last executing test programs:

7m27.38766814s ago: executing program 0 (id=602):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x5, 0x0, 0x4, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e20, 0x3, @private0, 0xeaa}}, @sadb_address={0x3, 0x5, 0xf, 0x0, 0x0, @in={0x2, 0x4e21, @remote}}]}, 0x50}, 0x1, 0x7}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc, 0x1400, 0x1}, 0x48)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r2, &(0x7f0000000400)={0x2020}, 0x2020)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
sendto$inet(r3, &(0x7f0000000280)="9f", 0x1, 0x11, &(0x7f0000004ff0)={0x2, 0x2000, @rand_addr=0xfffffffffffffffe}, 0x10)
listen(r3, 0x8)
r4 = accept4(r3, 0x0, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}], 0x10)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$EXT4_IOC_GROUP_ADD(r5, 0x40286608, &(0x7f0000000000)={0x6, 0x0, 0xcf1, 0x7ff, 0x9, 0x6})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffd, 0x4031, 0xffffffffffffffff, 0x40151000)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000000c0)={0x5, 0x3, 0xeeee7000, 0x1000, &(0x7f00007ab000/0x1000)=nil})
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7m26.189435747s ago: executing program 0 (id=608):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r0, 0x1100, 0x2b, &(0x7f0000000000)={0x2, {{0x2, 0x4e26, @multicast2}}, {{0x2, 0x2, @broadcast}}}, 0x108)

7m25.84629265s ago: executing program 0 (id=611):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = syz_io_uring_setup(0x53f, &(0x7f0000000440)={0x0, 0x807734, 0x400, 0xfffffff8, 0xfe}, &(0x7f00000000c0)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3fd, 0x34325241, 0x2, [], [0x2b8, 0x0, 0x0, 0xfffffff9], [0x1], [0x0, 0x0, 0xfffffffffffffffc]})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x36, 0x0, 0x0, 0x202}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0x37e, 0x0, 0x0, 0x0)
ioctl$FUSE_DEV_IOC_BACKING_CLOSE(r0, 0xe503, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x8, &(0x7f00000000c0)=0xf2b, 0x4)
mkdir(0x0, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$inet_sctp(0x2, 0x1, 0x84)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0x3)
r7 = syz_io_uring_setup(0x136f, &(0x7f00000001c0)={0x0, 0x49fa, 0x10, 0x0, 0x4e}, &(0x7f0000000180)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
io_uring_register$IORING_REGISTER_FILES(r7, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[r7], 0x1})
io_uring_enter(r7, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$TCSETSW2(r6, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff})

7m25.681982535s ago: executing program 0 (id=612):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0) (async)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) (async)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000001c0)={0x0, 0x0, 0xfff}) (async)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x3)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) (async)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299f000)
pipe2(&(0x7f0000000080)={0x0, 0x0}, 0x0)
pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) (async)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) (async)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901) (async)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
r4 = open_tree(r3, &(0x7f0000000040)='./file0\x00', 0x81001)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
umount2(&(0x7f0000002240)='./file0\x00', 0x2) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x480081) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$packet(0x11, 0x3, 0x300) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
socket$kcm(0x2, 0xa, 0x2)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

7m25.518120428s ago: executing program 0 (id=614):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r0, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000340)=""/177, 0xb1, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r0, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001840)=""/138, 0x8a, 0x0, 0x1, 0x3}}, 0x48)
r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000280))
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_int(r2, &(0x7f00000000c0)='cgroup.max.descendants\x00', 0x2, 0x0)
write$cgroup_int(r3, &(0x7f0000000100)=0x2, 0x12)
syz_usb_control_io$rtl8150(r1, 0x0, 0x0)
syz_usb_control_io$rtl8150(r1, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0})
r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000bc0)=ANY=[@ANYBLOB="12010002ffd26f10cb060600eb9a010203010902240001000000000904df01020a16d10009050717"], 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000000140)={0x44, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r1, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$lan78xx(r1, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="002202"], 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x200000d, 0x40010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0xf6b1, 0x3180, 0x7fff, 0x40024e}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000300)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd_index=0x3, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x16, 0x1})
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r9, &(0x7f00000004c0), 0x208e24b)
r10 = mmap$IORING_OFF_SQES(&(0x7f0000a0b000/0x4000)=nil, 0x4000, 0x5, 0x10010, r9, 0x10000000)
r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, r10, &(0x7f0000000200)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r11}})
syz_io_uring_submit(r5, r7, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x11, 0x0, r8, 0x80, &(0x7f00000001c0)=@ax25={{0x3, @bcast, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x0, 0x0, 0x1, {0x0, r11}})
syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f00000000c0)=ANY=[@ANYBLOB="400ff3"], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)

7m25.339030982s ago: executing program 0 (id=616):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYRESHEX=0x0, @ANYRES8], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x84)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x480, 0x0, 0x268, 0x300, 0x2a0, 0x268, 0x3b0, 0x460, 0x460, 0x3b0, 0x460, 0x9, 0x0, {[{{@ipv6={@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0xff, 0xff000000, 0xffffffff], [0xff, 0x0, 0xff, 0xffffffff], 'nicvf0\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x0, 0xa, 0x1, 0x10}, 0x0, 0x240, 0x2a0, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x80000000, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x2e}, [0xffffff00, 0xffffff00, 0xffffff00, 0xffffffff], 0x4e20, 0x4e23, 0x4e22, 0x4e20, 0xfffff801, 0x883, 0x4, 0x0, 0x10001}}}, {{@ipv6={@private2, @remote, [0x0, 0xffffff00], [], 'ip6gretap0\x00', 'ip6_vti0\x00', {0xff}}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4e0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r3 = socket$inet6(0xa, 0x802, 0x0)
sendmmsg$inet6(r3, &(0x7f0000007a00)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x3ff, @ipv4={'\x00', '\xff\xff', @local}, 0x6}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="24000000000000002900000032000000fe880000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="0004020e"], 0x28}}], 0x1, 0x400d0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r2, 0x0}, 0x20)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r5 = syz_io_uring_setup(0x10d3, &(0x7f0000000000)={0x0, 0x7f32, 0x0, 0x1, 0x34f}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r5, 0x18, &(0x7f00000001c0)={0x79c, r4, 0x32, {0xb, 0x100003ffe}, 0x2}, 0x1)

7m24.972861418s ago: executing program 32 (id=616):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYRESHEX=0x0, @ANYRES8], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x84)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x1c, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000"], 0x0}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x480, 0x0, 0x268, 0x300, 0x2a0, 0x268, 0x3b0, 0x460, 0x460, 0x3b0, 0x460, 0x9, 0x0, {[{{@ipv6={@mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0xff, 0xff000000, 0xffffffff], [0xff, 0x0, 0xff, 0xffffffff], 'nicvf0\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x0, 0xa, 0x1, 0x10}, 0x0, 0x240, 0x2a0, 0x0, {0x9401}, [@common=@inet=@hashlimit2={{0x150}, {'hsr0\x00', {0x80000000, 0xb, 0x0, 0x3, 0x0, 0x5, 0x9}}}, @common=@unspec=@limit={{0x48}, {0xfff, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x2}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@dev={0xfe, 0x80, '\x00', 0x2e}, [0xffffff00, 0xffffff00, 0xffffff00, 0xffffffff], 0x4e20, 0x4e23, 0x4e22, 0x4e20, 0xfffff801, 0x883, 0x4, 0x0, 0x10001}}}, {{@ipv6={@private2, @remote, [0x0, 0xffffff00], [], 'ip6gretap0\x00', 'ip6_vti0\x00', {0xff}}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4e0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7902009875f37538e486dd6317ce62667f2c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa88"], 0xfdef)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r3 = socket$inet6(0xa, 0x802, 0x0)
sendmmsg$inet6(r3, &(0x7f0000007a00)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x3ff, @ipv4={'\x00', '\xff\xff', @local}, 0x6}, 0x1c, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="24000000000000002900000032000000fe880000000000000000000000000001", @ANYRES32=0x0, @ANYBLOB="0004020e"], 0x28}}], 0x1, 0x400d0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000040)={r2, 0x0}, 0x20)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
r5 = syz_io_uring_setup(0x10d3, &(0x7f0000000000)={0x0, 0x7f32, 0x0, 0x1, 0x34f}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000100)=<r7=>0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r5, 0x18, &(0x7f00000001c0)={0x79c, r4, 0x32, {0xb, 0x100003ffe}, 0x2}, 0x1)

5.957595884s ago: executing program 1 (id=2825):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f0000000a40)={0x180, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x4}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x10000}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xb}, {0x6, 0x16, 0x6d40}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xe}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xba50}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x2}, {0x5}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20008891}, 0x0)
fchdir(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ptrace(0x10, 0x0)
ptrace$getregset(0x4205, 0x0, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x2, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
munlockall()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)

5.244688359s ago: executing program 2 (id=2831):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000a4d2ff40f3054002241b0102030109021b0001000000000904"], 0x0)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
listen(r1, 0x6)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, r4)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r5=>0x0})
r6 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r6, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6, 0x0, 0x6c}]}, 0x10)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x3, 0x0, 0x0, {0x5, 0x0, 0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x10}}, 0x74}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c2000000ffffffffffff080045000028006400000702"], 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r5, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x7, 0x0})

5.105639911s ago: executing program 3 (id=2832):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$video4linux(&(0x7f0000000400), 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$inet(0x2, 0x1, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0xff8e, 0x4})

4.662341441s ago: executing program 3 (id=2833):
r0 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x2f, 0xe, 0x4, 0x44000008, 0x20, @mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x8, 0x80, 0xfffffffc, 0xdc67}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000040)={'syztnl1\x00', 0x0})

4.474500902s ago: executing program 3 (id=2835):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1000, 0x111400)
ioctl$XFS_IOC_GETPARENTS(r0, 0xc028583e, &(0x7f0000000080)={{[0x5]}, 0x0, 0x4, 0x8, 0x0, &(0x7f0000000040)=[{{@align, {0xa, 0x2, 0x7f}}, 0x6, 0x0, '\x00'}]})
ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(r0, 0xc0186445, &(0x7f00000000c0)={0xb, 0x3, 0x0, <r1=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01864c2, &(0x7f0000000100)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01864c2, &(0x7f0000000140)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01864c2, &(0x7f0000000180)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01864c2, &(0x7f00000001c0)={<r5=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000200)={<r6=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000240)={<r7=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01864c2, &(0x7f0000000280)={<r8=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000002c0)={<r9=>0x0})
ioctl$DRM_IOCTL_PANTHOR_BO_QUERY_INFO(r0, 0xc0106450, &(0x7f00000003c0)={<r10=>0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000400)={<r11=>0x0})
ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(r0, 0xc0186445, &(0x7f0000000480)={0x3, 0x3, 0x0, <r12=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000004c0)={<r13=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000500)={<r14=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000540)={<r15=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000580)={<r16=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000600)={<r17=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000640)={<r18=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000680)={<r19=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000006c0)={<r20=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000700)={<r21=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000740)={<r22=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000780)={<r23=>0x0})
ioctl$DRM_IOCTL_PANTHOR_BO_CREATE(r0, 0xc0186445, &(0x7f0000000840)={0x6, 0x2, 0x0, <r24=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01864c2, &(0x7f0000000880)={<r25=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01864c2, &(0x7f00000008c0)={<r26=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01864c2, &(0x7f0000000900)={<r27=>0x0})
ioctl$DRM_IOCTL_PANTHOR_VM_BIND(0xffffffffffffffff, 0xc0186443, &(0x7f0000000c00)={0x0, 0x1, {0x30, 0x6, &(0x7f0000000ac0)=[{0x20000000, r1, 0x4, 0xe, 0x8000000000000000, {0x10, 0xa, &(0x7f0000000300)=[{0x0, 0x0, 0x6}, {0x80000000, r2, 0x280000000}, {0xfe, r3, 0xd}, {0x0, r4, 0x8}, {0xff, r5, 0x5}, {0x80000000, r6, 0x8000}, {0x80000000, r7, 0x3}, {0x80000001, 0x0, 0x7}, {0xff, r8, 0x1}, {0x0, r9, 0x3}]}}, {0x20000000, r10, 0xda4b, 0x77ce, 0x8, {0x10, 0x1, &(0x7f0000000440)=[{0x80000000, r11, 0x2}]}}, {0x10000000, r12, 0xa7, 0xfffffffffffffff9, 0x11f5, {0x10, 0x4, &(0x7f00000005c0)=[{0x1, r13, 0x40}, {0xff, r14, 0x2}, {0x0, r15}, {0xff, r16, 0x6}]}}, {0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x5, {0x10, 0x8, &(0x7f00000007c0)=[{0x80000000, 0x0, 0x9}, {0x0, r17, 0xbe2}, {0x80000000, r18, 0x3}, {0xff, r19, 0xb61}, {0x0, r20, 0x4d9}, {0x0, r21, 0xf9}, {0x1, r22, 0x7e8}, {0x0, r23, 0x3ff}]}}, {0x20000000, r24, 0x3a08, 0x3, 0x5, {0x10, 0x3, &(0x7f0000000940)=[{0x800000ff, r25, 0x100}, {0x1, r26, 0x6}, {0x80000000, r27, 0x3}]}}, {0x4, 0x0, 0x6, 0x2, 0x4, {0x10, 0x3, &(0x7f0000000a80)=[{0x80000000, 0x0, 0xfffffffffffffffe}, {0xff}, {0x0, 0x0, 0x10000}]}}]}})

4.29378707s ago: executing program 5 (id=2837):
r0 = socket(0x1d, 0x2, 0x6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x10b})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0})
dup3(r3, r2, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000540)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0xffffffffffffff67, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000800)={@ptr={0x66642a85, 0x0, 0x0, 0x0, 0x2, 0x400000000024}, @ptr={0x70742a85, 0x20000000, &(0x7f0000000400)=""/223, 0xdf, 0x2}, @fda={0x66646185, 0x9, 0x1, 0x10}}, &(0x7f0000000240)={0x0, 0x28, 0x50}}, 0x1000}], 0x0, 0x0, 0x0})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r5 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0x4, 0xbfdffffc}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000200)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r5, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r8=>0x0})
bind$can_j1939(r0, &(0x7f0000000900)={0x1d, r8, 0x1}, 0x18)
preadv(0xffffffffffffffff, &(0x7f0000000a80)=[{&(0x7f0000000a40)=""/51, 0x33}], 0x1, 0xe, 0x1000)

4.206743136s ago: executing program 3 (id=2838):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x23}, 0x8)
socket(0x2d, 0x2, 0x0)
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r5, 0xc0184800, &(0x7f0000000100)={0x1, <r6=>r3})
ioctl$DMA_BUF_SET_NAME_A(r6, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0x5}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x7, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x6, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0xfffffffe, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x3, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x0, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0xfffffffc, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x800009, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x381, 0x8, 0xb, 0x4, 0x9, 0x8, 0x40, 0xa, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000008, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x400003], [0x800007, 0x40c, 0x3ff, 0x5, 0xfffffffd, 0x100, 0x4, 0xb, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x40000005, 0x0, 0x1ef, 0x5, 0x9, 0x86, 0x3, 0x303c, 0x0, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x200, 0x5, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x7ff, 0x2006, 0x80a2ed, 0x5, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x80005, 0x937, 0x6, 0x6, 0x0, 0xb9, 0x4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x150, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0x3, 0x3, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x7ff, 0xd7, 0x200, 0x80, 0xfffffff8]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
rseq(&(0x7f0000001080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0)
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c80)=ANY=[@ANYBLOB="f0010000", @ANYRES16=r7, @ANYBLOB="01000001bcaf19000000030000004c00018038000400200001000a004e230000000300000000000000000000ffffe0000002080000001400020002000000ffffffff00000000000000000d0001007564703a73797a32000000003400078008000100c00000000c00040006000000000000000c0003000004000000000000080001000500000008000100050000005c0101802c0004001400010002004e220000000000000000000000001400020002004e23ac1414aa00000000000000002c0004001400010002004e227f00000100000000000000001400020002004e24e00000020000000000000000080003009d5f00000e00010069623a64766d7270310000000d0001007564703a73797a30000000002400028008000300010000000800030003000000080004000700000008000200ff00000038000400200001000a004e2000000001fe8000000000000000000000000000aa090000001400020002004e24ac1414aa000000000000000044000400200001000a004e2200000008fe8000000000000000000000000000aa6f040000200002000a004e20000000082001000000000000000000000000000210000000380004001400010002004e21ac141432000000000000200002000a004e230000020020010000000000000000000000000000ff0000004fc4821a91a593d6c7b708ff2f8da4118d9863bd3d0ecfed615eee1cbf40c1832c629abfda9707b1b779123a35f0adddb23d"], 0x1f0}, 0x1, 0x0, 0x0, 0x2404c890}, 0x0)
r8 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedsend(r8, 0x0, 0x0, 0x6, 0x0)
r9 = syz_open_dev$I2C(&(0x7f0000000180), 0x0, 0x0)
ioctl$I2C_RDWR(r9, 0x707, &(0x7f00000000c0)={&(0x7f0000000080), 0x23})
mq_timedreceive(r8, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)

4.170317657s ago: executing program 1 (id=2839):
r0 = socket$rds(0x15, 0x5, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000700)={0x0, 'veth1_to_batadv\x00', {0x1}, 0xb9})
getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='user.syz\x00', &(0x7f0000000080)=""/48, 0x30)

4.067098983s ago: executing program 1 (id=2840):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x14, 0x0, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r1, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

3.870861186s ago: executing program 1 (id=2841):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f0000000a40)={0x180, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x4}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x10000}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xb}, {0x6, 0x16, 0x6d40}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xe}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xba50}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x2}, {0x5}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20008891}, 0x0)
fchdir(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ptrace(0x10, 0x0)
ptrace$getregset(0x4205, 0x0, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x2, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
munlockall()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)

