last executing test programs:

4m28.94416913s ago: executing program 4 (id=4516):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x3, 0x80000}, 0x20)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x20)
socket(0xa, 0x3, 0xff)
r1 = socket$inet6(0xa, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0xb91e9c5a8444a131, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f023})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010004b040000000000005f007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010062726964676500001800028005002600020000"], 0x48}, 0x1, 0x0, 0x0, 0xc001}, 0x800)
syz_open_dev$dri(&(0x7f00000006c0), 0x5, 0x40842)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioperm(0x6, 0x3, 0xb017)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xec, 0xec, 0x424, 0x0, 0x1cc, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x80]}}]}, @inet=@DSCP={0x24, 'DSCP\x00', 0x0, {0xff}}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@hbh={{0x48}, {0x8, 0x2, 0x0, [0x905, 0xfffe, 0x4, 0x4, 0x68e, 0xffff, 0x6, 0x7, 0x6, 0x7, 0xfff7, 0x9, 0xffff, 0x8, 0x2, 0x9], 0xa}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8)

4m27.111861927s ago: executing program 4 (id=4519):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)={'team0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000200)={0x11, 0xf6, r2, 0x1, 0x55, 0x6, @multicast}, 0x14)
r3 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, 0x0, &(0x7f0000000180))
bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0xf7, r2, 0x1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xf}}, 0x14)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r4, 0xc01c64ae, &(0x7f0000000040)={0x0, 0x20000001, 0x4, 0x0, 0x1, 0x5})
socket$kcm(0x2, 0x5, 0x84)
syz_open_dev$media(&(0x7f0000000040), 0x4c6c, 0x200)
socket$kcm(0x10, 0x2, 0x0)
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000640), 0x800, 0x0)
preadv(r5, &(0x7f0000001b80)=[{&(0x7f0000000700)=""/12, 0xc}], 0x1, 0x7ff, 0x4f)
write$sndseq(r5, &(0x7f0000000240)=[{0x6, 0xd, 0x0, 0xd5, @time={0x7f, 0x1000}, {0x8, 0x7b}, {0x7, 0x17}, @queue={0xf0, {0x5, 0xe3ca}}}, {0x0, 0x8b, 0xca, 0x28, @time={0x7, 0x9}, {0x1, 0x35}, {0x1, 0x5}, @result={0x3, 0x7fffffff}}, {0x1, 0x2, 0x7, 0x3, @time={0x5, 0x47300000}, {0x7, 0x7f}, {0x4, 0x80}, @ext={0x79, &(0x7f00000000c0)="88da312d8f6c500efba2e9c84adc76e683391a2043ca9eaf286a48ea574f2bec2f247aa59205c63ee95c2e5a5f9baad3dd913b647de31f0c681a23a7a1b727ae520e34f8cb25fbc433391a4911ec3c6bf5c3507cc8a65171eddcbf4d10751b2b4e342d09856d8c720476e5729c6dcd7b8e8d56b0272ed72262"}}, {0x5, 0x3, 0x81, 0x4, @tick=0x8a2b, {0xb2, 0xf}, {0xd2, 0x6}, @raw32={[0x7, 0x7943, 0x2]}}], 0x70)
r6 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r6, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3a}}, 0x10)
sendmmsg$inet(r6, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0)
clock_gettime(0x300, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008188040f80ec59acbc0413010048100000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

4m26.670918053s ago: executing program 4 (id=4521):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x1f, 0x1, 0x5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r4 = syz_open_dev$dri(0x0, 0x7, 0x220042)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)="690ea45e73b0f0cf753118819f4495f47e6f016788d1baf8ca32cd50b4e0c5e6dba50b792c169e503a43e7dc48728495f22683f1014d66f000e5896e52249ab47aeb9c96af631ec206b3f8a848b0705b5468ef666c803350b0a857d63cb91f3389019085fe41a717db4d01ba4755a171635a0e86ccff009b66bcd9a7b4c333a53e8c04455397aef78e379cd5e13aec6c2332faaef6ca310547d38e3f94414ebf33411ace8acabb11db28b8d4a121aabc746e6654556cab1e2de77b082d2e061e3fe4c58efe4f8e0ca956bedc5763cc2da2151eb0ac6a937560b54dd5dc11b4e65a4bdf04414605200a", 0xe9}, {&(0x7f0000000700)="2f34cd6d8761518fc37786de0792c4ccf8adc46f7498733cf2e70c1d23e3f03a0b70e587a6207c4293ecf03d5637e5059ca92df6b0f4627881ab21645a8237b01ac953a0810f5cd720a08bb356f7030db22777a29e20", 0x56}], 0x2, 0x0, 0x0, 0x4}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r9=>0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r9, r8})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000440)={0x5, r9})
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket$key(0xf, 0x3, 0x2)

4m24.775160573s ago: executing program 4 (id=4524):
r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x80284511, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000040c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc40400d2532e764975f03f1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200a011ea665c45a3449abe802f5ab3e89cf40b858e217ce740068720000074e468eea3fcfcf498278ad15f5f87e1c26433a8acdc0e65888b2007f00000000000000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c00000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d01000000520655a8056085f4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891e7d87a79d6fce424c2200af6cb784a1975fa657de38a3a32a4fd67ce446adb431d07db79240aca1dd9ba02450500000000000000e645f091231b986e77d05d988d6edc6f9b4eb883ec8f878300cabf2b5543ffc1bdb92618242852e6e8b3e56fefbfff81669557b3809d8c396d2c0361629d1822f722ec23812770d72cd0010000007889b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b0a0ae6feb6737c275dc2740f742b5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fe7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff251845d0fff45bdbaeba4d4e3c6f7f623579435b2c505fb711300000000040000000000000000000000004c00e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7611589906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6cfa4966e5937562a5649a1a0000a042a7097ddefe0671a5767014b09b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7be49833f3c435f9700bc84680549f9eb16682ecb72277ffaca907a3eac4bfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c5a87013b98649805216631e20d07dff3ae567ca0d38a828542625fc6096aedc0ac5c144f0965071274bea051007e398cf9090c53d4b8b7dc784e3d83b78b007a43d744aa99d6a7c576e20b4281eff511122ccb399bcef0a0471639c81aab7445cebfc9b00b31fcbaf63086b3c16f51b593acee0b3a4830dd6af1accb15cc6163cabc01442527aa10000000000000000a4ba25997affe74ec552bf9deafbd63e"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r3, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff64, 0x0, 0x0, 0x0, 0x10000d9, 0x2000000, 0x8, 0x0}}, 0x10)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8, 0x72}, 0x20)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b00010000000009040000015c29300009050900"], 0x0)

4m24.003544528s ago: executing program 4 (id=4529):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x1f, 0x1, 0x5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r4 = syz_open_dev$dri(0x0, 0x7, 0x220042)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000cc0), 0x0)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)="690ea45e73b0f0cf753118819f4495f47e6f016788d1baf8ca32cd50b4e0c5e6dba50b792c169e503a43e7dc48728495f22683f1014d66f000e5896e52249ab47aeb9c96af631ec206b3f8a848b0705b5468ef666c803350b0a857d63cb91f3389019085fe41a717db4d01ba4755a171635a0e86ccff009b66bcd9a7b4c333a53e8c04455397aef78e379cd5e13aec6c2332faaef6ca310547d38e3f94414ebf33411ace8acabb11db28b8d4a121aabc746e6654556cab1e2de77b082d2e061e3fe4c58efe4f8e0ca956bedc5763cc2da2151eb0ac6a937560b54dd5dc11b4e65a4bdf04414605200a", 0xe9}, {&(0x7f0000000700)="2f34cd6d8761518fc37786de0792c4ccf8adc46f7498733cf2e70c1d23e3f03a0b70e587a6207c4293ecf03d5637e5059ca92df6b0f4627881ab21645a8237b01ac953a0810f5cd720a08bb356f7030db22777a29e201d", 0xff95}], 0x2, 0x0, 0x0, 0x4}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r9=>0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r9, r8})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000440)={0x5, r9})
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket$key(0xf, 0x3, 0x2)

4m23.620255966s ago: executing program 4 (id=4530):
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440)={0x28, 0x0, 0x2711, @local}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x0, 0x0, 0x2000, 0x804, 0x9, 0xa, 0x0, 0x6}, 0x0)
socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000042000000060000000800000000000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000140)=0xfffffdfb)
openat$fb0(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x40)
socket$inet(0x2, 0x4000000000000001, 0x0)
io_uring_setup(0x1693, &(0x7f0000000000)={0x0, 0x3899, 0x1f, 0x1, 0xe1})
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x80, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
listen(r1, 0x3)
socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000240)={0x28, 0x0, 0x2711, @host}, 0x10)
r4 = accept4(r1, 0x0, 0x0, 0x0)
recvfrom$inet(r4, 0x0, 0x0, 0x40000182, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x3c)
r5 = openat$sequencer2(0xffffff9c, &(0x7f00000018c0), 0x200, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r5, 0xc004510e, &(0x7f0000001900)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x0, 0x0, 0x0}, 0x94)

4m22.891355053s ago: executing program 32 (id=4530):
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440)={0x28, 0x0, 0x2711, @local}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x0, 0x0, 0x2000, 0x804, 0x9, 0xa, 0x0, 0x6}, 0x0)
socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000042000000060000000800000000000000", @ANYRES32=0x1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x48)
ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000140)=0xfffffdfb)
openat$fb0(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x40)
socket$inet(0x2, 0x4000000000000001, 0x0)
io_uring_setup(0x1693, &(0x7f0000000000)={0x0, 0x3899, 0x1f, 0x1, 0xe1})
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x80, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8)
listen(r1, 0x3)
socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000240)={0x28, 0x0, 0x2711, @host}, 0x10)
r4 = accept4(r1, 0x0, 0x0, 0x0)
recvfrom$inet(r4, 0x0, 0x0, 0x40000182, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$inet6(0xa, 0x3, 0x3c)
r5 = openat$sequencer2(0xffffff9c, &(0x7f00000018c0), 0x200, 0x0)
ioctl$SNDCTL_SYNTH_MEMAVL(r5, 0xc004510e, &(0x7f0000001900)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0x0, 0x0, 0x0}, 0x94)

4m9.487883291s ago: executing program 2 (id=4560):
r0 = memfd_create(&(0x7f0000000480)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9b5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\\\xb0:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85l\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~7\x16\x02\x00(v\xe6`\"6\xfcgC\xb5\xf0\x13.zj\xc5bj+@\x00\x00\x00\x00\x00\x00\x00.\xd4`=z\xd1n\x8d\x8f\xa5hS\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1exQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{\'\x8b\xdf\xa1.E\b1\xcb\xa2\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x82\x1ch\x89\xe7\xdd]q,\xec\xc4\xa5\x93\xe5,\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+}5dy\xb1\xef\xf1m\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040))
renameat2(r1, &(0x7f00000000c0)='./cgroup\x00', r1, &(0x7f0000000440)='./cgroup\x00', 0x2) (fail_nth: 13)

4m8.532153906s ago: executing program 2 (id=4562):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000244000/0xa000)=nil, 0xa000, 0x1000008, 0x40010, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
set_robust_list(&(0x7f0000000240)={&(0x7f0000000100), 0x2}, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r4 = socket$netlink(0x10, 0x3, 0x0)
writev(r4, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600", 0x1a}], 0x1)
writev(r4, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d000000000000060400", 0x32}], 0x1)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027f"], 0x57)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x10)
write$cgroup_int(r6, &(0x7f0000000000)=0x2b00, 0x12)
r7 = socket$isdn(0x22, 0x2, 0x25)
bind$isdn(r7, &(0x7f0000000200)={0x22, 0x7f, 0x6, 0x3, 0x5}, 0x6)
ftruncate(r0, 0xc17a)
syz_usb_connect(0x0, 0x7e, &(0x7f000001a6c0)={{0x12, 0x1, 0x0, 0xe9, 0x2a, 0xe9, 0x40, 0x1943, 0x2255, 0x1303, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6c, 0x4, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x48, 0x0, 0x3, 0x13, 0xb8, 0x1b, 0x0, [], [{{0x9, 0x5, 0x3}}, {{0x9, 0x5, 0x7, 0x2}}, {{0x9, 0x5, 0x2}}]}}, {{0x9, 0x4, 0x62, 0x0, 0x0, 0xe5, 0xd5, 0x1b}}, {{0x9, 0x4, 0x0, 0x0, 0x3, 0x1d, 0x36, 0x36, 0x0, [@hid_hid={0x9}], [{{0x9, 0x5, 0x82}}, {}, {}]}}, {{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xe4, 0x61}}]}}]}}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

4m4.822121654s ago: executing program 2 (id=4570):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff5}, {0xfff2, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x5b}}]}, 0x38}}, 0x20040084)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000001000000280001801400040000000000000002000000ffffac1414aa060001000a0080000800060003"], 0x3c}, 0x1, 0x0, 0x2000000, 0x4000000}, 0x4000000)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="01000000000000009002"])
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0)
open(0x0, 0x141242, 0x40)
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000080)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000040)=[{&(0x7f0000006400)=""/4077, 0x100000}], 0x1, 0x0, 0x0, 0x24000050}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="d8000000150081054e81f782db44b9040a783b020a000000040000a11800020000e9400084150e1208000f0100810401a80016ea1f0006400303000803600cfab94dcf5c0461c1d67f6e94007134cf6ee08002a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad9561b4a29c828f6a3aa2fcf72baa7ea", 0xb0}], 0x1, 0x0, 0x0, 0x7400}, 0x4000)
syz_open_dev$ptys(0xc, 0x3, 0x1)
syz_open_dev$tty1(0xc, 0x4, 0x1)

4m3.791856504s ago: executing program 2 (id=4575):
r0 = syz_open_dev$evdev(&(0x7f0000000240), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x80284511, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0/../file0/../file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x41)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000040c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00ba19ce670d25010000020000040000009fc40400d2532e764975f03f1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200a011ea665c45a3449abe802f5ab3e89cf40b858e217ce740068720000074e468eea3fcfcf498278ad15f5f87e1c26433a8acdc0e65888b2007f00000000000000000100000000000000010000000000000053350000000034a70c2ab40c7cf5691db43a5c00000000000000000000e75a89faff01210cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d01000000520655a8056085f4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf9938d6df8600a62e96b7cb8e52cbdc2ba9d580609e31c30891e7d87a79d6fce424c2200af6cb784a1975fa657de38a3a32a4fd67ce446adb431d07db79240aca1dd9ba02450500000000000000e645f091231b986e77d05d988d6edc6f9b4eb883ec8f878300cabf2b5543ffc1bdb92618242852e6e8b3e56fefbfff81669557b3809d8c396d2c0361629d1822f722ec23812770d72cd0010000007889b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b0a0ae6feb6737c275dc2740f742b5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fe7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff251845d0fff45bdbaeba4d4e3c6f7f623579435b2c505fb711300000000040000000000000000000000004c00e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7611589906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd0294bea179b0433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6cfa4966e5937562a5649a1a0000a042a7097ddefe0671a5767014b09b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7be49833f3c435f9700bc84680549f9eb16682ecb72277ffaca907a3eac4bfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c5a87013b98649805216631e20d07dff3ae567ca0d38a828542625fc6096aedc0ac5c144f0965071274bea051007e398cf9090c53d4b8b7dc784e3d83b78b007a43d744aa99d6a7c576e20b4281eff511122ccb399bcef0a0471639c81aab7445cebfc9b00b31fcbaf63086b3c16f51b593acee0b3a4830dd6af1accb15cc6163cabc01442527aa10000000000000000a4ba25997affe74ec552bf9deafbd63e"], &(0x7f0000000140)='GPL\x00'}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r3, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff64, 0x0, 0x0, 0x0, 0x10000d9, 0x2000000, 0x8, 0x0}}, 0x10)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x8000, &(0x7f0000001dc0)={0x8, 0x72}, 0x20)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b00010000000009040000015c29300009050900"], 0x0)

4m2.807447952s ago: executing program 2 (id=4581):
creat(&(0x7f0000000000)='./file0\x00', 0x0)
getrandom(&(0x7f0000000040)=""/23, 0x17, 0x0)
r0 = openat$procfs(0xffffff9c, &(0x7f0000000080)='/proc/schedstat\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x5c, r1, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x50}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r3 = syz_io_uring_setup(0xb162, &(0x7f0000000980)={0x0, 0x0, 0x1000}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0xa0, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x74, 0x3, 0x0, 0x1, [{0x70, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x64, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}]}}}, {0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @immediate={{0xe}, @void}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x124}}, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0)
write$P9_RSTATu(r2, &(0x7f0000000580)={0x217, 0x2, 0x0, {{0x500, 0xd6, 0x500, 0x3, {}, 0x2810000, 0xffffffff, 0x0, 0x4, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x31, 'pg>\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00|E\x00\x00Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\x03\xb4\x94\xe1\x9et\xb7\xd2\xa7\x1c5\xfaW.', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xee01, 0x0, 0xee01}}, 0x217)

4m1.959996373s ago: executing program 2 (id=4583):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x3, 0x80000}, 0x20)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000000040)=0x7, 0x4)
r1 = socket$inet6(0xa, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0xb91e9c5a8444a131, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f023})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010004b040000000000005f007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010062726964676500001800028005002600020000"], 0x48}, 0x1, 0x0, 0x0, 0xc001}, 0x800)
syz_open_dev$dri(&(0x7f00000006c0), 0x5, 0x40842)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioperm(0x6, 0x3, 0xb017)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xec, 0xec, 0x424, 0x0, 0x1cc, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x80]}}]}, @inet=@DSCP={0x24, 'DSCP\x00', 0x0, {0xff}}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@hbh={{0x48}, {0x8, 0x2, 0x0, [0x905, 0xfffe, 0x4, 0x4, 0x68e, 0xffff, 0x6, 0x7, 0x6, 0x7, 0xfff7, 0x9, 0xffff, 0x8, 0x2, 0x9], 0xa}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8)

4m1.058928978s ago: executing program 33 (id=4583):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x3, 0x80000}, 0x20)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x20)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4d, &(0x7f0000000040)=0x7, 0x4)
r1 = socket$inet6(0xa, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0xb91e9c5a8444a131, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f023})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010004b040000000000005f007a000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010062726964676500001800028005002600020000"], 0x48}, 0x1, 0x0, 0x0, 0xc001}, 0x800)
syz_open_dev$dri(&(0x7f00000006c0), 0x5, 0x40842)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioperm(0x6, 0x3, 0xb017)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xec, 0xec, 0x424, 0x0, 0x1cc, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x80]}}]}, @inet=@DSCP={0x24, 'DSCP\x00', 0x0, {0xff}}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@hbh={{0x48}, {0x8, 0x2, 0x0, [0x905, 0xfffe, 0x4, 0x4, 0x68e, 0xffff, 0x6, 0x7, 0x6, 0x7, 0xfff7, 0x9, 0xffff, 0x8, 0x2, 0x9], 0xa}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8)

16.115594572s ago: executing program 6 (id=5650):
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
close(0x3)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x8c02)
r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x286f7, 0x10100, 0x40000000, 0x7ffffc}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0)

12.975864439s ago: executing program 6 (id=5663):
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x100102, 0x0)
sendfile(r0, r0, 0x0, 0x6)
recvmmsg$unix(r0, &(0x7f0000001a40)=[{{&(0x7f0000000000)=@abs, 0x6e, &(0x7f0000000180)=[{&(0x7f0000000080)=""/240, 0xf0}], 0x1, &(0x7f00000001c0)=[@cred={{0x18}}], 0x18}}, {{&(0x7f0000000200)=@abs, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000280)=""/121, 0x79}, {&(0x7f0000000300)=""/28, 0x1c}, {&(0x7f0000000340)=""/73, 0x49}, {&(0x7f00000003c0)=""/63, 0x3f}, {&(0x7f0000000580)=""/134, 0x86}, {&(0x7f0000000640)=""/158, 0x9e}, {&(0x7f0000000400)=""/47, 0x2f}], 0x7, &(0x7f0000000740)=[@cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x2c}}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000780)=""/201, 0xc9}], 0x1, &(0x7f00000008c0)=[@cred={{0x18}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}], 0x58}}, {{&(0x7f0000000940), 0x6e, &(0x7f0000000b00)=[{&(0x7f00000009c0)=""/122, 0x7a}, {&(0x7f0000000a80)=""/80, 0x50}], 0x2}}, {{&(0x7f0000000b40)=@abs, 0x6e, &(0x7f0000000fc0)=[{&(0x7f0000000bc0)=""/137, 0x89}, {&(0x7f0000000c80)=""/1, 0x1}, {&(0x7f0000000cc0)=""/120, 0x78}, {&(0x7f0000000d40)=""/219, 0xdb}, {&(0x7f0000001e40)=""/4096, 0x1000}, {&(0x7f0000000e40)=""/70, 0x46}, {&(0x7f0000000ec0)=""/127, 0x7f}, {&(0x7f0000000f40)=""/115, 0x73}], 0x8}}, {{&(0x7f0000001000), 0x6e, &(0x7f0000001240)=[{&(0x7f0000001080)=""/174, 0xae}, {&(0x7f0000001140)=""/139, 0x8b}, {&(0x7f0000001200)=""/51, 0x33}, {&(0x7f0000002e40)=""/4096, 0x1000}, {&(0x7f0000003e40)=""/4092, 0xffc}], 0x5, &(0x7f0000001280)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, <r1=>0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x20, 0x1, 0x1, [<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc4}}, {{&(0x7f0000001380), 0x6e, &(0x7f00000014c0), 0x0, &(0x7f0000001500)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, <r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, <r6=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x68}}, {{&(0x7f0000001580)=@abs, 0x6e, &(0x7f00000019c0)=[{&(0x7f0000001600)=""/220, 0xdc}, {&(0x7f0000001700)=""/136, 0x88}, {&(0x7f0000001400)=""/128, 0x80}, {&(0x7f0000001840)=""/199, 0xc7}, {&(0x7f0000001940)=""/118, 0x76}], 0x5, &(0x7f0000001a00)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x2c}}], 0x8, 0x20, 0x0)
unshare(0x400)
r7 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r7, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e24}, 0x2)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000004e40)=ANY=[@ANYBLOB="12010000000000201c1b100c000000000001090224000100006006090400100503000e0009210000160122050009058103", @ANYBLOB="4f5c16d6af1db77ad2e939301a121a26956961d54dbd28038abd957bde0419620573ed4826fc39ddcf2ec3b0d6f56de6fdef02a22e71888912f5a4c96c2b550506e56d45bbce8299a2d7225b8c52cba93d67fc44be83876ae1009a54d8e8ea3f6573fc72e7e4ac90dba5401ffc7579d4b81f056b625821be3a88de629426bafb81a12bf051faef9885e38101cf75d83c7d63ccaf061ace04d07d2e4711dcd71bd186f81b19e404122e7fc389a1dca4b7af28b67ba63b10452bf68e810e21"], 0x0)
syz_usb_control_io(r9, 0x0, 0x0)
syz_usb_control_io(r9, &(0x7f0000000280)={0x18, &(0x7f0000001c00)=ANY=[@ANYBLOB="200605000000050cc5f8b46bb8854b42e15c3ce4d927ad29c0c78a5b295e88770ff51701b662108afa04b7848f12e8f5ec6ceae6212f6dc8bf6bbf699fec522432f24c5c40e545cf3a8eca709a161e8fa23e7c7336c3ef85f07675f6c59f7d0223503f783b58eda00d04e88a22a33029798268728dc0809c44c49abed3d965735159d847d9bb1c7dbbc7c0d42a03e2b4c458497fb93a750f4f690f82e55382141b88f5a5ff10ee35bb6af8efdb0f7209f470f00578cef0307e6b2d518dd3549f738ec1097eabeafc8d9ade26b08b3edec8b5b85383c3f38b"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCGWINSZ(r10, 0x5413, 0x0)
r11 = fspick(r2, &(0x7f0000000540)='./file0\x00', 0x0)
io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000001bc0)=[r0, r4, r3, r10, 0xffffffffffffffff, r5, r11, r4, r6], 0x9)
gettid()
r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r13, 0x4010ae67, &(0x7f0000000000)={0x8080000, 0x1d000, 0x2})
r14 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r14, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r15=>0x0})
r16 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r14)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r14, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r16, @ANYBLOB="05a300000000000000000d00000008000300", @ANYRES32=r15], 0x1c}}, 0x0)
sendmsg$netlink(r8, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000001b40)=ANY=[@ANYBLOB="380000002e0003050000040000000800000000000000000000000000000000006e441908a5863e4ee8a125b9444e92a3a91f9695710257e132ea205fa193f7d390c6545db4fe22", @ANYRES32, @ANYBLOB="0c000f00000000000000000000b306e087000000"], 0x38}], 0x1}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
getpid()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0cc5640, &(0x7f0000000440)={0xa, @pix_mp={0x800, 0x8, 0x33565348, 0x1, 0xa, [{0x32badaa3, 0x1f}, {0x81, 0x3}, {0x100000, 0x9}, {0x6, 0x3dc}, {0x8000, 0x5}, {0x9, 0x9}, {0x6, 0x3}, {0x1, 0x6}], 0x3, 0x9, 0x6, 0x0, 0x3}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)

