-1: config 7 has an invalid interface number: 67 but max is 0
[  770.949204][T10107] usb 2-1: config 7 has no interface number 0
[  770.962351][T10107] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  770.971957][T10107] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  770.980886][T10107] usb 2-1: Product: 㯑
[  770.985223][T10107] usb 2-1: Manufacturer: ë–’
[  771.058399][   T24] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  771.248386][   T24] usb 4-1: Using ep0 maxpacket: 16
[  771.255696][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  771.298219][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  771.307583][T10107] usb 2-1: USB disconnect, device number 98
[  771.329655][   T24] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  771.344664][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  771.407340][   T24] usb 4-1: Product: syz
[  771.423708][   T24] usb 4-1: Manufacturer: syz
[  771.448437][   T24] usb 4-1: SerialNumber: syz
[  771.465531][   T24] usb 4-1: config 0 descriptor??
[  771.490451][   T24] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  771.657005][   T24] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  771.688541][ T5936] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  771.709395][T15678] binder: 15665:15678 ioctl c0306201 200000000640 returned -22
[  771.728589][T10105] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  771.821678][T10105] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  771.878484][ T5936] usb 3-1: Using ep0 maxpacket: 32
[  771.903010][ T5936] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  771.914168][ T5936] usb 3-1: config 0 has no interface number 0
[  771.924380][ T5936] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  771.940220][ T5936] usb 3-1: config 0 interface 85 has no altsetting 0
[  771.952179][ T5936] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  771.961200][T15682] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2795'.
[  771.964722][ T5936] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  772.008657][ T5936] usb 3-1: Product: syz
[  772.021869][ T5936] usb 3-1: Manufacturer: syz
[  772.031384][ T5936] usb 3-1: SerialNumber: syz
[  772.052473][ T5936] usb 3-1: config 0 descriptor??
[  772.103831][   T24] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  772.110758][   T24] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  772.119740][   T24] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  772.127474][   T24] em28xx 4-1:0.0: No AC97 audio processor
[  772.128767][T10105] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[  772.328487][T10105] usb 2-1: Using ep0 maxpacket: 16
[  772.346730][T10105] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  772.358559][T10105] usb 2-1: New USB device found, idVendor=05ac, idProduct=0254, bcdDevice= 0.00
[  772.368495][T10105] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.396430][T10105] usb 2-1: config 0 descriptor??
[  772.418363][   T24] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  772.485443][T15671] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2793'.
[  772.512546][ T5936] appletouch 3-1:0.85: Failed to request geyser raw mode
[  772.536173][ T5936] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  772.541254][T10069] usb 4-1: USB disconnect, device number 85
[  772.581238][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  772.593341][T10069] em28xx 4-1:0.0: Disconnecting em28xx
[  772.631254][   T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  772.645999][ T5936] usb 3-1: USB disconnect, device number 92
[  772.649917][T10069] em28xx 4-1:0.0: Freeing device
[  772.674670][   T24] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  772.690294][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.761473][   T24] usb 5-1: config 0 descriptor??