3.853448753s ago: executing program 4 (id=2842):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x10b, &(0x7f00000003c0)={0x0, 0x334b, 0x80, 0x3, 0x805}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000380)=<r4=>0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfb}}, 0xffffffff}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac95ab194f93f8e795a9b29420fa62d", 0x11}], 0x1}}], 0x1, 0x24088000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_misc(r6, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x14, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bd000000801900", [0x8, 0xffffffff9673e35d]}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000540)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)='./file0/file0\x00', 0x60, 0x185500, 0x12345})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0)
io_uring_enter(r2, 0xbbc, 0xd582, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0)
ioctl$XFS_IOC_GET_RESBLKS(r1, 0x80105873, &(0x7f0000000240))
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r7=>0x0})
sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000001700)=ANY=[@ANYBLOB="b80b0000000501020000000000000000010000085402010003000000030000000980010003001a0073797a3000000000000000000000000000000000000000000000000000000000e8c7278d81024efe9207e3444c3645aa333a8994651807578452b6dc1378f9049dcb2026e42655a0029e84d79813e5dd04600cf0884ed9eb0dfa920658deafd40500000000000000ff0300000700010403000000030000003c0a0300020000000900000080ff010002000000b90f000004000000030000000d00000003008a0d00000000090000000800000002000000018000000200ff0301000000000000040008080001000000010000000500b3a8020000003ce40000fbd404000000000000000000430806000300000005000000c0018000030000000000000008000700000000000100000000000400000000008100000084000600010000005affffff0400650e03000000ff7f0000ec0d00040200000009000000000088000200000002000000018002000000000009000000da00ff0302000000ff01000053000900000000000008000000000000030000000800000000801f00020000000100000001ff05000000000000000000020000f00200000096ffffffff030000030000004d080000ffff030000000000ff0100000000f9ff0300000009000000f4e2f3ff02000000010000000300050000000000050000000060080001000000070000000000020002000000080000000001770002000000bd000000af09090002000000be0b000000000300020000000700000008000900030000000200000000800900010000005d0000007f00a17d0300000001000000311207000000000001000000540201000100000002000000000501000200160073797a3100000000000000000000000000000000000000000000000000000000216073392d36b7bd98a9d796995920c26125239a9a42eab4e6e5ec104ded53fb508c6704d0bb3f7959997eb47218729b3d4371179be234846bb76cfbcd00e01a0500010002000000ff0300000e0009000200000040000000080004000300000006000000d400050003000000020000000800020002000000020000000700070001000000050000000300010000000000faffffff000000080000000080000000020009000200000004000000ff0009000100000004000000090009000100000001feffffff00030002000000ff0f00000700090002000000018000000000ff0000000000917c00000100fb0f02000000000800000300070001000000090b00000000dc0001000000001000000500010102000000fdffffff0200060001000000050000000200001002000000040000000600f6ff00000000050000000500100003000000f9fffffff4e5ca0e0300000007000000ff00ff030000000001000100ff01ff7f02000000030000009100040001000000010000000600010002000000010000000900090001000000090000000600020000000000050000000600680702000000c3ae0000000207000000000007000000ff010100030000000600000006009d00020000000500000002000c0003000000040000000f0009000000000006000000f62c0c0000000000080000000500070000000000ff0f00000300ff7f02000000000000000700050003000000030000005402010001000000030000000409900680ff060073797a300000000000000000000000000000000000000000000000000000000032be26c47cfbf5d5f01f8dc325482ab56a86227a9695ea35333c6163137bcf96e8d5c52703f699dbcad806a93c4900b137d2bc497893cf2bfb245c054420ddfb0400018001000000810000000700070003000000010000000010ff0f01000000060000000c00ffff0200000006000000feff6a000100000088ffffff0100000000000000d700000005004f5a03000000100000000a0004000300000003000000fcff050001000000f9d800000900b41d01000000050000000400070000000000040000003a08ff7f0200000000980300ffff060003000000fcffffff020051fa03000000050000000001887503000000090000000900010000000000070000000700000000000000010000000100000002000000800000000a95040000000000050000000300020001000000ff0f00000200ff0001000000020000007fff02000200000008000000020007000300000006000000adaa080000000000ffffff7f000801000000000053000000ff0f030000000000ffffffffff7f010002000000a7e90000feff020001000000ff030000010001000200000080000000810000080200000000000000ff00ffff020000000000000000100700030000000300000009000200020000000800000008000efe03000000ffffff7f0e00f7ff030000000b0000000100050002000000ffffffff0b007f0002000000080000000200ff030100000003000000010000000300000000800000fcff040001000000ff0000005402010001000000ff7f00000405fdff01041c0073797a30000000000000000000000000000000000000000000000000000000006d8a4d747167c824d60b9dc6b624cae857e50d882d3573ff97154513a2ee990e95324e4664a20da86404dc6611f7cbe04b87c06a722569ced4e95918c673d6b00900050002000000400100000200b114030000000500000063080200020000000000000007000100020000000000000003008100010000000700000009000400020000000100000026030000030000000d000000ff03080000000000d11300000800ff0003000000008000000700000103000000400000000200060003000000ffffff7f0400ff0f000000000900000004000700000000007f000000040005000300000005000000d10b040000000000080000001f0c070002000000a2010000ca040400030000000d000000ecd2ea25010000000600000007000100020000000900000009000b00000000000500000036060c0002000000000000800900040003000000060000009400090001000000e1e100000c00f90b010000008d0400000000710e020000000700000000044000030000008000000044050400030000007f00000001008a000000000000000000060006000300000009000000040081000000000001000100fbff0600010000000800000004009ff30200000001000100470006000200000006000000ffff070003000000090000000700ff03010000007f0000000c003716020000000300000058010000010000006b810000370000100300000008000000080006000300000001000000ff07080002000000000000005402010000000000070000000207ffff0600120073797a3000000000000000000000000000000000000000000000000000000000c3dad730944d007a600b67a53107cd787518d60606aa5f8772d33e2f6945a7bcb9c9f629713f7def690ceabd14fde1dae9f1a78f80e681e8d2faa4932e0ea7af018002000300000009000000640006000000000085000000090019000300000000000080bb0002000200000005000000ff7f040002000000faffffff0400060003000000060000000104020002000000050000000800040001000000aa000000010010000200000004000000fbb801000100000005000000f8ff080000000000640b0000fd0deb1701000000ff01000081ff02000100000007000000040008000000000000000000af00ef0b0000000009000000ec414b0a02000000000100000600ff0703000000ffffffff07004d0201000000a70e00000200040000000000000000000600090000000000810000000800018001000000010000000100080002000000090000000400050000000000090000000200fdff0100000001000000050006000200000007000000faffcc00010000009ded00009701090003000000020000000200010003000000040000000002090003000000ff070000f9ff00000000000000040000000800040100000009000000008008000300000008000000970603000300000001000000510072770200000001000000010003000300000001000000105d080002000000080000003079070000000000000200000004080001000000060000000300030001000000090000000e008c08010000000d340000"], 0xbb8}, 0x1, 0x0, 0x0, 0x4000090}, 0x4084)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x3c}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=@newtfilter={0x260, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r7, {0xf}, {}, {0x5, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x234, 0x2, [@TCA_U32_MARK={0x10, 0xa, {0x0, 0x2}}, @TCA_U32_ACT={0x220, 0x7, [@m_ctinfo={0x60, 0x18, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x6ac4}, @TCA_CTINFO_ACT={0x18, 0x3, {0x2, 0xc2bd, 0x4, 0xf, 0x7fff}}]}, {0x11, 0x6, "d2cd7da83dc075908b659c84ed"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_ct={0x138, 0xf, 0x0, 0x0, {{0x7}, {0x58, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x5, 0x10000}, @TCA_CT_ACTION={0x6, 0x3, 0x27}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @private0={0xfc, 0x0, '\x00', 0x1}}, @TCA_CT_ACTION={0x6, 0x3, 0x12}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e23}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x8}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x3}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e22}, @TCA_CT_MARK_MASK={0x8, 0x6, 0x80000001}]}, {0xbb, 0x6, "6c344f429616ff900a1ab7b62b76e09be4acb7874c8e9ec6fca205e95cda631ee5845fb86b12b7467243e89bb4b509f17f56e41f4631c51bfe2dddb5b76a882618904bd384ce1e07a5639bff9905228e631dc2191e6cd7269d714894f0b0cbb49795afd3de919b4a2dc91a0dfb142a700446d3a93a91508edcb946944038fc5aa8a23a9251e331c9c7c1b361d39bdcfe85dbe9b1a0c4b14d73d3d62eeb657af222f3e5769ec8f4ebf5f316ed9da678e75d3bd69284f5c8"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_nat={0x84, 0x11, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0xb, 0x8, 0x0, 0x7fff}, @remote, @empty, 0xd5e8c38b841bbff4, 0x1}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x0, 0xffffffffffffffff, 0xfffff800, 0x5}, @dev={0xac, 0x14, 0x14, 0x11}, @local, 0x0, 0x1}}]}, {0xc, 0x6, "a41c17944bb504e2"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}}]}, 0x260}}, 0x24040084)
r8 = socket(0x10, 0x8000000803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012800b00010065727370616e0010000280050013000100000004001200"], 0x40}}, 0x0)

3.544867897s ago: executing program 2 (id=2843):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070040000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021e00200001e0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000b4020380b0020080080003400000000004000a80040001"], 0x364}}, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e24, 0x40000000, @empty}, 0x1c)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x220c)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x3)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0xd779)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r8, 0x7)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r9, 0x0)
r10 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$DCCPDIAG_GETSOCK(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239e4"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000680)=""/241, 0xf1}, {&(0x7f00000038c0)=""/4041, 0xfc9}, {&(0x7f00000048c0)=""/4125, 0x101d}, {&(0x7f0000000500)=""/166, 0xa6}, {&(0x7f0000000200)=""/147, 0x93}], 0x5}, 0x10102)

3.257628267s ago: executing program 2 (id=2844):
io_setup(0x2, &(0x7f0000000040)=<r0=>0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
io_submit(r0, 0x1, &(0x7f0000002940)=[&(0x7f0000000080)={0x4000000000000000, 0x0, 0x0, 0x5, 0x3, r1, 0x0}])

3.25485822s ago: executing program 5 (id=2845):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xff, 0x7fff7ffc}]})
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, &(0x7f00000001c0)='syzkaller\x00'}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x14, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7, 0x0, 0x209}}, 0x14}, 0x1, 0x0, 0x0, 0x3000404a}, 0x90)
sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x1, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x48810)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0x4}, @IFLA_GROUP={0x8}]}, 0x2c}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.022904449s ago: executing program 3 (id=2846):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x88203, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040080)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000001000)=@newqdisc={0x48, 0x28, 0x4ee4e6a52ff56541, 0x8, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xfff2}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x800, 0x4, 0xffffffff, 0x4}}]}}]}, 0x48}, 0x1, 0x1800, 0x0, 0x4805d}, 0x0)

3.011005208s ago: executing program 5 (id=2847):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)
getsockopt$bt_hci(r2, 0x84, 0x85, &(0x7f0000002380)=""/4107, &(0x7f00000000c0)=0x1012)
r3 = syz_clone(0x102c8000, 0x0, 0xfffffffffffffef7, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
wait4(r3, 0x0, 0x1, 0x0)

2.904036856s ago: executing program 2 (id=2848):
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x52, 0x8, 0x0, {0x0, 0x1}, {0x4b, 0x2}, @cond=[{0x0, 0x20c8, 0x20, 0x6, 0xaf}, {0x7ffe, 0x11, 0x1, 0x10, 0x5, 0xfaa}]})
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x82602)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r2, 0x541b, 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000040)=ANY=[@ANYBLOB="203111000000084677"], 0x0, 0x0, 0x0, 0x0, 0x0})

2.518797591s ago: executing program 3 (id=2849):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000008340)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x6, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101)
dup2(r2, r0)
syz_extract_tcp_res$synack(&(0x7f0000000040)={0x41424344, <r3=>0x41424344}, 0x1, 0x0)
syz_extract_tcp_res(&(0x7f0000000080)={0x41424344, <r4=>0x41424344}, 0xb, 0xfffff609)
syz_emit_ethernet(0x10b, &(0x7f00000003c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}, @link_local, @val={@void, {0x8100, 0x0, 0x1, 0x3}}, {@ipv6={0x86dd, @tcp={0x2, 0x6, "82b6d0", 0xd1, 0x6, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, @private2, {[@srh={0x5e, 0xa, 0x4, 0x5, 0x4, 0x48, 0x401, [@mcast1, @empty, @dev={0xfe, 0x80, '\x00', 0x33}, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}]}], {{0x4e24, 0x4e22, r3, r4, 0x1, 0x0, 0xe, 0x10, 0xfff, 0x0, 0x6, {[@mptcp=@mp_fclose={0x1e, 0xc, 0x0, 0x0, 0x1}, @eol, @sack_perm={0x4, 0x2}, @timestamp={0x8, 0xa, 0x8, 0xd}, @mss={0x2, 0x4}, @exp_smc={0xfe, 0x6}, @eol]}}, {"621b7d7e2217713a438ea344f7736b43226cab03964d77132dfd327d25ca1728df11b0e15a7b8f06999eb06832d4fc8af030681d9d6d94665e62b45ba9a978a709"}}}}}}}, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000200)={0x1, 0x4, 0x1000, 0x1, &(0x7f0000000000)='/', 0x2, 0x0, &(0x7f0000000d40)="d0f9"})

1.682859691s ago: executing program 5 (id=2850):
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$video4linux(&(0x7f0000000400), 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
name_to_handle_at(r1, &(0x7f0000000240)='./mnt\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="100000000200000001000000070700000000000002000000", @ANYRES16, @ANYRES64=r0], &(0x7f00000002c0), 0x400)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x140, 0x0)
ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x2c)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x4)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x400000000010, 0x3, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000080))
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000100))
r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0xc0884113, &(0x7f0000000000)={0x1, 0x1fffffe, 0x7, 0x80000000006, 0x5, 0x100000001, 0xfffdfffffffffffe, 0x4, 0x0, 0x2, 0x9, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1})

1.465562054s ago: executing program 4 (id=2851):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x14, 0x0, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r1, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.285843105s ago: executing program 4 (id=2852):
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x4000000)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x24040084) (fail_nth: 13)

1.28137503s ago: executing program 1 (id=2853):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
r0 = syz_mount_image$fuse(&(0x7f0000001000), &(0x7f00000011c0)='./file0\x00', 0x10000, &(0x7f0000001200)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x200}}], [{@hash}, {@fowner_eq={'fowner', 0x3d, 0xffffffffffffffff}}]}}, 0x0, 0x0, &(0x7f00000012c0)="bdfb944ec80646d68729456404556db10908743cb2470ed6fd77ad0deab1f05f46924b972fc9b84b8764b2ca4425f4efb87025de86acefb10ec0aeefda87ba17beee8ec756481caa81231a59b15029b3353b4fb73318c3470356b5e8b6a9df4f40972da078127cede7fe72137e3dfb8549da7b535a024dde089e7c1183223aba2e08c6211045699bbec0e33810b16d516190ad35ffe7b61a8f436b9724bfbc2f9ec6faeaaef563c488fd1fd4c06ed2ec492c5409b833dbc7")
mknodat(r0, &(0x7f0000001380)='./file0\x00', 0x1000, 0x5)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)=@v3={0x3000000, [{0x8}, {0x0, 0x4}]}, 0x18, 0x1)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x4d, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r1, @ANYRES8=r1, @ANYRES64=0x0, @ANYRESOCT=r1], 0x30}, 0x1, 0x0, 0x0, 0x4048020}, 0x8060)
recvmmsg(r1, &(0x7f0000001080)=[{{&(0x7f0000000180)=@generic, 0x80, &(0x7f0000000400)=[{&(0x7f00000002c0)=""/227, 0xe3}, {&(0x7f0000000200)=""/127, 0x7f}, {&(0x7f00000003c0)=""/16, 0x10}], 0x3, &(0x7f0000000440)=""/187, 0xbb}, 0xd}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000500)=""/190, 0xbe}], 0x1, &(0x7f0000000600)=""/157, 0x9d}, 0xffff}, {{&(0x7f00000006c0)=@pppol2tpin6, 0x80, &(0x7f0000000840)=[{&(0x7f0000000740)=""/254, 0xfe}], 0x1, &(0x7f0000000880)=""/8, 0x8}, 0x7}, {{&(0x7f00000008c0)=@l2tp6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000e80)=[{&(0x7f0000000940)=""/201, 0xc9}, {&(0x7f0000000a40)=""/202, 0xca}, {&(0x7f0000000b40)=""/211, 0xd3}, {&(0x7f0000000c40)=""/167, 0xa7}, {&(0x7f0000000d00)=""/235, 0xeb}, {&(0x7f0000000e00)=""/112, 0x70}], 0x6}, 0x7}, {{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000f00)=""/201, 0xc9}, {&(0x7f0000001000)}], 0x2}, 0x3}], 0x5, 0x0, 0x0)

966.305968ms ago: executing program 4 (id=2854):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)={0x34, 0x0, 0x7, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x4}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x890}, 0x4004090)

852.136118ms ago: executing program 4 (id=2855):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
unshare(0x40200)
r4 = semget(0x2, 0x2, 0x39c)
semop(r4, &(0x7f0000000080)=[{0x1, 0x8001, 0x1000}], 0x1)
semop(r4, &(0x7f0000000000)=[{0x1, 0xbbe1, 0x1000}], 0x1)
semctl$SETALL(r4, 0x0, 0x11, &(0x7f0000000140)=[0x6, 0x7fff])
unshare(0x40400)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x40800)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
ioctl$USBDEVFS_CLEAR_HALT(r6, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xa, 0x7ff}, 0x28)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x31, 0x7, 0x3, 0x180, 0x2, 0x200000010, 0xf1, 0x6, 0x1, 0x5, 0x0, 0x7, 0x0, 0x6, 0x1, 0xbd9], 0xc000})
r7 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x7, 0x8000000009, 0x803, 0x0, 0x6], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x1, 0x1, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x5, 0x75, 0x6, 0x36, 0x0, 0x2, 0x87}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0xf000, 0xd000, 0xf, 0x3, 0x16, 0x7, 0xab, 0x6, 0x9, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x2024, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3, 0x8]})
r8 = getpgrp(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, r8, 0x1, &(0x7f0000000340))
ioctl$KVM_RUN(r7, 0xae80, 0x0)

797.496258ms ago: executing program 2 (id=2856):
syz_io_uring_setup(0x487, &(0x7f0000000240)={0x0, 0x20059c4, 0x1, 0x1000, 0x5cc}, &(0x7f0000000300), &(0x7f0000000340))
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[<r1=>0x0], 0x1})
prlimit64(0x0, 0x7, &(0x7f00000003c0)={0x4, 0xd7}, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r3=>0x0, 0x0, <r4=>0x0], &(0x7f0000000380), 0x3, r2, 0xcccccccc})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000580)={0x401, 0x1, &(0x7f0000000180)=[r2], &(0x7f00000000c0)=[0x3], &(0x7f0000000640)=[r4, r3, r3], &(0x7f0000000340), 0x2000000, 0xffffffffffffffff})