12.047321107s ago: executing program 0 (id=5665):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000000c0)={0x1, 0x0, @pic={0x7f, 0x7, 0x6, 0x8, 0x5, 0xe, 0x80, 0x1, 0x2, 0xc, 0xe, 0xe, 0xc, 0x8, 0x1, 0x3}})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000340)={[0xa, 0x800000000000000, 0x10, 0x1, 0xf4, 0x1, 0x0, 0x3, 0x7f, 0x2, 0x8000, 0x7ff, 0x8396, 0x200, 0x9, 0xf], 0x80a0000, 0xd7c6})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

11.730418159s ago: executing program 0 (id=5669):
r0 = mq_open(&(0x7f0000000000)='batadv_slave_1\xbb', 0x8c2, 0x30, &(0x7f0000000080)={0x3, 0x8, 0x6, 0xc07})
r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
mq_getsetattr(r1, &(0x7f0000000300)={0x0, 0x8005, 0x4, 0xfffffffc}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="300000002100010000000000000000000a0000010000000110000000140003006d61637674617030000000000000000089a79e5f2fc0244912170228738bcc840d4191924d65fefe0fcb83946f4a6d899fc0edf075ab2d59d2fd79c6340f283ca893a1d027ecbb9a52c386c07e907bb6b70b3cc91f807cabdbe9ae855660a1d5d2cd083f704da9421339dfb2b15e3a6622d0e44db8a477cdcbb08864a3764505"], 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x40)
mq_timedreceive(r0, &(0x7f0000000100)=""/90, 0x5a, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0)
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000200)='.log\x00', 0x686200, 0x102)
write$UHID_CREATE2(r5, &(0x7f0000001640)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0xe00, 0x1ca, 0x8, 0x4, 0x4, 0x406, "69051061051c5b047c5acc7b451b2ce5ec38480e15c61f22ee2a64899979b1c38ea6f39e98492ae35608859e0c6267844e84c68aa1baa3736c7c2a59a23217d34d1facef8e1729b6635650f6ab1ce4bdf5e857a77ad23d9e62cbff84710daf564e5bd7344742c5cf062718b482f576d182301f4b5fb8d345958477528316cdfbb0d8a2a7834434d7a94e58edce24962e1cc51ffd8de385379f64f23ba3ce3828a35e62299b1216e9053617188ec44a644f9b1695802323e87b4d0e9e2fdebc95ef0ae516ebaad55de0e3d20bb1d727d0bd09d359a94a282f9d9bf7fb83ccc8940cb751712fc1c913a679322b28f63afbe312038a09faaf3f2b887eaa47c5a8883e5e684c463ab744dffbe2a4cfa8344ed8ac7f24e2ebcd2f9630930218a823707334d1a1cbd819874a43abee56108e323636718cd79baee0acdbc876e1081404a029f2651fc6c4346f25b22a1ef782b0bb44f2b41f327bfbf756c3034253cb3065a3c07495c615877d6c91bb633e66a4e5b4d13901a1eb446c74182a221f07fb3d6b283b8ff3385c2f4dd220520ff16d2521fa9e5d41a423409f4ef948b5fa6d4fcbb3f61cf5c25c18f18d28c3d1d012dda1727da222e6dcf9d385b38ae7b6c2a652b138373899904c0b70dbd1bda4944957694750046b01c00bc409b9a3aa3b842c3e3ec913a22451445e74b5e52e7bd00f14579c402332107f20904d24bc0c30d20e2f35200109c9570b66d699e0eee6945295275931995b53c7239d34a9017c83cc59df2addf548549d9cd7cc186dbfb897c5246313a67d3bae2977845ebe50c2aabe248cfb476c89dd4db32610138ed777850e3f453bc1053f8ed13d3debb5cca5f7d07a36f855c3d2091e6e38b869aeb1d63ab4e804b1e2f52b351501f44bd95269822c84414cf213248c89a4558004f5c9f63266a5d85aa7755269e23f8cd21188b586f7077a9195fa162d72ef55a6732ec9599325271776ff3572281e6db4d5bac068f1ed03128707a800b839f2c69d11f10a7e2e15c35df3f19eb8546cecfeed8b84db144f19f9922e50d1c701a32acc214e4a4288437f0142ed0dd1d93338b069b32a29692797af5597890ca846678f5259087d57d8f53b44932ed0f9ccab3d3ffcb6127d2d5e78fbc405670b50dd75a4075a7b9040502169a06024241029c686ee76ba1faf66d71fb17f42d1534cb4b9d4cb26d0ea3325125bae4f71f724bebfc6832537a4aa0e37058c159835f188e39eaacc28e8c6eab141deabec3a4f7dae533b32485cd14c3bc447382bbc652a05310c311c1569f42da08e447f7269158fbb66d6ca8b84c56cd5199d837e8630bb3182ef5d3d94d84de15dd793151a08f4dfe11192b8d3d93d9c170ed23eeed75babac5e611c3caa26affcf6a51a022d042a66ad7ce7e4af02e30bde75678a5b2e30a81bb39e13414728bd2193b49a46c2e3aa6233156b43d313ffeb724cb1dbd3508f23fceeda22960c5a305e597f9ec7ece95488c8b3c7f8e92777286313fb42aafe771d4136171ba6008a944a8ea689472cabbfeeb40506971b31343968c506a92087394040b4fbdcbeaf14e08382d4bbde947edc510abef34a94e4c38c4c17f15fde78fec74743e0070899658ed0b2c093f221c6859eb7caaf9e6383ff73e0c1f9b96ef78548d09a8398fad67b89b6007978bafa621c1a3eb31d1bf7f77854d5f628db0a1a5503a9c1cf6a297657abf229d7b23046b3478699c78644ec55bcdde492f387e409ef3f9062e725a87103e0edf9507441c834ca057cfa9be4f8606bcf3e07235c3619e52297b086ef40e2263722ad4998296fba1813c706e263a05509d17aa914a1b6fc316da048077143c43d933584f583234f454cf6fc6b71a8461afe18e6bca566b13d946427509f801ebf4d9116d46467ed6d012dbe16aff4d389b4ef3ff0f7f21469f5656cead17930d38aafd0ef954c84e866f67c6fd5dbdd38356d7417959decc444618f01cc49ce03dc0cd676c30c4948135976da32d80d3c243271e7ee3e18efd3af8d498661577b1968d4cea5f94fdc55eb478a355e81274963ee1f7578c98e251440b5b73ed8fb2dcc8518515b8fbf59045bb15af556bf51c0791af8f526328501d5c19aa9f80f2ceec5d420cd3777bc1f4c4faea30f110a0eb9696e69c20f84ee64b074b3c74199ca8ce8c80c3283a61636b7aa716415955f4122e60acc92ab29e20ed74281679b8a4d83523dce0a04ac8e1f631df0229fb0722e1c331f45ea67f829709b0ef396e6fc96bf89718fb3fbef837fcf283a73eba4581c8d240e00b6c704d8939f36bdca5a82c30af2ffdb421648bd210854cf788af386a1a6b547c0761a37c1c532c1fe203b107fc464eca7748b44764745211e42ed91690cd3dc5de71c637904b8fb12e777ed85594a230d1752503082dfb45aa989c981b8fff1366fc95ff03c16a526b4f8dd68c25e72e9a18ccca89db7732b94cd5c32639858be932b641b8948e0184517d2c2a4c496090048a25ba3b27e23740da4ba50cf72929bd605af1c88cc0470d684ac1ddf2a7be6dc0549aaf01da4e4e2eb72cd02edcf8d8d639d9a3cc8c5a6f4696da49318f01538cbb426135b236e567392ce30f229540023430ae97313f13b63e7389b40854bf18adb6a4dfbb94233afa4ab093f39ea3065a6064be7bc84cdc7d7a637d607982ba42e9c70b067defb38bf3c5f9f2449878c825f9c8a546d0d16d5e6f3ab432be7c37ddcc44ba7bac6a1c1bc58c814f8130b623594d638f2a7547fd60e009a7397113703b8a83a03df6902ef4eaf90f7e9cc81030c8e854a3ed54e691ef56da644a53d2972831a3d4a95ca2d07bf01eb6dd59aac79c34aa258d9a57a77f1cf99c6037157ad7b52ff3455eab17874235386aaf9d7bc1b53f21a07f497a6baba1dd03487d666ebba24e54e4e3a43f46b309d1ade45d8bca3bd353e7b3227064880e883b95cecfc41e09ee98f9f2a95edb1afe1c4c4530220f78f24aa0a8a503f7803a3325515f82d7d60a425f6bd8aa436c0a5511d041887a20b40e228512076f195a1cabc9caa28df6bd894695261b9156f6d269637fbfeeb313906ca400b2e44ada47da4fe4cfc838a40351bd15aa36d9c82d27172aa483d7a4f13516f53b89778e3349ca8807b900e35798dd7c4c89f4c2ab06dc08202bcc6ea5c01cb91c5d8b50bd4d5d2841879d0df7c03b1df6b88dd066a6fea70a4554dc9592e19ae348c2fe41ce0cd97063833c1e67856d5d9ebfd40072a52c063c9edbaaf34d5858b76a4b62dd88c17c4dcbc9bbff489dc29837cc1709e7c8c9fb2014e11acad2c95f7fd46b895b80451701967a1148ae69a74e5030c023c054259b2618d5436349536540b84764277772e9c4a75797c1cec157eb2c0bb211a6903010dc205213971803c094f413ba8fc698d7e0de41521ae0454323c068462511d48d87d28824376f1e1249439f15a6a555ec30737bc69602f67f0af6618123e37e67179d15b57a695f777ec206c2ced7ced1efb1c91a93ee8fc1ee97f8365044958e5dcb164df5df3447ac6211e2761fef58626bca1efda4c65376a715f27f2258fa6c66faff40b534c5be32eba922b6bf60f85b2f72da748989119b1b7058aae8db398f479f14970fd3443c0d28cc34333efa9fee3657d744225b93967126102b10b05dde9f7826e29b9ebe32296caea48cc7b186cae1702cd98f2315803a6a94abfe119065a806077565ab97e8f0476af9c1206c85a871ce14de341919569913590e11b343639bd4a068926a6db3e4f514f4805f98c6a0e9a1a4e28fede6532a709b035ea5ea296870e8e2903c642ef07d878a7bd6ff526d2a5e8e73c1251f97908cd9188fbe264d39a45c45f458f9fdc0c67365cff8d663a4895f038f4cef9bccf474c3d079ad48ac7db862aac446f21ed4f2f121df4cd616a10fe1c1d139237fb5066c8d03487f1e2dc68be5caa7c66c5c298ca5361a7d51fcd56d903d0a5ba0961f506afc51f2bcc2ec231329699e306406fb94190959aada20443d5498a2d90f1748fa83e328017fa8cbe7f8b32e22d0fb6bd557f60759329d553c6ec18b3a2fa95c7a13a47e7e978c0c95e3bda6b303738eedf457da07f81ac7ae259f2305ed1e88b54d02bd30e266f585571252df4846af85ebab67fbba406b3468e409d62fcf5318f83675553af072c504f7f99491d3b1b84d287999410cb2e451ff550942daedc53a64931561c2a5fb340ee43ef814aae74116116935567dec84891ac9e128870cd80ca708a8ad099355d5c77c9b35c6dec0bef07c6ce5fe87bc98d489f15d172880ed6f1f5a30258867271563f330dd028ff9b78a049f47bfc9491eddf971def71e8591ec23f3982c67fbdc4b526f29e4498c13e154cb128367cee7fc0b7a44f1635d40f61cec12ca4d43e10534c92636af5a36aea895ab4b1a51ad9a99dbeabc8a9ccbb58c2e4687e31e3283954f2c36ee9d2d8009a30c5540dc88d0325b129375042b2e43f54393d258ce1d95cb44d09c913508d488d81b958233033d26e617acde3706a9ec69d7e30d60c197b69a4499250ff4784080ad3fa993e7b6223959be54adef44e8f5b33bccf92639bf508637087961497adbfc845767f250bb680e8325b67a0bafc421c1799e1f5a30c14dadc1be4bfb288aeff67056528fe9ebb108293fe95f0d1262b6bd066c046d34167aee17bd9dde015aa80ec7923d0bb09b38cd236be64a8390b9b709e5515f31d7dd722a1b4b3782d51c03b8c0b0264f939182289199b775e6da69ddbceefcac243e4963e205febde3f370c3a61ba146398f1e785465347b65f2e0bdf9b4167110d6f7eeb88af9be73824ecec892e5aa2888e149f07c3cc635cedf0cece73def3b9ccebf054e8822982c7521dd34dec5d8b3c492a4b1a060c0cec3a513fea8fc4e1da42779940f28d8996e47807af420adf90793a78074e6746ae65ca75b45103db1986c95fa1c871b425ec2d634b264ad98f4496bd84ef0330ed736a039003143b9eb1170ca66d42d15db5fcdeead49b9842316e94c7dfd8fe7e014e83631a238d"}}, 0xf18)
ioctl$FS_IOC_SETFLAGS(r4, 0x40046602, &(0x7f0000000040)=0x80000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x43, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYRES16=r0, @ANYBLOB="1acf9d8779fb646eb5c0422ed645d97013ae3bf9974c6bab2afc65d1b74d80ef25f4fe5055afd9dc6d2caf8aa62cf82ebca132ff2ec608f14b1bff5f0b4c11b384eec894f0b2119c6b7e4bcd1a081ae8b8d0a26efab578c7bf5dde2e2f2e4c07fd2b624988f3e93d86816b9afc4475636a781078eb92591e4b7cb929b92d0d37c9804fd5db3dce93bafe282907693691a4ed4ea874084783e3c3d2a7e0d6564cb44b790afc9656251cae9a26cbcb02f1f76c085ed5d17c88865f71c19dd8ef2655df93695b0588508ffa", @ANYBLOB="66f2cc4904000e80", @ANYRESHEX=r0, @ANYRES8=r5], 0x20}, 0x1, 0x0, 0x0, 0x94}, 0x44010)
open(&(0x7f0000000180)='./bus\x00', 0x66a42, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read(r7, &(0x7f0000000580)=""/170, 0xaa)
write$char_usb(r6, 0x0, 0x0)

9.673671041s ago: executing program 6 (id=5673):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r1 = dup(r0)
openat$udambuf(0xffffffffffffff9c, 0x0, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780d206050086dd6018232500182c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa620202"], 0x0)
syz_emit_ethernet(0x56, &(0x7f00000001c0)=ANY=[], 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
close(r5)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0x6, 0x2, 0x4, 0x0, 0xc6})
r6 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
write$P9_RSTATu(r6, &(0x7f0000000780)=ANY=[@ANYBLOB="c20200007d00000005fa0000006a0000004000000000000000000000000000000010000000020000000000000000000000001f00046e6f6465767b6376666f7825ffffff8102000000000000000000000000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500003b595fcb14034354b9fd9ef196a51cd5157adc8106b494e11200fbe161e900000000000000000000f313f6005e00f8f67efb716dcf315ecaf385409ac65b9408679d2c3b9e1d52c3d6da9bf1995688dace6cde7ba4a400b4b0b4dbe64f64b1d63f26796dcbec498623d6a838c69a69dfce9cdd5906f174a666a8529a45773407dbdab2885baf050000000000b3016f64", @ANYRES32=0x0, @ANYRES64=r4, @ANYRES32=0x0], 0x2c2)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r8, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r8, &(0x7f0000001500)=[{{&(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x7080000, @dev={0xfe, 0x80, '\x00', 0x3d}, 0x4, 0x1}, 0x80, 0x0, 0x0, &(0x7f00000005c0)=[{0x18, 0x29, 0x37, '\x00'}], 0x18}}], 0x1, 0x4000000)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x30}, @IPSET_ATTR_SIZE={0x8, 0x17, 0x1, 0x0, 0x3}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
write$UHID_INPUT(r1, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d300987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
r9 = socket(0x11, 0xa, 0x0)
sendmsg$can_bcm(r9, &(0x7f00000000c0)={&(0x7f0000000000), 0x10, &(0x7f0000000080)={0x0}, 0x8, 0x0, 0x0, 0x20040010}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)={0x28, 0x3e, 0x107, 0x0, 0x25dfdbfc, {0x4, 0x7c}, [@nested={0x14, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}, @typed={0x8, 0x18, 0x0, 0x0, @ipv4=@multicast1}]}]}, 0x28}}, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000240)='statm\x00')
readahead(r11, 0x8, 0x9)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0x36}, './file0\x00'})

7.727558132s ago: executing program 0 (id=5682):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x13, &(0x7f0000000180)=0x80000004, 0x51)
futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, 0x0, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
setsockopt(r5, 0x3, 0x1, &(0x7f00000000c0)="c9a13e03", 0x4)
sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r4)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0009000040080800470000304000000008fb9078ac1e0001ac14140d8307d7e00000020000001000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000040000000030a01080000000000000000010040000900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000088000000060a010400000000000000000100000008000b40000000000900010073797a3000000000600004805c0001800b0001007470726f787900004c0002800800034000000016080001"], 0x110}}, 0x40040)
r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000002, 0x12, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x286f7, 0x10100, 0x0, 0x40000000}, &(0x7f0000002000)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
syz_io_uring_submit(r6, r8, &(0x7f0000000280)=@IORING_OP_WRITEV={0x2, 0x21, 0x6000, @fd, 0x81, &(0x7f0000000240)=[{&(0x7f0000000040)="2d45512693811fd96d90f1ddf634fd3f1ee4c881ef2eb8f9f036af09ce1001468099230165dfd2da5ff361e7173f523e71298f00c4aa93cf6e892bd4e51347c5", 0x40}, {&(0x7f0000000080)="c102d23965471e19b1d42453870110136989670b75381a59e75b7d7a948dd194287135236da7642a353cbcf68c6cf0b822fc3b6e1e2ea1f506dfcdb1ed6bb56591638148393c23956022989b3608d9080d83b483955d01cf8e6dfb48e3bcc6d07c5cc61a4389f88aff25a1fd394db81b0cef3862748764ef50", 0x79}, {&(0x7f0000000100)="09599dc2707190e658bddad737179830a483eee8785d8eb084800c6698ced4770309dfb3a7c1d19295ecb58c99f68c5bf96fb6ddfe806f5978b7baac7839df661d748cb4e76159feccd1f2debf43d21416c29e38e0532646480d126ffeafcfdad6af08480473e9521793d1ec42cdee84fa0766890277584a35b7bd1ea0f8fc81b57a48c343b3abef0d37732ac222dea0cf93834235e6b19ee09993fa25b5b8cf30bae176e60c1db38538c085b711432c2b8e35dd41087e2a4e79acf920f2301a3f1cbe9e4dc099376fb48c0502c08ab6e92097cc0ef79e6d45bd", 0xda}, {0x0}], 0x4, 0x1b, 0x1, {0x2}})
r9 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r9, &(0x7f0000000000)={0xa, 0x0, 0x10000, @loopback, 0x1}, 0x1c)

7.586322527s ago: executing program 1 (id=5683):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
prctl$PR_SET_NAME(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
symlink(&(0x7f0000000780)='./file0/../file0\x00', &(0x7f00000017c0)='./file0\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003d37d840890457e00000000000010902240003000000000904"], 0x0)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000040)={0xfdfdffff, 0x3, 0x1, 0x4, 0x1a, "518aba4d000000000000000000000000002000"})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
ioctl$TUNGETVNETLE(r1, 0x80086601, 0x0)
dup(0xffffffffffffffff)
setsockopt$netlink_NETLINK_RX_RING(0xffffffffffffffff, 0x10e, 0xb, &(0x7f00000000c0)={0xfffffff6}, 0x10)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
bind$unix(r3, &(0x7f00000000c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
bind$unix(r4, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
bind$unix(r2, &(0x7f0000000280)=@abs={0x1, 0x0, 0x4e24}, 0x6e)

7.325995004s ago: executing program 6 (id=5684):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet6(0xa, 0x1, 0xffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, 0x0, 0x0)
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x2a, 0x0, 0x0, 0xb4c, 0xe, 0x78, 0x0, 0x2}, 0x0)
syz_open_dev$usbfs(0x0, 0x76, 0x101301)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
ioctl$FIONREAD(r4, 0x541b, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect$uac1(0x3, 0xa4, 0x0, 0x0)
r6 = socket(0x10, 0x3, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000)
getdents64(0xffffffffffffffff, &(0x7f0000000fc0)=""/224, 0xe0)
write(r6, 0x0, 0x0)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r7, 0x4b72, &(0x7f0000000400)={0x1, 0x0, 0x9, 0x3, 0x140, 0x0})
sendmsg$nl_generic(r5, 0x0, 0x4000080)
r8 = openat$vimc1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, 0x0)
syz_open_procfs(0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r9 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f0000000440)={0xffffffffffffffff, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x3, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syzkaller1\x00'})

6.398857773s ago: executing program 3 (id=5686):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x1f, 0x1, 0x5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r4 = syz_open_dev$dri(0x0, 0x7, 0x220042)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)="690ea45e73b0f0cf753118819f4495f47e6f016788d1baf8ca32cd50b4e0c5e6dba50b792c169e503a43e7dc48728495f22683f1014d66f000e5896e52249ab47aeb9c96af631ec206b3f8a848b0705b5468ef666c803350b0a857d63cb91f3389019085fe41a717db4d01ba4755a171635a0e86ccff009b66bcd9a7b4c333a53e8c04455397aef78e379cd5e13aec6c2332faaef6ca310547d38e3f94414ebf33411ace8acabb11db28b8d4a121aabc746e6654556cab1e2de77b082d2e061e3fe4c58efe4f8e0ca956bedc5763cc2da2151eb0ac6a937560b54dd5dc11b4e65a4bdf04414605200a", 0xe9}, {&(0x7f0000000700)="2f34cd6d8761518fc37786de0792c4ccf8adc46f7498733cf2e70c1d23e3f03a0b70e587a6207c4293ecf03d5637e5059ca92df6b0f4627881ab21645a8237b01ac953a0810f5cd720a08bb356f7030db22777a29e201d", 0xff95}], 0x2, 0x0, 0x0, 0x4}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {0x0}], 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r9=>0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r9, r8})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000440)={0x5, r9})
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket$key(0xf, 0x3, 0x2)