[  772.879413][T10105] apple 0003:05AC:0254.0020: hidraw0: USB HID v0.03 Device [HID 05ac:0254] on usb-dummy_hcd.1-1/input0
[  773.068467][T10098] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  773.204160][   T24] cm6533_jd 0003:0D8C:0022.0021: unknown main item tag 0x0
[  773.211978][T10098] usb 1-1: device descriptor read/64, error -71
[  773.219848][   T24] cm6533_jd 0003:0D8C:0022.0021: unknown main item tag 0x0
[  773.233314][   T24] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0021/input/input40
[  773.262872][   T24] cm6533_jd 0003:0D8C:0022.0021: input,hiddev0,hidraw1: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  773.458381][T10098] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[  773.497830][T10105] usb 5-1: USB disconnect, device number 110
[  773.698378][T10098] usb 1-1: device descriptor read/64, error -71
[  773.931112][T10098] usb usb1-port1: attempt power cycle
[  774.181444][T15704] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  774.188540][T15704] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  774.196123][T15704] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  774.204692][T15704] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  774.216028][T15704] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  774.388366][T10098] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  774.409410][T10098] usb 1-1: device descriptor read/8, error -71
[  774.658340][T10098] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[  774.689407][T10098] usb 1-1: device descriptor read/8, error -71
[  774.798792][T10098] usb usb1-port1: unable to enumerate USB device
[  774.932612][T10098] usb 2-1: USB disconnect, device number 99
[  775.862191][T12931] Bluetooth: hci1: command 0x0c1a tx timeout
[  776.114703][T15738] netlink: set zone limit has 8 unknown bytes
[  776.270146][ T5858] Bluetooth: hci3: command 0x0c1a tx timeout
[  776.278500][T12931] Bluetooth: hci0: command 0x0405 tx timeout
[  776.278622][ T5858] Bluetooth: hci4: command 0x0c1a tx timeout
[  776.286423][T12931] Bluetooth: hci2: command 0x0c1a tx timeout
[  776.375927][T15743] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  776.728468][T10105] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[  776.920524][T10105] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  776.941856][T10105] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  776.962146][T10105] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  776.975762][T10105] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  776.986114][T10105] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.000692][T10105] usb 1-1: config 0 descriptor??
[  777.117495][T10107] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[  777.292391][T15759] binder: 15734:15759 ioctl c0306201 200000000640 returned -22
[  777.302531][T10107] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  777.332574][T10107] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  777.346596][T10107] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  777.440947][T10105] plantronics 0003:047F:FFFF.0022: reserved main item tag 0xd
[  777.629990][T15746] FAULT_INJECTION: forcing a failure.
[  777.629990][T15746] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  777.858612][T15746] CPU: 1 UID: 0 PID: 15746 Comm: syz.0.2813 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  777.858645][T15746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  777.858659][T15746] Call Trace:
[  777.858669][T15746]  <TASK>
[  777.858680][T15746]  dump_stack_lvl+0x189/0x250
[  777.858712][T15746]  ? __pfx____ratelimit+0x10/0x10
[  777.858737][T15746]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.858774][T15746]  ? __pfx__printk+0x10/0x10
[  777.858815][T15746]  should_fail_ex+0x414/0x560
[  777.858851][T15746]  _copy_to_user+0x31/0xb0
[  777.858885][T15746]  simple_read_from_buffer+0xe1/0x170
[  777.858926][T15746]  proc_fail_nth_read+0x1df/0x250
[  777.858952][T15746]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  777.858977][T15746]  ? rw_verify_area+0x258/0x650
[  777.859004][T15746]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  777.859028][T15746]  vfs_read+0x200/0x980
[  777.859060][T15746]  ? __pfx___mutex_lock+0x10/0x10
[  777.859086][T15746]  ? __pfx_vfs_read+0x10/0x10
[  777.859115][T15746]  ? __fget_files+0x2a/0x420
[  777.859141][T15746]  ? __fget_files+0x3a0/0x420
[  777.859158][T15746]  ? __fget_files+0x2a/0x420
[  777.859185][T15746]  ksys_read+0x145/0x250
[  777.859208][T15746]  ? __fget_files+0x3a0/0x420
[  777.859228][T15746]  ? __pfx_ksys_read+0x10/0x10
[  777.859259][T15746]  ? do_syscall_64+0xbe/0x3b0
[  777.859286][T15746]  do_syscall_64+0xfa/0x3b0
[  777.859311][T15746]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.859331][T15746]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  777.859352][T15746]  ? clear_bhb_loop+0x60/0xb0
[  777.859377][T15746]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.859399][T15746] RIP: 0033:0x7f502678d3bc
[  777.859419][T15746] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  777.859432][T15746] RSP: 002b:00007f5027563030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  777.859460][T15746] RAX: ffffffffffffffda RBX: 00007f50269b5fa0 RCX: 00007f502678d3bc
[  777.859471][T15746] RDX: 000000000000000f RSI: 00007f50275630a0 RDI: 0000000000000004
[  777.859481][T15746] RBP: 00007f5027563090 R08: 0000000000000000 R09: 0000000000000000
[  777.859491][T15746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  777.859501][T15746] R13: 0000000000000000 R14: 00007f50269b5fa0 R15: 00007f5026adfa28
[  777.859524][T15746]  </TASK>
[  778.115520][T10107] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  778.138377][T10107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.154116][T10105] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  778.369519][T10107] usb 2-1: config 0 descriptor??