682.141152ms ago: executing program 2 (id=2857):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/address_bits', 0x82002, 0x105)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0x41000, 0x8, 0x9, 0x3, 0xbe, 0x40, 0x2c, 0x0, 0x30, 0x19, 0xe0}, {0x41000, 0x54000, 0xe, 0x0, 0x40, 0x5, 0x7d, 0x8, 0x58, 0x3, 0x3, 0x1}, {0xdddd1000, 0x3000, 0xe, 0x5, 0x3, 0x7, 0xfe, 0x9, 0x1, 0xab, 0x5, 0x81}, {0x6000, 0x26000, 0x3, 0x5d, 0x4, 0x43, 0x9, 0xfa, 0x80, 0x7, 0xe}, {0x0, 0x9000, 0xb, 0x1, 0x3, 0x7, 0xab, 0x7f, 0x7, 0x83, 0xf7, 0x83}, {0x1000, 0x80a0000, 0x8, 0xa0, 0xb1, 0x8, 0x1, 0x2, 0x80, 0xf, 0xff, 0xfd}, {0x3000, 0x2, 0x4, 0x5, 0x7, 0x2, 0xb, 0x0, 0x5, 0x81, 0xff, 0x70}, {0xd000, 0x1000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x18, 0x2, 0x3, 0x7, 0x9}, {0x100000, 0x30}, {0x10000, 0x86}, 0x80000031, 0x0, 0x58000, 0x42024, 0xb, 0x0, 0x3000, [0x6840000000000000, 0x3, 0x5e, 0xff]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000001b00)=[@textreal={0x8, 0x0}], 0x1, 0xe, 0x0, 0x0)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x89fd, &(0x7f0000000040)={'bond0\x00'})
select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x2})
syz_usb_control_io(r3, 0x0, &(0x7f0000002a00)={0x84, 0x0, 0x0, 0x0, &(0x7f0000002700)={0x20, 0x0, 0x4, {0x3}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000740)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="400f0c55f1c71607ae4a83758e08be3f9a77de6172358cf33fb2d7a692906c1337ca877f00debf7105c4f1279da801d2dd6a849dd9e48d9e6fa7555a21c4ef669e7c0cb1a53acca1dd1658811179373cb596eae1a833f8e6819d123230eab854a76640f2f02e42b3131040e763dbb3e20c19747e301f1a7027aeb1e0c052e8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

668.698363ms ago: executing program 5 (id=2858):
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x4e22, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7ff}, 0x1c, 0x0}}], 0x1, 0x0)
sendmsg$IPSET_CMD_DEL(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x8080)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

413.566276ms ago: executing program 4 (id=2859):
syz_usb_connect(0x3, 0x24, &(0x7f0000000dc0)={{0x12, 0x1, 0x0, 0xdb, 0x16, 0x89, 0x20, 0x2040, 0xd900, 0xa92c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x4c, 0x0, 0x0, 0xb2, 0x50, 0xcf}}]}}]}}, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000a40)={&(0x7f0000000280)=[{0x1900, 0x4800, 0x0, 0x0}], 0x1})

302.821331ms ago: executing program 1 (id=2860):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r0, &(0x7f00000002c0)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f0000000a40)={0x180, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x4}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x10000}, {0x6, 0x16, 0x6}, {0x5}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0xb}, {0x6, 0x16, 0x6d40}, {0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xe}, {0x6, 0x16, 0x4}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0xba50}, {0x6, 0x16, 0x9}, {0x5, 0x12, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x9}, {0x6, 0x16, 0x2}, {0x5}}]}, 0x180}, 0x1, 0x0, 0x0, 0x4}, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="180000002500010324bd5502ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20008891}, 0x0)
fchdir(r0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ptrace(0x10, 0x0)
ptrace$getregset(0x4205, 0x0, 0x1, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x2, 0x2})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0)
munlockall()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)

0s ago: executing program 5 (id=2861):
r0 = socket$kcm(0x2, 0x5, 0x84)
close(r0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x4, 0x10, 0x3}, {0x10000002, 0x4, 0xf, 0x6}], 0x10, 0x4000000}, 0x94)
r1 = socket$kcm(0x2, 0x1, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
close(r3)
recvmsg$unix(r2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r4=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r3, 0x84, 0x64, &(0x7f0000000040)=r4, 0x4)
sendmsg$inet(r1, &(0x7f0000000440)={&(0x7f0000000280)={0x2, 0x10, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000480)="be", 0x1}], 0x1}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x25, &(0x7f0000000000), 0x20000010)

kernel console output (not intermixed with test programs):