5.356274003s ago: executing program 0 (id=5688):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00'})
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x401, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x8, r1}, 0x18)
recvmsg$unix(r1, &(0x7f0000000440)={&(0x7f0000000340)=@abs, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/141, 0x8d}], 0x1, &(0x7f0000000580)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}], 0x50}, 0x10040)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={<r4=>0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e24, 0x40, @private1, 0x1}]}, &(0x7f0000000100)=0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00v'], 0x24}, 0x1, 0x5502000000000000}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e24, 0x800, @empty, 0x9}}, 0x7, 0xfe00, 0x2, 0x3, 0x54, 0x6, 0xf5}, &(0x7f0000000480)=0x9c)
r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$apparmor_exec(r6, &(0x7f0000000440)=ANY=[@ANYBLOB='stack :'], 0xb3)
readv(r6, &(0x7f0000000380)=[{&(0x7f0000000040)=""/11, 0xb}], 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
write$UHID_CREATE2(r7, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a1000"/196], 0x119)
r8 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000080)='iocharset', &(0x7f0000000200)='%\x8bR\xafH\xd6e\x11\'\xec\xbb\xcb\xa0/\x1f\x16\xcf\xe2\xb5\xfc\xeb1\x12\xfdC\xb8\xa0\x01\xa3~\x971W\x96\xec\xaf\x1c\x91\xeb\xa8e\xfe\x17\x02xEA\x0f\x14\r\xae\xc1\xfe\x06\x12\beSb{~R\xf0\x06\x00\x00\x00\xf92\xce\x81p\x1fC\n\x9f(\x00\xc5\x1d\x9c\xccCq\x06\x1b-\f\xc9\xd9+\xa4\x14\xd8\xf4\xef\xf5^2\x14\xb8=\x03\x00\xd5M\x04\xf4{H\xd0\xc8\xf7\x10\xe1R \x9a^\xdfq*L\xc4lP6\x8f\xff&>\x94\x882\x1c\x00\x00\xc5\xbdD(\xa5\x17\x11\xd6\t\x12\x7fe\xba\xfc\x93\xf4\xd8\xb5\x04\xcb\x98\xd1QF\xe5\x1b\xb30x/\x86\x02\x1ct\xc7\x88\xd2\xce\xd5\x9e1\xef`\xad\x05\x11\xc9\xd8<\xc6~\x97\xd5\xde\xe3Eh\\\x84\x14\x9e\b\xe1\x9b\x00\'\xe8!\x8c\xc3\x97\x8a\xcf\xfc\x8fe\xa6\x0f\x8b\x912c\x1b>8\xc5\xa3_\xab\xf1\xf5\r\xb6\f\xfcS9\xd1.\x8b\xf3\xbc,?\xb2\x9aBDPY=r\xfa8I\x16\xa2\x18\xd4\xa5\x8b\xaf\xd1\x8a\xbb\x0e\x15O\xc9p@\xadaw\x84\xc9\xdd\x87a[\xdf\xc2\xa4\xf9@T/\xf5\xd1t\xc7\xeb\x04', 0x0)

4.825974853s ago: executing program 3 (id=5689):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="010700ffffffc400000052"], 0x14}, 0x1, 0x0, 0x0, 0xc008}, 0x4008010)
socket$key(0xf, 0x3, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000004c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff8}]})
r2 = syz_open_dev$dri(&(0x7f0000000080), 0xb, 0x400)
ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f0000000200)={0x12})
getgid()
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
r4 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xb584, 0x0, 0x2001, 0x101}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000640)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10)
r7 = openat$ttyprintk(0xffffff9c, &(0x7f0000000000), 0x149140, 0x0)
ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x5, 0x82, 0x3, 0x3}})
syz_emit_ethernet(0x106, &(0x7f0000000240)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @empty, @val={@val={0x88a8, 0x6, 0x0, 0x1}, {0x8100, 0x2, 0x0, 0x4}}, {@mpls_uc={0x8847, {[{0x64b, 0x0, 0x1}, {0x3}, {0x3df7, 0x0, 0x1}, {0x36, 0x0, 0x1}, {0x8, 0x0, 0x1}], @ipv4=@igmp={{0x21, 0x4, 0x0, 0xd, 0xdc, 0x68, 0x0, 0x5, 0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, {[@timestamp_addr={0x44, 0x4c, 0x26, 0x1, 0x5, [{@empty, 0xfff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@local, 0x7}, {@empty, 0x229}, {@dev={0xac, 0x14, 0x14, 0x13}, 0x9}, {@rand_addr=0x64010100, 0x594}, {@dev={0xac, 0x14, 0x14, 0x39}, 0x1}, {@loopback, 0x4}, {@loopback, 0x7}]}, @ra={0x94, 0x4, 0x1}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1b, 0x79, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @remote, @remote]}]}}, {0x1f, 0x0, 0x0, @multicast1, "35deca52d8cc1bac4f6f4b713c3008e007a8742bb24319efc1887397aae26c2d384166842ae472efcb69fbba2af98c4fd527a41b24e3a655385e743114b950e5307dedcf7803bdbc1928f9f4bb88b75d"}}}}}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_TEE={0x21, 0xda1a0b6210925d15, 0x0, @fd, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x22d2, 0x20, 0x0, 0x0, 0x0)

4.661582516s ago: executing program 1 (id=5690):
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x4}}, './file0\x00'})
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0106434, &(0x7f0000000040)={0x7fffffff, <r2=>0x0})
ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40086437, &(0x7f0000000080)={r2, 0x73})

4.499822308s ago: executing program 1 (id=5691):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
r0 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
ioprio_set$pid(0x1, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000000c0)={0x1c, 0x2, 0x1, "e70db0655ed2e56c9e205977fcc735021695ee853985fbfeb44c9bbb02b40614", 0x32315241})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bond0\x00', <r5=>0x0})
r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x80002, 0x0)
ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r6, 0x80083314, &(0x7f0000000240))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = open(&(0x7f0000000180)='./bus\x00', 0x14957e, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
lseek(0xffffffffffffffff, 0x9, 0x2)
readahead(r7, 0x0, 0x6)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYRESHEX=r5, @ANYRES32=r1, @ANYRES64=r0, @ANYRES32=r5, @ANYRES64=r2, @ANYBLOB="eba5c803000000b1b1a3e2aebc23aa0002682f3f478a2aa07c711153046cd0ecdea72579b32e32385ac0a11ae4540eb9803c9293e6f3477205c874ce146edea1f7421c9c0d17b3"], 0x3c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x1056, &(0x7f0000001440)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6000000010203c00fe8000000000000000000000000000aaff0200000000000000000000000000010000000000000000000000001018907804000000080000000200000000000000aa6e61d7037c8fe5791f8e7821f77d3f5993d5e28d387d84ff6412460c459c17ef78d9eddfaa7b0f998c0663f3aff9597d49722afd1a6dee9d64aaac65a0ca335102a4d60a16db6be21a920a6ce2e2e804384e2550401d9d4076d414f4a648f519adc5f65b2db249a04373e00ab3ccd5fb516acc0de328940ca67c8ee13ebd290c9a169a7e9150846ed679f709d2a948d376a45568bc8bf5b2d65f287885453341d112a9c7105a5c56081f8380bb60570f3e20ecbb7267f765248c7150d9ef37f7b7a5a8d8b7171237fe6b453c0d4f75c09d7f13e3b22350add598d11a8ff92f55115617a3b6d28e8a7473cd9fcd7b3a725805a7cc5551d1e400bc657cee29b14ff84fa6d7d771f5afa99f23e0c148b504d68ed40f3043305e8244a15ab4fc30d3cac5fac5bb83c154911e9bbd28e58280b0fddbfe52c8fd22224c1581223c23311ca959ecbac1e373d5c8b4897c74bfe094a623ac0384c3eebb519e88fdcc66014e166ce1ba5c9671282072ff54996a5d99bfcc562084fe6a5885ce87ea926b3a8cc05ea95ce6e54bebd89816a14b77ddfe5050f7afcf61b183ca5843faafe95c5eaf155f07e46b442b8e0447013c1f7a17150ed91affa11baa3a483ec34c2bc817b17e3511bef3ec5043f2c2bf37ca1cba10abd08a53481292c8aaaa06a15b5fb8db79c04cd8417a7eec28f34586809413f70381d4e41ad44593f801af435e60f8c276b77cb3245bb3c3ccb348f0bcc1f8afd3d792b12c7773d20a68693e7b957de4ac5c3d52e253f9c88fb4f33cadbed3cdb71e4198d3a43da85a89606d9996d207039f0ca073a91e0894b332cc1712b0302d111f3e5dc8627f37166180f14fc60ec5b124247b402d14e4736a8a05e3854d7b7f28c6a1338918994cec3343e56d324bd2ba1433f8c4d5cf41b2e7acd92829250955c286af7e3ddb3cedac615348e16be3021bb143998703a7694aef07f99e25ea74fb8bb33a453cc93d5c6ad1c4b85882b925b26df1a58bb30ad130535c2457fbc4f2fdb1155cde095c3dc91aa029e625c89425f15b663e4fff6f5de6556bb1d9e8c45e87aebfbd3b9d0c96dbf06a002204559f7a2c54d119ed6ab6c6585de70328cc8c1393ab7a715c20a7d3d32fae3f1dcfbe7bed3370897c4df09fe52bb9442d57e1dc824fd9e6cc97f3804d5e422aebe1654fdeaf0060312cc2ea68b707c005898f9d5b6d00e35a0aa4880860d9cc34ffffa57e6655c5ea70b13480249009537fd9787101dfa96d304688a4d9df991be5ef86b50ac99727eb850ce2905597e83c36701c2b7d7eb94018c8828216e0ca39365c7733c758b1ac8cf6fa6b8d6f67c5096d9438100074cf4c3e1d667fdf460a6db4d3ac449062a8b90390910f7907b88f0bf3c02d7546760bbc14bbcdb4e1a93de889ae737f54d41ac76bf12196f52945a9bcb4a939fee9cbbb966acab9be54098916b207be77bc87adf1ff431a21a5704ab5759295661932cd78d793f8c11bb9dd57866e3aa9263d62e47fff399365e2504397dd762bd7ada97a5fec061d6fd260c8ab431f6c4c2b067750df160e06b6aae3d7b1b0a3908dbaadde6e847329e54360272148d316cb9d38dc376c7e6077737788cfbf0366062e192c81cd5c36d3d34000b6d2e61bef1a565cf72131ee892c2f0f932904c0825813e52f61385be55578b0deb04bd053c8f8af93351e270298dbaf4928d8a2fc5204c01db294e306378179ab7a8b79b3d28c99e6a7a6e73ef6cd6df931c4a68d2636db63c98d3bb054e1c201df5df24f33e63ac423776859bb2564ea602cb62862a9d7d424b1a66dde31bf5b1383eef0c55abb543fb4490743cf527c451be28e4c654982fd40d41362ef40289d66966c8ff2d0d357eabecdcf39358fcb777241de8ccaa5c7ceb9573db682e7dde588be02142c38d4ca7bf7812086e6e02c02281c707873e36bae80e2ffb4f19f1a5a57e61894e19651003c79eedb997e697bea9fcce71b543b3cdc64a7e8124b0df405eb5ad371af253e1255231ae68269d99b3c789886e303973d68dc3070c456c6abea0f1ba635ebc8f940c3799338bbf0595c29d17cc8351dcc80ff3174349989d77c7795ca71326d5c7738602219aad20258ac6c33018d956ef3009604201c4ab26fb68b734b05c4abcc7f5f41ba2075bbd2b5fc1a8e5cadc5d1efecbc9b0db8ac22ce36463ce9bb14021741c0d0e3d02d0d2cd99b9b4a21fddbf014e3deedd4e61edd74c389b5d0e006231cb66e137153814abf84b40128a7567dadb5e49f923aaccfad609af1136213f160bbe6c6b144546ddfe5f629d3050e3327455e9db3b0191cb4939589dcf83557914a57b84d28cfbdac8da3b20add94ff5c1542a4a7ddce1fcc21afba1d8c20fc855f3d22bb9e7f4a46d98e1ef79edb01663953cf95e0138c58ae95e9b94220408de01454e48158c87ea0195ed00bac914409cef1789a9fb8f0a8f86226a705419d78ee33093599ec58b4a48d65f016c29d0394c009e19fa2c655e6edaca7eb19237c5d0f8c8b743eb482493238b65f46a0803815943e090bb0e3ebe9da1ff0f3957bc2bc4c4996a2b9a7128141838818cb48e945a7857afa1cfa413e50c46524c1c925fc146163a53abb0fe2fc1d5ae3cdba670de19ac8f5e384a3d212415ff294d24d743fd5b7779e10c21f993f3017d460af6c60402b0016639eb1d3699c3ee876802fb0ee25dd1a9f900478627fda16c98e278db4e6856a99c494ef68115b43a2e36244c6e1beb3ab831ba3091678be61e7476656f7b2518cff3b19446a9b41d5312cfb6eabca9aedaa15f1199b4af93601622be23a26597a54b579370610382c1c1aff6d9f8b12c319a88865b95b64b75f709de3d1d665f03a8891fc2e7f9ece735816d08c89b2e2fb1bd974a12cdd9d1096ca7ce5d06786ff12675683e046d2f56daf1e15858346ad5c1b487c672bf69edc671e4cef4e25da140ed7f17b19614d0a62f138eab1a86d8c44147032a3200ae01d891d365b37d59e3faae22cd3ba77031b9a46ebc31acae0bbce556109d6921e570f02c5a377ab5d6abb3d0b07e8438e59342649dd8b262766a34aa261052def432241a628d9244505a009d657c47f73c71fef935418fa5f8603cb244da45ec929f60a352b93907944770e24ace6a646e51a0710ce051f94c4f53da0f3d32089e549967b88467b4ec7fcf62f49554b4307d2c00945269c036f97c4260dbd8b593dba0b1ed5599da8c67f04945ccbf1b23f32c4e562bd9fd0714a3e4fc02cae87adfb52e55230821579aa7ffc94c25f78e551097708c8c4fa3c13e7c7e915c36d074ed6062e7ca8d403218a19e01a29a712010ba4a3f2b33f04259a8f7fad2156eb0294fe3f98961a342f2e94af0030966b91c8d1b8a4690d549ef083ac0bcf0b4124a6f7ceaf03a500abc1ebddcc93df68eeb2bb6cb5f9ede0f2d40854f02eeb14d42f43441eca76ecccc70b6c87014150a7c77b6137bc20636084d690bfd1600d8f14d217f8ea0da1e5f560f79b199d9ee06da845edb22ab9748ee3855c530687101a1d736db6f3fe613425177402d0770a26b01a194af3b047d60df8d87cd9f8ee582aa20aba8b6b80f308c8f020d01f1e78bfca597441b1ddf8c2f64412570837e5157161f8b814dce68025f159a9f659c6ecd3fd45742e15f4783295258b5a1f7763f25c7d3e3142241ff4052fc2daa7d9e9ca48243039bd7ceed13f8bc78be3d77095de7a443c32a5385df2063827778b46e13bb36f8ed65b0c31bf97fb1351612f58b8b7d163d77e3655a1797e2a57aa293d7b0b1fee7c13ede27ba9fafdb4dd01e146c907c5d26eed6aa1fa91dc4cbee1ecb2ab0e8b5cfe6b2c76671fcb6edd22b237d5fbca468c579008c3ecfb547ad8ece2d9a5dbf647fe368ab971ada1a61120f14b1ce6f68096cbc8eaac3bae5af8a999951d964804962a456345f2b9b04e8a3e5f5093ba1e2ed1784b44f8e781ad429d69408f37a540ac27ba4ac72a54a4525bd2b9b8c002a4a99c8bf7720f47b31b90f6bdae517dd953457b3ef28cd44e334e4b0d7025443dce7ed92d5d1b29bd8a8e60ecd5f56831dd7f5f6c7de6c6af4367f0ebb03d52d9bac3f1cbf94fc8392e34aeec8e7b8165650c7ab333795dde7763502d190ed2f0ce90377c4c1dc86af71cb2f3e44b9f684c190f81cd015dd9a5e64f0f407895f3080c22bbfb085881f49485ce2d5f62ed9a8cf8e593714bfe7983cce03dbaf0ad6c5c0cd2b0933f96c71c452999baca386360130411a14b4987f087d9519de224cbc969215f605c12c719de2b0fbaffd486fab4ff816bf19e16731081e95e54701d2c87b4ecba351285465ec3b01790afeda3d858d30dba98a62daa0b2684979cdbc6c5592b35d29a9105858b2e47a38700fca312088c2dbb21d184f41ee377954d5615f248183def687e41fc5546333d164a57d11bb646cbc8441acc6dc8fd3122fe507f8bf5a69008b8a8a2c8a900481ecc1afa02de643a9b27ecc3c975fba657beb5700df96630dbbdd87f420e870486f31b929cc481bbc6755ae436096b936e7bdbea28a7eb2721ca1789cdbd67663393d3ad9fd279ed5f6fd8c100d298c0e0a0c41f5d1fb72c392df25bb699c6216d0357202311c3974e7feda90118f11fdadcdf3e5cbcca89c493107555658ac49f74c467d53d613e589121a3fe7da76a75818c904b404cde51c2829bdee8c980e6844b5222cadde84a5a4129093d6f21b7b090d3ac4ee6a67b7fd385016d83ce27943772fad146f38bdc226c82aedd6f50eba9dfc06384d755b6ef1b3d2279a2dab19c08acf967c82dc7ced5b6737404b5618f50b99d6389693185a9031309aa58dd4917a9e099f8ecdb716162cb4da9e5a9c48c0a4a927fcb91e49b14474e4febd2fda7fde248997e27cb48a4864b55825f2079aec5820b49276230d99e3a4813cee858d0ef562e8f12b5c8c61f962129255fccfc680ca7210d5b673c8237fdcc5b54f898bbfd2f908a5a0c69888995b2a57fa43dec7cbbb40172d2f4a1813d38e95dac3fba95707014a350edea5992d0c22fbf6f2ebe55d2de5f4e1da2c056cf9635dcf357fce66160a5048f84dbe4d375d282cbb5a274f8976d9702582422e4914e9890b696d357e40d0c6a0832268282646904ea2a4ab2029b4a6537d979919297ce616589c3e10ced0e8c8b7fed472362a88dba625d73360ab6133cab2e9bb0e4701d37754c7c7a2bfe71679fa905524ea689bbcd193806b3514f86037f8cdc9ca501c545c03bd1b118c023218fd7c461a0da313c2ff4914a4f64f3d0f8d7d05d47634d744e76805fe637b47e71c768b5ee441f62ab61a2a7ce0ed025dc38288fbc81cb62f2feecd8ed68099d1af08d0f89cd381c69bea842300fe5a9db5f34f0b914d386532ae1b73b889d710e55518c26a370ce92e91b1dc4aba05f219b214ce3bb8dc53fb9c378f3547859591cf1043934137b0ea9f9af24f13886f4d6f350af6109115e3f825b01a778ae8aada830c25cf78bd434963c9e2e0e07b0ceecf8e6f695366a9790535dcd0016c24311791c1ab48753a0c9564850b694bc5c69da13396167b0431ab18989993e18b26ad779a8903246936f060820dee94d8774a23a4f687c309d0f5b69416ac325f82eb64d4209713f2803ff78e795da9403dc79c32f2aead9937dfb7cd50ef7e30182293b907bf754e86f6c3a58991749bf714d5eb2d12aac3ee16d38b3aae56c2b871461b92900"/4169], 0x0)
sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYRESOCT=r5], 0x24}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
ioctl$VIDIOC_ENUM_FREQ_BANDS(0xffffffffffffffff, 0xc0405665, &(0x7f0000000040)={0x10000, 0x1, 0x9, 0x800, 0x10000, 0x8, 0x6})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="54000000020601080000000000000000000000000c00078008000640000000000500010006000000050005000a00000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x54}, 0x1, 0x0, 0x0, 0x24048091}, 0x20000840)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)