[  778.425068][T10105] usb 1-1: USB disconnect, device number 100
[  778.486179][T15767] FAULT_INJECTION: forcing a failure.
[  778.486179][T15767] name failslab, interval 1, probability 0, space 0, times 0
[  778.522031][T15767] CPU: 0 UID: 0 PID: 15767 Comm: syz.0.2819 Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  778.522062][T15767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  778.522076][T15767] Call Trace:
[  778.522085][T15767]  <TASK>
[  778.522094][T15767]  dump_stack_lvl+0x189/0x250
[  778.522128][T15767]  ? __pfx____ratelimit+0x10/0x10
[  778.522153][T15767]  ? __pfx_dump_stack_lvl+0x10/0x10
[  778.522179][T15767]  ? __pfx__printk+0x10/0x10
[  778.522215][T15767]  ? __pfx___might_resched+0x10/0x10
[  778.522239][T15767]  ? fs_reclaim_acquire+0x7d/0x100
[  778.522267][T15767]  should_fail_ex+0x414/0x560
[  778.522296][T15767]  should_failslab+0xa8/0x100
[  778.522329][T15767]  kmem_cache_alloc_noprof+0x73/0x3c0
[  778.522369][T15767]  ? __kernfs_new_node+0xd7/0x7e0
[  778.522397][T15767]  __kernfs_new_node+0xd7/0x7e0
[  778.522417][T15767]  ? __lock_acquire+0xab9/0xd20
[  778.522448][T15767]  ? __pfx___kernfs_new_node+0x10/0x10
[  778.522472][T15767]  ? kernfs_root+0x1c/0x230
[  778.522499][T15767]  ? kernfs_root+0x1c/0x230
[  778.522519][T15767]  ? kernfs_root+0x1c/0x230
[  778.522536][T15767]  ? kernfs_root+0x1c/0x230
[  778.522562][T15767]  kernfs_new_node+0x102/0x210
[  778.522590][T15767]  __kernfs_create_file+0x4b/0x2e0
[  778.522620][T15767]  sysfs_add_file_mode_ns+0x238/0x300
[  778.522658][T15767]  sysfs_merge_group+0x177/0x310
[  778.522684][T15767]  ? __pfx_sysfs_merge_group+0x10/0x10
[  778.522707][T15767]  ? kobject_put+0x43f/0x480
[  778.522739][T15767]  dpm_sysfs_add+0xd2/0x270
[  778.522763][T15767]  device_add+0x4d8/0xb50
[  778.522801][T15767]  device_create+0x25b/0x2f0
[  778.522825][T15767]  ? format_decode+0x5ee/0xe30
[  778.522854][T15767]  ? string+0x279/0x2b0
[  778.522882][T15767]  ? widen_string+0x3b/0x2a0
[  778.522901][T15767]  ? __pfx_device_create+0x10/0x10
[  778.522937][T15767]  bdi_register_va+0x9c/0x740
[  778.522967][T15767]  super_setup_bdi_name+0xe6/0x200
[  778.522996][T15767]  ? fuse_dev_install+0x8d/0x1a0
[  778.523024][T15767]  ? __pfx_super_setup_bdi_name+0x10/0x10
[  778.523062][T15767]  ? do_raw_spin_unlock+0x122/0x240
[  778.523097][T15767]  fuse_fill_super_common+0x64a/0x1150
[  778.523131][T15767]  ? __pfx_fuse_fill_super_common+0x10/0x10
[  778.523153][T15767]  ? __init_swait_queue_head+0xa9/0x150
[  778.523188][T15767]  ? shrinker_register+0x16b/0x230
[  778.523213][T15767]  ? sget_fc+0x962/0xa40
[  778.523240][T15767]  fuse_fill_super+0x176/0x1f0
[  778.523264][T15767]  ? __pfx_fuse_fill_super+0x10/0x10
[  778.523289][T15767]  get_tree_nodev+0xb8/0x150
[  778.523320][T15767]  fuse_get_tree+0x2eb/0x4e0
[  778.523359][T15767]  vfs_get_tree+0x92/0x2b0
[  778.523392][T15767]  do_new_mount+0x24a/0xa40
[  778.523433][T15767]  __se_sys_mount+0x317/0x410
[  778.523459][T15767]  ? __pfx___se_sys_mount+0x10/0x10
[  778.523477][T15767]  ? rcu_is_watching+0x15/0xb0
[  778.523508][T15767]  ? do_syscall_64+0xbe/0x3b0
[  778.523531][T15767]  ? __x64_sys_mount+0x20/0xc0
[  778.523567][T15767]  do_syscall_64+0xfa/0x3b0
[  778.523590][T15767]  ? lockdep_hardirqs_on+0x9c/0x150
[  778.523613][T15767]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.523634][T15767]  ? clear_bhb_loop+0x60/0xb0
[  778.523660][T15767]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  778.523680][T15767] RIP: 0033:0x7f502678e9a9