1e:4007
[  563.657279][T13927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.681497][T13927] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  563.980412][ T5907] usb 5-1: new high-speed USB device number 91 using dummy_hcd
[  564.120578][ T5907] usb 5-1: device descriptor read/64, error -71
[  564.180624][ T5832] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  564.330347][ T5832] usb 3-1: Using ep0 maxpacket: 32
[  564.371375][ T5832] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  564.380944][ T5907] usb 5-1: new high-speed USB device number 92 using dummy_hcd
[  564.388803][ T5832] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.410320][ T5832] usb 3-1: Product: syz
[  564.414541][ T5832] usb 3-1: Manufacturer: syz
[  564.419974][ T5832] usb 3-1: SerialNumber: syz
[  564.437586][ T5832] usb 3-1: config 0 descriptor??
[  564.473776][ T5832] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  564.540297][ T5907] usb 5-1: device descriptor read/64, error -71
[  566.125683][ T5907] usb usb5-port1: attempt power cycle
[  566.154206][T13941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.198401][T13941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.312264][ T8910] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71
[  566.337880][ T8910] stv0680 2-1:4.0: STV(e): camera ping failed!!
[  566.358297][ T8910] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  566.383940][T13945] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  566.392684][ T8910] stv0680 2-1:4.0: last error: 0,  command = 0x0
[  566.420121][ T8910] usb 2-1: USB disconnect, device number 107
[  566.421860][T13931] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  566.477884][T13945] bond3: entered allmulticast mode
[  566.539668][ T5907] usb 5-1: new high-speed USB device number 93 using dummy_hcd
[  566.567271][T13930] bond3: left allmulticast mode
[  566.694168][ T5907] usb 5-1: device descriptor read/8, error -71
[  566.723669][ T5832] gspca_ov534_9: reg_w failed -71
[  567.166277][ T5832] gspca_ov534_9: Unknown sensor 0000
[  567.166376][ T5832] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22
[  567.182288][ T5832] usb 3-1: USB disconnect, device number 82
[  567.442717][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  567.449389][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  567.623569][T13966] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  567.653581][T13966] kvm: kvm [13965]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  567.663372][T13966] kvm: kvm [13965]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  567.664130][ T8919] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  567.833178][ T8919] usb 4-1: config index 0 descriptor too short (expected 1051, got 27)
[  567.855217][ T8919] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[  567.874107][ T8919] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[  567.889147][ T8919] usb 4-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 149
[  567.899785][ T8919] usb 4-1: config 0 interface 0 has no altsetting 0
[  567.926606][ T8919] usb 4-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=d9.c3
[  567.936654][ T8919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  567.945013][ T8919] usb 4-1: Product: syz
[  567.949366][ T8919] usb 4-1: Manufacturer: syz
[  567.954598][ T8919] usb 4-1: SerialNumber: syz
[  567.964869][ T8919] usb 4-1: config 0 descriptor??
[  567.971571][T13962] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  568.105176][T13976] loop2: detected capacity change from 0 to 7
[  568.114090][T13976]  loop2:
[  568.117194][T13976] loop2: partition table partially beyond EOD, truncated
[  568.193069][T13962] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2417'.
[  568.217889][ T8919] keyspan 4-1:0.0: Keyspan 4 port adapter converter detected
[  568.229113][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 7
[  568.243309][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 81
[  568.270062][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 1
[  568.358323][T13978] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2421'.
[  568.478367][ T8919] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  568.553725][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 82
[  568.568008][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 2
[  568.606328][ T8919] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  568.627221][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 83
[  568.639352][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 3
[  568.661008][ T8919] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  568.718285][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 84
[  568.734033][ T8919] keyspan 4-1:0.0: found no endpoint descriptor for endpoint 4
[  568.991165][ T8919] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  569.018160][ T8919] usb 4-1: USB disconnect, device number 103
[  569.114120][ T8919] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  569.246420][ T8919] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  569.265856][T13991] team0: Device gtp0 is of different type
[  569.296017][ T8919] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  569.365401][ T8919] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  569.426868][ T8919] keyspan 4-1:0.0: device disconnected
[  569.770737][ T8919] usb 4-1: new low-speed USB device number 104 using dummy_hcd
[  569.965953][ T8919] usb 4-1: Invalid ep0 maxpacket: 64
[  570.120514][ T8919] usb 4-1: new low-speed USB device number 105 using dummy_hcd
[  570.424500][ T8919] usb 4-1: Invalid ep0 maxpacket: 64
[  570.430662][ T8919] usb usb4-port1: attempt power cycle
[  570.631958][T14025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  570.642788][T14025] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  570.708703][ T8913] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  570.840664][ T8919] usb 4-1: new low-speed USB device number 106 using dummy_hcd
[  571.044196][ T8919] usb 4-1: Invalid ep0 maxpacket: 64
[  571.272950][ T8919] usb 4-1: new low-speed USB device number 107 using dummy_hcd
[  571.292794][ T8913] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[  571.305094][ T8913] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[  571.322379][ T8919] usb 4-1: Invalid ep0 maxpacket: 64
[  571.328576][ T8919] usb usb4-port1: unable to enumerate USB device
[  571.350525][ T8913] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  571.428101][ T8913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.462640][ T8913] usb 5-1: config 0 descriptor??
[  573.501796][T14045] binder: 14044:14045 ioctl 4004662b 200000000200 returned -22
[  573.511894][T14045] binder: BINDER_SET_CONTEXT_MGR already set
[  573.518045][T14045] binder: 14044:14045 ioctl 4018620d 200000000040 returned -16
[  573.735775][ T8913] usb 5-1: string descriptor 0 read error: -71
[  573.770138][ T8913] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  573.826884][ T8913] usb 5-1: USB disconnect, device number 95
[  574.657606][T14070] netlink: 'syz.2.2448': attribute type 29 has an invalid length.
[  574.677618][T14070] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2448'.
[  574.681412][ T8913] usb 2-1: new high-speed USB device number 108 using dummy_hcd
[  574.870832][ T8913] usb 2-1: Using ep0 maxpacket: 16
[  574.872595][ T8913] usb 2-1: config 132 has an invalid interface number: 4 but max is 0
[  574.872623][ T8913] usb 2-1: config 132 has no interface number 0
[  574.872665][ T8913] usb 2-1: config 132 interface 4 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1023
[  574.872679][ T8913] usb 2-1: config 132 interface 4 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 431
[  574.872692][ T8913] usb 2-1: config 132 interface 4 altsetting 0 endpoint 0xF has an invalid bInterval 241, changing to 11
[  574.874711][ T8913] usb 2-1: New USB device found, idVendor=34ef, idProduct=202b, bcdDevice=36.09
[  574.874741][ T8913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.874754][ T8913] usb 2-1: Product: syz
[  574.874762][ T8913] usb 2-1: Manufacturer: syz
[  574.874770][ T8913] usb 2-1: SerialNumber: syz
[  574.879120][T14063] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  574.879238][T14063] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  574.945057][T14076] tipc: Enabled bearer <eth:batadv0>, priority 28
[  575.084872][T14063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.201255][T14083] netlink: 'syz.3.2453': attribute type 11 has an invalid length.
[  575.205526][T14063] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.237719][ T8913] usb 2-1: USB disconnect, device number 108
[  575.650378][ T5907] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  575.814476][ T5907] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[  575.814510][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[  575.814535][ T5907] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  575.814547][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.816954][ T5907] usb 5-1: config 0 descriptor??
[  576.067927][ T8919] tipc: Node number set to 1703492545
[  576.391686][ T8919] usb 2-1: new low-speed USB device number 109 using dummy_hcd
[  576.553207][ T8919] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  576.562181][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  576.588986][ T8919] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  576.667571][T14111] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2459'.
[  576.699608][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  576.719152][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  576.770324][ T5832] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  576.831151][ T8919] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  576.838722][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  576.867489][ T8919] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  576.920942][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  576.975022][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  576.990570][ T5832] usb 4-1: Using ep0 maxpacket: 32
[  576.998362][ T5832] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  577.007344][ T5832] usb 4-1: config 0 has no interface number 0
[  577.007615][ T8919] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  577.026144][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  577.039222][ T8919] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  577.051918][ T5832] usb 4-1: config 0 interface 12 has no altsetting 0
[  577.052198][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  577.170768][ T5832] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  577.181328][ T5832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.192241][ T5832] usb 4-1: Product: syz
[  577.199713][ T5832] usb 4-1: Manufacturer: syz
[  577.206210][ T5832] usb 4-1: SerialNumber: syz
[  577.214609][ T8919] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  577.231659][ T5832] usb 4-1: config 0 descriptor??
[  577.269161][ T8919] usb 2-1: string descriptor 0 read error: -22
[  577.277055][ T8919] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  577.287229][ T8919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.305737][ T8919] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  577.731765][ T5832] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  577.757143][ T5832] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  577.794110][ T5832] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  577.818037][ T5832] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  577.901069][ T5832] usb 4-1: USB disconnect, device number 108
[  578.125737][ T5907] usb 5-1: string descriptor 0 read error: -71
[  578.134448][ T5907] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  578.162929][ T5907] usb 5-1: USB disconnect, device number 96
[  578.188052][T14095] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  578.215752][T14095] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  578.230892][T14127] loop4: detected capacity change from 0 to 7
[  578.249917][ T6775] Dev loop4: unable to read RDB block 7
[  578.256210][ T6775]  loop4: AHDI p1 p2 p3
[  578.268708][ T6775] loop4: partition table partially beyond EOD, truncated
[  578.286460][ T6775] loop4: p1 start 1601398130 is beyond EOD, truncated
[  578.304306][ T6775] loop4: p2 start 1702059890 is beyond EOD, truncated
[  578.324149][T14127] Dev loop4: unable to read RDB block 7
[  578.338076][T14127]  loop4: AHDI p1 p2 p3
[  578.346490][ T5832] usb 2-1: USB disconnect, device number 109
[  578.360974][T14127] loop4: partition table partially beyond EOD, truncated
[  578.375668][T14127] loop4: p1 start 1601398130 is beyond EOD, truncated
[  578.420968][T14127] loop4: p2 start 1702059890 is beyond EOD, truncated
[  578.660928][T14138] loop2: detected capacity change from 0 to 7
[  578.891876][T14138]  loop2:
[  578.894898][T14138] loop2: partition table partially beyond EOD, truncated
[  578.983833][T14149] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2465'.
[  579.079457][T14138] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2466'.
[  579.297388][T14157] FAULT_INJECTION: forcing a failure.
[  579.297388][T14157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  579.326998][T14157] CPU: 0 UID: 0 PID: 14157 Comm: syz.4.2472 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  579.327031][T14157] Tainted: [L]=SOFTLOCKUP
[  579.327039][T14157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  579.327050][T14157] Call Trace:
[  579.327059][T14157]  <TASK>
[  579.327068][T14157]  dump_stack_lvl+0xe8/0x150
[  579.327101][T14157]  should_fail_ex+0x412/0x560
[  579.327129][T14157]  _copy_from_user+0x2d/0xb0
[  579.327160][T14157]  input_event_from_user+0xb1/0x290
[  579.327190][T14157]  ? __pfx_input_event_from_user+0x10/0x10
[  579.327224][T14157]  evdev_write+0x2c7/0x4c0
[  579.327252][T14157]  ? __pfx_evdev_write+0x10/0x10
[  579.327276][T14157]  ? bpf_lsm_file_permission+0x9/0x20
[  579.327298][T14157]  ? security_file_permission+0x75/0x260
[  579.327328][T14157]  ? rw_verify_area+0x255/0x4d0
[  579.327348][T14157]  ? __pfx_evdev_write+0x10/0x10
[  579.327372][T14157]  vfs_write+0x29a/0xb90
[  579.327399][T14157]  ? __pfx_vfs_write+0x10/0x10
[  579.327419][T14157]  ? __fget_files+0x2a/0x420
[  579.327448][T14157]  ? __fget_files+0x2a/0x420
[  579.327471][T14157]  ? __fget_files+0x3a0/0x420
[  579.327495][T14157]  ? __fget_files+0x2a/0x420
[  579.327527][T14157]  ksys_write+0x150/0x270
[  579.327547][T14157]  ? __pfx_ksys_write+0x10/0x10
[  579.327577][T14157]  do_syscall_64+0x14d/0xf80
[  579.327605][T14157]  ? trace_irq_disable+0x3b/0x150
[  579.327631][T14157]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.327650][T14157]  ? clear_bhb_loop+0x40/0x90
[  579.327673][T14157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  579.327691][T14157] RIP: 0033:0x7f4f40d9c629
[  579.327711][T14157] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  579.327727][T14157] RSP: 002b:00007f4f41cb8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  579.327748][T14157] RAX: ffffffffffffffda RBX: 00007f4f41015fa0 RCX: 00007f4f40d9c629
[  579.327761][T14157] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000003
[  579.327774][T14157] RBP: 00007f4f41cb8090 R08: 0000000000000000 R09: 0000000000000000
[  579.327785][T14157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  579.327797][T14157] R13: 00007f4f41016038 R14: 00007f4f41015fa0 R15: 00007f4f4113fa48
[  579.327824][T14157]  </TASK>
[  579.594845][ T5192]  loop2:
[  579.597853][ T5192] loop2: partition table partially beyond EOD, truncated
[  579.919232][ T5192]  loop2:
[  579.922806][ T5192] loop2: partition table partially beyond EOD, truncated
[  580.011015][ T8919] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  580.140740][ T8919] usb 3-1: device descriptor read/64, error -71
[  580.300316][ T5832] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  580.353245][T14171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  580.364291][T14171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.380698][ T8919] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  580.452761][ T5832] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[  580.465500][ T5832] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[  580.488807][ T5832] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  580.508365][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.510890][ T8919] usb 3-1: device descriptor read/64, error -71
[  580.536059][ T5832] usb 4-1: config 0 descriptor??
[  580.631532][ T8919] usb usb3-port1: attempt power cycle
[  580.660493][ T5907] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  580.973532][ T8919] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  581.001556][ T8919] usb 3-1: device descriptor read/8, error -71
[  581.240877][ T8919] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  581.261530][ T8919] usb 3-1: device descriptor read/8, error -71
[  581.370989][ T8919] usb usb3-port1: unable to enumerate USB device
[  581.521208][ T5907] usb 5-1: new full-speed USB device number 98 using dummy_hcd
[  581.712328][ T5907] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  581.722827][ T5907] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  581.736870][ T5907] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  581.746012][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  581.966365][ T5907] usb 5-1: usb_control_msg returned -32
[  581.974655][ T5907] usbtmc 5-1:16.0: can't read capabilities
[  582.184498][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.201254][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.218064][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.235754][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.253606][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.271569][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.288323][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.306943][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.324901][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.358375][T14190] kvm: kvm [14188]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  582.394746][T14194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  582.419402][T14194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  583.198692][ T5832] usb 4-1: string descriptor 0 read error: -71
[  583.212165][ T5832] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  583.222856][ T5832] usb 4-1: USB disconnect, device number 109
[  583.442458][T14201] FAULT_INJECTION: forcing a failure.
[  583.442458][T14201] name failslab, interval 1, probability 0, space 0, times 0
[  583.474959][T14201] CPU: 0 UID: 0 PID: 14201 Comm: syz.3.2486 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  583.474979][T14201] Tainted: [L]=SOFTLOCKUP
[  583.474983][T14201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  583.474990][T14201] Call Trace:
[  583.474995][T14201]  <TASK>
[  583.475000][T14201]  dump_stack_lvl+0xe8/0x150
[  583.475021][T14201]  should_fail_ex+0x412/0x560
[  583.475036][T14201]  should_failslab+0xa8/0x100
[  583.475051][T14201]  kmem_cache_alloc_node_noprof+0x8f/0x690
[  583.475068][T14201]  ? __alloc_skb+0x186/0x7d0
[  583.475082][T14201]  ? __alloc_skb+0x1d0/0x7d0
[  583.475094][T14201]  ? __local_bh_enable_ip+0xd0/0x130
[  583.475110][T14201]  __alloc_skb+0x1d0/0x7d0
[  583.475123][T14201]  ? netlink_ack_tlv_len+0x6c/0x210
[  583.475137][T14201]  netlink_ack+0x146/0xa50
[  583.475148][T14201]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  583.475163][T14201]  ? ref_tracker_free+0x693/0x840
[  583.475175][T14201]  ? __copy_skb_header+0xa3/0x4a0
[  583.475190][T14201]  ? __pfx_ref_tracker_free+0x10/0x10
[  583.475207][T14201]  netlink_rcv_skb+0x2b6/0x4b0
[  583.475219][T14201]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  583.475233][T14201]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  583.475250][T14201]  ? netlink_deliver_tap+0x2e/0x1b0
[  583.475272][T14201]  netlink_unicast+0x80f/0x9b0
[  583.475287][T14201]  ? __pfx_netlink_unicast+0x10/0x10
[  583.475299][T14201]  ? netlink_sendmsg+0x650/0xb40
[  583.475310][T14201]  ? skb_put+0x11b/0x210
[  583.475325][T14201]  netlink_sendmsg+0x813/0xb40
[  583.475342][T14201]  ? __pfx_netlink_sendmsg+0x10/0x10
[  583.475356][T14201]  ? aa_sock_msg_perm+0xf1/0x1b0
[  583.475369][T14201]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  583.475382][T14201]  ? __pfx_netlink_sendmsg+0x10/0x10
[  583.475393][T14201]  ____sys_sendmsg+0xa68/0xad0
[  583.475408][T14201]  ? __lock_acquire+0x6b5/0x2cf0
[  583.475426][T14201]  ? __pfx_____sys_sendmsg+0x10/0x10
[  583.475445][T14201]  ? import_iovec+0x73/0xa0
[  583.475462][T14201]  ___sys_sendmsg+0x2a5/0x360
[  583.475479][T14201]  ? __pfx____sys_sendmsg+0x10/0x10
[  583.475496][T14201]  ? kstrtouint+0x6e/0xe0
[  583.475522][T14201]  ? __fget_files+0x2a/0x420
[  583.475536][T14201]  ? __fget_files+0x3a0/0x420
[  583.475559][T14201]  __sys_sendmmsg+0x27c/0x4e0
[  583.475576][T14201]  ? __pfx___sys_sendmmsg+0x10/0x10
[  583.475590][T14201]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  583.475618][T14201]  ? ksys_write+0x242/0x270
[  583.475630][T14201]  ? __pfx_ksys_write+0x10/0x10
[  583.475643][T14201]  __x64_sys_sendmmsg+0xa0/0xc0
[  583.475659][T14201]  do_syscall_64+0x14d/0xf80
[  583.475675][T14201]  ? trace_irq_disable+0x3b/0x150
[  583.475690][T14201]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.475700][T14201]  ? clear_bhb_loop+0x40/0x90
[  583.475713][T14201]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  583.475723][T14201] RIP: 0033:0x7fe59eb9c629
[  583.475734][T14201] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  583.475744][T14201] RSP: 002b:00007fe59fa37028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  583.475757][T14201] RAX: ffffffffffffffda RBX: 00007fe59ee15fa0 RCX: 00007fe59eb9c629
[  583.475764][T14201] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000006
[  583.475772][T14201] RBP: 00007fe59fa37090 R08: 0000000000000000 R09: 0000000000000000
[  583.475778][T14201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  583.475785][T14201] R13: 00007fe59ee16038 R14: 00007fe59ee15fa0 R15: 00007fe59ef3fa48
[  583.475800][T14201]  </TASK>
[  583.833665][T14206] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2489'.
[  583.980278][ T5832] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[  584.046303][T14212] gtp0: entered allmulticast mode
[  584.052564][T14212] team0: Refused to change device type
[  584.136942][ T5907] usb 5-1: USB disconnect, device number 98
[  584.143478][ T5832] usb 2-1: Using ep0 maxpacket: 32
[  584.172526][ T5832] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  584.185637][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.192579][ T8919] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  584.194463][ T5832] usb 2-1: Product: syz
[  584.207766][ T5832] usb 2-1: Manufacturer: syz
[  584.214122][ T5832] usb 2-1: SerialNumber: syz
[  584.282024][ T5832] usb 2-1: config 0 descriptor??
[  584.324244][ T5832] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  584.350698][ T8919] usb 3-1: device descriptor read/64, error -71
[  584.411694][T14225] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2495'.
[  584.600892][ T8919] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  584.740358][ T8919] usb 3-1: device descriptor read/64, error -71
[  584.810610][T14231] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.819531][T14231] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.001052][ T8919] usb usb3-port1: attempt power cycle
[  585.116109][T14204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2487'.
[  585.287790][T14234] binder: 14233:14234 ioctl c0306201 2000000003c0 returned -14
[  585.450990][ T8919] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  585.471409][ T8919] usb 3-1: device descriptor read/8, error -71