4.459676057s ago: executing program 3 (id=5692):
r0 = mq_open(&(0x7f0000000000)='batadv_slave_1\xbb', 0x8c2, 0x30, &(0x7f0000000080)={0x3, 0x8, 0x6, 0xc07})
r1 = ioctl$KVM_GET_STATS_FD_vm(r0, 0xaece)
mq_getsetattr(r1, &(0x7f0000000300)={0x0, 0x8005, 0x4, 0xfffffffc}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="300000002100010000000000000000000a0000010000000110000000140003006d61637674617030000000000000000089a79e5f2fc0244912170228738bcc840d4191924d65fefe0fcb83946f4a6d899fc0edf075ab2d59d2fd79c6340f283ca893a1d027ecbb9a52c386c07e907bb6b70b3cc91f807cabdbe9ae855660a1d5d2cd083f704da9421339dfb2b15e3a6622d0e44db8a477cdcbb08864a3764505"], 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x40)
mq_timedreceive(r0, &(0x7f0000000100)=""/90, 0x5a, 0x0, 0x0)
mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0)
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000200)='.log\x00', 0x686200, 0x102)
write$UHID_CREATE2(r5, &(0x7f0000001640)={0xb, {'syz1\x00', 'syz1\x00', 'syz1\x00', 0xe00, 0x1ca, 0x8, 0x4, 0x4, 0x406, "69051061051c5b047c5acc7b451b2ce5ec38480e15c61f22ee2a64899979b1c38ea6f39e98492ae35608859e0c6267844e84c68aa1baa3736c7c2a59a23217d34d1facef8e1729b6635650f6ab1ce4bdf5e857a77ad23d9e62cbff84710daf564e5bd7344742c5cf062718b482f576d182301f4b5fb8d345958477528316cdfbb0d8a2a7834434d7a94e58edce24962e1cc51ffd8de385379f64f23ba3ce3828a35e62299b1216e9053617188ec44a644f9b1695802323e87b4d0e9e2fdebc95ef0ae516ebaad55de0e3d20bb1d727d0bd09d359a94a282f9d9bf7fb83ccc8940cb751712fc1c913a679322b28f63afbe312038a09faaf3f2b887eaa47c5a8883e5e684c463ab744dffbe2a4cfa8344ed8ac7f24e2ebcd2f9630930218a823707334d1a1cbd819874a43abee56108e323636718cd79baee0acdbc876e1081404a029f2651fc6c4346f25b22a1ef782b0bb44f2b41f327bfbf756c3034253cb3065a3c07495c615877d6c91bb633e66a4e5b4d13901a1eb446c74182a221f07fb3d6b283b8ff3385c2f4dd220520ff16d2521fa9e5d41a423409f4ef948b5fa6d4fcbb3f61cf5c25c18f18d28c3d1d012dda1727da222e6dcf9d385b38ae7b6c2a652b138373899904c0b70dbd1bda4944957694750046b01c00bc409b9a3aa3b842c3e3ec913a22451445e74b5e52e7bd00f14579c402332107f20904d24bc0c30d20e2f35200109c9570b66d699e0eee6945295275931995b53c7239d34a9017c83cc59df2addf548549d9cd7cc186dbfb897c5246313a67d3bae2977845ebe50c2aabe248cfb476c89dd4db32610138ed777850e3f453bc1053f8ed13d3debb5cca5f7d07a36f855c3d2091e6e38b869aeb1d63ab4e804b1e2f52b351501f44bd95269822c84414cf213248c89a4558004f5c9f63266a5d85aa7755269e23f8cd21188b586f7077a9195fa162d72ef55a6732ec9599325271776ff3572281e6db4d5bac068f1ed03128707a800b839f2c69d11f10a7e2e15c35df3f19eb8546cecfeed8b84db144f19f9922e50d1c701a32acc214e4a4288437f0142ed0dd1d93338b069b32a29692797af5597890ca846678f5259087d57d8f53b44932ed0f9ccab3d3ffcb6127d2d5e78fbc405670b50dd75a4075a7b9040502169a06024241029c686ee76ba1faf66d71fb17f42d1534cb4b9d4cb26d0ea3325125bae4f71f724bebfc6832537a4aa0e37058c159835f188e39eaacc28e8c6eab141deabec3a4f7dae533b32485cd14c3bc447382bbc652a05310c311c1569f42da08e447f7269158fbb66d6ca8b84c56cd5199d837e8630bb3182ef5d3d94d84de15dd793151a08f4dfe11192b8d3d93d9c170ed23eeed75babac5e611c3caa26affcf6a51a022d042a66ad7ce7e4af02e30bde75678a5b2e30a81bb39e13414728bd2193b49a46c2e3aa6233156b43d313ffeb724cb1dbd3508f23fceeda22960c5a305e597f9ec7ece95488c8b3c7f8e92777286313fb42aafe771d4136171ba6008a944a8ea689472cabbfeeb40506971b31343968c506a92087394040b4fbdcbeaf14e08382d4bbde947edc510abef34a94e4c38c4c17f15fde78fec74743e0070899658ed0b2c093f221c6859eb7caaf9e6383ff73e0c1f9b96ef78548d09a8398fad67b89b6007978bafa621c1a3eb31d1bf7f77854d5f628db0a1a5503a9c1cf6a297657abf229d7b23046b3478699c78644ec55bcdde492f387e409ef3f9062e725a87103e0edf9507441c834ca057cfa9be4f8606bcf3e07235c3619e52297b086ef40e2263722ad4998296fba1813c706e263a05509d17aa914a1b6fc316da048077143c43d933584f583234f454cf6fc6b71a8461afe18e6bca566b13d946427509f801ebf4d9116d46467ed6d012dbe16aff4d389b4ef3ff0f7f21469f5656cead17930d38aafd0ef954c84e866f67c6fd5dbdd38356d7417959decc444618f01cc49ce03dc0cd676c30c4948135976da32d80d3c243271e7ee3e18efd3af8d498661577b1968d4cea5f94fdc55eb478a355e81274963ee1f7578c98e251440b5b73ed8fb2dcc8518515b8fbf59045bb15af556bf51c0791af8f526328501d5c19aa9f80f2ceec5d420cd3777bc1f4c4faea30f110a0eb9696e69c20f84ee64b074b3c74199ca8ce8c80c3283a61636b7aa716415955f4122e60acc92ab29e20ed74281679b8a4d83523dce0a04ac8e1f631df0229fb0722e1c331f45ea67f829709b0ef396e6fc96bf89718fb3fbef837fcf283a73eba4581c8d240e00b6c704d8939f36bdca5a82c30af2ffdb421648bd210854cf788af386a1a6b547c0761a37c1c532c1fe203b107fc464eca7748b44764745211e42ed91690cd3dc5de71c637904b8fb12e777ed85594a230d1752503082dfb45aa989c981b8fff1366fc95ff03c16a526b4f8dd68c25e72e9a18ccca89db7732b94cd5c32639858be932b641b8948e0184517d2c2a4c496090048a25ba3b27e23740da4ba50cf72929bd605af1c88cc0470d684ac1ddf2a7be6dc0549aaf01da4e4e2eb72cd02edcf8d8d639d9a3cc8c5a6f4696da49318f01538cbb426135b236e567392ce30f229540023430ae97313f13b63e7389b40854bf18adb6a4dfbb94233afa4ab093f39ea3065a6064be7bc84cdc7d7a637d607982ba42e9c70b067defb38bf3c5f9f2449878c825f9c8a546d0d16d5e6f3ab432be7c37ddcc44ba7bac6a1c1bc58c814f8130b623594d638f2a7547fd60e009a7397113703b8a83a03df6902ef4eaf90f7e9cc81030c8e854a3ed54e691ef56da644a53d2972831a3d4a95ca2d07bf01eb6dd59aac79c34aa258d9a57a77f1cf99c6037157ad7b52ff3455eab17874235386aaf9d7bc1b53f21a07f497a6baba1dd03487d666ebba24e54e4e3a43f46b309d1ade45d8bca3bd353e7b3227064880e883b95cecfc41e09ee98f9f2a95edb1afe1c4c4530220f78f24aa0a8a503f7803a3325515f82d7d60a425f6bd8aa436c0a5511d041887a20b40e228512076f195a1cabc9caa28df6bd894695261b9156f6d269637fbfeeb313906ca400b2e44ada47da4fe4cfc838a40351bd15aa36d9c82d27172aa483d7a4f13516f53b89778e3349ca8807b900e35798dd7c4c89f4c2ab06dc08202bcc6ea5c01cb91c5d8b50bd4d5d2841879d0df7c03b1df6b88dd066a6fea70a4554dc9592e19ae348c2fe41ce0cd97063833c1e67856d5d9ebfd40072a52c063c9edbaaf34d5858b76a4b62dd88c17c4dcbc9bbff489dc29837cc1709e7c8c9fb2014e11acad2c95f7fd46b895b80451701967a1148ae69a74e5030c023c054259b2618d5436349536540b84764277772e9c4a75797c1cec157eb2c0bb211a6903010dc205213971803c094f413ba8fc698d7e0de41521ae0454323c068462511d48d87d28824376f1e1249439f15a6a555ec30737bc69602f67f0af6618123e37e67179d15b57a695f777ec206c2ced7ced1efb1c91a93ee8fc1ee97f8365044958e5dcb164df5df3447ac6211e2761fef58626bca1efda4c65376a715f27f2258fa6c66faff40b534c5be32eba922b6bf60f85b2f72da748989119b1b7058aae8db398f479f14970fd3443c0d28cc34333efa9fee3657d744225b93967126102b10b05dde9f7826e29b9ebe32296caea48cc7b186cae1702cd98f2315803a6a94abfe119065a806077565ab97e8f0476af9c1206c85a871ce14de341919569913590e11b343639bd4a068926a6db3e4f514f4805f98c6a0e9a1a4e28fede6532a709b035ea5ea296870e8e2903c642ef07d878a7bd6ff526d2a5e8e73c1251f97908cd9188fbe264d39a45c45f458f9fdc0c67365cff8d663a4895f038f4cef9bccf474c3d079ad48ac7db862aac446f21ed4f2f121df4cd616a10fe1c1d139237fb5066c8d03487f1e2dc68be5caa7c66c5c298ca5361a7d51fcd56d903d0a5ba0961f506afc51f2bcc2ec231329699e306406fb94190959aada20443d5498a2d90f1748fa83e328017fa8cbe7f8b32e22d0fb6bd557f60759329d553c6ec18b3a2fa95c7a13a47e7e978c0c95e3bda6b303738eedf457da07f81ac7ae259f2305ed1e88b54d02bd30e266f585571252df4846af85ebab67fbba406b3468e409d62fcf5318f83675553af072c504f7f99491d3b1b84d287999410cb2e451ff550942daedc53a64931561c2a5fb340ee43ef814aae74116116935567dec84891ac9e128870cd80ca708a8ad099355d5c77c9b35c6dec0bef07c6ce5fe87bc98d489f15d172880ed6f1f5a30258867271563f330dd028ff9b78a049f47bfc9491eddf971def71e8591ec23f3982c67fbdc4b526f29e4498c13e154cb128367cee7fc0b7a44f1635d40f61cec12ca4d43e10534c92636af5a36aea895ab4b1a51ad9a99dbeabc8a9ccbb58c2e4687e31e3283954f2c36ee9d2d8009a30c5540dc88d0325b129375042b2e43f54393d258ce1d95cb44d09c913508d488d81b958233033d26e617acde3706a9ec69d7e30d60c197b69a4499250ff4784080ad3fa993e7b6223959be54adef44e8f5b33bccf92639bf508637087961497adbfc845767f250bb680e8325b67a0bafc421c1799e1f5a30c14dadc1be4bfb288aeff67056528fe9ebb108293fe95f0d1262b6bd066c046d34167aee17bd9dde015aa80ec7923d0bb09b38cd236be64a8390b9b709e5515f31d7dd722a1b4b3782d51c03b8c0b0264f939182289199b775e6da69ddbceefcac243e4963e205febde3f370c3a61ba146398f1e785465347b65f2e0bdf9b4167110d6f7eeb88af9be73824ecec892e5aa2888e149f07c3cc635cedf0cece73def3b9ccebf054e8822982c7521dd34dec5d8b3c492a4b1a060c0cec3a513fea8fc4e1da42779940f28d8996e47807af420adf90793a78074e6746ae65ca75b45103db1986c95fa1c871b425ec2d634b264ad98f4496bd84ef0330ed736a039003143b9eb1170ca66d42d15db5fcdeead49b9842316e94c7dfd8fe7e014e83631a238d"}}, 0xf18)
ioctl$FS_IOC_SETFLAGS(r4, 0x40046602, &(0x7f0000000040)=0x80000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x43, &(0x7f0000000080)={&(0x7f00000006c0)=ANY=[@ANYRES16=r0, @ANYBLOB="1acf9d8779fb646eb5c0422ed645d97013ae3bf9974c6bab2afc65d1b74d80ef25f4fe5055afd9dc6d2caf8aa62cf82ebca132ff2ec608f14b1bff5f0b4c11b384eec894f0b2119c6b7e4bcd1a081ae8b8d0a26efab578c7bf5dde2e2f2e4c07fd2b624988f3e93d86816b9afc4475636a781078eb92591e4b7cb929b92d0d37c9804fd5db3dce93bafe282907693691a4ed4ea874084783e3c3d2a7e0d6564cb44b790afc9656251cae9a26cbcb02f1f76c085ed5d17c88865f71c19dd8ef2655df93695b0588508ffa", @ANYBLOB="66f2cc4904000e80", @ANYRESHEX=r0, @ANYRES8=r5], 0x20}, 0x1, 0x0, 0x0, 0x94}, 0x44010)
open(&(0x7f0000000180)='./bus\x00', 0x66a42, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
read(r7, &(0x7f0000000580)=""/170, 0xaa)
write$char_usb(r6, 0x0, 0x0)

4.16431959s ago: executing program 5 (id=5693):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
pipe2$watch_queue(&(0x7f00000001c0), 0x80)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
epoll_pwait(0xffffffffffffffff, &(0x7f00008c9fc4)=[{}], 0x1, 0xfffffffffffffff7, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000)={0x30000008})
dup3(r0, r1, 0x0)

3.98748308s ago: executing program 5 (id=5694):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x48002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) (fail_nth: 4)

3.41268364s ago: executing program 0 (id=5695):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x1f, 0x1, 0x5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r4 = syz_open_dev$dri(0x0, 0x7, 0x220042)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)="690ea45e73b0f0cf753118819f4495f47e6f016788d1baf8ca32cd50b4e0c5e6dba50b792c169e503a43e7dc48728495f22683f1014d66f000e5896e52249ab47aeb9c96af631ec206b3f8a848b0705b5468ef666c803350b0a857d63cb91f3389019085fe41a717db4d01ba4755a171635a0e86ccff009b66bcd9a7b4c333a53e8c04455397aef78e379cd5e13aec6c2332faaef6ca310547d38e3f94414ebf33411ace8acabb11db28b8d4a121aabc746e6654556cab1e2de77b082d2e061e3fe4c58efe4f8e0ca956bedc5763cc2da2151eb0ac6a937560b54dd5dc11b4e65a4bdf04414605200a", 0xe9}, {&(0x7f0000000700)="2f34cd6d8761518fc37786de0792c4ccf8adc46f7498733cf2e70c1d23e3f03a0b70e587a6207c4293ecf03d5637e5059ca92df6b0f4627881ab21645a8237b01ac953a0810f5cd720a08bb356f7030db22777a29e20", 0x56}], 0x2, 0x0, 0x0, 0x4}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r9=>0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r9, r8})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000440)={0x5, r9})
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket$key(0xf, 0x3, 0x2)

3.31622835s ago: executing program 5 (id=5696):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x1f, 0x1, 0x5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, 0x0}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
r4 = syz_open_dev$dri(0x0, 0x7, 0x220042)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)="690ea45e73b0f0cf753118819f4495f47e6f016788d1baf8ca32cd50b4e0c5e6dba50b792c169e503a43e7dc48728495f22683f1014d66f000e5896e52249ab47aeb9c96af631ec206b3f8a848b0705b5468ef666c803350b0a857d63cb91f3389019085fe41a717db4d01ba4755a171635a0e86ccff009b66bcd9a7b4c333a53e8c04455397aef78e379cd5e13aec6c2332faaef6ca310547d38e3f94414ebf33411ace8acabb11db28b8d4a121aabc746e6654556cab1e2de77b082d2e061e3fe4c58efe4f8e0ca956bedc5763cc2da2151eb0ac6a937560b54dd5dc11b4e65a4bdf04414605200a", 0xe9}, {&(0x7f0000000700)="2f34cd6d8761518fc37786de0792c4ccf8adc46f7498733cf2e70c1d23e3f03a0b70e587a6207c4293ecf03d5637e5059ca92df6b0f4627881ab21645a8237b01ac953a0810f5cd720a08bb356f7030db22777a29e", 0x55}], 0x2, 0x0, 0x0, 0x4}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[<r9=>0x0], &(0x7f0000000340), 0x0, 0x1, 0x0, 0x0, r8})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000380)={0x1, r9, r8})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r4, 0xc01064ab, &(0x7f0000000440)={0x5, r9})
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
socket$key(0xf, 0x3, 0x2)

3.101544133s ago: executing program 1 (id=5697):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x1f, 0x1, 0x5)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
socket$inet6(0xa, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000cc0)="adf802e5370fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000600)="690ea45e73b0f0cf753118819f4495f47e6f016788d1baf8ca32cd50b4e0c5e6dba50b792c169e503a43e7dc48728495f22683f1014d66f000e5896e52249ab47aeb9c96af631ec206b3f8a848b0705b5468ef666c803350b0a857d63cb91f3389019085fe41a717db4d01ba4755a171635a0e86ccff009b66bcd9a7b4c333a53e8c04455397aef78e379cd5e13aec6c2332faaef6ca310547d38e3f94414ebf33411ace8acabb11db28b8d4a121aa", 0xaf}, {&(0x7f0000000700)="2f34cd6d8761518fc37786de0792c4ccf8adc46f7498733cf2e70c1d23e3f03a0b70e587a6207c4293ecf03d5637e5059ca92df6b0f4627881ab21645a8237b01ac953a0810f5cd720a08bb356f7030db22777a29e201d", 0x57}], 0x2, 0x0, 0x0, 0x4}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

2.658904585s ago: executing program 6 (id=5698):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x29, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a80)=@newtfilter={0x48, 0x2c, 0xd2b, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xffe0}, {}, {0xe, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @mcast2}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x893}, 0x24040084)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r5, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000400)={{0xeeee8000, 0xeeee1000, 0x0, 0x3, 0x8, 0x3, 0x6, 0x1, 0xfe, 0x0, 0x87, 0xff}, {0x3000, 0x5000, 0x6, 0xcb, 0x6, 0x6, 0x2, 0x5e, 0x25, 0x7, 0xa6, 0x9}, {0x6000, 0xdddd1000, 0xa, 0x6, 0x6, 0x81, 0x9, 0x5, 0x1, 0x0, 0xb, 0x8}, {0x100000, 0x4000, 0x6, 0xb, 0xc, 0x2, 0x1, 0x81, 0x1, 0x1, 0xef, 0xd}, {0x0, 0xeeee0000, 0xf, 0xc, 0xff, 0x7, 0x6, 0x4, 0x6, 0xf9, 0xca, 0x12}, {0xeeee8000, 0x10000, 0x5, 0x7, 0x7, 0x8, 0x8, 0x4, 0x90, 0x1, 0x9, 0x2}, {0xd000, 0x100000, 0xf, 0x4, 0x40, 0x9, 0x9, 0x2, 0x6, 0x5, 0x7, 0x7}, {0x80a0000, 0x100000, 0xc, 0xad, 0x6, 0x3, 0x7f, 0x2, 0x5e, 0x2, 0xf, 0x1}, {0xdddd1000, 0x8001}, {0x2000, 0x8000}, 0x80000024, 0x0, 0xd001, 0x420000, 0x8, 0xf401, 0xd5dd7002, [0x5, 0x3, 0x434, 0x6]})
ioctl$F2FS_IOC_SEC_TRIM_FILE(r1, 0x4018f514, &(0x7f00000000c0)={0x3, 0x1, 0x2})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x22, &(0x7f0000000600)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@call={0x85, 0x0, 0x0, 0x44}, @call={0x85, 0x0, 0x0, 0x80}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0x9}, @alu={0x4, 0x0, 0x4, 0x1, 0xa, 0xfffffffffffffff8, 0x8}, @printk={@lx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x2}, @jmp={0x5, 0x0, 0xc, 0x4, 0x8, 0x7ffffffffffffff8, 0x10}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}], {{}, {}, {0x85, 0x0, 0x0, 0x1}}}, &(0x7f0000000140)='syzkaller\x00', 0x5, 0xd4, &(0x7f0000000740)=""/212, 0x41000, 0x1, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f00000001c0)={0x9, 0x3}, 0x8, 0x10, &(0x7f00000002c0)={0x0, 0x6, 0x7, 0x4}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000300)=[{0x1, 0x4, 0x2, 0x7}], 0x10, 0x4}, 0x94)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$sock_inet_sctp_SIOCINQ(r1, 0x541b, &(0x7f0000000340))

2.035292955s ago: executing program 3 (id=5699):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={0x20, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x8, 0x18, 0x0, 0x0, @binary="09ac0f00"}, @typed={0x4, 0x1e}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0) (fail_nth: 4)

1.585465488s ago: executing program 0 (id=5700):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x7, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket(0x2, 0x80000, 0xfffffffc)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000008ac05240300000000000109022400030000000109040000010380030900210500"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_TRAP_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)=ANY=[], 0x12c}, 0x1, 0x0, 0x0, 0x4040}, 0x4)
recvmmsg$unix(r4, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000300)=""/115, 0x73}], 0x2}}], 0x1, 0x12100, 0x0)

1.574241063s ago: executing program 6 (id=5701):
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f0000000780)={0x1, 0x0, [{0x40000096, 0x0, 0x3}]})
r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
pread64(r5, 0x0, 0x0, 0x11aa)

1.456456859s ago: executing program 3 (id=5702):
r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000240)={0x8000040, 0x0, '\x00', {0x0, @bt={0x200, 0x4230e47a, 0x1, 0x2, 0x5, 0x5, 0x2, 0x5, 0x0, 0x7, 0x80, 0x205, 0xffd, 0xfffffff1, 0xd, 0x4, {0x9, 0x401}, 0xa2, 0xf9}}})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r1, &(0x7f00000004c0)='W', 0x1, 0x4, &(0x7f0000000100)={0xa, 0x0, 0xfff, @loopback, 0x4}, 0x1c)
getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000004e80)=@assoc_value={0x0, 0x7}, &(0x7f0000004ec0)=0x8)

1.383856897s ago: executing program 1 (id=5703):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x3, 0x80000}, 0x20)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x20)
r1 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r1, 0x29, 0x4d, &(0x7f0000000040)=0x7, 0x4)
r2 = socket$inet6(0xa, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0xb91e9c5a8444a131, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000040)={0xf0f023})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x800)
syz_open_dev$dri(&(0x7f00000006c0), 0x5, 0x40842)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioperm(0x6, 0x3, 0xb017)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xec, 0xec, 0x424, 0x0, 0x1cc, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x80]}}]}, @inet=@DSCP={0x24, 'DSCP\x00', 0x0, {0xff}}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@hbh={{0x48}, {0x8, 0x2, 0x0, [0x905, 0xfffe, 0x4, 0x4, 0x68e, 0xffff, 0x6, 0x7, 0x6, 0x7, 0xfff7, 0x9, 0xffff, 0x8, 0x2, 0x9], 0xa}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8)

1.227384303s ago: executing program 5 (id=5704):
creat(&(0x7f0000000000)='./file0\x00', 0x0)
getrandom(&(0x7f0000000040)=""/23, 0x17, 0x0)
r0 = openat$procfs(0xffffff9c, &(0x7f0000000080)='/proc/schedstat\x00', 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_MPATH(r0, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x5c, r1, 0x2, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x2, 0x50}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
r2 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0)
r3 = syz_io_uring_setup(0xb162, &(0x7f0000000980)={0x0, 0x0, 0x1000}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000c00)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0xa0, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x9}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x74, 0x3, 0x0, 0x1, [{0x70, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x64, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x3}]}}}, {0x20, 0x1, 0x0, 0x1, @quota={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}]}}}, {0x14, 0x1, 0x0, 0x1, @immediate={{0xe}, @void}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x124}}, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0)
write$P9_RSTATu(r2, &(0x7f0000000580)={0x217, 0x2, 0x0, {{0x500, 0xd6, 0x500, 0x3, {}, 0x2810000, 0xffffffff, 0x0, 0x4, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x31, 'pg>\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00|E\x00\x00Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\x03\xb4\x94\xe1\x9et\xb7\xd2\xa7\x1c5\xfaW.', 0x2, '\b\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xee01, 0x0, 0xee01}}, 0x217)

707.117099ms ago: executing program 5 (id=5705):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0x11, 0x148, 0x13c, 0x0, 0x214, 0x2a8, 0x2a8, 0x214, 0x2a8, 0x3, 0x0, {[{{@ip={@broadcast, @dev={0xac, 0x14, 0x14, 0x8}, 0x0, 0xff000000, 'wg1\x00', 'dvmrp0\x00', {0x99380e6a96eb266d}, {0xff}, 0x89, 0x3, 0x8}, 0x0, 0xd4, 0x13c, 0x0, {}, [@common=@unspec=@connlimit={{0x40}, {[0x6ffc6103242fd92e, 0xff000000, 0x0, 0xffffff00], 0x5, 0x2, {0x2}}}, @common=@ttl={{0x24}, {0x1, 0xd}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0xa, 0x7c, 0xf, 0x9, 'snmp\x00', 'syz1\x00', {0x8}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010101, 0x0, 0xffffffff, 'gre0\x00', 'netdevsim0\x00'}, 0x0, 0x70, 0xd8}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x11, 0x1, 0x1000, 0x4, 'pptp\x00', 'syz1\x00', {0x5}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x304)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@newlink={0x5c, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10000}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x24, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x2}, @IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}, @IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e23}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x0)

122.149797ms ago: executing program 1 (id=5706):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00'})
openat$kvm(0xffffff9c, &(0x7f0000000040), 0x401, 0x0)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000009a65d0860040800dee20102030109021b05000000000009040000f678eaf50009058402"], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@o_path={&(0x7f0000000040)='./file0\x00', 0x0, 0x8, r1}, 0x18)
recvmsg$unix(r1, &(0x7f0000000440)={&(0x7f0000000340)=@abs, 0x6e, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/141, 0x8d}], 0x1, &(0x7f0000000580)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}], 0x50}, 0x10040)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, 0x0, 0x0)
shutdown(r3, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f00000000c0)={<r4=>0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e24, 0x40, @private1, 0x1}]}, &(0x7f0000000100)=0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00v'], 0x24}, 0x1, 0x5502000000000000}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e24, 0x800, @empty, 0x9}}, 0x7, 0xfe00, 0x2, 0x3, 0x54, 0x6, 0xf5}, &(0x7f0000000480)=0x9c)
r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$apparmor_exec(r6, &(0x7f0000000440)=ANY=[@ANYBLOB='stack :'], 0xb3)
readv(r6, &(0x7f0000000380)=[{&(0x7f0000000040)=""/11, 0xb}], 0x1)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x1802, 0x0)
r7 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3)
write$UHID_CREATE2(r7, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a1000"/196], 0x119)
r8 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000080)='iocharset', &(0x7f0000000200)='%\x8bR\xafH\xd6e\x11\'\xec\xbb\xcb\xa0/\x1f\x16\xcf\xe2\xb5\xfc\xeb1\x12\xfdC\xb8\xa0\x01\xa3~\x971W\x96\xec\xaf\x1c\x91\xeb\xa8e\xfe\x17\x02xEA\x0f\x14\r\xae\xc1\xfe\x06\x12\beSb{~R\xf0\x06\x00\x00\x00\xf92\xce\x81p\x1fC\n\x9f(\x00\xc5\x1d\x9c\xccCq\x06\x1b-\f\xc9\xd9+\xa4\x14\xd8\xf4\xef\xf5^2\x14\xb8=\x03\x00\xd5M\x04\xf4{H\xd0\xc8\xf7\x10\xe1R \x9a^\xdfq*L\xc4lP6\x8f\xff&>\x94\x882\x1c\x00\x00\xc5\xbdD(\xa5\x17\x11\xd6\t\x12\x7fe\xba\xfc\x93\xf4\xd8\xb5\x04\xcb\x98\xd1QF\xe5\x1b\xb30x/\x86\x02\x1ct\xc7\x88\xd2\xce\xd5\x9e1\xef`\xad\x05\x11\xc9\xd8<\xc6~\x97\xd5\xde\xe3Eh\\\x84\x14\x9e\b\xe1\x9b\x00\'\xe8!\x8c\xc3\x97\x8a\xcf\xfc\x8fe\xa6\x0f\x8b\x912c\x1b>8\xc5\xa3_\xab\xf1\xf5\r\xb6\f\xfcS9\xd1.\x8b\xf3\xbc,?\xb2\x9aBDPY=r\xfa8I\x16\xa2\x18\xd4\xa5\x8b\xaf\xd1\x8a\xbb\x0e\x15O\xc9p@\xadaw\x84\xc9\xdd\x87a[\xdf\xc2\xa4\xf9@T/\xf5\xd1t\xc7\xeb\x04', 0x0)