[  778.523699][T15767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  778.523718][T15767] RSP: 002b:00007f5027563038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  778.523740][T15767] RAX: ffffffffffffffda RBX: 00007f50269b5fa0 RCX: 00007f502678e9a9
[  778.523756][T15767] RDX: 0000200000002100 RSI: 00002000000020c0 RDI: 0000000000000000
[  778.523770][T15767] RBP: 00007f5027563090 R08: 0000200000000080 R09: 0000000000000000
[  778.523784][T15767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  778.523796][T15767] R13: 0000000000000000 R14: 00007f50269b5fa0 R15: 00007f5026adfa28
[  778.523828][T15767]  </TASK>
[  778.910154][    C0] vkms_vblank_simulate: vblank timer overrun
[  779.001940][T15769] fido_id[15769]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  779.202977][T10107] plantronics 0003:047F:FFFF.0023: reserved main item tag 0xd
[  779.275419][T10107] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  779.431435][T10098] usb 2-1: USB disconnect, device number 100
[  779.477799][T15785] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2824'.
[  780.763819][T15799] netlink: zone id is out of range
[  780.776271][T15799] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2829'.
[  780.797700][T10107] hid-generic 0000:0000:0000.0024: unknown main item tag 0x0
[  780.809585][T10107] hid-generic 0000:0000:0000.0024: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  781.143076][T15809] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2830'.
[  781.262230][T15810] ==================================================================
[  781.270571][T15810] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  781.279185][T15810] Write of size 1280 at addr ffffc90005531b40 by task vivid-000-vid-c/15810
[  781.287920][T15810] 
[  781.290265][T15810] CPU: 0 UID: 0 PID: 15810 Comm: vivid-000-vid-c Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  781.290286][T15810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  781.290297][T15810] Call Trace:
[  781.290305][T15810]  <TASK>
[  781.290313][T15810]  dump_stack_lvl+0x189/0x250
[  781.290334][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  781.290356][T15810]  ? __pfx_dump_stack_lvl+0x10/0x10
[  781.290373][T15810]  ? __pfx__printk+0x10/0x10
[  781.290392][T15810]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  781.290408][T15810]  ? __virt_addr_valid+0xdc/0x5c0
[  781.290427][T15810]  ? __virt_addr_valid+0xdc/0x5c0
[  781.290446][T15810]  print_report+0xca/0x230
[  781.290459][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  781.290478][T15810]  kasan_report+0x118/0x150
[  781.290500][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  781.290522][T15810]  kasan_check_range+0x2b0/0x2c0
[  781.290543][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  781.290563][T15810]  __asan_memcpy+0x40/0x70
[  781.290580][T15810]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  781.290628][T15810]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[  781.290649][T15810]  ? __lock_acquire+0xab9/0xd20
[  781.290668][T15810]  ? __free_object+0x4d4/0x6c0
[  781.290684][T15810]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  781.290708][T15810]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[  781.290738][T15810]  vivid_thread_vid_cap+0x8da/0x10d0
[  781.290766][T15810]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  781.290788][T15810]  ? __pfx_autoremove_wake_function+0x10/0x10