[  585.707001][    C0] vcan0: j1939_tp_rxtimer: 0xffff88806d4f2c00: rx timeout, send abort
[  585.710865][ T8919] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  585.718164][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88806d4f2c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  585.742191][ T8919] usb 3-1: device descriptor read/8, error -71
[  585.761225][ T5832] gspca_ov534_9: reg_w failed -110
[  585.814899][T14238] netlink: 'syz.3.2498': attribute type 10 has an invalid length.
[  585.827306][T14238] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  585.836280][T14238] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  585.845920][T14238] team0: Failed to send options change via netlink (err -105)
[  585.853729][T14238] team0: Port device netdevsim0 added
[  585.861113][ T8919] usb usb3-port1: unable to enumerate USB device
[  586.090423][ T5832] gspca_ov534_9: Unknown sensor 0000
[  586.090529][ T5832] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  586.320828][ T8910] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  586.400756][ T8919] usb 5-1: new full-speed USB device number 99 using dummy_hcd
[  586.492021][ T8913] usb 2-1: USB disconnect, device number 110
[  586.501325][ T8910] usb 4-1: Using ep0 maxpacket: 8
[  586.524129][ T8910] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  586.544968][ T8910] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  586.558011][ T8910] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  586.558424][ T8919] usb 5-1: too many endpoints for config 0 interface 0 altsetting 4: 129, using maximum allowed: 30
[  586.568078][ T8910] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  586.568110][ T8910] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  586.568163][ T8910] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  586.568186][ T8910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.621431][ T8919] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  586.638182][ T8919] usb 5-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  586.653175][ T8919] usb 5-1: config 0 interface 0 has no altsetting 0
[  586.659944][ T8919] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0a51, bcdDevice= 0.00
[  586.669881][ T8919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.682815][ T8919] usb 5-1: config 0 descriptor??
[  586.688657][T14245] raw-gadget.5 gadget.4: fail, usb_ep_enable returned -22
[  586.837213][ T8910] usb 4-1: usb_control_msg returned -32
[  586.843159][ T8910] usbtmc 4-1:16.0: can't read capabilities
[  586.911315][ T8913] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[  587.061091][ T8913] usb 2-1: Using ep0 maxpacket: 16
[  587.078472][ T8913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  587.098305][ T8913] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  587.119547][ T8919] hid_parser_main: 1245 callbacks suppressed
[  587.119563][ T8919] hid-corsair-void 0003:1B1C:0A51.0035: unknown main item tag 0x0
[  587.134328][ T8913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.150546][ T8913] usb 2-1: Product: syz
[  587.154747][ T8913] usb 2-1: Manufacturer: syz
[  587.173334][ T8913] usb 2-1: SerialNumber: syz
[  587.178113][ T8919] hid-corsair-void 0003:1B1C:0A51.0035: hidraw0: USB HID v0.00 Device [HID 1b1c:0a51] on usb-dummy_hcd.4-1/input0
[  587.207549][ T8913] usb 2-1: config 0 descriptor??
[  587.236246][ T8913] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  587.252929][ T8913] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  587.329873][ T8919] hid-corsair-void 0003:1B1C:0A51.0035: failed to request firmware (reason: -71)
[  587.330261][ T8910] usb 5-1: USB disconnect, device number 99
[  587.340868][ T5824] hid-corsair-void 0003:1B1C:0A51.0035: failed to request battery (reason: -71)
[  587.897947][ T8910] usb 4-1: USB disconnect, device number 110
[  588.024391][ T8913] em28xx 2-1:0.0: chip ID is em2765
[  588.630023][ T8913] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  588.652204][ T8913] em28xx 2-1:0.0: board has no eeprom
[  588.698174][T14272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  588.709228][T14272] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  588.831134][ T5824] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  588.920847][ T8913] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  588.929656][ T8913] em28xx 2-1:0.0: dvb set to bulk mode.
[  588.936305][ T8919] em28xx 2-1:0.0: Binding DVB extension
[  588.955315][ T8913] usb 2-1: USB disconnect, device number 111
[  589.222068][ T8913] em28xx 2-1:0.0: Disconnecting em28xx
[  589.230747][ T5824] usb 3-1: Using ep0 maxpacket: 16
[  589.298686][ T5824] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  589.311167][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  589.441069][ T5824] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  589.450965][ T5824] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.459019][ T5824] usb 3-1: Product: syz
[  589.465124][ T5824] usb 3-1: Manufacturer: syz
[  589.469750][ T5824] usb 3-1: SerialNumber: syz
[  589.484337][ T5824] usb 3-1: config 0 descriptor??
[  589.606880][ T5824] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  589.642095][ T8919] em28xx 2-1:0.0: Registering input extension
[  589.651595][ T5824] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  589.661071][ T8913] em28xx 2-1:0.0: Closing input extension
[  589.728921][ T8913] em28xx 2-1:0.0: Freeing device
[  590.070918][ T8913] usb 2-1: new full-speed USB device number 112 using dummy_hcd
[  590.252306][ T8913] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  590.262745][ T8913] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  590.288142][ T8913] usb 2-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00
[  590.318175][ T5824] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  590.325639][ T5824] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  590.339196][ T8913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.350766][ T8919] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  590.402406][ T8913] usb 2-1: config 0 descriptor??
[  590.520861][ T8919] usb 4-1: Using ep0 maxpacket: 8
[  590.531996][ T8919] usb 4-1: unable to get BOS descriptor or descriptor too short
[  590.549420][ T8919] usb 4-1: config 1 interface 0 altsetting 12 bulk endpoint 0x82 has invalid maxpacket 16
[  590.560908][ T8919] usb 4-1: config 1 interface 0 altsetting 12 bulk endpoint 0x3 has invalid maxpacket 1023
[  590.586384][ T8919] usb 4-1: config 1 interface 0 has no altsetting 0
[  590.622053][ T8919] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  590.645513][ T8919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  590.658671][ T8913] uclogic 0003:5543:0064.0036: item fetching failed at offset 0/1
[  590.669593][ T8913] uclogic 0003:5543:0064.0036: parse failed
[  590.679867][ T8913] uclogic 0003:5543:0064.0036: probe with driver uclogic failed with error -22
[  590.695218][ T8919] usb 4-1: Product: syz
[  590.705515][ T8919] usb 4-1: Manufacturer: syz
[  590.719665][ T8919] usb 4-1: SerialNumber: syz
[  590.769014][T14288] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  590.776814][T14288] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  590.855508][ T8910] usb 2-1: USB disconnect, device number 112
[  590.937185][T14291] team0: Device gtp0 is of different type
[  590.944281][ T5824] em28xx 3-1:0.0: Unknown AC97 audio processor detected!
[  590.953044][ T5824] em28xx 3-1:0.0: couldn't setup AC97 register 2
[  590.960891][ T5824] em28xx 3-1:0.0: couldn't setup AC97 register 4
[  591.001448][T14288] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2512'.
[  591.267665][T14298] x_tables: duplicate underflow at hook 1
[  591.351047][T14299] input: syz0 as /devices/virtual/input/input66
[  592.051682][T14309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.063764][T14309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.170801][ T8913] usb 2-1: new high-speed USB device number 113 using dummy_hcd
[  592.473974][ T8913] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[  592.543618][ T8913] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[  592.581848][ T8913] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  592.631261][ T5824] em28xx 3-1:0.0: couldn't setup AC97 register 54
[  592.638892][ T5824] em28xx 3-1:0.0: couldn't setup AC97 register 56
[  592.647694][ T8913] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.741999][ T8913] usb 2-1: config 0 descriptor??
[  592.816556][T14311] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.825911][T14311] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.905605][T14320] netlink: 'syz.4.2520': attribute type 3 has an invalid length.
[  592.913881][T14320] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2520'.
[  592.936005][T14320] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2520'.
[  592.951162][T14320] netlink: 'syz.4.2520': attribute type 3 has an invalid length.
[  593.002866][T14320] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2520'.
[  593.032721][ T8919] usb 4-1: bad CDC descriptors
[  593.062952][ T8919] usb 4-1: USB disconnect, device number 111
[  593.105219][T14320] netlink: 'syz.4.2520': attribute type 3 has an invalid length.
[  593.141144][T14320] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2520'.
[  594.005954][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  594.005973][   T30] audit: type=1804 audit(1771942601.789:859): pid=14332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2524" name="/newroot/402/file0" dev="fuse" ino=1 res=1 errno=0
[  594.107780][T14337] netlink: 'syz.4.2526': attribute type 33 has an invalid length.
[  594.150947][T14340] input: syz1 as /devices/virtual/input/input67
[  594.238992][T14341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  594.280359][T14336] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2525'.
[  594.301352][T14341] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  594.319209][ T5832] usb 3-1: USB disconnect, device number 91
[  594.331127][T14336] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2525'.
[  594.547080][T14347] vlan3: entered promiscuous mode
[  594.555421][T14347] erspan0: entered promiscuous mode
[  594.821393][ T8919] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  595.002985][ T8919] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  595.012392][ T8919] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  595.022557][ T8919] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  595.034278][ T8919] usb 3-1: config 220 has no interface number 2
[  595.041729][ T8913] usb 2-1: string descriptor 0 read error: -71
[  595.050934][ T8919] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  595.065668][ T8913] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  595.075726][ T8913] usb 2-1: USB disconnect, device number 113
[  595.082698][ T8919] usb 3-1: config 220 interface 0 has no altsetting 0
[  595.089528][ T8919] usb 3-1: config 220 interface 76 has no altsetting 0
[  595.099723][ T8919] usb 3-1: config 220 interface 1 has no altsetting 0
[  595.112636][ T8919] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  595.122655][ T8919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.131912][ T8919] usb 3-1: Product: syz
[  595.136244][ T8919] usb 3-1: Manufacturer: syz
[  595.142791][ T8919] usb 3-1: SerialNumber: syz
[  595.180353][ T5832] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  595.362804][ T5832] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  595.371523][ T5832] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  595.383108][ T5832] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  595.395640][ T5832] usb 5-1: config 220 has no interface number 2
[  595.402741][ T5832] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  595.416698][ T5832] usb 5-1: config 220 interface 0 has no altsetting 0
[  595.431272][ T5832] usb 5-1: config 220 interface 76 has no altsetting 0
[  595.438190][ T5832] usb 5-1: config 220 interface 1 has no altsetting 0
[  595.448737][ T5832] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  595.458492][ T5832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.466661][ T5832] usb 5-1: Product: syz
[  595.472136][ T5832] usb 5-1: Manufacturer: syz
[  595.485154][ T5832] usb 5-1: SerialNumber: syz
[  595.530640][ T5907] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[  595.694131][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  595.719624][ T5832] usb 5-1: selecting invalid altsetting 0
[  595.731225][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  595.755420][ T5832] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  595.779185][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  595.789505][ T5832] uvcvideo 5-1:220.0: No valid video chain found.
[  595.796350][T14374] input: syz0 as /devices/virtual/input/input68
[  595.798411][ T5907] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  595.813324][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  595.818650][ T5832] usb 5-1: selecting invalid altsetting 0
[  595.841514][ T5907] usb 2-1: config 0 descriptor??
[  595.847801][ T5832] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  595.943624][ T5907] hub 2-1:0.0: USB hub found
[  595.979789][ T5832] usb 5-1: USB disconnect, device number 100
[  596.202637][ T5907] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  596.751395][ T5907] hid-generic 0003:046D:C31C.0037: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.1-1/input0
[  597.283776][T14362] usb 2-1: reset high-speed USB device number 114 using dummy_hcd
[  597.631351][ T8919] uvcvideo 3-1:220.1: Unknown video format 047d4302-0000-0000-0000-00a5e2000004
[  597.663177][ T8919] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  597.680883][ T8919] uvcvideo 3-1:220.0: No valid video chain found.
[  597.687459][ T8919] usb 3-1: selecting invalid altsetting 0
[  597.762406][ T8919] usb 3-1: selecting invalid altsetting 0
[  597.769642][ T5907] usb 2-1: USB disconnect, device number 114
[  597.782702][ T8919] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  597.800948][T14362] usbhid 2-1:0.0: reset_resume error -19
[  597.824195][ T8919] usb 3-1: USB disconnect, device number 92
[  597.856809][T14425] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2545'.
[  597.902047][T14425] netlink: 22 bytes leftover after parsing attributes in process `syz.4.2545'.
[  598.057028][T14434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.069952][T14434] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.250701][ T8919] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  598.280301][ T5907] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[  598.402563][ T8919] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  598.412279][ T8919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.424507][ T8919] usb 3-1: config 0 descriptor??
[  598.432288][ T8919] cp210x 3-1:0.0: cp210x converter detected
[  598.440469][ T5907] usb 5-1: Using ep0 maxpacket: 8
[  598.449744][ T5907] usb 5-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=31.1f
[  598.459381][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.467713][ T5907] usb 5-1: Product: syz
[  598.472617][ T5907] usb 5-1: Manufacturer: syz
[  598.477236][ T5907] usb 5-1: SerialNumber: syz
[  598.484381][ T5907] usb 5-1: config 0 descriptor??
[  598.504877][ T5907]  (null): radio-mr800 - initialization failed
[  598.511672][ T5907] radio-mr800 5-1:0.0: probe with driver radio-mr800 failed with error -22
[  598.524552][ T5907] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  598.633398][ T8919] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121
[  598.642019][ T8919] cp210x 3-1:0.0: querying part number failed
[  598.652355][ T8919] usb 3-1: cp210x converter now attached to ttyUSB0
[  598.865371][T14423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.878036][T14423] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.893823][ T5907] usb 3-1: USB disconnect, device number 93
[  598.913691][ T5907] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  598.994889][ T5907] cp210x 3-1:0.0: device disconnected
[  599.031055][ T8919] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[  599.190581][ T8919] usb 2-1: Using ep0 maxpacket: 32
[  599.202546][ T8919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  599.224047][ T8919] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  599.244678][ T8919] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  599.263455][ T8919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.279803][ T8919] usb 2-1: config 0 descriptor??
[  599.302014][ T8919] hub 2-1:0.0: USB hub found
[  599.506445][ T8919] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  599.954601][ T8919] hid-generic 0003:046D:C31C.0038: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.1-1/input0
[  599.979004][T14452] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2552'.
[  599.989620][T14452] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2552'.
[  600.096970][T14456] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2555'.
[  600.138594][T14456] vlan6: entered promiscuous mode
[  600.155039][T14456] gretap0: entered promiscuous mode
[  600.450447][ T5907] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  600.623903][ T5907] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  600.644563][ T5907] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  600.659315][ T5907] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  600.671834][ T5907] usb 4-1: config 220 has no interface number 2
[  600.678696][ T5907] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  600.693062][ T5907] usb 4-1: config 220 interface 0 has no altsetting 0
[  600.706034][ T5907] usb 4-1: config 220 interface 76 has no altsetting 0
[  600.706140][T14472] x_tables: duplicate underflow at hook 1
[  600.715144][ T5907] usb 4-1: config 220 interface 1 has no altsetting 0
[  600.729786][ T5907] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  600.739468][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.748186][ T5907] usb 4-1: Product: syz
[  600.753864][ T5907] usb 4-1: Manufacturer: syz
[  600.759166][ T5907] usb 4-1: SerialNumber: syz
[  600.797845][T14474] input: syz0 as /devices/virtual/input/input69
[  600.961985][ T5824] usb 2-1: USB disconnect, device number 115
[  601.007950][ T5832] usb 5-1: USB disconnect, device number 101
[  601.015578][ T8910] usb 3-1: new full-speed USB device number 94 using dummy_hcd
[  601.151984][T14479] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2561'.
[  601.168732][T14479] vlan3: entered promiscuous mode
[  601.174821][T14479] gretap0: entered promiscuous mode
[  601.192313][ T8910] usb 3-1: config 1 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  601.205028][ T8910] usb 3-1: config 1 interface 0 altsetting 64 has 3 endpoint descriptors, different from the interface descriptor's value: 23
[  601.219529][ T8910] usb 3-1: config 1 interface 0 has no altsetting 0
[  601.227762][ T8910] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  601.237224][ T8910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  601.245345][ T8910] usb 3-1: SerialNumber: syz
[  601.263656][ T8910] hub 3-1:1.0: bad descriptor, ignoring hub
[  601.281907][ T8910] hub 3-1:1.0: probe with driver hub failed with error -5
[  601.300534][ T8910] cdc_acm 3-1:1.0: Control and data interfaces are not separated!
[  601.382007][T14481] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  601.405387][T14481] kvm_pr_unimpl_wrmsr: 8 callbacks suppressed
[  601.405409][T14481] kvm: kvm [14480]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  601.422105][T14481] kvm: kvm [14480]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  601.822657][T14491] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2565'.
[  601.873155][T14491] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2565'.
[  601.990276][ T5832] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[  602.330379][ T5832] usb 2-1: Using ep0 maxpacket: 32
[  602.343343][ T5832] usb 2-1: config 0 has an invalid interface number: 76 but max is 0
[  602.353095][ T5832] usb 2-1: config 0 has no interface number 0
[  602.371339][ T5832] usb 2-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[  602.385430][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  602.410408][ T5832] usb 2-1: Product: syz
[  602.416489][ T5832] usb 2-1: Manufacturer: syz
[  602.426720][ T5832] usb 2-1: SerialNumber: syz
[  602.449170][ T5832] usb 2-1: config 0 descriptor??
[  602.468022][ T5832] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[  602.496459][ T5832] dw2102: su3000_power_ctrl: 1, initialized 0
[  602.516346][ T5832] dvb-usb: bulk message failed: -22 (2/0)
[  602.539483][ T5832] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  602.550579][ T5832] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[  602.560742][ T5832] usb 2-1: media controller created
[  602.566289][ T5832] dvb-usb: bulk message failed: -22 (6/0)
[  602.572951][ T5832] dw2102: i2c transfer failed.
[  602.580575][ T5832] dvb-usb: bulk message failed: -22 (6/0)
[  602.630869][ T5832] dw2102: i2c transfer failed.
[  602.640972][ T5832] dvb-usb: bulk message failed: -22 (6/0)
[  602.653802][ T5832] dw2102: i2c transfer failed.
[  602.668373][ T5832] dvb-usb: bulk message failed: -22 (6/0)
[  602.680922][ T5832] dw2102: i2c transfer failed.
[  602.692235][T14489] dvb-usb: bulk message failed: -22 (1/0)
[  602.698344][T14489] dw2102: i2c transfer failed.
[  602.707220][T14489] dvb-usb: bulk message failed: -22 (3/0)
[  602.718752][T14489] dw2102: i2c transfer failed.
[  602.731044][ T5832] dvb-usb: bulk message failed: -22 (6/0)
[  602.760459][ T5832] dw2102: i2c transfer failed.
[  602.869603][ T5832] dvb-usb: bulk message failed: -22 (6/0)
[  602.890695][ T5832] dw2102: i2c transfer failed.
[  602.895826][ T5832] dvb-usb: MAC address: 02:02:02:02:02:02
[  602.909262][ T5832] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  602.940679][ T5832] dvb-usb: bulk message failed: -22 (3/0)
[  602.949716][ T5832] dw2102: command 0x0e transfer failed.
[  602.989645][ T5832] dvb-usb: bulk message failed: -22 (3/0)
[  603.003234][ T5832] dw2102: command 0x0e transfer failed.
[  603.251351][ T5907] uvcvideo 4-1:220.1: Unknown video format 047d4302-0000-0000-0000-00a5e2000004
[  603.301977][ T5907] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  603.320678][ T5832] dvb-usb: bulk message failed: -22 (3/0)
[  603.329725][ T5832] dw2102: command 0x0e transfer failed.
[  603.338405][ T5907] uvcvideo 4-1:220.0: No valid video chain found.
[  603.346420][ T5832] dvb-usb: bulk message failed: -22 (3/0)
[  603.354028][ T5907] usb 4-1: selecting invalid altsetting 0
[  603.377697][ T5832] dw2102: command 0x0e transfer failed.
[  603.409131][ T5832] dvb-usb: bulk message failed: -22 (1/0)
[  603.424964][ T5907] usb 4-1: selecting invalid altsetting 0
[  603.436440][ T5907] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  603.447894][ T5832] dw2102: command 0x51 transfer failed.
[  603.474545][T14500] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2568'.
[  603.480526][ T5907] usb 4-1: USB disconnect, device number 112
[  603.507405][T14500] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2568'.
[  603.517287][T14500] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  603.570710][ T5832] DVB: Unable to find symbol ds3000_attach()
[  603.595383][ T5832] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0'
[  603.609622][T14513] gtp0: entered promiscuous mode
[  603.617982][T14513] gtp0: entered allmulticast mode
[  603.628307][T14513] team0: Device gtp0 is of different type
[  603.730752][ T5832] rc_core: IR keymap rc-su3000 not found
[  603.737633][ T5832] Registered IR keymap rc-empty
[  603.752110][ T5832] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  603.777646][ T8910] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[  603.791803][ T5832] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input70