61.403698ms ago: executing program 5 (id=5707):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x3, 0x80000}, 0x20)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x20)
r1 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r1, 0x29, 0x4d, &(0x7f0000000040)=0x7, 0x4)
r2 = socket$inet6(0xa, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0xb91e9c5a8444a131, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000040)={0xf0f023})
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}, 0x1, 0x0, 0x0, 0xc001}, 0x800)
syz_open_dev$dri(&(0x7f00000006c0), 0x5, 0x40842)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
ioperm(0x6, 0x3, 0xb017)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x65c, 0xec, 0xec, 0x424, 0x0, 0x1cc, 0x594, 0x594, 0x594, 0x594, 0x594, 0x6, 0x0, {[{{@uncond, 0x0, 0xa4, 0xec}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x6}, 0x0, 0xa4, 0xe0}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xf4, 0x118, 0x0, {}, [@common=@unspec=@connmark={{0x2c}}, @common=@inet=@socket1={{0x24}}]}, @HL={0x24, 'HL\x00', 0x0, {0x2, 0x8}}}, {{@uncond, 0x0, 0x11c, 0x140, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x80]}}]}, @inet=@DSCP={0x24, 'DSCP\x00', 0x0, {0xff}}}, {{@uncond, 0x0, 0x134, 0x170, 0x0, {}, [@common=@hbh={{0x48}, {0x8, 0x2, 0x0, [0x905, 0xfffe, 0x4, 0x4, 0x68e, 0xffff, 0x6, 0x7, 0x6, 0x7, 0xfff7, 0x9, 0xffff, 0x8, 0x2, 0x9], 0xa}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x3c, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x6b8)

0s ago: executing program 3 (id=5708):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_vlan\x00', &(0x7f0000000000)=@ethtool_cmd={0xa, 0x0, 0x5, 0x0, 0xf5, 0x0, 0x0, 0x8, 0xff, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, [0x9, 0xfffffffe]}}) (fail_nth: 4)

kernel console output (not intermixed with test programs):