[  781.290809][T15810]  ? __kthread_parkme+0x7b/0x200
[  781.290827][T15810]  ? __kthread_parkme+0x1a1/0x200
[  781.290847][T15810]  kthread+0x70e/0x8a0
[  781.290868][T15810]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  781.290892][T15810]  ? __pfx_kthread+0x10/0x10
[  781.290915][T15810]  ? _raw_spin_unlock_irq+0x23/0x50
[  781.290936][T15810]  ? lockdep_hardirqs_on+0x9c/0x150
[  781.290957][T15810]  ? __pfx_kthread+0x10/0x10
[  781.290985][T15810]  ret_from_fork+0x3fc/0x770
[  781.291009][T15810]  ? __pfx_ret_from_fork+0x10/0x10
[  781.291027][T15810]  ? __switch_to_asm+0x39/0x70
[  781.291046][T15810]  ? __switch_to_asm+0x33/0x70
[  781.291065][T15810]  ? __pfx_kthread+0x10/0x10
[  781.291086][T15810]  ret_from_fork_asm+0x1a/0x30
[  781.291112][T15810]  </TASK>
[  781.291118][T15810] 
[  781.514536][T15810] The buggy address ffffc90005531b40 belongs to a vmalloc virtual mapping
[  781.523160][T15810] The buggy address belongs to the physical page:
[  781.529618][T15810] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88804dfef000 pfn:0x4dfef
[  781.539717][T15810] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  781.546873][T15810] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  781.555502][T15810] raw: ffff88804dfef000 0000000000000000 00000001ffffffff 0000000000000000
[  781.564118][T15810] page dumped because: kasan: bad access detected
[  781.570568][T15810] page_owner tracks the page as allocated
[  781.576400][T15810] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 15808, tgid 15807 (syz.0.2831), ts 781182113015, free_ts 781182004816
[  781.595993][T15810]  post_alloc_hook+0x240/0x2a0
[  781.600818][T15810]  get_page_from_freelist+0x21e4/0x22c0
[  781.606415][T15810]  __alloc_frozen_pages_noprof+0x181/0x370
[  781.612479][T15810]  alloc_pages_mpol+0x232/0x4a0
[  781.617467][T15810]  alloc_pages_noprof+0xa9/0x190
[  781.622451][T15810]  __vmalloc_node_range_noprof+0x97d/0x12f0
[  781.628393][T15810]  vmalloc_user_noprof+0xad/0xf0
[  781.633374][T15810]  vb2_vmalloc_alloc+0xef/0x340
[  781.638271][T15810]  __vb2_queue_alloc+0x9c2/0x15a0
[  781.643337][T15810]  vb2_core_reqbufs+0xc31/0x1420
[  781.648323][T15810]  vb2_ioctl_reqbufs+0x4c0/0x830
[  781.653313][T15810]  __video_do_ioctl+0xc98/0xdb0
[  781.658216][T15810]  video_usercopy+0x871/0x14f0
[  781.663058][T15810]  v4l2_ioctl+0x18d/0x1e0
[  781.667462][T15810]  __se_sys_ioctl+0xfc/0x170
[  781.672145][T15810]  do_syscall_64+0xfa/0x3b0
[  781.676690][T15810] page last free pid 15808 tgid 15807 stack trace:
[  781.683223][T15810]  __free_frozen_pages+0xc71/0xe70
[  781.688391][T15810]  kasan_populate_vmalloc+0x118/0x1a0
[  781.693803][T15810]  alloc_vmap_area+0xd51/0x1490
[  781.698713][T15810]  __get_vm_area_node+0x1f8/0x300
[  781.703786][T15810]  __vmalloc_node_range_noprof+0x301/0x12f0
[  781.709736][T15810]  vmalloc_user_noprof+0xad/0xf0
[  781.714718][T15810]  vb2_vmalloc_alloc+0xef/0x340
[  781.719621][T15810]  __vb2_queue_alloc+0x9c2/0x15a0
[  781.724661][T15810]  vb2_core_reqbufs+0xc31/0x1420
[  781.729609][T15810]  vb2_ioctl_reqbufs+0x4c0/0x830
[  781.734560][T15810]  __video_do_ioctl+0xc98/0xdb0
[  781.739494][T15810]  video_usercopy+0x871/0x14f0
[  781.744272][T15810]  v4l2_ioctl+0x18d/0x1e0
[  781.748794][T15810]  __se_sys_ioctl+0xfc/0x170
[  781.753423][T15810]  do_syscall_64+0xfa/0x3b0
[  781.757937][T15810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.763850][T15810] 
[  781.766179][T15810] Memory state around the buggy address:
[  781.771816][T15810]  ffffc90005531f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  781.779916][T15810]  ffffc90005531f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  781.788004][T15810] >ffffc90005532000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  781.796076][T15810]                    ^
[  781.800160][T15810]  ffffc90005532080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  781.808454][T15810]  ffffc90005532100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  781.816525][T15810] ==================================================================
[  781.824827][    C0] vkms_vblank_simulate: vblank timer overrun
[  782.471617][T15810] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  782.478876][T15810] CPU: 1 UID: 0 PID: 15810 Comm: vivid-000-vid-c Not tainted 6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(full) 
[  782.491412][T15810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  782.501484][T15810] Call Trace:
[  782.504778][T15810]  <TASK>
[  782.507718][T15810]  dump_stack_lvl+0x99/0x250
[  782.512334][T15810]  ? __asan_memcpy+0x40/0x70
[  782.516995][T15810]  ? __pfx_dump_stack_lvl+0x10/0x10
[  782.522218][T15810]  ? __pfx__printk+0x10/0x10
[  782.526852][T15810]  panic+0x2db/0x790
[  782.530851][T15810]  ? __pfx_panic+0x10/0x10
[  782.535310][T15810]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  782.541217][T15810]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  782.547558][T15810]  ? print_memory_metadata+0x314/0x400
[  782.553033][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  782.558699][T15810]  check_panic_on_warn+0x89/0xb0
[  782.563662][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  782.569313][T15810]  end_report+0x78/0x160
[  782.573600][T15810]  kasan_report+0x129/0x150
[  782.578127][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  782.583858][T15810]  kasan_check_range+0x2b0/0x2c0
[  782.588828][T15810]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  782.594500][T15810]  __asan_memcpy+0x40/0x70
[  782.598946][T15810]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  782.604458][T15810]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[  782.610197][T15810]  ? __lock_acquire+0xab9/0xd20
[  782.615085][T15810]  ? __free_object+0x4d4/0x6c0
[  782.619874][T15810]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  782.625815][T15810]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[  782.632007][T15810]  vivid_thread_vid_cap+0x8da/0x10d0
[  782.637365][T15810]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  782.643115][T15810]  ? __pfx_autoremove_wake_function+0x10/0x10
[  782.649211][T15810]  ? __kthread_parkme+0x7b/0x200
[  782.654165][T15810]  ? __kthread_parkme+0x1a1/0x200
[  782.659318][T15810]  kthread+0x70e/0x8a0
[  782.663428][T15810]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  782.669166][T15810]  ? __pfx_kthread+0x10/0x10
[  782.673800][T15810]  ? _raw_spin_unlock_irq+0x23/0x50
[  782.679061][T15810]  ? lockdep_hardirqs_on+0x9c/0x150
[  782.684288][T15810]  ? __pfx_kthread+0x10/0x10
[  782.688962][T15810]  ret_from_fork+0x3fc/0x770
[  782.693591][T15810]  ? __pfx_ret_from_fork+0x10/0x10
[  782.698737][T15810]  ? __switch_to_asm+0x39/0x70
[  782.703538][T15810]  ? __switch_to_asm+0x33/0x70
[  782.708349][T15810]  ? __pfx_kthread+0x10/0x10
[  782.712991][T15810]  ret_from_fork_asm+0x1a/0x30
[  782.717906][T15810]  </TASK>
[  782.721288][T15810] Kernel Offset: disabled
[  782.725718][T15810] Rebooting in 86400 seconds..