[  603.861120][ T8910] usb 3-1: USB disconnect, device number 94
[  603.888432][ T5832] dvb-usb: schedule remote query interval to 150 msecs.
[  603.937587][T14518] x_tables: duplicate underflow at hook 1
[  603.959261][ T5832] dw2102: su3000_power_ctrl: 0, initialized 1
[  603.977757][ T5832] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected.
[  604.065013][T14522] input: syz0 as /devices/virtual/input/input71
[  604.069311][ T5832] usb 2-1: USB disconnect, device number 116
[  604.098727][T14528] x_tables: duplicate underflow at hook 1
[  604.118954][ T8906] dvb-usb: bulk message failed: -22 (1/0)
[  604.142423][T14530] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2577'.
[  604.152440][ T8906] dw2102: i2c transfer failed.
[  604.188405][T14530] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2577'.
[  604.428251][ T5832] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected.
[  604.499892][T14534] FAULT_INJECTION: forcing a failure.
[  604.499892][T14534] name failslab, interval 1, probability 0, space 0, times 0
[  604.517218][T14534] CPU: 0 UID: 0 PID: 14534 Comm: syz.2.2578 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  604.517249][T14534] Tainted: [L]=SOFTLOCKUP
[  604.517256][T14534] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  604.517281][T14534] Call Trace:
[  604.517291][T14534]  <TASK>
[  604.517299][T14534]  dump_stack_lvl+0xe8/0x150
[  604.517351][T14534]  should_fail_ex+0x412/0x560
[  604.517383][T14534]  should_failslab+0xa8/0x100
[  604.517415][T14534]  ? skb_clone+0x212/0x3a0
[  604.517458][T14534]  kmem_cache_alloc_noprof+0x87/0x650
[  604.517488][T14534]  ? sk_filter_trim_cap+0x1e1/0xd90
[  604.517599][T14534]  skb_clone+0x212/0x3a0
[  604.517627][T14534]  __netlink_deliver_tap+0x404/0x850
[  604.517668][T14534]  ? netlink_deliver_tap+0x2e/0x1b0
[  604.517692][T14534]  netlink_deliver_tap+0x19c/0x1b0
[  604.517715][T14534]  netlink_dump+0x926/0xe80
[  604.517747][T14534]  ? __pfx_netlink_dump+0x10/0x10
[  604.517789][T14534]  ? kmem_cache_free+0x187/0x630
[  604.517812][T14534]  ? netlink_recvmsg+0x5d6/0xa50
[  604.517839][T14534]  netlink_recvmsg+0x690/0xa50
[  604.517861][T14534]  ? __lock_acquire+0x6b5/0x2cf0
[  604.517897][T14534]  ? __pfx_netlink_recvmsg+0x10/0x10
[  604.517931][T14534]  ? __pfx_netlink_recvmsg+0x10/0x10
[  604.517954][T14534]  sock_recvmsg_nosec+0x186/0x1c0
[  604.517981][T14534]  ____sys_recvmsg+0x3e3/0x4a0
[  604.518016][T14534]  ? __pfx_____sys_recvmsg+0x10/0x10
[  604.518056][T14534]  ? import_iovec+0x73/0xa0
[  604.518087][T14534]  ___sys_recvmsg+0x215/0x590
[  604.518111][T14534]  ? __lock_acquire+0x6b5/0x2cf0
[  604.518139][T14534]  ? __pfx____sys_recvmsg+0x10/0x10
[  604.518260][T14534]  do_recvmmsg+0x334/0x800
[  604.518298][T14534]  ? __pfx_do_recvmmsg+0x10/0x10
[  604.518336][T14534]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  604.518388][T14534]  __x64_sys_recvmmsg+0x198/0x250
[  604.518416][T14534]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  604.518454][T14534]  do_syscall_64+0x14d/0xf80
[  604.518481][T14534]  ? trace_irq_disable+0x3b/0x150
[  604.518523][T14534]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.518544][T14534]  ? clear_bhb_loop+0x40/0x90
[  604.518564][T14534]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.518588][T14534] RIP: 0033:0x7f5bbf59c629
[  604.518608][T14534] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  604.518625][T14534] RSP: 002b:00007f5bc0385028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  604.518647][T14534] RAX: ffffffffffffffda RBX: 00007f5bbf815fa0 RCX: 00007f5bbf59c629
[  604.518661][T14534] RDX: 0000000000000005 RSI: 0000200000005c40 RDI: 0000000000000003
[  604.518674][T14534] RBP: 00007f5bc0385090 R08: 0000000000000000 R09: 0000000000000000
[  604.518686][T14534] R10: 0000000000002120 R11: 0000000000000246 R12: 0000000000000002
[  604.518697][T14534] R13: 00007f5bbf816038 R14: 00007f5bbf815fa0 R15: 00007f5bbf93fa48
[  604.518724][T14534]  </TASK>
[  605.380853][ T8919] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  605.468085][T14563] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2586'.
[  605.530853][ T8919] usb 3-1: Using ep0 maxpacket: 32
[  605.537648][ T8919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  605.549284][ T8919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  605.560050][ T8919] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  605.571071][ T8919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.584297][ T8919] usb 3-1: config 0 descriptor??
[  605.609548][ T8919] hub 3-1:0.0: USB hub found
[  605.698433][T14570] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2588'.
[  605.708607][T14570] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2588'.
[  605.772189][T14572] input: syz0 as /devices/virtual/input/input72
[  605.821329][ T8919] hub 3-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  606.239890][ T8919] hid-generic 0003:046D:C31C.0039: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.2-1/input0
[  606.334809][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.386443][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.410713][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.429420][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.447579][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.462960][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.481294][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.514927][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.529303][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.544113][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.558658][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.576155][T14586] kvm: kvm [14585]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  606.971135][T14543] usb 3-1: reset high-speed USB device number 95 using dummy_hcd
[  607.342745][T14543] usbhid 3-1:0.0: reset_resume error -71
[  607.359113][ T5832] usb 3-1: USB disconnect, device number 95
[  609.266420][ T5832] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[  609.417256][T14660] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  609.460678][ T5832] usb 5-1: Using ep0 maxpacket: 8
[  609.469127][ T5832] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  609.481116][ T5832] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  609.495081][ T5832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.498455][T14664] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2608'.
[  609.536661][ T5832] usb 5-1: config 0 descriptor??
[  609.689393][T14666] team0: Device gtp0 is of different type
[  609.762928][ T5832] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  610.195250][ T8906] usb 5-1: USB disconnect, device number 102
[  610.817031][ T8919] usb 3-1: new full-speed USB device number 96 using dummy_hcd
[  611.022378][ T8919] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0xB has invalid maxpacket 1023, setting to 64
[  611.034881][ T8919] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  611.087068][ T8919] usb 3-1: config 0 interface 0 has no altsetting 0
[  611.100995][ T8919] usb 3-1: New USB device found, idVendor=0471, idProduct=2088, bcdDevice=c6.66
[  611.122110][ T8919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.139326][ T8919] usb 3-1: config 0 descriptor??
[  611.154017][T14683] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  611.190889][ T5824] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[  611.219253][T14691] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  611.234567][T14691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  611.264617][T14691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  611.360444][ T5824] usb 2-1: Using ep0 maxpacket: 32
[  611.375138][ T5824] usb 2-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  611.413585][ T5824] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.416208][T14698] xt_hashlimit: size too large, truncated to 1048576
[  611.422402][ T5824] usb 2-1: Product: syz
[  611.440821][ T5824] usb 2-1: Manufacturer: syz
[  611.470770][ T5824] usb 2-1: SerialNumber: syz
[  611.552583][ T5824] usb 2-1: config 0 descriptor??
[  611.845106][ T5824] RobotFuzz Open Source InterFace, OSIF 2-1:0.0: version d4.15 found at bus 002 address 117
[  612.054342][ T5824] usb 2-1: USB disconnect, device number 117
[  612.362812][T14709] loop2: detected capacity change from 0 to 7
[  612.398731][T14709]  loop2:
[  612.410926][T14709] loop2: partition table partially beyond EOD, truncated
[  612.444993][T14709] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2621'.
[  612.581996][ T8919] usb 3-1: string descriptor 0 read error: -71
[  612.707072][ T8919] usb 3-1: USB disconnect, device number 96
[  613.052214][ T8906] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[  613.210283][ T8906] usb 2-1: Using ep0 maxpacket: 16
[  613.232964][ T8906] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  613.260890][ T8906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  613.292306][T14724] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2627'.
[  613.307042][T14721] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=393221 (786442 ns) > initial count (12292 ns). Using initial count to start timer.
[  613.307648][ T8906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  613.390510][ T8906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  613.419366][ T8906] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  613.446443][ T8906] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  613.461970][ T8906] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  613.470110][ T8906] usb 2-1: Manufacturer: syz
[  613.498140][ T8906] usb 2-1: config 0 descriptor??
[  613.763611][T14738] x_tables: duplicate underflow at hook 1
[  613.826312][ T8906] rc_core: IR keymap rc-hauppauge not found
[  613.850237][ T8906] Registered IR keymap rc-empty
[  613.877605][T14740] FAULT_INJECTION: forcing a failure.
[  613.877605][T14740] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  613.885938][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  613.919558][T14740] CPU: 1 UID: 0 PID: 14740 Comm: syz.2.2632 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  613.919591][T14740] Tainted: [L]=SOFTLOCKUP
[  613.919599][T14740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  613.919611][T14740] Call Trace:
[  613.919619][T14740]  <TASK>
[  613.919629][T14740]  dump_stack_lvl+0xe8/0x150
[  613.919661][T14740]  should_fail_ex+0x412/0x560
[  613.919689][T14740]  _copy_from_user+0x2d/0xb0
[  613.919716][T14740]  input_event_from_user+0xb1/0x290
[  613.919762][T14740]  ? __pfx_input_event_from_user+0x10/0x10
[  613.919797][T14740]  evdev_write+0x2c7/0x4c0
[  613.919825][T14740]  ? __pfx_evdev_write+0x10/0x10
[  613.919849][T14740]  ? bpf_lsm_file_permission+0x9/0x20
[  613.919873][T14740]  ? security_file_permission+0x75/0x260
[  613.919906][T14740]  ? rw_verify_area+0x255/0x4d0
[  613.919926][T14740]  ? __pfx_evdev_write+0x10/0x10
[  613.919950][T14740]  vfs_write+0x29a/0xb90
[  613.919977][T14740]  ? __pfx_vfs_write+0x10/0x10
[  613.919998][T14740]  ? __fget_files+0x2a/0x420
[  613.920025][T14740]  ? __fget_files+0x2a/0x420
[  613.920049][T14740]  ? __fget_files+0x3a0/0x420
[  613.920073][T14740]  ? __fget_files+0x2a/0x420
[  613.920106][T14740]  ksys_write+0x150/0x270
[  613.920127][T14740]  ? __pfx_ksys_write+0x10/0x10
[  613.920158][T14740]  do_syscall_64+0x14d/0xf80
[  613.920183][T14740]  ? trace_irq_disable+0x3b/0x150
[  613.920209][T14740]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.920229][T14740]  ? clear_bhb_loop+0x40/0x90
[  613.920251][T14740]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.920271][T14740] RIP: 0033:0x7f5bbf59c629
[  613.920290][T14740] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  613.920307][T14740] RSP: 002b:00007f5bc0385028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  613.920327][T14740] RAX: ffffffffffffffda RBX: 00007f5bbf815fa0 RCX: 00007f5bbf59c629
[  613.920341][T14740] RDX: 00000000000012d8 RSI: 0000200000000040 RDI: 0000000000000005
[  613.920353][T14740] RBP: 00007f5bc0385090 R08: 0000000000000000 R09: 0000000000000000
[  613.920366][T14740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  613.920377][T14740] R13: 00007f5bbf816038 R14: 00007f5bbf815fa0 R15: 00007f5bbf93fa48
[  613.920407][T14740]  </TASK>
[  614.148127][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.175271][ T8906] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  614.237682][ T8906] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input73
[  614.265201][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.368278][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.432637][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.433143][T14750] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  614.484734][T14755] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2635'.
[  614.500504][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.520355][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.536974][T14750] kvm_pr_unimpl_wrmsr: 32 callbacks suppressed
[  614.536997][T14750] kvm: kvm [14749]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  614.557703][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.565201][T14750] kvm: kvm [14749]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  614.591837][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.610400][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.641012][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.683604][T14763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2638'.
[  614.700792][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.720529][ T8906] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  614.771249][ T8906] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  614.780955][ T8906] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  614.838457][ T8906] usb 2-1: USB disconnect, device number 118
[  614.889349][T14770] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  614.912083][T14772] loop2: detected capacity change from 0 to 7
[  614.972109][T14772]  loop2:
[  614.975114][T14772] loop2: partition table partially beyond EOD, truncated
[  615.026223][T14772] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2639'.
[  615.348471][T14783] netlink: 'syz.4.2645': attribute type 1 has an invalid length.
[  615.518989][T14788] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.2646'.
[  615.680083][T14795] x_tables: duplicate underflow at hook 1
[  615.761014][ T5824] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[  615.881728][ T8919] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[  615.901424][ T5824] usb 2-1: device descriptor read/64, error -71
[  616.051036][ T8919] usb 4-1: Using ep0 maxpacket: 32
[  616.058198][ T8919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  616.076985][ T8919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  616.088394][ T8919] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  616.098449][ T8919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  616.116204][ T8919] usb 4-1: config 0 descriptor??
[  616.128141][ T8919] hub 4-1:0.0: USB hub found
[  616.140988][ T5824] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[  616.251492][T14806] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  616.270786][ T5824] usb 2-1: device descriptor read/64, error -71
[  616.328285][ T8919] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  616.381320][ T5824] usb usb2-port1: attempt power cycle
[  616.517739][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.530434][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.540440][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.549742][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.561011][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.568705][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.578737][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.588831][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.600249][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.607725][ T8906] hid-generic 0003:0003:0000.003A: unknown main item tag 0x0
[  616.618961][ T8906] hid-generic 0003:0003:0000.003A: hidraw0: USB HID v0.00 Device [syz0] on syz0
[  616.726914][T14822] fido_id[14822]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  616.743356][ T5824] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[  616.771633][ T5824] usb 2-1: device descriptor read/8, error -71
[  616.802604][ T8919] hid-generic 0003:046D:C31C.003B: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0
[  617.021024][ T5824] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[  617.052315][ T5824] usb 2-1: device descriptor read/8, error -71
[  617.172526][ T5824] usb usb2-port1: unable to enumerate USB device
[  617.183707][T14836] bond1: entered allmulticast mode
[  617.189032][T14836] vcan1: entered allmulticast mode
[  617.203405][T14835] bond1: left allmulticast mode
[  617.208523][T14835] vcan1: left allmulticast mode
[  617.286649][T14839] loop2: detected capacity change from 0 to 7
[  617.304204][T14839]  loop2:
[  617.307791][T14839] loop2: partition table partially beyond EOD, truncated
[  617.425190][T14839] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2659'.
[  617.518687][T14841] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  617.601200][T14842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.612971][T14842] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.621541][ T8906] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  617.790655][ T8906] usb 3-1: Using ep0 maxpacket: 16
[  617.802743][ T8906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  617.822658][ T8906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  617.837653][ T8906] usb 3-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  617.856385][ T8906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  617.881690][ T8906] usb 3-1: config 0 descriptor??
[  618.036711][ T8910] usb 4-1: USB disconnect, device number 113
[  618.116455][T14845] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  618.438684][T14854] netlink: 80 bytes leftover after parsing attributes in process `syz.4.2667'.
[  618.448666][T14854] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2667'.
[  618.469451][T14855] x_tables: duplicate underflow at hook 1
[  618.559475][T14860] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2669'.
[  619.995697][T14879] netlink: 'syz.1.2674': attribute type 1 has an invalid length.
[  620.074408][T14879] bond1: entered promiscuous mode
[  620.091465][T14879] 8021q: adding VLAN 0 to HW filter on device bond1
[  620.142474][T14882] 8021q: adding VLAN 0 to HW filter on device bond1
[  620.174187][T14882] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  620.189077][ T8906] usbhid 3-1:0.0: can't add hid device: -71
[  620.196327][ T8906] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  620.208635][T14882] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  620.227117][ T8906] usb 3-1: USB disconnect, device number 97
[  620.243860][T14882] bond1: (slave vcan1): making interface the new active one
[  620.252135][T14882] vcan1: entered promiscuous mode
[  620.265155][T14882] bond1: (slave vcan1): Enslaving as an active interface with an up link
[  620.462572][T14890] loop2: detected capacity change from 0 to 7
[  620.488787][T14890]  loop2:
[  620.492642][T14890] loop2: partition table partially beyond EOD, truncated
[  620.575358][T14891] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2675'.
[  620.607131][T14888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2676'.
[  620.660482][T14888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2676'.
[  620.756348][T14896] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  621.134471][T14902] FAULT_INJECTION: forcing a failure.
[  621.134471][T14902] name failslab, interval 1, probability 0, space 0, times 0
[  621.150954][T14902] CPU: 1 UID: 0 PID: 14902 Comm: syz.1.2679 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  621.150986][T14902] Tainted: [L]=SOFTLOCKUP
[  621.150994][T14902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  621.151005][T14902] Call Trace:
[  621.151014][T14902]  <TASK>
[  621.151024][T14902]  dump_stack_lvl+0xe8/0x150
[  621.151057][T14902]  should_fail_ex+0x412/0x560
[  621.151084][T14902]  should_failslab+0xa8/0x100
[  621.151109][T14902]  __kmalloc_noprof+0xe8/0x760
[  621.151130][T14902]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  621.151149][T14902]  ? sock_kmalloc+0xd6/0x160
[  621.151182][T14902]  sock_kmalloc+0xd6/0x160
[  621.151212][T14902]  af_alg_alloc_areq+0x99/0x200
[  621.151331][T14902]  skcipher_recvmsg+0x332/0x1140
[  621.151398][T14902]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  621.151426][T14902]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  621.151447][T14902]  ? security_socket_recvmsg+0x7e/0x2c0
[  621.151473][T14902]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  621.151498][T14902]  sock_recvmsg+0x22c/0x270
[  621.151523][T14902]  ____sys_recvmsg+0x1e6/0x4a0
[  621.151554][T14902]  ? __pfx_____sys_recvmsg+0x10/0x10
[  621.151589][T14902]  ? import_iovec+0x73/0xa0
[  621.151613][T14902]  ___sys_recvmsg+0x215/0x590
[  621.151633][T14902]  ? get_pid_task+0x20/0x1f0
[  621.151653][T14902]  ? __pfx____sys_recvmsg+0x10/0x10
[  621.151691][T14902]  ? __fget_files+0x3a0/0x420
[  621.151720][T14902]  __x64_sys_recvmsg+0x1ba/0x2a0
[  621.151744][T14902]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  621.151773][T14902]  ? __pfx_ksys_write+0x10/0x10
[  621.151804][T14902]  do_syscall_64+0x14d/0xf80
[  621.151827][T14902]  ? trace_irq_disable+0x3b/0x150
[  621.151849][T14902]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.151865][T14902]  ? clear_bhb_loop+0x40/0x90
[  621.151884][T14902]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  621.151900][T14902] RIP: 0033:0x7f3c2699c629
[  621.151916][T14902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  621.151931][T14902] RSP: 002b:00007f3c27848028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  621.151949][T14902] RAX: ffffffffffffffda RBX: 00007f3c26c16180 RCX: 00007f3c2699c629
[  621.151960][T14902] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000006
[  621.151971][T14902] RBP: 00007f3c27848090 R08: 0000000000000000 R09: 0000000000000000
[  621.151981][T14902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  621.151991][T14902] R13: 00007f3c26c16218 R14: 00007f3c26c16180 R15: 00007f3c26d3fa48
[  621.152015][T14902]  </TASK>
[  621.856283][T14908] fuse: Unknown parameter ' '
[  621.952432][T14914] x_tables: duplicate underflow at hook 1
[  622.332044][T14916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  622.362744][T14916] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  622.841114][ T8906] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[  622.980445][T14933] loop2: detected capacity change from 0 to 7
[  622.996482][T14933]  loop2:
[  622.999791][T14933] loop2: partition table partially beyond EOD, truncated
[  623.016805][ T8906] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  623.038279][ T8906] usb 5-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  623.065220][ T8906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  623.087262][ T8906] usb 5-1: config 0 descriptor??
[  623.104205][T14936] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2684'.
[  623.348205][T14919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  623.390916][T14919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  623.428110][T14919] netlink: 'syz.4.2682': attribute type 9 has an invalid length.
[  623.452171][T14919] netlink: 'syz.4.2682': attribute type 11 has an invalid length.
[  623.460752][T14919] netlink: 'syz.4.2682': attribute type 12 has an invalid length.
[  623.471515][T14919] netlink: 210020 bytes leftover after parsing attributes in process `syz.4.2682'.
[  623.481663][T14919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2682'.