 90 90 90 90 90 90 90 90 90 90 90 90
[ 1603.602316][T26847] RSP: 002b:00000000f544d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1603.602335][T26847] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000380
[ 1603.602347][T26847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1603.602357][T26847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1603.602368][T26847] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1603.602379][T26847] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1603.602409][T26847]  </TASK>
[ 1603.996733][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1604.414434][T26851] tipc: Started in network mode
[ 1604.419316][T26851] tipc: Node identity 0628dcf446e6, cluster identity 4711
[ 1604.429996][T26851] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1604.440500][T26851] syzkaller0: entered promiscuous mode
[ 1604.447140][T26851] syzkaller0: entered allmulticast mode
[ 1604.516219][T26851] tipc: Resetting bearer <eth:syzkaller0>
[ 1604.615885][T26850] tipc: Resetting bearer <eth:syzkaller0>
[ 1604.678537][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[ 1604.804628][T26850] tipc: Disabling bearer <eth:syzkaller0>
[ 1605.390565][T26875] misc userio: The device must be registered before sending interrupts
[ 1605.717229][T26880] netlink: 'syz.0.5028': attribute type 10 has an invalid length.
[ 1605.726734][T26880] veth1_macvtap: left promiscuous mode
[ 1605.933493][T23919] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[ 1606.115395][T23919] usb 2-1: No LPM exit latency info found, disabling LPM.
[ 1606.142384][T23919] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[ 1606.156875][T23919] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[ 1606.181318][T26886] FAULT_INJECTION: forcing a failure.
[ 1606.181318][T26886] name failslab, interval 1, probability 0, space 0, times 0
[ 1606.195872][T23919] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1606.229421][T26885] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5029'.
[ 1606.238699][T26886] CPU: 1 UID: 0 PID: 26886 Comm: syz.3.5030 Not tainted syzkaller #0 PREEMPT(full) 
[ 1606.238724][T26886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1606.238734][T26886] Call Trace:
[ 1606.238741][T26886]  <TASK>
[ 1606.238749][T26886]  dump_stack_lvl+0x189/0x250
[ 1606.238776][T26886]  ? __pfx____ratelimit+0x10/0x10
[ 1606.238803][T26886]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1606.238825][T26886]  ? __pfx__printk+0x10/0x10
[ 1606.238843][T26886]  ? __pfx___might_resched+0x10/0x10
[ 1606.238859][T26886]  ? fs_reclaim_acquire+0x7d/0x100
[ 1606.238878][T26886]  should_fail_ex+0x414/0x560
[ 1606.238906][T26886]  should_failslab+0xa8/0x100
[ 1606.238924][T26886]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1606.238945][T26886]  ? skb_clone+0x212/0x3a0
[ 1606.238967][T26886]  skb_clone+0x212/0x3a0
[ 1606.238981][T26886]  ? nfnetlink_rcv+0x4ba/0x2590
[ 1606.239005][T26886]  nfnetlink_rcv+0x4ec/0x2590
[ 1606.239030][T26886]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1606.239051][T26886]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1606.239068][T26886]  ? kasan_save_track+0x3e/0x80
[ 1606.239090][T26886]  ? __kasan_slab_alloc+0x6c/0x80
[ 1606.239122][T26886]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1606.239153][T26886]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1606.239190][T26886]  ? ref_tracker_free+0x63a/0x7d0
[ 1606.239216][T26886]  ? __asan_memcpy+0x40/0x70
[ 1606.239236][T26886]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1606.239269][T26886]  ? skb_clone+0x246/0x3a0
[ 1606.239291][T26886]  ? __netlink_deliver_tap+0x807/0x850
[ 1606.239310][T26886]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1606.239344][T26886]  netlink_unicast+0x82f/0x9e0
[ 1606.239377][T26886]  ? __pfx_netlink_unicast+0x10/0x10
[ 1606.239403][T26886]  ? netlink_sendmsg+0x642/0xb30
[ 1606.239418][T26886]  ? skb_put+0x11b/0x210
[ 1606.239438][T26886]  netlink_sendmsg+0x805/0xb30
[ 1606.239463][T26886]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1606.239484][T26886]  ? __import_iovec+0x5d4/0x7f0
[ 1606.239503][T26886]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1606.239528][T26886]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1606.239545][T26886]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1606.239563][T26886]  __sock_sendmsg+0x21c/0x270
[ 1606.239589][T26886]  ____sys_sendmsg+0x505/0x830
[ 1606.239613][T26886]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1606.239647][T26886]  ___sys_sendmsg+0x21f/0x2a0
[ 1606.239667][T26886]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1606.239717][T26886]  ? __fget_files+0x2a/0x420
[ 1606.239733][T26886]  ? __fget_files+0x3a0/0x420
[ 1606.239759][T26886]  __sys_sendmsg+0x164/0x220
[ 1606.239780][T26886]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1606.239807][T26886]  ? rcu_is_watching+0x15/0xb0
[ 1606.239831][T26886]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1606.239856][T26886]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1606.239882][T26886]  __do_fast_syscall_32+0xb6/0x2b0
[ 1606.239906][T26886]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1606.239932][T26886]  do_fast_syscall_32+0x34/0x80
[ 1606.239953][T26886]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1606.239973][T26886] RIP: 0023:0xf701d539
[ 1606.239989][T26886] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1606.240004][T26886] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1606.240023][T26886] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1606.240035][T26886] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1606.240045][T26886] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1606.240055][T26886] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1606.240064][T26886] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1606.240090][T26886]  </TASK>
[ 1606.599635][T23919] usb 2-1: string descriptor 0 read error: -22
[ 1606.614720][T23919] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1606.626773][T23919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1606.644076][T26878] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1606.652481][T26878] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1606.984479][T26871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1606.993077][T26871] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1607.336593][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.345771][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1608.072660][T26905] FAULT_INJECTION: forcing a failure.
[ 1608.072660][T26905] name failslab, interval 1, probability 0, space 0, times 0
[ 1608.140734][T24526] usb 2-1: USB disconnect, device number 33
[ 1608.194115][T26905] CPU: 1 UID: 0 PID: 26905 Comm: syz.5.5035 Not tainted syzkaller #0 PREEMPT(full) 
[ 1608.194133][T26905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1608.194140][T26905] Call Trace:
[ 1608.194144][T26905]  <TASK>
[ 1608.194149][T26905]  dump_stack_lvl+0x189/0x250
[ 1608.194167][T26905]  ? __pfx____ratelimit+0x10/0x10
[ 1608.194181][T26905]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1608.194193][T26905]  ? __pfx__printk+0x10/0x10
[ 1608.194207][T26905]  ? __pfx___might_resched+0x10/0x10
[ 1608.194218][T26905]  ? fs_reclaim_acquire+0x7d/0x100
[ 1608.194230][T26905]  should_fail_ex+0x414/0x560
[ 1608.194248][T26905]  should_failslab+0xa8/0x100
[ 1608.194259][T26905]  __kmalloc_noprof+0xcb/0x7f0
[ 1608.194280][T26905]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1608.194294][T26905]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1608.194307][T26905]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1608.194323][T26905]  genl_family_rcv_msg_doit+0xb8/0x300
[ 1608.194339][T26905]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1608.194355][T26905]  ? apparmor_capable+0x137/0x1b0
[ 1608.194368][T26905]  ? bpf_lsm_capable+0x9/0x20
[ 1608.194380][T26905]  ? security_capable+0x7e/0x2e0
[ 1608.194396][T26905]  genl_rcv_msg+0x60e/0x790
[ 1608.194412][T26905]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1608.194422][T26905]  ? __pfx_nl80211_pre_doit+0x10/0x10
[ 1608.194433][T26905]  ? __pfx_nl80211_set_mcast_rate+0x10/0x10
[ 1608.194443][T26905]  ? __pfx_nl80211_post_doit+0x10/0x10
[ 1608.194454][T26905]  ? __asan_memcpy+0x40/0x70
[ 1608.194467][T26905]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1608.194481][T26905]  netlink_rcv_skb+0x208/0x470
[ 1608.194490][T26905]  ? __lock_acquire+0xab9/0xd20
[ 1608.194500][T26905]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1608.194513][T26905]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1608.194538][T26905]  ? down_read+0x1ad/0x2e0
[ 1608.194549][T26905]  genl_rcv+0x28/0x40
[ 1608.194560][T26905]  netlink_unicast+0x82f/0x9e0
[ 1608.194578][T26905]  ? __pfx_netlink_unicast+0x10/0x10
[ 1608.194592][T26905]  ? netlink_sendmsg+0x642/0xb30
[ 1608.194601][T26905]  ? skb_put+0x11b/0x210
[ 1608.194613][T26905]  netlink_sendmsg+0x805/0xb30
[ 1608.194627][T26905]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1608.194638][T26905]  ? __import_iovec+0x5d4/0x7f0
[ 1608.194649][T26905]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1608.194664][T26905]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1608.194673][T26905]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1608.194684][T26905]  __sock_sendmsg+0x21c/0x270
[ 1608.194699][T26905]  ____sys_sendmsg+0x505/0x830
[ 1608.194713][T26905]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1608.194732][T26905]  ___sys_sendmsg+0x21f/0x2a0
[ 1608.194744][T26905]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1608.194773][T26905]  ? __fget_files+0x2a/0x420
[ 1608.194783][T26905]  ? __fget_files+0x3a0/0x420
[ 1608.194797][T26905]  __sys_sendmsg+0x164/0x220
[ 1608.194809][T26905]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1608.194825][T26905]  ? rcu_is_watching+0x15/0xb0
[ 1608.194838][T26905]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1608.194852][T26905]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1608.194867][T26905]  __do_fast_syscall_32+0xb6/0x2b0
[ 1608.194882][T26905]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1608.194896][T26905]  do_fast_syscall_32+0x34/0x80
[ 1608.194910][T26905]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1608.194922][T26905] RIP: 0023:0xf7f32539
[ 1608.194932][T26905] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1608.194940][T26905] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1608.194952][T26905] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[ 1608.194959][T26905] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1608.194965][T26905] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1608.194971][T26905] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1608.194977][T26905] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1608.194992][T26905]  </TASK>
[ 1608.930760][T26915] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5038'.
[ 1609.004486][T26915] FAULT_INJECTION: forcing a failure.
[ 1609.004486][T26915] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1609.141755][T26915] CPU: 0 UID: 0 PID: 26915 Comm: syz.6.5038 Not tainted syzkaller #0 PREEMPT(full) 
[ 1609.141779][T26915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1609.141789][T26915] Call Trace:
[ 1609.141796][T26915]  <TASK>
[ 1609.141803][T26915]  dump_stack_lvl+0x189/0x250
[ 1609.141830][T26915]  ? __pfx____ratelimit+0x10/0x10
[ 1609.141850][T26915]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1609.141870][T26915]  ? __pfx__printk+0x10/0x10
[ 1609.141888][T26915]  ? fs_reclaim_acquire+0x7d/0x100
[ 1609.141911][T26915]  should_fail_ex+0x414/0x560
[ 1609.141939][T26915]  prepare_alloc_pages+0x213/0x610
[ 1609.141962][T26915]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1609.141982][T26915]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1609.142009][T26915]  ? policy_nodemask+0x27c/0x720
[ 1609.142024][T26915]  ? __lock_acquire+0xab9/0xd20
[ 1609.142047][T26915]  alloc_pages_mpol+0x232/0x4a0
[ 1609.142069][T26915]  vma_alloc_folio_noprof+0xe4/0x200
[ 1609.142086][T26915]  ? page_table_check_set+0x18d/0x730
[ 1609.142110][T26915]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1609.142139][T26915]  folio_prealloc+0x30/0x180
[ 1609.142164][T26915]  __handle_mm_fault+0x2a8b/0x5400
[ 1609.142213][T26915]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1609.142249][T26915]  ? follow_page_pte+0x7ef/0x13e0
[ 1609.142282][T26915]  handle_mm_fault+0x40a/0x8e0
[ 1609.142315][T26915]  __get_user_pages+0x165c/0x2a00
[ 1609.142366][T26915]  populate_vma_page_range+0x29f/0x3a0
[ 1609.142391][T26915]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1609.142411][T26915]  ? apply_vma_lock_flags+0x31b/0x390
[ 1609.142436][T26915]  ? down_read+0x1ad/0x2e0
[ 1609.142456][T26915]  __mm_populate+0x24c/0x380
[ 1609.142480][T26915]  ? __pfx___mm_populate+0x10/0x10
[ 1609.142504][T26915]  ? up_write+0x1c4/0x420
[ 1609.142529][T26915]  do_mlock+0x612/0x720
[ 1609.142556][T26915]  ? __pfx_do_mlock+0x10/0x10
[ 1609.142575][T26915]  ? fput+0xa0/0xd0
[ 1609.142594][T26915]  ? ksys_write+0x22a/0x250
[ 1609.142615][T26915]  ? exc_page_fault+0x82/0x100
[ 1609.142639][T26915]  ? __pfx_ksys_write+0x10/0x10
[ 1609.142661][T26915]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1609.142685][T26915]  __ia32_sys_mlock+0x5f/0x70
[ 1609.142703][T26915]  __do_fast_syscall_32+0xb6/0x2b0
[ 1609.142728][T26915]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1609.142753][T26915]  do_fast_syscall_32+0x34/0x80
[ 1609.142774][T26915]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1609.142794][T26915] RIP: 0023:0xf706d539
[ 1609.142810][T26915] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1609.142824][T26915] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000096
[ 1609.142844][T26915] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000800000
[ 1609.142857][T26915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1609.142868][T26915] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1609.142878][T26915] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1609.142889][T26915] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1609.142918][T26915]  </TASK>
[ 1610.011562][T26934] FAULT_INJECTION: forcing a failure.
[ 1610.011562][T26934] name failslab, interval 1, probability 0, space 0, times 0
[ 1610.065788][T26934] CPU: 1 UID: 0 PID: 26934 Comm: syz.1.5042 Not tainted syzkaller #0 PREEMPT(full) 
[ 1610.065814][T26934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1610.065825][T26934] Call Trace:
[ 1610.065833][T26934]  <TASK>
[ 1610.065842][T26934]  dump_stack_lvl+0x189/0x250
[ 1610.065870][T26934]  ? __pfx____ratelimit+0x10/0x10
[ 1610.065893][T26934]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1610.065915][T26934]  ? __pfx__printk+0x10/0x10
[ 1610.065938][T26934]  ? __pfx___might_resched+0x10/0x10
[ 1610.065955][T26934]  ? fs_reclaim_acquire+0x7d/0x100
[ 1610.065974][T26934]  should_fail_ex+0x414/0x560
[ 1610.066003][T26934]  should_failslab+0xa8/0x100
[ 1610.066023][T26934]  __kmalloc_noprof+0xcb/0x7f0
[ 1610.066046][T26934]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1610.066068][T26934]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1610.066092][T26934]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1610.066121][T26934]  genl_family_rcv_msg_doit+0xb8/0x300
[ 1610.066157][T26934]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1610.066184][T26934]  ? apparmor_capable+0x137/0x1b0
[ 1610.066205][T26934]  ? bpf_lsm_capable+0x9/0x20
[ 1610.066226][T26934]  ? security_capable+0x7e/0x2e0
[ 1610.066253][T26934]  genl_rcv_msg+0x60e/0x790
[ 1610.066280][T26934]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1610.066301][T26934]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[ 1610.066325][T26934]  ? __asan_memcpy+0x40/0x70
[ 1610.066346][T26934]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1610.066371][T26934]  netlink_rcv_skb+0x208/0x470
[ 1610.066387][T26934]  ? __lock_acquire+0xab9/0xd20
[ 1610.066404][T26934]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1610.066427][T26934]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1610.066470][T26934]  ? down_read+0x1ad/0x2e0
[ 1610.066491][T26934]  genl_rcv+0x28/0x40
[ 1610.066507][T26934]  netlink_unicast+0x82f/0x9e0
[ 1610.066539][T26934]  ? __pfx_netlink_unicast+0x10/0x10
[ 1610.066563][T26934]  ? netlink_sendmsg+0x642/0xb30
[ 1610.066578][T26934]  ? skb_put+0x11b/0x210
[ 1610.066598][T26934]  netlink_sendmsg+0x805/0xb30
[ 1610.066625][T26934]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1610.066645][T26934]  ? __import_iovec+0x5d4/0x7f0
[ 1610.066664][T26934]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1610.066690][T26934]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1610.066705][T26934]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1610.066723][T26934]  __sock_sendmsg+0x21c/0x270
[ 1610.066752][T26934]  ____sys_sendmsg+0x505/0x830
[ 1610.066774][T26934]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1610.066807][T26934]  ___sys_sendmsg+0x21f/0x2a0
[ 1610.066827][T26934]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1610.066876][T26934]  ? __fget_files+0x2a/0x420
[ 1610.066891][T26934]  ? __fget_files+0x3a0/0x420
[ 1610.066917][T26934]  __sys_sendmsg+0x164/0x220
[ 1610.066936][T26934]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1610.066963][T26934]  ? __pfx_ksys_write+0x10/0x10
[ 1610.066988][T26934]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1610.067013][T26934]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1610.067038][T26934]  __do_fast_syscall_32+0xb6/0x2b0
[ 1610.067062][T26934]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1610.067086][T26934]  do_fast_syscall_32+0x34/0x80
[ 1610.067109][T26934]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1610.067138][T26934] RIP: 0023:0xf705d539
[ 1610.067154][T26934] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1610.067170][T26934] RSP: 002b:00000000f544d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1610.067188][T26934] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1610.067201][T26934] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1610.067212][T26934] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1610.067223][T26934] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1610.067234][T26934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1610.067262][T26934]  </TASK>
[ 1610.994852][T26953] misc userio: The device must be registered before sending interrupts
[ 1612.037004][T26964] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5047'.
[ 1614.414625][T26997] FAULT_INJECTION: forcing a failure.
[ 1614.414625][T26997] name failslab, interval 1, probability 0, space 0, times 0
[ 1614.493562][T26997] CPU: 0 UID: 0 PID: 26997 Comm: syz.3.5060 Not tainted syzkaller #0 PREEMPT(full) 
[ 1614.493592][T26997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1614.493603][T26997] Call Trace:
[ 1614.493612][T26997]  <TASK>
[ 1614.493620][T26997]  dump_stack_lvl+0x189/0x250
[ 1614.493648][T26997]  ? __pfx____ratelimit+0x10/0x10
[ 1614.493671][T26997]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1614.493694][T26997]  ? __pfx__printk+0x10/0x10
[ 1614.493718][T26997]  ? __pfx___might_resched+0x10/0x10
[ 1614.493737][T26997]  ? fs_reclaim_acquire+0x7d/0x100
[ 1614.493760][T26997]  should_fail_ex+0x414/0x560
[ 1614.493791][T26997]  should_failslab+0xa8/0x100
[ 1614.493811][T26997]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1614.493835][T26997]  ? __pfx___mutex_lock+0x10/0x10
[ 1614.493858][T26997]  ? xdp_umem_create+0x58/0x8e0
[ 1614.493891][T26997]  xdp_umem_create+0x58/0x8e0
[ 1614.493921][T26997]  xsk_setsockopt+0x7b0/0x8d0
[ 1614.493942][T26997]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1614.493972][T26997]  ? __fget_files+0x2a/0x420
[ 1614.493993][T26997]  ? aa_sock_opt_perm+0xff/0x1b0
[ 1614.494019][T26997]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1614.494035][T26997]  ? __pfx_xsk_setsockopt+0x10/0x10
[ 1614.494055][T26997]  do_sock_setsockopt+0x17c/0x1b0
[ 1614.494078][T26997]  __ia32_sys_setsockopt+0x13f/0x1b0
[ 1614.494100][T26997]  __do_fast_syscall_32+0xb6/0x2b0
[ 1614.494125][T26997]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1614.494149][T26997]  do_fast_syscall_32+0x34/0x80
[ 1614.494168][T26997]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1614.494181][T26997] RIP: 0023:0xf701d539
[ 1614.494191][T26997] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1614.494200][T26997] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 000000000000016e
[ 1614.494211][T26997] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000000011b
[ 1614.494218][T26997] RDX: 0000000000000004 RSI: 0000000080000040 RDI: 0000000000000020
[ 1614.494225][T26997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1614.494230][T26997] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1614.494236][T26997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1614.494251][T26997]  </TASK>
[ 1614.647832][T26992] input: syz1 as /devices/virtual/input/input169
[ 1615.155797][T27011] FAULT_INJECTION: forcing a failure.
[ 1615.155797][T27011] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1615.184097][T27011] CPU: 1 UID: 0 PID: 27011 Comm: syz.1.5064 Not tainted syzkaller #0 PREEMPT(full) 
[ 1615.184123][T27011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1615.184135][T27011] Call Trace:
[ 1615.184143][T27011]  <TASK>
[ 1615.184151][T27011]  dump_stack_lvl+0x189/0x250
[ 1615.184178][T27011]  ? __pfx____ratelimit+0x10/0x10
[ 1615.184201][T27011]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1615.184223][T27011]  ? __pfx__printk+0x10/0x10
[ 1615.184254][T27011]  should_fail_ex+0x414/0x560
[ 1615.184283][T27011]  _copy_to_user+0x31/0xb0
[ 1615.184330][T27011]  simple_read_from_buffer+0xe1/0x170
[ 1615.184364][T27011]  proc_fail_nth_read+0x1b3/0x220
[ 1615.184390][T27011]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1615.184414][T27011]  ? rw_verify_area+0x2a6/0x4d0
[ 1615.184436][T27011]  ? __lock_acquire+0xab9/0xd20
[ 1615.184452][T27011]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1615.184475][T27011]  vfs_read+0x200/0xa30
[ 1615.184495][T27011]  ? fdget_pos+0x247/0x320
[ 1615.184516][T27011]  ? __pfx___mutex_lock+0x10/0x10
[ 1615.184540][T27011]  ? __pfx_vfs_read+0x10/0x10
[ 1615.184563][T27011]  ? __fget_files+0x2a/0x420
[ 1615.184585][T27011]  ? __fget_files+0x3a0/0x420
[ 1615.184600][T27011]  ? __fget_files+0x2a/0x420
[ 1615.184624][T27011]  ksys_read+0x145/0x250
[ 1615.184649][T27011]  ? __pfx_ksys_read+0x10/0x10
[ 1615.184673][T27011]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1615.184699][T27011]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1615.184724][T27011]  __do_fast_syscall_32+0xb6/0x2b0
[ 1615.184749][T27011]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1615.184776][T27011]  do_fast_syscall_32+0x34/0x80
[ 1615.184800][T27011]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1615.184821][T27011] RIP: 0023:0xf705d539
[ 1615.184836][T27011] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1615.184850][T27011] RSP: 002b:00000000f544d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1615.184869][T27011] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f544d620
[ 1615.184882][T27011] RDX: 000000000000000f RSI: 00000000f73f6ff4 RDI: 0000000000000000
[ 1615.184893][T27011] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1615.184902][T27011] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1615.184913][T27011] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1615.184942][T27011]  </TASK>
[ 1615.673756][ T5891] usb 4-1: new low-speed USB device number 52 using dummy_hcd
[ 1615.820136][T27022] misc userio: The device must be registered before sending interrupts
[ 1615.834285][ T5891] usb 4-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1615.855210][ T5891] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[ 1615.874160][ T5891] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1615.904768][ T5891] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1615.923916][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1615.934800][ T5891] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1615.945181][ T5891] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1615.961816][ T5891] usb 4-1: string descriptor 0 read error: -22
[ 1615.968826][ T5891] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1615.978341][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1615.988437][ T5891] usb 4-1: config 0 descriptor??
[ 1615.996641][ T5891] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1616.014667][ T5891] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1616.058707][ T5891] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input171
[ 1616.500858][T20562] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1616.703710][T20562] usb 2-1: Using ep0 maxpacket: 8
[ 1616.712753][T20562] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1616.721146][T20562] usb 2-1: config 16 has an invalid interface number: 3 but max is 0
[ 1616.729286][T20562] usb 2-1: config 16 has no interface number 0
[ 1616.736257][T20562] usb 2-1: config 16 interface 3 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1616.746217][T20562] usb 2-1: config 16 interface 3 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1616.755987][T20562] usb 2-1: config 16 interface 3 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1616.766022][T20562] usb 2-1: config 16 interface 3 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1616.780049][T20562] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1616.789196][T20562] usb 2-1: New USB device strings: Mfr=0, Product=199, SerialNumber=0
[ 1616.797393][T20562] usb 2-1: Product: syz
[ 1616.944330][ T5943] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1617.009175][T20562] usb 2-1: usb_control_msg returned -32
[ 1617.015348][T20562] usbtmc 2-1:16.3: can't read capabilities
[ 1617.073534][ T5943] usb 6-1: device descriptor read/64, error -71
[ 1617.313480][ T5943] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1617.463513][ T5943] usb 6-1: device descriptor read/64, error -71
[ 1617.589118][ T5943] usb usb6-port1: attempt power cycle
[ 1617.963622][ T5943] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1617.974120][T27041] tipc: Started in network mode
[ 1617.979024][T27041] tipc: Node identity 6ae859e4e8a9, cluster identity 4711
[ 1617.986544][T27041] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1617.993460][ T5943] usb 6-1: device descriptor read/8, error -71
[ 1617.998976][T27041] syzkaller0: entered promiscuous mode
[ 1618.005652][T27041] syzkaller0: entered allmulticast mode
[ 1618.019347][T27041] tipc: Resetting bearer <eth:syzkaller0>
[ 1618.028871][T27040] tipc: Resetting bearer <eth:syzkaller0>
[ 1618.052717][T27040] tipc: Disabling bearer <eth:syzkaller0>
[ 1618.112552][ T5891] usb 4-1: USB disconnect, device number 52
[ 1618.244514][ T5943] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1618.276243][ T5943] usb 6-1: device descriptor read/8, error -71
[ 1618.317184][T27049] FAULT_INJECTION: forcing a failure.
[ 1618.317184][T27049] name failslab, interval 1, probability 0, space 0, times 0
[ 1618.330997][T27049] CPU: 1 UID: 0 PID: 27049 Comm: syz.6.5077 Not tainted syzkaller #0 PREEMPT(full) 
[ 1618.331022][T27049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1618.331033][T27049] Call Trace:
[ 1618.331041][T27049]  <TASK>
[ 1618.331048][T27049]  dump_stack_lvl+0x189/0x250
[ 1618.331075][T27049]  ? __pfx____ratelimit+0x10/0x10
[ 1618.331097][T27049]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1618.331119][T27049]  ? __pfx__printk+0x10/0x10
[ 1618.331140][T27049]  ? __lock_acquire+0xab9/0xd20
[ 1618.331164][T27049]  should_fail_ex+0x414/0x560
[ 1618.331192][T27049]  should_failslab+0xa8/0x100
[ 1618.331211][T27049]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1618.331234][T27049]  ? skb_clone+0x212/0x3a0
[ 1618.331258][T27049]  skb_clone+0x212/0x3a0
[ 1618.331280][T27049]  __netlink_deliver_tap+0x404/0x850
[ 1618.331310][T27049]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1618.331329][T27049]  netlink_deliver_tap+0x19c/0x1b0
[ 1618.331348][T27049]  netlink_unicast+0x7fa/0x9e0
[ 1618.331386][T27049]  ? __pfx_netlink_unicast+0x10/0x10
[ 1618.331409][T27049]  ? netlink_sendmsg+0x642/0xb30
[ 1618.331424][T27049]  ? skb_put+0x11b/0x210
[ 1618.331443][T27049]  netlink_sendmsg+0x805/0xb30
[ 1618.331466][T27049]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1618.331485][T27049]  ? __import_iovec+0x5d4/0x7f0
[ 1618.331503][T27049]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1618.331528][T27049]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1618.331546][T27049]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1618.331564][T27049]  __sock_sendmsg+0x21c/0x270
[ 1618.331591][T27049]  ____sys_sendmsg+0x505/0x830
[ 1618.331617][T27049]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1618.331651][T27049]  ___sys_sendmsg+0x21f/0x2a0
[ 1618.331673][T27049]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1618.331727][T27049]  ? __fget_files+0x2a/0x420
[ 1618.331744][T27049]  ? __fget_files+0x3a0/0x420
[ 1618.331771][T27049]  __sys_sendmsg+0x164/0x220
[ 1618.331792][T27049]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1618.331818][T27049]  ? __pfx_ksys_write+0x10/0x10
[ 1618.331845][T27049]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1618.331871][T27049]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1618.331899][T27049]  __do_fast_syscall_32+0xb6/0x2b0
[ 1618.331922][T27049]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1618.331947][T27049]  do_fast_syscall_32+0x34/0x80
[ 1618.331970][T27049]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1618.331988][T27049] RIP: 0023:0xf706d539
[ 1618.332003][T27049] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1618.332017][T27049] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1618.332035][T27049] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000600
[ 1618.332047][T27049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1618.332057][T27049] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1618.332066][T27049] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1618.332076][T27049] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1618.332101][T27049]  </TASK>
[ 1618.332211][T27049] netlink: 'syz.6.5077': attribute type 10 has an invalid length.
[ 1618.400785][ T5943] usb usb6-port1: unable to enumerate USB device
[ 1619.142838][T27052] input: syz1 as /devices/virtual/input/input172
[ 1619.218745][T24526] usb 2-1: USB disconnect, device number 34
[ 1620.221106][   T30] audit: type=1326 audit(1762859559.731:2583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27076 comm="syz.3.5090" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701d539 code=0x0
[ 1620.373949][T24526] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1620.395377][T27086] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1620.602917][T24526] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[ 1620.615434][T24526] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1620.634794][T24526] usb 6-1: Product: syz
[ 1620.642341][T24526] usb 6-1: Manufacturer: syz
[ 1620.652174][T24526] usb 6-1: SerialNumber: syz
[ 1620.971838][T23919] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[ 1621.123918][T24526] rtl8150 6-1:1.0: couldn't reset the device
[ 1621.130355][T24526] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[ 1621.144111][T24526] usb 6-1: USB disconnect, device number 29
[ 1621.239354][T23919] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1621.260128][T23919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1621.276496][T23919] usb 2-1: Product: syz
[ 1621.280938][T23919] usb 2-1: Manufacturer: syz
[ 1621.285869][T23919] usb 2-1: SerialNumber: syz
[ 1621.305392][T23919] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1621.332082][ T5943] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1621.727823][T20562] usb 2-1: USB disconnect, device number 35
[ 1622.398229][ T5943] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 1622.406042][ T5943] ath9k_htc: Failed to initialize the device
[ 1622.415622][T20562] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1622.610121][T27108] xt_limit: Overflow, try lower: 324398827/4200216962
[ 1622.872770][T27114] vim2m vim2m.0: Fourcc format (0x56595559) invalid.
[ 1623.657487][T27135] misc userio: The device must be registered before sending interrupts
[ 1623.733996][T18490] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1623.933932][T18490] usb 6-1: Using ep0 maxpacket: 8
[ 1623.941844][T18490] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[ 1623.950506][T24526] usb 2-1: new low-speed USB device number 36 using dummy_hcd
[ 1623.960298][T18490] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[ 1623.971961][T18490] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[ 1623.981798][T18490] usb 6-1: config 250 has no interface number 0
[ 1623.989731][T18490] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[ 1624.002243][T18490] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[ 1624.013949][T18490] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1624.025657][T18490] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[ 1624.038228][T18490] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[ 1624.053345][T18490] usb 6-1: config 250 interface 228 has no altsetting 0
[ 1624.064963][T18490] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[ 1624.076671][T18490] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[ 1624.085927][T18490] usb 6-1: Product: syz
[ 1624.090289][T18490] usb 6-1: SerialNumber: syz
[ 1624.102941][T18490] hub 6-1:250.228: bad descriptor, ignoring hub
[ 1624.111917][T18490] hub 6-1:250.228: probe with driver hub failed with error -5
[ 1624.121838][T24526] usb 2-1: No LPM exit latency info found, disabling LPM.
[ 1624.132440][T24526] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[ 1624.154484][T24526] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[ 1624.185364][T24526] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1624.198297][T24526] usb 2-1: string descriptor 0 read error: -22
[ 1624.212992][T24526] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1624.234309][T24526] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.250987][T27135] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1624.260796][T27135] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1624.309160][T18490] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 30 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[ 1624.498055][T27132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1624.507889][T27132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1624.547379][T18490] usb 6-1: reset high-speed USB device number 30 using dummy_hcd