[  623.502418][T14919] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2682'.
[  623.565060][T14919] macvtap1: entered promiscuous mode
[  623.581105][T14919] team0: entered promiscuous mode
[  623.595627][T14919] team_slave_0: entered promiscuous mode
[  623.614742][T14919] team_slave_1: entered promiscuous mode
[  623.635158][T14919] macvtap1: entered allmulticast mode
[  623.655838][T14919] team0: entered allmulticast mode
[  623.693729][ T8919] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[  623.721053][T14919] team_slave_0: entered allmulticast mode
[  623.726919][T14919] team_slave_1: entered allmulticast mode
[  623.851880][T14919] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  623.911370][ T8919] usb 3-1: Using ep0 maxpacket: 16
[  623.919384][ T8919] usb 3-1: unable to get BOS descriptor or descriptor too short
[  623.932320][ T8919] usb 3-1: config 13 has an invalid interface number: 50 but max is 0
[  623.943038][ T8906] usbhid 5-1:0.0: can't add hid device: -71
[  623.950825][ T8906] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  623.972778][ T8919] usb 3-1: config 13 has no interface number 0
[  623.989339][ T8919] usb 3-1: config 13 interface 50 altsetting 167 bulk endpoint 0x88 has invalid maxpacket 16
[  624.040652][ T8919] usb 3-1: config 13 interface 50 has no altsetting 0
[  624.062496][ T8906] usb 5-1: USB disconnect, device number 103
[  624.078983][ T8919] usb 3-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32
[  624.109172][ T8919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.139841][ T8919] usb 3-1: Product: syz
[  624.144027][T14944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  624.146313][T14944] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  624.170880][ T8919] usb 3-1: Manufacturer: syz
[  624.182561][ T8919] usb 3-1: SerialNumber: syz
[  624.212270][T14935] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[  624.292373][T14944] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  624.316098][T14944] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  624.339268][T14944] bond1: entered allmulticast mode
[  624.344793][T14944] vcan1: entered allmulticast mode
[  624.361948][T14943] bond1: left allmulticast mode
[  624.366879][T14943] vcan1: left allmulticast mode
[  624.776291][T14956] loop2: detected capacity change from 0 to 7
[  624.813486][T14956]  loop2:
[  624.816506][T14956] loop2: partition table partially beyond EOD, truncated
[  624.871829][ T5824] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[  624.971036][T14949] loop8: detected capacity change from 0 to 524287999
[  624.975604][ T8919] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  624.993159][T14957] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2693'.
[  625.012664][ T5824] usb 4-1: device descriptor read/64, error -71
[  625.022115][ T8919] usb 3-1: MIDIStreaming interface descriptor not found
[  625.054267][ T6775] buffer_io_error: 5 callbacks suppressed
[  625.054286][ T6775] Buffer I/O error on dev loop8, logical block 65535998, async page read
[  625.228897][ T5192]  loop2:
[  625.232665][ T5192] loop2: partition table partially beyond EOD, truncated
[  625.260884][ T5824] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[  625.296488][T14964] x_tables: duplicate underflow at hook 1
[  625.308248][ T8919] usb 3-1: USB disconnect, device number 98
[  625.391534][ T5824] usb 4-1: device descriptor read/64, error -71
[  625.404317][T14963] x_tables: duplicate underflow at hook 1
[  625.505423][ T5192]  loop2:
[  625.508520][ T5192] loop2: partition table partially beyond EOD, truncated
[  625.522425][ T5824] usb usb4-port1: attempt power cycle
[  625.970784][ T5824] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[  626.053104][ T5824] usb 4-1: device descriptor read/8, error -71
[  626.290863][ T5824] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[  626.321904][ T5824] usb 4-1: device descriptor read/8, error -71
[  626.375668][T14981] input: syz0 as /devices/virtual/input/input75
[  626.432340][ T5824] usb usb4-port1: unable to enumerate USB device
[  626.444150][T14983] input: syz0 as /devices/virtual/input/input76
[  626.480466][ T8906] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[  626.569059][T14988] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.586086][T14988] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.681789][ T8906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  626.693463][ T8906] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  626.713727][ T8906] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  626.730727][ T8906] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  626.752191][ T8906] usb 3-1: config 0 descriptor??
[  626.971628][T14976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  627.013023][T14976] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.075745][ T8906] usbhid 3-1:0.0: can't add hid device: -71
[  627.081929][ T8906] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  627.099115][ T8906] usb 3-1: USB disconnect, device number 99
[  628.015556][T15020] loop2: detected capacity change from 0 to 7
[  628.037655][T15020]  loop2:
[  628.041419][T15020] loop2: partition table partially beyond EOD, truncated
[  628.051759][T15020] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2711'.
[  628.207497][T15021] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  628.904239][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  628.921178][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  629.471907][T15036] Context (ID=0x4d9) not attached to queue pair (handle=0x2:0x2)
[  629.791037][ T5824] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[  629.834554][T15041] netlink: 276 bytes leftover after parsing attributes in process `syz.5.2718'.
[  629.854325][T15041] netlink: 276 bytes leftover after parsing attributes in process `syz.5.2718'.
[  629.952505][ T5824] usb 4-1: unable to get BOS descriptor or descriptor too short
[  629.990939][ T8919] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  629.999120][ T5824] usb 4-1: config 66 has an invalid descriptor of length 31, skipping remainder of the config
[  630.014737][ T5824] usb 4-1: config 66 has 0 interfaces, different from the descriptor's value: 1
[  630.165845][ T5824] usb 4-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=a4.95
[  630.186885][ T5824] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.196085][ T5824] usb 4-1: Product: syz
[  630.201246][ T5824] usb 4-1: Manufacturer: syz
[  630.205879][ T5824] usb 4-1: SerialNumber: syz
[  630.260970][ T8919] usb 3-1: Using ep0 maxpacket: 32
[  630.271630][ T8919] usb 3-1: config 0 has an invalid interface number: 76 but max is 0
[  630.284290][ T8919] usb 3-1: config 0 has no interface number 0
[  630.303947][ T8919] usb 3-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[  630.314662][ T8919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.323983][ T8919] usb 3-1: Product: syz
[  630.334083][ T8919] usb 3-1: Manufacturer: syz
[  630.346378][ T8919] usb 3-1: SerialNumber: syz
[  630.368358][ T8919] usb 3-1: config 0 descriptor??
[  630.392526][ T8919] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[  630.439936][ T8919] dw2102: su3000_power_ctrl: 1, initialized 0
[  630.478960][ T8919] dvb-usb: bulk message failed: -22 (2/0)
[  630.518399][ T8919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  630.528702][ T5824] usb 4-1: USB disconnect, device number 118
[  630.542091][ T8919] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[  630.563764][ T8919] usb 3-1: media controller created
[  630.569044][ T8919] dvb-usb: bulk message failed: -22 (6/0)
[  630.576971][ T8919] dw2102: i2c transfer failed.
[  630.586519][T15039] dvb-usb: bulk message failed: -22 (3/0)
[  630.594293][T15039] dw2102: i2c transfer failed.
[  630.600996][ T8919] dvb-usb: bulk message failed: -22 (6/0)
[  630.621572][ T8919] dw2102: i2c transfer failed.
[  630.627144][ T8919] dvb-usb: bulk message failed: -22 (6/0)
[  630.634349][ T8919] dw2102: i2c transfer failed.
[  630.639240][ T8919] dvb-usb: bulk message failed: -22 (6/0)
[  630.646737][ T8919] dw2102: i2c transfer failed.
[  630.653621][ T8919] dvb-usb: bulk message failed: -22 (6/0)
[  630.659477][ T8919] dw2102: i2c transfer failed.
[  630.665987][ T8919] dvb-usb: bulk message failed: -22 (6/0)
[  630.673326][ T8919] dw2102: i2c transfer failed.
[  630.679749][ T8919] dvb-usb: MAC address: 02:02:02:02:02:02
[  630.712216][ T8919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  630.730432][ T8906] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[  630.739679][ T8919] dvb-usb: bulk message failed: -22 (3/0)
[  630.746763][ T8919] dw2102: command 0x0e transfer failed.
[  630.753321][ T8919] dvb-usb: bulk message failed: -22 (3/0)
[  630.759238][ T8919] dw2102: command 0x0e transfer failed.
[  630.890289][ T8906] usb 2-1: Using ep0 maxpacket: 16
[  630.897582][ T8906] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  630.911267][ T8906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  630.925514][ T8906] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  630.935128][ T8906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  630.944280][ T8906] usb 2-1: Product: syz
[  630.948771][ T8906] usb 2-1: Manufacturer: syz
[  630.954532][ T8906] usb 2-1: SerialNumber: syz
[  630.964464][ T8906] usb 2-1: config 0 descriptor??
[  630.977397][ T8906] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  630.987492][ T8906] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  631.075331][ T8919] dvb-usb: bulk message failed: -22 (3/0)
[  631.100770][ T8919] dw2102: command 0x0e transfer failed.
[  631.115681][ T8919] dvb-usb: bulk message failed: -22 (3/0)
[  631.143892][ T8919] dw2102: command 0x0e transfer failed.
[  631.157976][T15068] FAULT_INJECTION: forcing a failure.
[  631.157976][T15068] name failslab, interval 1, probability 0, space 0, times 0
[  631.185881][ T8919] dvb-usb: bulk message failed: -22 (1/0)
[  631.208034][ T8919] dw2102: command 0x51 transfer failed.
[  631.236349][T15068] CPU: 1 UID: 0 PID: 15068 Comm: syz.3.2728 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  631.236380][T15068] Tainted: [L]=SOFTLOCKUP
[  631.236387][T15068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  631.236396][T15068] Call Trace:
[  631.236404][T15068]  <TASK>
[  631.236413][T15068]  dump_stack_lvl+0xe8/0x150
[  631.236444][T15068]  should_fail_ex+0x412/0x560
[  631.236470][T15068]  should_failslab+0xa8/0x100
[  631.236492][T15068]  __kmalloc_cache_noprof+0x88/0x660
[  631.236521][T15068]  ? __pfx_snd_pcm_hw_rule_format+0x10/0x10
[  631.236628][T15068]  ? loopback_open+0x135/0xa90
[  631.236716][T15068]  loopback_open+0x135/0xa90
[  631.236750][T15068]  snd_pcm_open_substream+0x1070/0x2420
[  631.236787][T15068]  ? __pfx_snd_pcm_open_substream+0x10/0x10
[  631.236805][T15068]  ? __kmalloc_cache_noprof+0x31c/0x660
[  631.236824][T15068]  ? snd_pcm_oss_open+0xaa4/0x1c50
[  631.236844][T15068]  ? __kmalloc_cache_noprof+0x15b/0x660
[  631.236866][T15068]  snd_pcm_oss_open+0xc1f/0x1c50
[  631.236903][T15068]  ? __pfx_snd_pcm_oss_open+0x10/0x10
[  631.236921][T15068]  ? tomoyo_check_open_permission+0x38e/0x470
[  631.236941][T15068]  ? tomoyo_check_open_permission+0x1d3/0x470
[  631.236963][T15068]  ? do_raw_spin_lock+0x12b/0x2f0
[  631.236990][T15068]  ? __pfx_default_wake_function+0x10/0x10
[  631.237082][T15068]  chrdev_open+0x4cd/0x5e0
[  631.237106][T15068]  ? __pfx_chrdev_open+0x10/0x10
[  631.237126][T15068]  ? fsnotify_open_perm_and_set_mode+0x135/0x6d0
[  631.237169][T15068]  ? __pfx_chrdev_open+0x10/0x10
[  631.237189][T15068]  do_dentry_open+0x785/0x14e0
[  631.237227][T15068]  vfs_open+0x3b/0x340
[  631.237248][T15068]  ? path_openat+0x2df0/0x3860
[  631.237274][T15068]  path_openat+0x2e08/0x3860
[  631.237305][T15068]  ? __pfx_stack_trace_save+0x10/0x10
[  631.237327][T15068]  ? stack_depot_save_flags+0x33/0x810
[  631.237358][T15068]  ? __pfx_path_openat+0x10/0x10
[  631.237378][T15068]  ? __x64_sys_openat+0x138/0x170
[  631.237401][T15068]  ? do_syscall_64+0x14d/0xf80
[  631.237427][T15068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.237455][T15068]  ? __lock_acquire+0x6b5/0x2cf0
[  631.237484][T15068]  do_file_open+0x23e/0x4a0
[  631.237518][T15068]  ? __pfx_do_file_open+0x10/0x10
[  631.237557][T15068]  ? _raw_spin_unlock+0x28/0x50
[  631.237580][T15068]  ? alloc_fd+0x64b/0x6c0
[  631.237615][T15068]  do_sys_openat2+0x113/0x200
[  631.237643][T15068]  ? __pfx_do_sys_openat2+0x10/0x10
[  631.237668][T15068]  ? ksys_write+0x242/0x270
[  631.237689][T15068]  ? __pfx_ksys_write+0x10/0x10
[  631.237712][T15068]  __x64_sys_openat+0x138/0x170
[  631.237742][T15068]  do_syscall_64+0x14d/0xf80
[  631.237768][T15068]  ? trace_irq_disable+0x3b/0x150
[  631.237795][T15068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.237814][T15068]  ? clear_bhb_loop+0x40/0x90
[  631.237837][T15068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.237856][T15068] RIP: 0033:0x7fe59eb9c629
[  631.237876][T15068] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  631.237893][T15068] RSP: 002b:00007fe59fa37028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  631.237913][T15068] RAX: ffffffffffffffda RBX: 00007fe59ee15fa0 RCX: 00007fe59eb9c629
[  631.237927][T15068] RDX: 0000000000000002 RSI: 0000200000000740 RDI: ffffffffffffff9c
[  631.237940][T15068] RBP: 00007fe59fa37090 R08: 0000000000000000 R09: 0000000000000000
[  631.237952][T15068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  631.237963][T15068] R13: 00007fe59ee16038 R14: 00007fe59ee15fa0 R15: 00007fe59ef3fa48
[  631.237993][T15068]  </TASK>
[  631.600996][T15073] FAULT_INJECTION: forcing a failure.
[  631.600996][T15073] name failslab, interval 1, probability 0, space 0, times 0
[  631.614546][T15073] CPU: 0 UID: 0 PID: 15073 Comm: syz.2.2730 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  631.614582][T15073] Tainted: [L]=SOFTLOCKUP
[  631.614590][T15073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  631.614602][T15073] Call Trace:
[  631.614611][T15073]  <TASK>
[  631.614619][T15073]  dump_stack_lvl+0xe8/0x150
[  631.614651][T15073]  should_fail_ex+0x412/0x560
[  631.614679][T15073]  should_failslab+0xa8/0x100
[  631.614704][T15073]  __kmalloc_cache_noprof+0x88/0x660
[  631.614725][T15073]  ? alloc_fs_context+0x64/0xd50
[  631.614753][T15073]  ? kasan_quarantine_put+0xbb/0x1f0
[  631.614793][T15073]  alloc_fs_context+0x64/0xd50
[  631.614822][T15073]  ? kfree+0x1c1/0x630
[  631.614847][T15073]  ? _raw_read_unlock+0x28/0x50
[  631.614872][T15073]  ? get_fs_type+0x407/0x480
[  631.614893][T15073]  __se_sys_fsopen+0xa5/0x2c0
[  631.614917][T15073]  do_syscall_64+0x14d/0xf80
[  631.614943][T15073]  ? trace_irq_disable+0x3b/0x150
[  631.614970][T15073]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.614990][T15073]  ? clear_bhb_loop+0x40/0x90
[  631.615012][T15073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.615031][T15073] RIP: 0033:0x7f5bbf59c629
[  631.615051][T15073] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  631.615067][T15073] RSP: 002b:00007f5bc0385028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
[  631.615088][T15073] RAX: ffffffffffffffda RBX: 00007f5bbf815fa0 RCX: 00007f5bbf59c629
[  631.615103][T15073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  631.615115][T15073] RBP: 00007f5bc0385090 R08: 0000000000000000 R09: 0000000000000000
[  631.615127][T15073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  631.615139][T15073] R13: 00007f5bbf816038 R14: 00007f5bbf815fa0 R15: 00007f5bbf93fa48
[  631.615167][T15073]  </TASK>
[  631.878940][ T8919] DVB: Unable to find symbol ds3000_attach()
[  631.885707][ T8919] dvb-usb: no frontend was attached by 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0'
[  632.064181][ T8906] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  632.085582][ T8906] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  632.231060][ T8919] rc_core: IR keymap rc-su3000 not found
[  632.236751][ T8919] Registered IR keymap rc-empty
[  632.268520][ T8919] rc rc0: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[  632.321467][ T8919] input: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input77
[  632.338279][T15093] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  632.357863][T15093] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  632.407048][ T8919] dvb-usb: schedule remote query interval to 150 msecs.
[  632.430316][ T8919] dw2102: su3000_power_ctrl: 0, initialized 1
[  632.440755][ T8910] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[  632.459480][ T8919] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2.0 successfully initialized and connected.
[  632.495309][ T8919] usb 3-1: USB disconnect, device number 100
[  632.594849][ T8910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  632.606828][ T8910] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  632.716600][ T8906] em28xx 2-1:0.0: Unknown AC97 audio processor detected!
[  632.727670][ T8919] dvb-usb: Hauppauge MAX S2 or WinTV NOVA HD USB2. successfully deinitialized and disconnected.
[  632.734639][ T8910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.746750][ T8906] em28xx 2-1:0.0: couldn't setup AC97 register 2
[  632.755138][ T8906] em28xx 2-1:0.0: couldn't setup AC97 register 4
[  632.782814][ T8910] usb 5-1: config 0 descriptor??
[  633.016816][ T8910] usbhid 5-1:0.0: can't add hid device: -71
[  633.034268][ T8910] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  633.053864][ T8910] usb 5-1: USB disconnect, device number 104
[  633.338316][T15105] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2740'.
[  633.487588][T15102] binder: 15101:15102 ioctl c0306201 2000000003c0 returned -14
[  633.561554][T15102] binder: 15101:15102 ioctl c0184800 200000000040 returned -22
[  633.564723][ T8910] usb 5-1: new full-speed USB device number 105 using dummy_hcd
[  633.693057][T15110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  633.711425][T15110] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  633.765028][ T8910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  633.806534][ T8910] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  633.838490][ T8910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.890378][ T5907] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[  633.913480][ T8910] usb 5-1: config 0 descriptor??
[  633.955871][ T8910] hub 5-1:0.0: USB hub found
[  634.094601][ T5907] usb 4-1: Using ep0 maxpacket: 32
[  634.153262][ T8910] hub 5-1:0.0: config failed, can't read hub descriptor (err -90)
[  634.173448][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.185001][ T5907] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  634.211919][ T5907] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  634.222131][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.235108][ T5907] usb 4-1: config 0 descriptor??
[  634.244491][ T5907] hub 4-1:0.0: USB hub found
[  634.465140][ T5907] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  634.474255][ T8906] em28xx 2-1:0.0: couldn't setup AC97 register 54
[  634.482827][ T8906] em28xx 2-1:0.0: couldn't setup AC97 register 56
[  634.555195][T15085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  634.564207][T15085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  634.914807][ T5907] hid-generic 0003:046D:C31C.003C: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0
[  634.935681][T15085] syzkaller0: entered promiscuous mode
[  634.941524][T15085] syzkaller0: entered allmulticast mode
[  635.379162][ T8919] usb 2-1: USB disconnect, device number 123
[  635.471645][T15107] usb 4-1: reset high-speed USB device number 119 using dummy_hcd
[  635.875141][ T8913] usb 4-1: USB disconnect, device number 119
[  635.882243][T15107] usbhid 4-1:0.0: reset_resume error -19
[  636.725293][T15142] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2749'.
[  636.741270][T15142] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2749'.
[  636.768625][T15142] netlink: 'syz.3.2749': attribute type 6 has an invalid length.
[  637.115376][ T5907] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[  637.310390][ T5907] usb 4-1: Using ep0 maxpacket: 16
[  637.318860][ T5907] usb 4-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=c5.66
[  637.329034][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  637.341396][ T5907] usb 4-1: config 0 descriptor??
[  637.432732][ T5907] usb 4-1: invalid MIDI EP
[  637.445877][ T5907] usb 4-1: snd-bcd2000: error during probing
[  637.481970][ T5907] snd-bcd2000 4-1:0.0: probe with driver snd-bcd2000 failed with error -22
[  638.059218][ T8913] usb 4-1: USB disconnect, device number 120
[  638.096683][ T8910] usbhid 5-1:0.0: can't add hid device: -71
[  638.102933][ T8910] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  638.151456][ T8910] usb 5-1: USB disconnect, device number 105
[  638.338704][T15160] syzkaller0: entered promiscuous mode
[  638.358859][T15160] syzkaller0: entered allmulticast mode
[  638.391662][T15160] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  638.427191][T15159] tipc: Resetting bearer <eth:syzkaller0>
[  638.511334][T15159] tipc: Disabling bearer <eth:syzkaller0>
[  638.833421][T15171] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2757'.
[  638.847566][T15172] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2758'.
[  639.427038][T15179] kvm: kvm [15178]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  639.591572][ T8919] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[  639.967009][ T8919] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  639.997083][ T8919] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  640.081310][ T8919] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  640.122399][ T8919] usb 2-1: config 220 has no interface number 2
[  640.141787][ T8919] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  640.199381][ T8919] usb 2-1: config 220 interface 0 has no altsetting 0
[  640.223322][ T8919] usb 2-1: config 220 interface 76 has no altsetting 0
[  640.237103][ T8919] usb 2-1: config 220 interface 1 has no altsetting 0
[  640.273096][ T8919] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  640.291178][ T8919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.300980][T15187] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2762'.
[  640.334991][ T8919] usb 2-1: Product: syz
[  640.339188][ T8919] usb 2-1: Manufacturer: syz
[  640.370686][ T8919] usb 2-1: SerialNumber: syz
[  640.603237][T15191] FAULT_INJECTION: forcing a failure.
[  640.603237][T15191] name failslab, interval 1, probability 0, space 0, times 0
[  640.620706][ T8919] uvcvideo 2-1:220.1: Unknown video format 047d4302-0000-0000-0000-00a5e2000004
[  640.626704][T15191] CPU: 0 UID: 0 PID: 15191 Comm: syz.3.2764 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  640.626736][T15191] Tainted: [L]=SOFTLOCKUP
[  640.626743][T15191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  640.626755][T15191] Call Trace:
[  640.626763][T15191]  <TASK>
[  640.626772][T15191]  dump_stack_lvl+0xe8/0x150
[  640.626804][T15191]  should_fail_ex+0x412/0x560
[  640.626831][T15191]  should_failslab+0xa8/0x100
[  640.626853][T15191]  ? skb_clone+0x212/0x3a0
[  640.626881][T15191]  kmem_cache_alloc_noprof+0x87/0x650
[  640.626910][T15191]  ? __netlink_lookup+0xc6/0x8b0
[  640.626947][T15191]  skb_clone+0x212/0x3a0
[  640.626977][T15191]  __netlink_deliver_tap+0x404/0x850
[  640.627010][T15191]  ? netlink_deliver_tap+0x2e/0x1b0
[  640.627033][T15191]  netlink_deliver_tap+0x19c/0x1b0
[  640.627056][T15191]  netlink_unicast+0x7e3/0x9b0
[  640.627083][T15191]  ? __pfx_netlink_unicast+0x10/0x10
[  640.627105][T15191]  ? netlink_sendmsg+0x650/0xb40
[  640.627125][T15191]  ? skb_put+0x11b/0x210
[  640.627152][T15191]  netlink_sendmsg+0x813/0xb40
[  640.627185][T15191]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.627211][T15191]  ? aa_sock_msg_perm+0xf1/0x1b0
[  640.627240][T15191]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  640.627262][T15191]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.627283][T15191]  ____sys_sendmsg+0xa68/0xad0
[  640.627318][T15191]  ? __pfx_____sys_sendmsg+0x10/0x10
[  640.627351][T15191]  ? import_iovec+0x73/0xa0
[  640.627379][T15191]  ___sys_sendmsg+0x2a5/0x360
[  640.627410][T15191]  ? __pfx____sys_sendmsg+0x10/0x10
[  640.627466][T15191]  ? __fget_files+0x2a/0x420
[  640.627490][T15191]  ? __fget_files+0x3a0/0x420
[  640.627523][T15191]  __x64_sys_sendmsg+0x1bd/0x2a0
[  640.627551][T15191]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  640.627585][T15191]  ? __pfx_ksys_write+0x10/0x10
[  640.627614][T15191]  do_syscall_64+0x14d/0xf80
[  640.627640][T15191]  ? trace_irq_disable+0x3b/0x150
[  640.627664][T15191]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.627684][T15191]  ? clear_bhb_loop+0x40/0x90
[  640.627706][T15191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.627725][T15191] RIP: 0033:0x7fe59eb9c629
[  640.627743][T15191] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  640.627760][T15191] RSP: 002b:00007fe59fa37028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  640.627781][T15191] RAX: ffffffffffffffda RBX: 00007fe59ee15fa0 RCX: 00007fe59eb9c629
[  640.627795][T15191] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  640.627811][T15191] RBP: 00007fe59fa37090 R08: 0000000000000000 R09: 0000000000000000
[  640.627823][T15191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  640.627834][T15191] R13: 00007fe59ee16038 R14: 00007fe59ee15fa0 R15: 00007fe59ef3fa48
[  640.627863][T15191]  </TASK>
[  640.928093][ T8919] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  640.938193][ T8919] uvcvideo 2-1:220.0: No valid video chain found.
[  640.944771][ T8919] usb 2-1: selecting invalid altsetting 0
[  640.982236][ T8919] usb 2-1: selecting invalid altsetting 0
[  640.988758][ T8919] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[  641.019932][ T8919] usb 2-1: USB disconnect, device number 124
[  641.396663][T15204] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2770'.
[  641.545733][T15212] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2771'.
[  641.667390][T15215] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2665071234 (85282279488 ns) > initial count (83970453792 ns). Using initial count to start timer.
[  641.692455][T15215] kvm: kvm [15214]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  641.706209][T15215] kvm: kvm [15214]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  641.718347][T15220] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2774'.
[  641.748489][T15220] [U] 
[  643.013377][T15245] xt_hashlimit: size too large, truncated to 1048576
[  643.108308][T15250] –: renamed from vxcan1
[  643.205819][T15254] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2779'.
[  643.345649][T15231] delete_channel: no stack
[  643.504498][T15260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  643.538323][T15260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  643.714101][T15268] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2784'.
[  643.853587][T15256] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2780'.
[  643.863793][T15273] FAULT_INJECTION: forcing a failure.
[  643.863793][T15273] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  643.892774][T15273] CPU: 1 UID: 0 PID: 15273 Comm: syz.1.2786 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  643.892807][T15273] Tainted: [L]=SOFTLOCKUP
[  643.892815][T15273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  643.892827][T15273] Call Trace:
[  643.892837][T15273]  <TASK>
[  643.892846][T15273]  dump_stack_lvl+0xe8/0x150
[  643.892880][T15273]  should_fail_ex+0x412/0x560
[  643.892903][T15273]  prepare_alloc_pages+0x22a/0x650
[  643.892933][T15273]  __alloc_frozen_pages_noprof+0x12f/0x380
[  643.892955][T15273]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  643.892978][T15273]  ? __pfx_policy_nodemask+0x10/0x10
[  643.893001][T15273]  ? __lock_acquire+0x6b5/0x2cf0
[  643.893033][T15273]  alloc_pages_mpol+0x232/0x4a0
[  643.893060][T15273]  vma_alloc_folio_noprof+0xea/0x210
[  643.893083][T15273]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  643.893109][T15273]  do_pte_missing+0x1656/0x3750
[  643.893146][T15273]  handle_mm_fault+0x1bec/0x3310
[  643.893186][T15273]  ? handle_mm_fault+0xee/0x3310
[  643.893216][T15273]  ? __pfx_handle_mm_fault+0x10/0x10
[  643.893258][T15273]  ? lock_vma_under_rcu+0x45a/0x500
[  643.893293][T15273]  do_user_addr_fault+0xa73/0x1340
[  643.893326][T15273]  ? rcu_is_watching+0x15/0xb0
[  643.893351][T15273]  ? trace_page_fault_user+0x84/0x210
[  643.893373][T15273]  exc_page_fault+0x6a/0xc0
[  643.893402][T15273]  asm_exc_page_fault+0x26/0x30
[  643.893418][T15273] RIP: 0033:0x7f3c2686430a
[  643.893436][T15273] Code: 00 4c 89 e7 31 c0 48 8d 35 38 f3 1c 00 e8 2e 69 0e 00 66 0f 6f 05 36 e2 1e 00 4c 89 e6 48 8d bc 24 f0 10 00 00 ba 80 00 00 00 <0f> 29 84 24 70 10 00 00 66 0f ef c0 0f 29 84 24 80 10 00 00 0f 29
[  643.893452][T15273] RSP: 002b:00007f3c27887f60 EFLAGS: 00010202
[  643.893469][T15273] RAX: 000000000000000b RBX: 0000000000000004 RCX: 0000000000000000
[  643.893480][T15273] RDX: 0000000000000080 RSI: 00007f3c27887fa0 RDI: 00007f3c27889050
[  643.893492][T15273] RBP: 00007f3c27888fd0 R08: 0000000000000001 R09: 00000000ffffffff
[  643.893505][T15273] R10: 0000000000000000 R11: 0000000000000000 R12: 00007f3c27887fa0
[  643.893516][T15273] R13: 0000200000001040 R14: 0000000000000000 R15: 0000000000000000
[  643.893564][T15273]  </TASK>
[  643.899146][T15273] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  644.348761][T15279] syzkaller0: tun_chr_ioctl cmd 2147767520
[  644.400760][ T8913] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[  644.558270][T15286] x_tables: duplicate underflow at hook 1
[  644.591120][T15288] binder: BINDER_SET_CONTEXT_MGR already set
[  644.615102][T15288] binder: 15284:15288 ioctl 4018620d 200000000040 returned -16
[  644.657170][T15289] input: syz0 as /devices/virtual/input/input78
[  644.664001][T15291] binder: 15284:15291 ioctl c0306201 2000000003c0 returned -14
[  644.810957][T15292] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  644.817313][T15292] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  644.871375][T15292] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  644.911561][T15292] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  644.987485][T15292] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  645.010910][T15298] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  645.540303][ T8910] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  645.560014][T15310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  645.609086][T15310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  645.730526][ T8910] usb 3-1: Using ep0 maxpacket: 16
[  645.768266][ T8910] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  645.801131][ T8910] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  645.839865][ T8910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.870631][ T8910] usb 3-1: Product: syz
[  645.890253][ T8910] usb 3-1: Manufacturer: syz
[  645.910740][ T8910] usb 3-1: SerialNumber: syz
[  645.928067][T15314] syzkaller0: tun_chr_ioctl cmd 2147767520
[  645.936900][ T8910] usb 3-1: config 0 descriptor??
[  645.961553][ T8910] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  645.980274][ T8910] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  646.295132][T15330] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2804'.
[  646.510799][T15336] binder: 15335:15336 ioctl c0306201 2000000003c0 returned -14
[  646.567216][T15333] kvm: kvm [15332]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80
[  646.578133][ T8910] em28xx 3-1:0.0: chip ID is em2765
[  646.583629][T15333] kvm: kvm [15332]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  646.790545][ T5837] Bluetooth: hci0: command 0x0406 tx timeout
[  646.881152][ T5837] Bluetooth: hci1: command 0x0406 tx timeout
[  646.960403][ T5837] Bluetooth: hci4: command 0x0406 tx timeout
[  646.966504][ T5837] Bluetooth: hci3: command 0x0406 tx timeout
[  646.971106][ T5143] Bluetooth: hci2: command 0x0406 tx timeout
[  647.112294][T15345] openvswitch: netlink: Message has 8 unknown bytes.
[  647.302364][T15305] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  647.329856][T15305] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  647.362810][T15305] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  647.401646][T15305] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  647.476179][ T8910] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  647.497013][ T8910] em28xx 3-1:0.0: board has no eeprom
[  647.630396][ T8910] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  647.648714][ T8910] em28xx 3-1:0.0: dvb set to bulk mode.
[  647.665795][ T5907] em28xx 3-1:0.0: Binding DVB extension
[  647.690722][ T8910] usb 3-1: USB disconnect, device number 102
[  647.770583][ T8910] em28xx 3-1:0.0: Disconnecting em28xx
[  647.817517][ T5907] em28xx 3-1:0.0: Registering input extension
[  647.833124][ T8910] em28xx 3-1:0.0: Closing input extension
[  647.868365][ T8910] em28xx 3-1:0.0: Freeing device
[  647.900075][T15362] syzkaller0: tun_chr_ioctl cmd 2147767520
[  648.029602][T15363] kvm: kvm [15361]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000
[  648.046687][T15363] kvm: kvm [15361]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x80
[  648.066511][T15363] kvm: kvm [15361]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  648.307294][T15373] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2817'.
[  648.334303][T15371] binder: BINDER_SET_CONTEXT_MGR already set
[  648.350099][T15371] binder: 15368:15371 ioctl 4018620d 200000000040 returned -16
[  648.376829][T15371] binder: 15368:15371 ioctl c0306201 2000000003c0 returned -14
[  648.711125][T15386] binder: 15385:15386 ioctl c0306201 2000000003c0 returned -14
[  649.720730][ T5907] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  650.041921][ T5907] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  650.073135][ T5907] usb 3-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  650.087565][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.120254][ T5907] usb 3-1: Product: syz
[  650.124457][ T5907] usb 3-1: Manufacturer: syz
[  650.175058][ T5907] usb 3-1: SerialNumber: syz
[  650.208065][ T5907] usb 3-1: config 0 descriptor??
[  650.237636][ T5907] powermate 3-1:0.0: probe with driver powermate failed with error -22
[  650.439835][T15421] binder: 15420:15421 ioctl c0306201 2000000003c0 returned -14
[  650.478911][ T5907] usb 3-1: USB disconnect, device number 103
[  650.860536][T15438] loop2: detected capacity change from 0 to 7
[  650.881072][T15438]  loop2:
[  650.884081][T15438] loop2: partition table partially beyond EOD, truncated
[  651.019930][ T5192]  loop2:
[  651.023288][ T5192] loop2: partition table partially beyond EOD, truncated
[  651.039943][T15440] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2842'.
[  651.124429][T15442] netlink: 668 bytes leftover after parsing attributes in process `syz.2.2843'.
[  651.179706][T15443] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2843'.
[  651.189297][T15443] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2843'.
[  651.222176][T15442] netlink: 668 bytes leftover after parsing attributes in process `syz.2.2843'.
[  651.297562][ T5192]  loop2:
[  651.311000][ T5192] loop2: partition table partially beyond EOD, truncated
[  651.852423][T15450] netlink: 'syz.3.2846': attribute type 1 has an invalid length.
[  652.020563][ T8913] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  652.373974][ T8913] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  652.385881][ T8913] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.526094][ T8913] usb 3-1: Product: syz
[  652.535437][ T8913] usb 3-1: Manufacturer: syz
[  652.541536][ T8913] usb 3-1: SerialNumber: syz
[  652.665324][ T8913] usb 3-1: config 0 descriptor??
[  652.898183][ T8913] hso 3-1:0.0: Failed to find INT IN ep
[  652.907847][ T8913] usb-storage 3-1:0.0: USB Mass Storage device detected
[  653.137606][ T8913] usb 3-1: USB disconnect, device number 104
[  653.314593][T15471] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2852'.
[  653.324615][T15471] FAULT_INJECTION: forcing a failure.
[  653.324615][T15471] name failslab, interval 1, probability 0, space 0, times 0
[  653.338681][T15471] CPU: 0 UID: 0 PID: 15471 Comm: syz.4.2852 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  653.338712][T15471] Tainted: [L]=SOFTLOCKUP
[  653.338719][T15471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  653.338731][T15471] Call Trace:
[  653.338740][T15471]  <TASK>
[  653.338748][T15471]  dump_stack_lvl+0xe8/0x150
[  653.338782][T15471]  should_fail_ex+0x412/0x560
[  653.338810][T15471]  should_failslab+0xa8/0x100
[  653.338834][T15471]  __kvmalloc_node_noprof+0x178/0x8a0
[  653.338855][T15471]  ? __raw_spin_lock_init+0x45/0x100
[  653.338874][T15471]  ? alloc_netdev_mqs+0xa4b/0x11b0
[  653.338902][T15471]  alloc_netdev_mqs+0xa4b/0x11b0
[  653.338928][T15471]  rtnl_create_link+0x31f/0xd70
[  653.338954][T15471]  rtnl_newlink_create+0x277/0xb70
[  653.338979][T15471]  ? __pfx___nla_validate_parse+0x10/0x10
[  653.339014][T15471]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  653.339042][T15471]  ? __pfx___mutex_lock+0x10/0x10
[  653.339069][T15471]  ? ns_capable+0x89/0xe0
[  653.339173][T15471]  rtnl_newlink+0x1666/0x1be0
[  653.339215][T15471]  ? __pfx_rtnl_newlink+0x10/0x10
[  653.339247][T15471]  ? __lock_acquire+0x6b5/0x2cf0
[  653.339277][T15471]  ? __lock_acquire+0x6b5/0x2cf0
[  653.339302][T15471]  ? __lock_acquire+0x6b5/0x2cf0
[  653.339333][T15471]  ? unwind_next_frame+0xa5/0x23c0
[  653.339380][T15471]  ? __lock_acquire+0x6b5/0x2cf0
[  653.339406][T15471]  ? is_bpf_text_address+0x26/0x2b0
[  653.339430][T15471]  ? kernel_text_address+0xa5/0xe0
[  653.339474][T15471]  ? __pfx_rtnl_newlink+0x10/0x10
[  653.339497][T15471]  rtnetlink_rcv_msg+0x7d5/0xbe0
[  653.339524][T15471]  ? rtnetlink_rcv_msg+0x1b9/0xbe0
[  653.339547][T15471]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  653.339573][T15471]  ? __lock_acquire+0x6b5/0x2cf0
[  653.339613][T15471]  netlink_rcv_skb+0x232/0x4b0
[  653.339637][T15471]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  653.339662][T15471]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  653.339694][T15471]  ? netlink_deliver_tap+0x2e/0x1b0
[  653.339724][T15471]  netlink_unicast+0x80f/0x9b0
[  653.339753][T15471]  ? __pfx_netlink_unicast+0x10/0x10
[  653.339775][T15471]  ? netlink_sendmsg+0x650/0xb40
[  653.339795][T15471]  ? skb_put+0x11b/0x210
[  653.339821][T15471]  netlink_sendmsg+0x813/0xb40
[  653.339849][T15471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  653.339875][T15471]  ? aa_sock_msg_perm+0xf1/0x1b0
[  653.339899][T15471]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  653.339921][T15471]  ? __pfx_netlink_sendmsg+0x10/0x10
[  653.339942][T15471]  ____sys_sendmsg+0xa68/0xad0
[  653.339973][T15471]  ? __pfx_____sys_sendmsg+0x10/0x10
[  653.340006][T15471]  ? import_iovec+0x73/0xa0
[  653.340032][T15471]  ___sys_sendmsg+0x2a5/0x360
[  653.340060][T15471]  ? __pfx____sys_sendmsg+0x10/0x10
[  653.340114][T15471]  ? __fget_files+0x2a/0x420
[  653.340139][T15471]  ? __fget_files+0x3a0/0x420
[  653.340169][T15471]  __x64_sys_sendmsg+0x1bd/0x2a0
[  653.340196][T15471]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  653.340230][T15471]  ? __pfx_ksys_write+0x10/0x10
[  653.340261][T15471]  do_syscall_64+0x14d/0xf80
[  653.340288][T15471]  ? trace_irq_disable+0x3b/0x150
[  653.340315][T15471]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.340334][T15471]  ? clear_bhb_loop+0x40/0x90
[  653.340357][T15471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  653.340376][T15471] RIP: 0033:0x7f4f40d9c629
[  653.340396][T15471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  653.340412][T15471] RSP: 002b:00007f4f41cb8028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  653.340433][T15471] RAX: ffffffffffffffda RBX: 00007f4f41015fa0 RCX: 00007f4f40d9c629
[  653.340448][T15471] RDX: 0000000024040084 RSI: 0000200000006040 RDI: 0000000000000005
[  653.340461][T15471] RBP: 00007f4f41cb8090 R08: 0000000000000000 R09: 0000000000000000
[  653.340473][T15471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  653.340485][T15471] R13: 00007f4f41016038 R14: 00007f4f41015fa0 R15: 00007f4f4113fa48
[  653.340516][T15471]  </TASK>
[  653.360510][T15473] fuse: Bad value for 'fd'
[  653.975715][T15480] usb usb8: usbfs: process 15480 (syz.4.2855) did not claim interface 0 before use
[  654.127365][T15486] kvm: kvm [15484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1
[  654.151945][T15486] kvm: kvm [15484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x1
[  654.170816][ T5824] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[  654.187779][T15486] kvm: kvm [15484]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  654.229983][T15486] kvm: kvm [15484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x81
[  654.245831][T15486] kvm: kvm [15484]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x81
[  654.255334][T15486] kvm: kvm [15484]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111
[  654.320976][ T5824] usb 3-1: Using ep0 maxpacket: 32
[  654.329586][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  654.346417][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  654.361546][ T5824] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  654.390936][ T5824] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  654.402674][ T5824] usb 3-1: config 0 descriptor??
[  654.418726][ T5824] hub 3-1:0.0: USB hub found
[  654.450301][ T5907] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  654.611125][ T5824] hub 3-1:0.0: 1 port detected
[  654.620571][ T5907] usb 5-1: Using ep0 maxpacket: 32
[  654.632563][ T5907] usb 5-1: config 0 has an invalid interface number: 76 but max is 0
[  654.641535][ T5907] usb 5-1: config 0 has no interface number 0
[  654.662119][ T5907] usb 5-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[  654.680392][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.698658][ T5907] usb 5-1: Product: syz
[  654.702984][ T5907] usb 5-1: Manufacturer: syz
[  654.707592][ T5907] usb 5-1: SerialNumber: syz
[  654.724426][ T5907] usb 5-1: config 0 descriptor??
[  654.738233][ T5907] dvb-usb: found a 'Hauppauge MAX S2 or WinTV NOVA HD USB2.0' in warm state.
[  654.758977][ T5907] dw2102: su3000_power_ctrl: 1, initialized 0
[  654.765298][ T5907] dvb-usb: bulk message failed: -22 (2/0)
[  654.784066][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  654.801011][ T5907] dvbdev: DVB: registering new adapter (Hauppauge MAX S2 or WinTV NOVA HD USB2.0)
[  654.820485][ T5907] usb 5-1: media controller created
[  654.825780][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  654.840397][ T5907] dw2102: i2c transfer failed.
[  654.850518][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  654.860819][ T5907] dw2102: i2c transfer failed.
[  654.865686][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  654.873586][ T5907] dw2102: i2c transfer failed.
[  654.878546][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  654.885010][ T5907] dw2102: i2c transfer failed.
[  654.889884][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  654.914271][ T5907] dw2102: i2c transfer failed.
[  654.929759][ T5907] dvb-usb: bulk message failed: -22 (6/0)
[  654.951060][ T5907] dw2102: i2c transfer failed.
[  654.961091][T15493] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN PTI
[  654.973031][T15493] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[  654.981473][T15493] CPU: 0 UID: 0 PID: 15493 Comm: syz.4.2859 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  654.992445][T15493] Tainted: [L]=SOFTLOCKUP
[  654.996862][T15493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  655.006942][T15493] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[  655.012979][T15493] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 fd 96 39 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[  655.032610][T15493] RSP: 0018:ffffc9000504fbb0 EFLAGS: 00010202
[  655.038701][T15493] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[  655.046698][T15493] RDX: ffffffff87f61995 RSI: ffffffff8f769330 RDI: 0000000000001900
[  655.054779][T15493] RBP: 0000000000000000 R08: ffff888020bb8000 R09: 0000000000000002
[  655.062771][T15493] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[  655.070757][T15493] R13: 1ffff110089ae150 R14: 0000000000000001 R15: ffff888044d70a88
[  655.078733][T15493] FS:  00007f4f41cb86c0(0000) GS:ffff888125467000(0000) knlGS:0000000000000000
[  655.087661][T15493] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  655.094248][T15493] CR2: 0000001b30d23ffc CR3: 000000005367a000 CR4: 00000000003526f0
[  655.102218][T15493] Call Trace:
[  655.105490][T15493]  <TASK>
[  655.108425][T15493]  __i2c_transfer+0x79a/0x2020
[  655.113271][T15493]  ? i2c_transfer+0xc8/0x2d0
[  655.117859][T15493]  i2c_transfer+0x1cc/0x2d0
[  655.122357][T15493]  i2cdev_ioctl_rdwr+0x460/0x740
[  655.127295][T15493]  i2cdev_ioctl+0x6a5/0x880
[  655.131793][T15493]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  655.136813][T15493]  ? __fget_files+0x3a0/0x420
[  655.141492][T15493]  ? __fget_files+0x2a/0x420
[  655.146078][T15493]  ? bpf_lsm_file_ioctl+0x9/0x20
[  655.151014][T15493]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  655.156041][T15493]  __se_sys_ioctl+0xfc/0x170
[  655.160629][T15493]  do_syscall_64+0x14d/0xf80
[  655.165227][T15493]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.171290][T15493]  ? clear_bhb_loop+0x40/0x90
[  655.175961][T15493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.181864][T15493] RIP: 0033:0x7f4f40d9c629
[  655.186275][T15493] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  655.205882][T15493] RSP: 002b:00007f4f41cb8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  655.214298][T15493] RAX: ffffffffffffffda RBX: 00007f4f41015fa0 RCX: 00007f4f40d9c629
[  655.222284][T15493] RDX: 0000200000000a40 RSI: 0000000000000707 RDI: 0000000000000004
[  655.230254][T15493] RBP: 00007f4f40e32b39 R08: 0000000000000000 R09: 0000000000000000
[  655.238227][T15493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  655.246191][T15493] R13: 00007f4f41016038 R14: 00007f4f41015fa0 R15: 00007f4f4113fa48
[  655.254165][T15493]  </TASK>
[  655.257328][T15493] Modules linked in:
[  655.262170][T15493] ---[ end trace 0000000000000000 ]---
[  655.268515][ T5907] dvb-usb: MAC address: 02:02:02:02:02:02
[  655.279796][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  655.325191][T15493] RIP: 0010:su3000_i2c_transfer+0x1ad/0xfd0
[  655.352186][T15493] Code: 4c 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df 42 80 3c 20 00 74 08 4c 89 ff e8 fd 96 39 fa 49 8b 1f 48 89 d8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 0f 85 f5 08 00 00 0f b6 1b 48 8b 44 24 38 42
[  655.383609][T15493] RSP: 0018:ffffc9000504fbb0 EFLAGS: 00010202
[  655.390810][T15493] RAX: 0000000000000002 RBX: 0000000000000010 RCX: 0000000000000003
[  655.399043][T15493] RDX: ffffffff87f61995 RSI: ffffffff8f769330 RDI: 0000000000001900
[  655.407819][T15493] RBP: 0000000000000000 R08: ffff888020bb8000 R09: 0000000000000002
[  655.416686][T15493] R10: 0000000000001a00 R11: 0000000000000002 R12: dffffc0000000000
[  655.425428][T15493] R13: 1ffff110089ae150 R14: 0000000000000001 R15: ffff888044d70a88
[  655.434169][T15493] FS:  00007f4f41cb86c0(0000) GS:ffff888125567000(0000) knlGS:0000000000000000
[  655.443776][T15493] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  655.450920][T15493] CR2: 00007f5bbd7f6d58 CR3: 000000005367a000 CR4: 00000000003526f0
[  655.459509][T15493] Kernel panic - not syncing: Fatal exception
[  655.465981][T15493] Kernel Offset: disabled
[  655.470297][T15493] Rebooting in 86400 seconds..