[ 1624.643535][ T5943] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[ 1624.795349][ T5943] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1624.805695][ T5943] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1624.816179][ T5943] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1624.831234][ T5943] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1624.840375][ T5943] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1624.850442][ T5943] usb 4-1: Product: syz
[ 1624.854869][ T5943] usb 4-1: Manufacturer: syz
[ 1624.859466][ T5943] usb 4-1: SerialNumber: syz
[ 1624.871686][ T5943] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing
[ 1624.879200][ T5943] cdc_ncm 4-1:1.0: bind() failure
[ 1625.236354][T20562] usb 6-1: USB disconnect, device number 30
[ 1625.264483][T20562] usblp0: removed
[ 1626.574479][T18490] usb 2-1: USB disconnect, device number 36
[ 1627.425660][T18490] usb 4-1: USB disconnect, device number 53
[ 1627.773984][ T5891] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[ 1627.969790][ T5891] usb 2-1: Using ep0 maxpacket: 8
[ 1627.994044][T18490] usb 4-1: new full-speed USB device number 54 using dummy_hcd
[ 1628.102361][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1628.132031][ T5891] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1628.150271][ T5891] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1628.186071][ T5891] usb 2-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00
[ 1628.198950][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1628.208848][T18490] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1628.220811][T18490] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[ 1628.238777][ T5891] usb 2-1: config 0 descriptor??
[ 1628.246822][T18490] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 1628.392139][T18490] usb 4-1: New USB device found, idVendor=0755, idProduct=2626, bcdDevice= 0.00
[ 1628.410243][T18490] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1628.457279][T27198] misc userio: The device must be registered before sending interrupts
[ 1628.581561][T18490] usb 4-1: config 0 descriptor??
[ 1628.607010][T27182] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1629.106749][T18490] usbhid 4-1:0.0: can't add hid device: -71
[ 1629.148138][T18490] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1629.257109][T18490] usb 4-1: USB disconnect, device number 54
[ 1629.943498][T20562] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1630.073472][T20562] usb 6-1: device descriptor read/64, error -71
[ 1630.313479][T20562] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1630.443477][T20562] usb 6-1: device descriptor read/64, error -71
[ 1630.554492][T20562] usb usb6-port1: attempt power cycle
[ 1630.903812][T20562] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1630.934703][T20562] usb 6-1: device descriptor read/8, error -71
[ 1631.310914][T20562] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[ 1631.351142][T27223] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5135'.
[ 1631.362376][T20562] usb 6-1: device descriptor read/8, error -71
[ 1631.430483][ T5891] usb 2-1: string descriptor 0 read error: -71
[ 1631.488431][T20562] usb usb6-port1: unable to enumerate USB device
[ 1631.513124][ T5891] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[ 1631.567787][ T5891] usb 2-1: USB disconnect, device number 37
[ 1631.740568][T27227] FAULT_INJECTION: forcing a failure.
[ 1631.740568][T27227] name failslab, interval 1, probability 0, space 0, times 0
[ 1631.783144][T27227] CPU: 1 UID: 0 PID: 27227 Comm: syz.0.5137 Not tainted syzkaller #0 PREEMPT(full) 
[ 1631.783169][T27227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1631.783180][T27227] Call Trace:
[ 1631.783188][T27227]  <TASK>
[ 1631.783197][T27227]  dump_stack_lvl+0x189/0x250
[ 1631.783225][T27227]  ? __pfx____ratelimit+0x10/0x10
[ 1631.783248][T27227]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1631.783270][T27227]  ? __pfx__printk+0x10/0x10
[ 1631.783295][T27227]  ? __pfx___might_resched+0x10/0x10
[ 1631.783313][T27227]  ? fs_reclaim_acquire+0x7d/0x100
[ 1631.783335][T27227]  should_fail_ex+0x414/0x560
[ 1631.783368][T27227]  should_failslab+0xa8/0x100
[ 1631.783386][T27227]  __kmalloc_noprof+0xcb/0x7f0
[ 1631.783407][T27227]  ? tomoyo_encode+0x28b/0x550
[ 1631.783434][T27227]  tomoyo_encode+0x28b/0x550
[ 1631.783462][T27227]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1631.783490][T27227]  ? tomoyo_domain+0xd9/0x130
[ 1631.783512][T27227]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1631.783534][T27227]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1631.783560][T27227]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1631.783599][T27227]  ? __lock_acquire+0xab9/0xd20
[ 1631.783638][T27227]  ? __fget_files+0x2a/0x420
[ 1631.783660][T27227]  ? __fget_files+0x3a0/0x420
[ 1631.783675][T27227]  ? __fget_files+0x2a/0x420
[ 1631.783696][T27227]  security_file_ioctl_compat+0xcb/0x2d0
[ 1631.783720][T27227]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1631.783746][T27227]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1631.783768][T27227]  ? __fget_files+0x3a0/0x420
[ 1631.783792][T27227]  ? fput+0xa0/0xd0
[ 1631.783812][T27227]  ? ksys_write+0x22a/0x250
[ 1631.783834][T27227]  ? exc_page_fault+0x82/0x100
[ 1631.783858][T27227]  ? __pfx_ksys_write+0x10/0x10
[ 1631.783884][T27227]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1631.783909][T27227]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1631.783936][T27227]  __do_fast_syscall_32+0xb6/0x2b0
[ 1631.783960][T27227]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1631.783987][T27227]  do_fast_syscall_32+0x34/0x80
[ 1631.784017][T27227]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1631.784038][T27227] RIP: 0023:0xf709d539
[ 1631.784054][T27227] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1631.784068][T27227] RSP: 002b:00000000f548d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1631.784088][T27227] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000004048aecb
[ 1631.784101][T27227] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1631.784113][T27227] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1631.784124][T27227] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1631.784135][T27227] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1631.784164][T27227]  </TASK>
[ 1632.055987][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1632.087555][T27229] netlink: 'syz.0.5137': attribute type 9 has an invalid length.
[ 1632.095445][T27229] netlink: 'syz.0.5137': attribute type 9 has an invalid length.
[ 1632.113534][T27227] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1632.736866][T27248] netlink: 156 bytes leftover after parsing attributes in process `syz.3.5141'.
[ 1632.900849][T27245] netlink: 'syz.6.5143': attribute type 9 has an invalid length.
[ 1632.992773][T27245] netlink: 'syz.6.5143': attribute type 9 has an invalid length.
[ 1633.151534][T27250] netdevsim netdevsim0: Direct firmware load for ..€ failed with error -2
[ 1633.161477][T27250] netdevsim netdevsim0: Falling back to sysfs fallback for: ..€
[ 1633.853675][   T30] audit: type=1326 audit(1762859573.131:2584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27257 comm="syz.6.5146" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf706d539 code=0x0
[ 1633.964093][T27267] misc userio: The device must be registered before sending interrupts
[ 1634.223575][T20562] usb 6-1: new low-speed USB device number 35 using dummy_hcd
[ 1634.253811][T27263] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1634.486166][T20562] usb 6-1: No LPM exit latency info found, disabling LPM.
[ 1634.496376][T20562] usb 6-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[ 1634.506642][T20562] usb 6-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[ 1634.537212][T20562] usb 6-1: config 1 interface 0 has no altsetting 0
[ 1634.558508][T20562] usb 6-1: string descriptor 0 read error: -22
[ 1634.567145][T20562] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1634.576927][T20562] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1634.615873][T27267] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1634.623261][T27267] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1635.080496][T27279] netlink: 'syz.1.5149': attribute type 10 has an invalid length.
[ 1635.088822][T27279] lo: entered promiscuous mode
[ 1635.155206][T27262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1635.168284][T27262] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1635.402014][T27284] netlink: 12 bytes leftover after parsing attributes in process `syz.6.5152'.
[ 1636.572268][T20562] usb 6-1: USB disconnect, device number 35
[ 1636.681495][T27311] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5163'.
[ 1636.693307][T27312] netlink: 'syz.3.5162': attribute type 2 has an invalid length.
[ 1637.146662][T27323] netlink: 'syz.3.5166': attribute type 1 has an invalid length.
[ 1637.154584][T27323] netlink: 'syz.3.5166': attribute type 2 has an invalid length.
[ 1637.821259][T27334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5168'.
[ 1638.177832][T27311] bond0: entered promiscuous mode
[ 1638.227899][T27311] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1639.542901][T27366] tun0: tun_chr_ioctl cmd 1074025680
[ 1639.647250][T27370] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5180'.
[ 1641.500368][T27399] netlink: 56 bytes leftover after parsing attributes in process `syz.1.5186'.
[ 1642.754204][T27434] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5200'.
[ 1642.887208][   T30] audit: type=1326 audit(1762859582.401:2585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27431 comm="syz.5.5202" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f32539 code=0x0
[ 1643.025837][T27441] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1643.958723][T27453] netlink: 'syz.6.5205': attribute type 10 has an invalid length.
[ 1644.098725][T27453] lo: entered promiscuous mode
[ 1644.132304][T27453] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[ 1646.436835][T27484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5213'.
[ 1646.869601][T27491] FAULT_INJECTION: forcing a failure.
[ 1646.869601][T27491] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1646.889947][T27491] CPU: 1 UID: 0 PID: 27491 Comm: syz.0.5217 Not tainted syzkaller #0 PREEMPT(full) 
[ 1646.889964][T27491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1646.889971][T27491] Call Trace:
[ 1646.889975][T27491]  <TASK>
[ 1646.889980][T27491]  dump_stack_lvl+0x189/0x250
[ 1646.889998][T27491]  ? __pfx____ratelimit+0x10/0x10
[ 1646.890011][T27491]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1646.890024][T27491]  ? __pfx__printk+0x10/0x10
[ 1646.890041][T27491]  should_fail_ex+0x414/0x560
[ 1646.890058][T27491]  _copy_to_user+0x31/0xb0
[ 1646.890072][T27491]  simple_read_from_buffer+0xe1/0x170
[ 1646.890090][T27491]  proc_fail_nth_read+0x1b3/0x220
[ 1646.890104][T27491]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1646.890118][T27491]  ? rw_verify_area+0x2a6/0x4d0
[ 1646.890131][T27491]  ? __lock_acquire+0xab9/0xd20
[ 1646.890140][T27491]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1646.890153][T27491]  vfs_read+0x200/0xa30
[ 1646.890165][T27491]  ? fdget_pos+0x247/0x320
[ 1646.890177][T27491]  ? __pfx___mutex_lock+0x10/0x10
[ 1646.890191][T27491]  ? __pfx_vfs_read+0x10/0x10
[ 1646.890204][T27491]  ? __fget_files+0x2a/0x420
[ 1646.890216][T27491]  ? __fget_files+0x3a0/0x420
[ 1646.890224][T27491]  ? __fget_files+0x2a/0x420
[ 1646.890238][T27491]  ksys_read+0x145/0x250
[ 1646.890250][T27491]  ? exc_page_fault+0x82/0x100
[ 1646.890263][T27491]  ? __pfx_ksys_read+0x10/0x10
[ 1646.890277][T27491]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1646.890291][T27491]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1646.890305][T27491]  __do_fast_syscall_32+0xb6/0x2b0
[ 1646.890320][T27491]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1646.890334][T27491]  do_fast_syscall_32+0x34/0x80
[ 1646.890347][T27491]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1646.890359][T27491] RIP: 0023:0xf709d539
[ 1646.890369][T27491] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1646.890377][T27491] RSP: 002b:00000000f548d590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1646.890388][T27491] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f548d620
[ 1646.890396][T27491] RDX: 000000000000000f RSI: 00000000f7436ff4 RDI: 0000000000000000
[ 1646.890402][T27491] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1646.890407][T27491] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1646.890413][T27491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1646.890428][T27491]  </TASK>
[ 1649.045616][T27515] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5222'.
[ 1650.478216][T27538] FAULT_INJECTION: forcing a failure.
[ 1650.478216][T27538] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1650.505449][T27538] CPU: 1 UID: 0 PID: 27538 Comm: syz.6.5230 Not tainted syzkaller #0 PREEMPT(full) 
[ 1650.505474][T27538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1650.505484][T27538] Call Trace:
[ 1650.505491][T27538]  <TASK>
[ 1650.505499][T27538]  dump_stack_lvl+0x189/0x250
[ 1650.505527][T27538]  ? __pfx____ratelimit+0x10/0x10
[ 1650.505551][T27538]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1650.505572][T27538]  ? __pfx__printk+0x10/0x10
[ 1650.505601][T27538]  should_fail_ex+0x414/0x560
[ 1650.505631][T27538]  _copy_to_user+0x31/0xb0
[ 1650.505653][T27538]  video_usercopy+0xe32/0x1450
[ 1650.505682][T27538]  ? __pfx___video_do_ioctl+0x10/0x10
[ 1650.505702][T27538]  ? __pfx_video_usercopy+0x10/0x10
[ 1650.505736][T27538]  ? __fget_files+0x2a/0x420
[ 1650.505756][T27538]  v4l2_ioctl+0x18d/0x1e0
[ 1650.505778][T27538]  v4l2_compat_ioctl32+0x1d7/0x260
[ 1650.505805][T27538]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1650.505831][T27538]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1650.505853][T27538]  ? __fget_files+0x3a0/0x420
[ 1650.505877][T27538]  ? fput+0xa0/0xd0
[ 1650.505897][T27538]  ? ksys_write+0x22a/0x250
[ 1650.505918][T27538]  ? exc_page_fault+0x82/0x100
[ 1650.505941][T27538]  ? __pfx_ksys_write+0x10/0x10
[ 1650.505967][T27538]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1650.505992][T27538]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1650.506015][T27538]  __do_fast_syscall_32+0xb6/0x2b0
[ 1650.506050][T27538]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1650.506076][T27538]  do_fast_syscall_32+0x34/0x80
[ 1650.506100][T27538]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1650.506120][T27538] RIP: 0023:0xf706d539
[ 1650.506135][T27538] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1650.506149][T27538] RSP: 002b:00000000f545d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1650.506168][T27538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0285628
[ 1650.506180][T27538] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1650.506191][T27538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1650.506202][T27538] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1650.506213][T27538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1650.506241][T27538]  </TASK>
[ 1650.758633][T27515] bond0: entered promiscuous mode
[ 1650.764446][T27515] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1651.634039][T23143] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[ 1651.804002][T23143] usb 4-1: Using ep0 maxpacket: 8
[ 1651.816439][T23143] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1651.866453][T23143] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1651.902870][T27556] FAULT_INJECTION: forcing a failure.
[ 1651.902870][T27556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1651.920750][T27556] CPU: 0 UID: 0 PID: 27556 Comm: syz.5.5235 Not tainted syzkaller #0 PREEMPT(full) 
[ 1651.920778][T27556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1651.920790][T27556] Call Trace:
[ 1651.920816][T27556]  <TASK>
[ 1651.920825][T27556]  dump_stack_lvl+0x189/0x250
[ 1651.920855][T27556]  ? __pfx____ratelimit+0x10/0x10
[ 1651.920879][T27556]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1651.920902][T27556]  ? __pfx__printk+0x10/0x10
[ 1651.920932][T27556]  should_fail_ex+0x414/0x560
[ 1651.920964][T27556]  strncpy_from_user+0x36/0x290
[ 1651.920992][T27556]  getname_flags+0xf3/0x540
[ 1651.921011][T27556]  ? _copy_from_user+0x94/0xb0
[ 1651.921036][T27556]  user_path_at+0x24/0x60
[ 1651.921064][T27556]  __se_sys_mount+0x2d4/0x410
[ 1651.921088][T27556]  ? __pfx___se_sys_mount+0x10/0x10
[ 1651.921108][T27556]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1651.921135][T27556]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1651.921157][T27556]  ? __ia32_sys_mount+0x20/0xc0
[ 1651.921177][T27556]  __do_fast_syscall_32+0xb6/0x2b0
[ 1651.921201][T27556]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1651.921226][T27556]  do_fast_syscall_32+0x34/0x80
[ 1651.921250][T27556]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1651.921269][T27556] RIP: 0023:0xf7f32539
[ 1651.921284][T27556] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1651.921300][T27556] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000015
[ 1651.921320][T27556] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800020c0
[ 1651.921334][T27556] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1651.921345][T27556] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1651.921356][T27556] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1651.921368][T27556] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1651.921396][T27556]  </TASK>
[ 1652.114879][T23143] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1652.128401][T23143] usb 4-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00
[ 1652.138004][T23143] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1652.149424][T23143] usb 4-1: config 0 descriptor??
[ 1652.329975][T27560] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5236'.
[ 1653.426194][T27568] FAULT_INJECTION: forcing a failure.
[ 1653.426194][T27568] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1653.439647][T27568] CPU: 0 UID: 0 PID: 27568 Comm: syz.5.5239 Not tainted syzkaller #0 PREEMPT(full) 
[ 1653.439678][T27568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1653.439690][T27568] Call Trace:
[ 1653.439699][T27568]  <TASK>
[ 1653.439708][T27568]  dump_stack_lvl+0x189/0x250
[ 1653.439737][T27568]  ? __pfx____ratelimit+0x10/0x10
[ 1653.439760][T27568]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1653.439782][T27568]  ? __pfx__printk+0x10/0x10
[ 1653.439812][T27568]  should_fail_ex+0x414/0x560
[ 1653.439842][T27568]  _copy_to_user+0x31/0xb0
[ 1653.439867][T27568]  simple_read_from_buffer+0xe1/0x170
[ 1653.439897][T27568]  proc_fail_nth_read+0x1b3/0x220
[ 1653.439923][T27568]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1653.439947][T27568]  ? rw_verify_area+0x2a6/0x4d0
[ 1653.439969][T27568]  ? __lock_acquire+0xab9/0xd20
[ 1653.439986][T27568]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1653.440008][T27568]  vfs_read+0x200/0xa30
[ 1653.440030][T27568]  ? fdget_pos+0x247/0x320
[ 1653.440051][T27568]  ? __pfx___mutex_lock+0x10/0x10
[ 1653.440075][T27568]  ? __pfx_vfs_read+0x10/0x10
[ 1653.440099][T27568]  ? __fget_files+0x2a/0x420
[ 1653.440121][T27568]  ? __fget_files+0x3a0/0x420
[ 1653.440136][T27568]  ? __fget_files+0x2a/0x420
[ 1653.440162][T27568]  ksys_read+0x145/0x250
[ 1653.440183][T27568]  ? exc_page_fault+0x82/0x100
[ 1653.440207][T27568]  ? __pfx_ksys_read+0x10/0x10
[ 1653.440233][T27568]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1653.440258][T27568]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1653.440284][T27568]  __do_fast_syscall_32+0xb6/0x2b0
[ 1653.440309][T27568]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1653.440335][T27568]  do_fast_syscall_32+0x34/0x80
[ 1653.440360][T27568]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1653.440382][T27568] RIP: 0023:0xf7f32539
[ 1653.440398][T27568] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1653.440413][T27568] RSP: 002b:00000000f5426590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1653.440432][T27568] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5426620
[ 1653.440445][T27568] RDX: 000000000000000f RSI: 00000000f73c6ff4 RDI: 0000000000000000
[ 1653.440456][T27568] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1653.440466][T27568] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1653.440478][T27568] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1653.440506][T27568]  </TASK>
[ 1654.273790][T23143] usb 4-1: string descriptor 0 read error: -71
[ 1654.285217][T23143] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[ 1654.306821][T23143] usb 4-1: USB disconnect, device number 55
[ 1654.507994][T27592] FAULT_INJECTION: forcing a failure.
[ 1654.507994][T27592] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1654.624518][T27592] CPU: 1 UID: 0 PID: 27592 Comm: syz.3.5245 Not tainted syzkaller #0 PREEMPT(full) 
[ 1654.624543][T27592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1654.624553][T27592] Call Trace:
[ 1654.624560][T27592]  <TASK>
[ 1654.624569][T27592]  dump_stack_lvl+0x189/0x250
[ 1654.624603][T27592]  ? __pfx____ratelimit+0x10/0x10
[ 1654.624626][T27592]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1654.624648][T27592]  ? __pfx__printk+0x10/0x10
[ 1654.624667][T27592]  ? __might_fault+0xb0/0x130
[ 1654.624700][T27592]  should_fail_ex+0x414/0x560
[ 1654.624730][T27592]  _copy_from_user+0x2d/0xb0
[ 1654.624753][T27592]  v4l2_compat_get_array_args+0x994/0xae0
[ 1654.624786][T27592]  ? __pfx_v4l2_compat_get_array_args+0x10/0x10
[ 1654.624816][T27592]  ? __lock_acquire+0xab9/0xd20
[ 1654.624841][T27592]  ? __might_fault+0xb0/0x130
[ 1654.624883][T27592]  video_usercopy+0xae8/0x1450
[ 1654.624913][T27592]  ? __pfx_subdev_do_ioctl_lock+0x10/0x10
[ 1654.624936][T27592]  ? __pfx_video_usercopy+0x10/0x10
[ 1654.624973][T27592]  ? __fget_files+0x2a/0x420
[ 1654.624992][T27592]  v4l2_ioctl+0x18d/0x1e0
[ 1654.625014][T27592]  v4l2_compat_ioctl32+0x1d7/0x260
[ 1654.625042][T27592]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1654.625068][T27592]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1654.625089][T27592]  ? __fget_files+0x3a0/0x420
[ 1654.625111][T27592]  ? fput+0xa0/0xd0
[ 1654.625130][T27592]  ? ksys_write+0x22a/0x250
[ 1654.625151][T27592]  ? exc_page_fault+0x82/0x100
[ 1654.625175][T27592]  ? __pfx_ksys_write+0x10/0x10
[ 1654.625200][T27592]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1654.625226][T27592]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1654.625252][T27592]  __do_fast_syscall_32+0xb6/0x2b0
[ 1654.625276][T27592]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1654.625302][T27592]  do_fast_syscall_32+0x34/0x80
[ 1654.625325][T27592]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1654.625346][T27592] RIP: 0023:0xf701d539
[ 1654.625365][T27592] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1654.625379][T27592] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1654.625399][T27592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0405626
[ 1654.625411][T27592] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1654.625420][T27592] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1654.625429][T27592] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1654.625438][T27592] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1654.625463][T27592]  </TASK>
[ 1654.884629][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1655.564712][T27610] netlink: 156 bytes leftover after parsing attributes in process `syz.6.5249'.
[ 1655.758587][T27612] kvm: user requested TSC rate below hardware speed
[ 1655.810943][T27617] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5250'.
[ 1659.053721][T27661] netlink: 80 bytes leftover after parsing attributes in process `syz.6.5263'.
[ 1660.424168][T27680] @: renamed from vlan0 (while UP)
[ 1660.472618][T27682] loop2: detected capacity change from 0 to 7
[ 1660.481028][T27682] Dev loop2: unable to read RDB block 7
[ 1660.486728][T27682]  loop2: unable to read partition table
[ 1660.492756][T27682] loop2: partition table beyond EOD, truncated
[ 1660.521663][T27682] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1660.681125][T27685] FAULT_INJECTION: forcing a failure.
[ 1660.681125][T27685] name failslab, interval 1, probability 0, space 0, times 0
[ 1660.695192][T27685] CPU: 0 UID: 0 PID: 27685 Comm: syz.3.5273 Not tainted syzkaller #0 PREEMPT(full) 
[ 1660.695209][T27685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1660.695215][T27685] Call Trace:
[ 1660.695220][T27685]  <TASK>
[ 1660.695225][T27685]  dump_stack_lvl+0x189/0x250
[ 1660.695243][T27685]  ? __pfx____ratelimit+0x10/0x10
[ 1660.695257][T27685]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1660.695270][T27685]  ? __pfx__printk+0x10/0x10
[ 1660.695283][T27685]  ? __pfx___might_resched+0x10/0x10
[ 1660.695297][T27685]  should_fail_ex+0x414/0x560
[ 1660.695314][T27685]  should_failslab+0xa8/0x100
[ 1660.695326][T27685]  __kmalloc_noprof+0xcb/0x7f0
[ 1660.695340][T27685]  ? kfree+0x4d/0x6d0
[ 1660.695350][T27685]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1660.695368][T27685]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1660.695384][T27685]  ? tomoyo_domain+0xd9/0x130
[ 1660.695396][T27685]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1660.695408][T27685]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1660.695422][T27685]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1660.695443][T27685]  ? __lock_acquire+0xab9/0xd20
[ 1660.695463][T27685]  ? __fget_files+0x2a/0x420
[ 1660.695476][T27685]  ? __fget_files+0x3a0/0x420
[ 1660.695484][T27685]  ? __fget_files+0x2a/0x420
[ 1660.695495][T27685]  security_file_ioctl_compat+0xcb/0x2d0
[ 1660.695510][T27685]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1660.695525][T27685]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1660.695538][T27685]  ? __fget_files+0x3a0/0x420
[ 1660.695551][T27685]  ? fput+0xa0/0xd0
[ 1660.695562][T27685]  ? ksys_write+0x22a/0x250
[ 1660.695576][T27685]  ? __pfx_ksys_write+0x10/0x10
[ 1660.695591][T27685]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1660.695605][T27685]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1660.695620][T27685]  __do_fast_syscall_32+0xb6/0x2b0
[ 1660.695634][T27685]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1660.695649][T27685]  do_fast_syscall_32+0x34/0x80
[ 1660.695662][T27685]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1660.695674][T27685] RIP: 0023:0xf701d539
[ 1660.695683][T27685] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1660.695692][T27685] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1660.695703][T27685] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c0a
[ 1660.695710][T27685] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1660.695716][T27685] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1660.695722][T27685] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1660.695728][T27685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1660.695743][T27685]  </TASK>
[ 1660.695749][T27685] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1660.974026][T27685] loop2: detected capacity change from 0 to 7
[ 1660.984815][ T5831] Dev loop2: unable to read RDB block 7
[ 1660.990446][ T5831]  loop2: unable to read partition table
[ 1660.997188][ T5831] loop2: partition table beyond EOD, truncated
[ 1661.006935][T27685] Dev loop2: unable to read RDB block 7
[ 1661.015042][T27685]  loop2: unable to read partition table
[ 1661.023615][T27685] loop2: partition table beyond EOD, truncated
[ 1661.038802][T27685] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1661.473478][T20562] usb 2-1: new low-speed USB device number 38 using dummy_hcd
[ 1661.627167][T20562] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1661.635817][T20562] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[ 1661.644091][T20562] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1661.653163][T20562] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1661.664694][T20562] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1661.674662][T20562] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1661.684654][T20562] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1661.700487][T20562] usb 2-1: string descriptor 0 read error: -22
[ 1661.706854][T20562] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1661.715965][T20562] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1661.726859][T20562] usb 2-1: config 0 descriptor??
[ 1661.735406][T20562] hub 2-1:0.0: bad descriptor, ignoring hub
[ 1661.741467][T20562] hub 2-1:0.0: probe with driver hub failed with error -5
[ 1661.757520][T20562] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input177
[ 1661.955458][ T5891] usb 2-1: USB disconnect, device number 38
[ 1662.333822][T27708] fuse: Unknown parameter 'fdd[ÄNwØx.Ð@„'
[ 1662.678031][T27713] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1663.609402][T27726] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5286'.
[ 1664.839450][T27740] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5290'.
[ 1664.849214][T27740] netdevsim netdevsim5 netdevsim0: left promiscuous mode
[ 1664.857046][T27740] netdevsim netdevsim5 netdevsim0: entered allmulticast mode
[ 1665.210528][T27747] input: syz0 as /devices/virtual/input/input179
[ 1665.262399][T27751] FAULT_INJECTION: forcing a failure.
[ 1665.262399][T27751] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1665.306094][T27751] CPU: 1 UID: 0 PID: 27751 Comm: syz.3.5292 Not tainted syzkaller #0 PREEMPT(full) 
[ 1665.306119][T27751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1665.306130][T27751] Call Trace:
[ 1665.306136][T27751]  <TASK>
[ 1665.306144][T27751]  dump_stack_lvl+0x189/0x250
[ 1665.306172][T27751]  ? __pfx____ratelimit+0x10/0x10
[ 1665.306195][T27751]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1665.306216][T27751]  ? __pfx__printk+0x10/0x10
[ 1665.306234][T27751]  ? __might_fault+0xb0/0x130
[ 1665.306269][T27751]  should_fail_ex+0x414/0x560
[ 1665.306299][T27751]  _copy_from_user+0x2d/0xb0
[ 1665.306321][T27751]  input_event_from_user+0xf9/0x280
[ 1665.306345][T27751]  ? __pfx_input_event_from_user+0x10/0x10
[ 1665.306373][T27751]  ? input_event+0xc7/0xe0
[ 1665.306398][T27751]  uinput_write+0x279/0xfc0
[ 1665.306432][T27751]  ? __pfx_uinput_write+0x10/0x10
[ 1665.306455][T27751]  ? bpf_lsm_file_permission+0x9/0x20
[ 1665.306475][T27751]  ? security_file_permission+0x75/0x290
[ 1665.306497][T27751]  ? rw_verify_area+0x255/0x4d0
[ 1665.306519][T27751]  ? __lock_acquire+0xab9/0xd20
[ 1665.306535][T27751]  ? __pfx_uinput_write+0x10/0x10
[ 1665.306559][T27751]  vfs_write+0x27e/0xb30
[ 1665.306594][T27751]  ? __pfx_vfs_write+0x10/0x10
[ 1665.306625][T27751]  ? __fget_files+0x2a/0x420
[ 1665.306646][T27751]  ? __fget_files+0x2a/0x420
[ 1665.306661][T27751]  ? __fget_files+0x3a0/0x420
[ 1665.306678][T27751]  ? __fget_files+0x2a/0x420
[ 1665.306703][T27751]  ksys_write+0x145/0x250
[ 1665.306725][T27751]  ? exc_page_fault+0x82/0x100
[ 1665.306749][T27751]  ? __pfx_ksys_write+0x10/0x10
[ 1665.306775][T27751]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1665.306800][T27751]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1665.306827][T27751]  __do_fast_syscall_32+0xb6/0x2b0
[ 1665.306851][T27751]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1665.306878][T27751]  do_fast_syscall_32+0x34/0x80
[ 1665.306902][T27751]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1665.306923][T27751] RIP: 0023:0xf701d539
[ 1665.306938][T27751] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1665.306953][T27751] RSP: 002b:00000000f53ec55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004
[ 1665.306972][T27751] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000a40
[ 1665.306984][T27751] RDX: 000000000000045c RSI: 0000000000000000 RDI: 0000000000000000
[ 1665.306995][T27751] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1665.307005][T27751] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1665.307016][T27751] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1665.307045][T27751]  </TASK>
[ 1665.826154][T27759] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5296'.
[ 1666.577445][T27764] netlink: 56 bytes leftover after parsing attributes in process `syz.5.5294'.
[ 1667.661041][T27796] loop5: detected capacity change from 0 to 7
[ 1667.894874][T27806] netlink: 'syz.1.5312': attribute type 10 has an invalid length.
[ 1667.906946][T27796] Dev loop5: unable to read RDB block 7
[ 1667.912782][T27796]  loop5: unable to read partition table
[ 1667.918878][T27796] loop5: partition table beyond EOD, truncated
[ 1667.933709][T27796] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 1668.056707][T20562] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[ 1668.118829][ T5201] Dev loop5: unable to read RDB block 7
[ 1668.124530][ T5201]  loop5: unable to read partition table
[ 1668.130436][ T5201] loop5: partition table beyond EOD, truncated
[ 1668.213823][T20562] usb 4-1: Using ep0 maxpacket: 16
[ 1668.221063][T20562] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1668.232295][T20562] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1668.244815][T20562] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1668.258185][T20562] usb 4-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00
[ 1668.270680][T20562] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1668.286145][T20562] usb 4-1: config 0 descriptor??
[ 1668.391485][ T7498] Bluetooth: hci0: Malformed MSFT vendor event: 0x02
[ 1668.719728][T20562] lg-g15 0003:046D:C22E.004F: hidraw0: USB HID v0.01 Device [HID 046d:c22e] on usb-dummy_hcd.3-1/input0
[ 1668.780718][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.787745][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1668.860146][T27830] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5325'.
[ 1668.912219][T20562] usb 4-1: USB disconnect, device number 56
[ 1669.563503][T20562] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[ 1669.715256][T20562] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1669.726521][T20562] usb 2-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1669.739891][T20562] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1669.789989][T20562] usb 2-1: New USB device found, idVendor=056a, idProduct=5002, bcdDevice= 0.00
[ 1669.804034][T20562] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1669.817260][T20562] usb 2-1: config 0 descriptor??
[ 1670.242183][T20562] wacom 0003:056A:5002.0050: item fetching failed at offset 3/5
[ 1670.256418][T20562] wacom 0003:056A:5002.0050: parse failed
[ 1670.262290][T20562] wacom 0003:056A:5002.0050: probe with driver wacom failed with error -22
[ 1670.446635][ T5891] usb 2-1: USB disconnect, device number 39
[ 1670.558385][T27881] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5348'.
[ 1670.686699][T27887] loop5: detected capacity change from 0 to 7
[ 1670.696938][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.706148][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.715768][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.724989][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.733323][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.742523][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.751152][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.760359][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.778558][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.787765][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.803424][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.812612][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.820927][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.830154][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.841465][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.850708][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.858710][ T5831] ldm_validate_partition_table(): Disk read failed.
[ 1670.875999][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.885217][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.896008][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1670.905320][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[ 1670.916545][ T5831] Dev loop5: unable to read RDB block 0
[ 1670.922994][ T5831]  loop5: unable to read partition table
[ 1670.929684][ T5831] loop5: partition table beyond EOD, truncated
[ 1670.939395][T27887] ldm_validate_partition_table(): Disk read failed.
[ 1670.948084][T27887] Dev loop5: unable to read RDB block 0
[ 1670.957268][T27887]  loop5: unable to read partition table
[ 1670.963180][T27887] loop5: partition table beyond EOD, truncated
[ 1670.970935][T27887] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[ 1671.180943][T20562] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[ 1671.353500][T20562] usb 4-1: Using ep0 maxpacket: 8
[ 1671.367124][T20562] usb 4-1: config 0 has an invalid descriptor of length 111, skipping remainder of the config
[ 1671.403812][T20562] usb 4-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6
[ 1671.413079][T20562] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1671.431254][T20562] usb 4-1: config 0 descriptor??
[ 1671.646654][ T5891] usb 4-1: USB disconnect, device number 57
[ 1671.877223][T27918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5364'.
[ 1671.893150][T27918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5364'.
[ 1671.903619][T27918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5364'.
[ 1671.939292][T27918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5364'.
[ 1672.355151][   T30] audit: type=1326 audit(1762859611.851:2586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.392469][   T30] audit: type=1326 audit(1762859611.851:2587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.415748][   T30] audit: type=1326 audit(1762859611.851:2588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.438969][   T30] audit: type=1326 audit(1762859611.851:2589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.530292][   T30] audit: type=1326 audit(1762859611.851:2590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.566931][   T30] audit: type=1326 audit(1762859611.851:2591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.612520][   T30] audit: type=1326 audit(1762859611.851:2592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.644077][   T30] audit: type=1326 audit(1762859611.851:2593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.666972][   T30] audit: type=1326 audit(1762859611.851:2594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1672.689740][   T30] audit: type=1326 audit(1762859611.851:2595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27933 comm="syz.3.5371" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1673.151450][T27941] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5373'.
[ 1673.346846][T27949] syz_tun: entered allmulticast mode
[ 1673.360877][T27949] syz_tun: left allmulticast mode
[ 1673.988246][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.003274][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.023541][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.053028][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.102464][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.110069][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.118039][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.126676][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.135453][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.145194][T20562] hid-generic 0004:0800:0000.0051: unknown main item tag 0x0
[ 1674.161932][T20562] hid-generic 0004:0800:0000.0051: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[ 1674.247717][T27979] fido_id[27979]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1674.720187][T27997] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[ 1675.877689][T20562] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1676.064664][T20562] usb 6-1: Using ep0 maxpacket: 32
[ 1676.098081][T20562] usb 6-1: config 0 has an invalid interface number: 196 but max is 0
[ 1676.113687][T20562] usb 6-1: config 0 has no interface number 0
[ 1676.147848][T20562] usb 6-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[ 1676.178533][T20562] usb 6-1: config 0 interface 196 has no altsetting 0
[ 1676.216456][T20562] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[ 1676.250376][T20562] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1676.272464][T20562] usb 6-1: Product: syz
[ 1676.292408][T20562] usb 6-1: Manufacturer: syz
[ 1676.300131][T20562] usb 6-1: SerialNumber: syz
[ 1676.310678][T20562] usb 6-1: config 0 descriptor??
[ 1676.329111][T28009] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1676.765772][T20562] ipheth 6-1:0.196: ipheth_get_macaddr: usb_control_msg: short packet: 0 bytes
[ 1676.778159][T20562] ipheth 6-1:0.196: probe with driver ipheth failed with error -22
[ 1676.984918][T20562] usb 6-1: USB disconnect, device number 36
[ 1677.136588][T28046] UHID_CREATE from different security context by process 1845 (syz.1.5420), this is not allowed.
[ 1677.164373][ T5943] hid-generic 0000:0000:0004.0052: hidraw0: <UNKNOWN> HID v0.03 Device [syz1] on syz0
[ 1677.331111][T28049] fido_id[28049]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1677.368610][T28054] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5423'.
[ 1677.397363][ T7498] Bluetooth: hci2: unexpected event for opcode 0x2041
[ 1677.717257][ T7498] Bluetooth: hci2: unexpected cc 0x0809 length: 68 > 4
[ 1677.724344][ T7498] Bluetooth: hci2: unexpected event for opcode 0x0809
[ 1678.131616][T28084] input: syz1 as /devices/virtual/input/input180
[ 1678.524059][T23143] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1678.675979][T23143] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[ 1678.696515][T23143] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1678.714313][T23143] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1678.730052][T23143] usb 6-1: Product: syz
[ 1678.745120][T23143] usb 6-1: Manufacturer: syz
[ 1678.762196][T23143] usb 6-1: SerialNumber: syz
[ 1678.808194][T28098] syz_tun: entered promiscuous mode
[ 1678.916606][T28097] syz_tun: left promiscuous mode
[ 1679.069209][T23143] cdc_ncm 6-1:1.0: bind() failure
[ 1679.099778][T23143] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 1679.123909][T23143] cdc_ncm 6-1:1.1: bind() failure
[ 1679.144194][T23143] usb 6-1: USB disconnect, device number 37
[ 1679.816169][T28121] netlink: 64 bytes leftover after parsing attributes in process `syz.5.5453'.
[ 1680.376116][ T7498] Bluetooth: hci0: SCO packet too small
[ 1680.565274][   T30] kauditd_printk_skb: 13 callbacks suppressed
[ 1680.565292][   T30] audit: type=1326 audit(1762859620.071:2609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.654703][   T30] audit: type=1326 audit(1762859620.071:2610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.726048][   T30] audit: type=1326 audit(1762859620.081:2611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=174 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.780417][   T30] audit: type=1326 audit(1762859620.081:2612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.808223][   T30] audit: type=1326 audit(1762859620.081:2613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.830851][   T30] audit: type=1326 audit(1762859620.121:2614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=168 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.859564][   T30] audit: type=1326 audit(1762859620.131:2615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.888583][   T30] audit: type=1326 audit(1762859620.131:2616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.911378][   T30] audit: type=1326 audit(1762859620.141:2617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1680.952872][   T30] audit: type=1326 audit(1762859620.141:2618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28141 comm="syz.3.5462" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1681.003620][ T5943] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[ 1681.153666][ T5943] usb 6-1: Using ep0 maxpacket: 8
[ 1681.160865][ T5943] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1681.172353][ T5943] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1681.199265][ T5943] usb 6-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[ 1681.208768][ T5943] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1681.238779][ T5943] usb 6-1: config 0 descriptor??
[ 1681.661045][T28148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1681.670312][T28148] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1681.856202][ T5943] hid_parser_main: 109 callbacks suppressed
[ 1681.856225][ T5943] hid-rmi 0003:06CB:81A7.0053: unknown main item tag 0x0
[ 1681.898382][ T5943] hid-rmi 0003:06CB:81A7.0053: unbalanced collection at end of report description
[ 1681.917674][ T5943] hid-rmi 0003:06CB:81A7.0053: parse failed
[ 1681.929488][ T5943] hid-rmi 0003:06CB:81A7.0053: probe with driver hid-rmi failed with error -22
[ 1682.002925][T28161] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1682.072873][ T5943] usb 6-1: USB disconnect, device number 38
[ 1682.635441][ T7498] Bluetooth: hci0: unexpected event for opcode 0x0c24
[ 1682.653082][ T7498] Bluetooth: hci0: unexpected event for opcode 0x1004
[ 1683.414382][T23143] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[ 1683.596366][T23143] usb 6-1: Using ep0 maxpacket: 16
[ 1683.746094][T28224] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5494'.
[ 1684.010981][T23143] usb 6-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1684.029492][T23143] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1684.043288][T23143] usb 6-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[ 1684.068220][T23143] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1684.098798][T23143] usb 6-1: config 0 descriptor??
[ 1684.534560][T23143] nzxt-smart2 0003:1E71:2009.0054: unknown main item tag 0x0
[ 1684.567465][T23143] nzxt-smart2 0003:1E71:2009.0054: unknown main item tag 0x0
[ 1684.575806][T23143] nzxt-smart2 0003:1E71:2009.0054: unknown main item tag 0x0
[ 1684.583316][T23143] nzxt-smart2 0003:1E71:2009.0054: unknown main item tag 0x0
[ 1684.614622][T23143] nzxt-smart2 0003:1E71:2009.0054: unknown main item tag 0x0
[ 1684.631830][T23143] nzxt-smart2 0003:1E71:2009.0054: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.5-1/input0
[ 1684.696786][T28246] netlink: 3 bytes leftover after parsing attributes in process `syz.1.5504'.
[ 1684.779330][T23143] usb 6-1: USB disconnect, device number 39
[ 1685.181835][T28261] netem: change failed
[ 1685.922461][T28294] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5526'.
[ 1686.022046][T28300] netlink: 428 bytes leftover after parsing attributes in process `syz.3.5529'.
[ 1686.031411][T28300] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5529'.
[ 1686.188470][T28304] kvm: pic: non byte read
[ 1686.193247][T28304] kvm: pic: non byte read
[ 1686.200036][T28304] kvm: pic: non byte read
[ 1686.207761][T28304] kvm: pic: non byte read
[ 1686.212532][T28304] kvm: pic: non byte read
[ 1686.218534][T28304] kvm: pic: non byte read
[ 1686.223176][T28304] kvm: pic: non byte read
[ 1686.228845][T28304] kvm: pic: non byte read
[ 1686.236406][T28304] kvm: pic: non byte read
[ 1686.384197][T20562] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[ 1686.548272][T20562] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1686.558877][T20562] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[ 1686.568930][T20562] usb 2-1: Product: syz
[ 1686.573182][T20562] usb 2-1: Manufacturer: syz
[ 1686.578586][T20562] usb 2-1: SerialNumber: syz
[ 1686.588278][T20562] usb 2-1: config 0 descriptor??
[ 1686.600224][T20562] ch341 2-1:0.0: ch341-uart converter detected
[ 1686.695808][T24835] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[ 1686.706075][T24835] Bluetooth: hci0: Injecting HCI hardware error event
[ 1686.716458][T24835] Bluetooth: hci0: hardware error 0x00
[ 1687.173536][ T5943] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1687.266731][T28335] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1687.347775][ T5943] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[ 1687.356879][ T5943] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[ 1687.366524][ T5943] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[ 1687.392772][ T5943] usb 6-1: config 220 has no interface number 2
[ 1687.403432][ T5943] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[ 1687.417592][ T5943] usb 6-1: config 220 interface 0 has no altsetting 0
[ 1687.424858][ T5943] usb 6-1: config 220 interface 76 has no altsetting 0
[ 1687.452202][ T5943] usb 6-1: config 220 interface 1 has no altsetting 0
[ 1687.465715][ T5943] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[ 1687.475198][ T5943] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1687.483225][ T5943] usb 6-1: Product: syz
[ 1687.488305][ T5943] usb 6-1: Manufacturer: syz
[ 1687.492946][ T5943] usb 6-1: SerialNumber: syz
[ 1687.554830][T28341] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5544'.
[ 1687.619396][T20562] usb 2-1: failed to send control message: -71
[ 1687.628786][T20562] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1687.662359][T20562] usb 2-1: USB disconnect, device number 40
[ 1687.679778][T20562] ch341 2-1:0.0: device disconnected
[ 1687.729179][ T5943] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[ 1687.737373][ T5943] uvcvideo 6-1:220.0: No valid video chain found.
[ 1687.744218][ T5943] usb 6-1: selecting invalid altsetting 0
[ 1687.757591][ T5943] usb 6-1: selecting invalid altsetting 0
[ 1687.763951][ T5943] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[ 1687.780422][ T5943] usb 6-1: USB disconnect, device number 40
[ 1688.696935][T28374] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5552'.
[ 1688.774118][T24835] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[ 1688.813478][T20562] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[ 1688.973773][T20562] usb 4-1: Using ep0 maxpacket: 32
[ 1688.980802][T20562] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1688.991791][T20562] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1689.001606][T20562] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1689.012599][T20562] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1689.024547][T20562] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1689.034694][T20562] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1689.042702][T20562] usb 4-1: Product: syz
[ 1689.046978][T20562] usb 4-1: Manufacturer: syz
[ 1689.051592][T20562] usb 4-1: SerialNumber: syz
[ 1689.316523][T20562] usb 4-1: USB disconnect, device number 58
[ 1689.554104][T23143] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1689.690134][T28384] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5560'.
[ 1689.706113][T23143] usb 6-1: Using ep0 maxpacket: 16
[ 1689.732792][T23143] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1689.744578][T23143] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1689.755009][T23143] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1689.768534][T23143] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1689.778285][T23143] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1689.789615][T23143] usb 6-1: config 0 descriptor??
[ 1690.222371][T23143] microsoft 0003:045E:07DA.0055: unknown main item tag 0x0
[ 1690.235576][T23143] microsoft 0003:045E:07DA.0055: ignoring exceeding usage max
[ 1690.246616][T23143] microsoft 0003:045E:07DA.0055: unknown main item tag 0x0
[ 1690.257582][T23143] microsoft 0003:045E:07DA.0055: unknown main item tag 0x0
[ 1690.426761][T23143] microsoft 0003:045E:07DA.0055: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[ 1690.472060][T23143] microsoft 0003:045E:07DA.0055: no inputs found
[ 1690.508759][T23143] microsoft 0003:045E:07DA.0055: could not initialize ff, continuing anyway
[ 1690.523239][T23143] usb 6-1: USB disconnect, device number 41
[ 1690.549817][T28409] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1690.575668][T28405] fido_id[28405]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[ 1691.054428][T23143] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[ 1691.083541][T20562] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[ 1691.234555][T23143] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1691.235229][T20562] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[ 1691.243284][T23143] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1691.255808][T20562] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1691.274761][T23143] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1691.274806][T23143] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1691.277116][T23143] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1691.309330][T23143] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1691.315064][T20562] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[ 1691.319236][T23143] usb 2-1: Product: syz
[ 1691.326605][T20562] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1691.326629][T20562] usb 4-1: Product: syz
[ 1691.326643][T20562] usb 4-1: Manufacturer: syz
[ 1691.326658][T20562] usb 4-1: SerialNumber: syz
[ 1691.342682][T20562] usb 4-1: config 0 descriptor??
[ 1691.344438][T23143] usb 2-1: Manufacturer: syz
[ 1691.349698][T28423] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 1691.353251][T23143] usb 2-1: SerialNumber: syz
[ 1691.358723][T28423] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 1691.595055][T28423] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 1691.618098][T28423] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22
[ 1691.699004][T23143] usb 2-1: 0:2 : does not exist
[ 1691.734172][T23143] usb 2-1: USB disconnect, device number 41
[ 1692.029155][T20562] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[ 1692.230220][T20562] dm9601 4-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[ 1692.259568][T20562] usb 4-1: USB disconnect, device number 59
[ 1692.665561][T28459] netlink: 16 bytes leftover after parsing attributes in process `syz.5.5592'.
[ 1692.842827][T16153] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[ 1692.993538][T16153] usb 2-1: Using ep0 maxpacket: 16
[ 1693.005027][T16153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1693.026817][T16153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1693.043812][T16153] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1693.060040][T16153] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1693.070754][T16153] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1693.090532][T16153] usb 2-1: config 0 descriptor??
[ 1693.519752][T16153] microsoft 0003:045E:07DA.0056: unknown main item tag 0x0
[ 1693.533142][T16153] microsoft 0003:045E:07DA.0056: unknown main item tag 0x0
[ 1693.540994][T16153] microsoft 0003:045E:07DA.0056: unknown main item tag 0x0
[ 1693.548518][T16153] microsoft 0003:045E:07DA.0056: unknown main item tag 0x0
[ 1693.556048][T16153] microsoft 0003:045E:07DA.0056: unknown main item tag 0x0
[ 1693.563277][T16153] microsoft 0003:045E:07DA.0056: unknown main item tag 0x0
[ 1693.570565][T16153] microsoft 0003:045E:07DA.0056: unknown main item tag 0x0
[ 1693.590225][T16153] microsoft 0003:045E:07DA.0056: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1693.601756][T16153] microsoft 0003:045E:07DA.0056: no inputs found
[ 1693.608187][T16153] microsoft 0003:045E:07DA.0056: could not initialize ff, continuing anyway
[ 1693.732959][T16153] usb 2-1: USB disconnect, device number 42
[ 1694.303687][T28494] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5606'.
[ 1695.572049][T28538] binder: 28537:28538 ioctl c00c620f 80000080 returned -22
[ 1695.603972][T28541] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5621'.
[ 1695.814980][T28547] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5625'.
[ 1696.254866][T28565] input: syz1 as /devices/virtual/input/input181
[ 1696.698499][T28575] misc userio: The device must be registered before sending interrupts
[ 1697.222915][T20562] usb 2-1: new low-speed USB device number 43 using dummy_hcd
[ 1697.634508][T20562] usb 2-1: No LPM exit latency info found, disabling LPM.
[ 1697.646909][T20562] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x1 is Bulk; changing to Interrupt
[ 1697.657383][T20562] usb 2-1: config 1 interface 0 altsetting 250 endpoint 0x82 is Bulk; changing to Interrupt
[ 1697.698202][T20562] usb 2-1: config 1 interface 0 has no altsetting 0
[ 1697.757184][T20562] usb 2-1: string descriptor 0 read error: -22
[ 1697.767396][T20562] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1697.778199][T20562] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1697.809144][T28575] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1697.848258][T28575] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1697.879663][T28589] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1698.114536][T28571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1698.144853][T28571] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1698.935081][ T5891] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[ 1699.024231][T28610] netlink: 56 bytes leftover after parsing attributes in process `syz.6.5641'.
[ 1699.545550][ T5891] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1699.567442][T18490] usb 2-1: USB disconnect, device number 43
[ 1699.585133][ T5891] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1699.627298][ T5891] usb 6-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[ 1699.647622][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1699.683130][ T5891] usb 6-1: config 0 descriptor??
[ 1699.979592][ T5891] Bluetooth: Can't get state to change to load ram patch err
[ 1699.992306][T18490] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[ 1700.026085][ T5891] Bluetooth: Loading patch file failed
[ 1700.033953][ T5891] ath3k 6-1:0.0: probe with driver ath3k failed with error -121
[ 1700.084187][T28621] openvswitch: netlink: Key type 191 is out of range max 32
[ 1700.165965][T28628] netlink: 14 bytes leftover after parsing attributes in process `syz.0.5652'.
[ 1700.175627][T18490] usb 2-1: Using ep0 maxpacket: 16
[ 1700.188100][T18490] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1700.198949][T18490] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1700.211712][T18490] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1700.221826][T18490] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1700.232089][T23919] usb 6-1: USB disconnect, device number 42
[ 1700.232295][T18490] usb 2-1: Product: syz
[ 1700.251532][T18490] usb 2-1: Manufacturer: syz
[ 1700.257554][T18490] usb 2-1: SerialNumber: syz
[ 1700.268901][T18490] usb 2-1: config 0 descriptor??
[ 1701.036490][ T5891] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[ 1701.215326][ T5891] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1701.227035][ T5891] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1701.237409][ T5891] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1701.246905][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1701.258601][T28635] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[ 1701.269658][ T5891] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 1701.423915][T18490] usb 4-1: new low-speed USB device number 60 using dummy_hcd
[ 1701.474471][T16153] usb 6-1: USB disconnect, device number 43
[ 1701.577827][T18490] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1701.591974][T18490] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1701.607878][T18490] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1701.620081][T18490] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1701.636969][T18490] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1701.648511][T18490] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1701.666858][T18490] usb 4-1: string descriptor 0 read error: -22
[ 1701.673099][T18490] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1701.682784][T18490] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1701.703082][T18490] adutux 4-1:168.0: interrupt endpoints not found
[ 1701.905952][T18490] usb 4-1: USB disconnect, device number 60
[ 1702.707632][T16153] usb 2-1: USB disconnect, device number 44
[ 1704.684653][ T5891] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[ 1704.855353][ T5891] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1704.865797][ T5891] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1704.875144][ T5891] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[ 1704.884645][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1704.895492][ T5891] usb 4-1: config 0 descriptor??
[ 1705.107217][ T5891] Bluetooth: Can't get state to change to load ram patch err
[ 1705.116999][ T5891] Bluetooth: Loading patch file failed
[ 1705.122519][ T5891] ath3k 4-1:0.0: probe with driver ath3k failed with error -71
[ 1705.132546][ T5891] usb 4-1: USB disconnect, device number 61
[ 1705.836769][T28702] fuse: Bad value for 'fd'
[ 1706.798769][T28711] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1707.428627][T28726] FAULT_INJECTION: forcing a failure.
[ 1707.428627][T28726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1707.486132][T28726] CPU: 1 UID: 0 PID: 28726 Comm: syz.3.5678 Not tainted syzkaller #0 PREEMPT(full) 
[ 1707.486158][T28726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1707.486171][T28726] Call Trace:
[ 1707.486177][T28726]  <TASK>
[ 1707.486182][T28726]  dump_stack_lvl+0x189/0x250
[ 1707.486201][T28726]  ? __pfx____ratelimit+0x10/0x10
[ 1707.486216][T28726]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1707.486228][T28726]  ? __pfx__printk+0x10/0x10
[ 1707.486238][T28726]  ? __might_fault+0xb0/0x130
[ 1707.486257][T28726]  should_fail_ex+0x414/0x560
[ 1707.486275][T28726]  _copy_from_user+0x2d/0xb0
[ 1707.486289][T28726]  dev_ethtool+0xd0/0x19c0
[ 1707.486304][T28726]  ? __lock_acquire+0xab9/0xd20
[ 1707.486317][T28726]  ? __pfx_dev_ethtool+0x10/0x10
[ 1707.486334][T28726]  ? dev_load+0x21/0x1f0
[ 1707.486351][T28726]  ? dev_load+0x21/0x1f0
[ 1707.486372][T28726]  dev_ioctl+0x392/0x1150
[ 1707.486399][T28726]  compat_sock_ioctl+0xc3b/0xc80
[ 1707.486425][T28726]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 1707.486447][T28726]  ? __fget_files+0x3a0/0x420
[ 1707.486456][T28726]  ? __fget_files+0x2a/0x420
[ 1707.486467][T28726]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1707.486481][T28726]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1707.486497][T28726]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1707.486509][T28726]  ? __fget_files+0x3a0/0x420
[ 1707.486521][T28726]  ? fput+0xa0/0xd0
[ 1707.486533][T28726]  ? ksys_write+0x22a/0x250
[ 1707.486546][T28726]  ? exc_page_fault+0x82/0x100
[ 1707.486560][T28726]  ? __pfx_ksys_write+0x10/0x10
[ 1707.486580][T28726]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1707.486594][T28726]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1707.486608][T28726]  __do_fast_syscall_32+0xb6/0x2b0
[ 1707.486624][T28726]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1707.486638][T28726]  do_fast_syscall_32+0x34/0x80
[ 1707.486652][T28726]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1707.486664][T28726] RIP: 0023:0xf701d539
[ 1707.486674][T28726] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1707.486683][T28726] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1707.486695][T28726] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000008946
[ 1707.486702][T28726] RDX: 0000000080000f00 RSI: 0000000000000000 RDI: 0000000000000000
[ 1707.486708][T28726] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1707.486714][T28726] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1707.486719][T28726] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1707.486734][T28726]  </TASK>
[ 1709.057985][T28741] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5682'.
[ 1709.583519][T16153] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[ 1709.866744][T16153] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1709.882913][T16153] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1709.921070][T16153] usb 2-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[ 1709.938255][T16153] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1709.963144][T16153] usb 2-1: config 0 descriptor??
[ 1710.209297][T16153] Bluetooth: Can't get state to change to load ram patch err
[ 1710.219067][T16153] Bluetooth: Loading patch file failed
[ 1710.229299][T16153] ath3k 2-1:0.0: probe with driver ath3k failed with error -71
[ 1710.260583][T16153] usb 2-1: USB disconnect, device number 45
[ 1710.297853][T28753] FAULT_INJECTION: forcing a failure.
[ 1710.297853][T28753] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1710.344991][T28753] CPU: 0 UID: 0 PID: 28753 Comm: syz.5.5687 Not tainted syzkaller #0 PREEMPT(full) 
[ 1710.345008][T28753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1710.345014][T28753] Call Trace:
[ 1710.345020][T28753]  <TASK>
[ 1710.345025][T28753]  dump_stack_lvl+0x189/0x250
[ 1710.345043][T28753]  ? __pfx____ratelimit+0x10/0x10
[ 1710.345057][T28753]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1710.345070][T28753]  ? __pfx__printk+0x10/0x10
[ 1710.345086][T28753]  should_fail_ex+0x414/0x560
[ 1710.345104][T28753]  _copy_to_user+0x31/0xb0
[ 1710.345118][T28753]  simple_read_from_buffer+0xe1/0x170
[ 1710.345136][T28753]  proc_fail_nth_read+0x1b3/0x220
[ 1710.345151][T28753]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1710.345164][T28753]  ? rw_verify_area+0x2a6/0x4d0
[ 1710.345177][T28753]  ? __lock_acquire+0xab9/0xd20
[ 1710.345186][T28753]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1710.345198][T28753]  vfs_read+0x200/0xa30
[ 1710.345211][T28753]  ? fdget_pos+0x247/0x320
[ 1710.345222][T28753]  ? __pfx___mutex_lock+0x10/0x10
[ 1710.345237][T28753]  ? __pfx_vfs_read+0x10/0x10
[ 1710.345250][T28753]  ? __fget_files+0x2a/0x420
[ 1710.345261][T28753]  ? __fget_files+0x3a0/0x420
[ 1710.345270][T28753]  ? __fget_files+0x2a/0x420
[ 1710.345283][T28753]  ksys_read+0x145/0x250
[ 1710.345295][T28753]  ? exc_page_fault+0x82/0x100
[ 1710.345310][T28753]  ? __pfx_ksys_read+0x10/0x10
[ 1710.345324][T28753]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1710.345338][T28753]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1710.345353][T28753]  __do_fast_syscall_32+0xb6/0x2b0
[ 1710.345367][T28753]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1710.345382][T28753]  do_fast_syscall_32+0x34/0x80
[ 1710.345396][T28753]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1710.345408][T28753] RIP: 0023:0xf7f32539
[ 1710.345417][T28753] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1710.345426][T28753] RSP: 002b:00000000f5426590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1710.345438][T28753] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f5426620
[ 1710.345445][T28753] RDX: 000000000000000f RSI: 00000000f73c6ff4 RDI: 0000000000000000
[ 1710.345451][T28753] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1710.345457][T28753] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1710.345463][T28753] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1710.345478][T28753]  </TASK>
[ 1710.591676][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1711.457487][   T30] kauditd_printk_skb: 24 callbacks suppressed
[ 1711.457504][   T30] audit: type=1326 audit(1762859650.971:2643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1711.570681][   T30] audit: type=1326 audit(1762859650.971:2644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1711.642968][   T30] audit: type=1326 audit(1762859650.971:2645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1711.701976][   T30] audit: type=1326 audit(1762859650.971:2646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1711.807884][   T30] audit: type=1326 audit(1762859650.971:2647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1711.840123][   T30] audit: type=1326 audit(1762859650.971:2648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=47 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1711.950657][   T30] audit: type=1326 audit(1762859650.971:2649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1712.033783][   T30] audit: type=1326 audit(1762859650.971:2650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1712.059648][   T30] audit: type=1326 audit(1762859650.971:2651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1712.088443][T28773] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5691'.
[ 1712.114989][   T30] audit: type=1326 audit(1762859650.971:2652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28765 comm="syz.3.5689" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf701d539 code=0x7ffc0000
[ 1712.348257][T28779] FAULT_INJECTION: forcing a failure.
[ 1712.348257][T28779] name failslab, interval 1, probability 0, space 0, times 0
[ 1712.363512][T23919] usb 4-1: new low-speed USB device number 62 using dummy_hcd
[ 1712.382961][T28779] CPU: 0 UID: 0 PID: 28779 Comm: syz.5.5694 Not tainted syzkaller #0 PREEMPT(full) 
[ 1712.382986][T28779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1712.382997][T28779] Call Trace:
[ 1712.383005][T28779]  <TASK>
[ 1712.383013][T28779]  dump_stack_lvl+0x189/0x250
[ 1712.383040][T28779]  ? __pfx____ratelimit+0x10/0x10
[ 1712.383084][T28779]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1712.383106][T28779]  ? __pfx__printk+0x10/0x10
[ 1712.383126][T28779]  ? __pfx___might_resched+0x10/0x10
[ 1712.383144][T28779]  ? fs_reclaim_acquire+0x7d/0x100
[ 1712.383166][T28779]  should_fail_ex+0x414/0x560
[ 1712.383194][T28779]  should_failslab+0xa8/0x100
[ 1712.383213][T28779]  __kmalloc_cache_noprof+0x6f/0x6f0
[ 1712.383237][T28779]  ? kvm_check_memslot_overlap+0x301/0x380
[ 1712.383258][T28779]  ? kvm_set_memory_region+0x747/0xb90
[ 1712.383284][T28779]  kvm_set_memory_region+0x747/0xb90
[ 1712.383317][T28779]  kvm_vm_ioctl_set_memory_region+0x6f/0xd0
[ 1712.383342][T28779]  kvm_vm_ioctl+0x957/0xc60
[ 1712.383367][T28779]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1712.383383][T28779]  ? __kasan_save_free_info+0x46/0x50
[ 1712.383401][T28779]  ? __kasan_slab_free+0x5c/0x80
[ 1712.383421][T28779]  ? kfree+0x19a/0x6d0
[ 1712.383437][T28779]  ? tomoyo_path_number_perm+0x47a/0x5a0
[ 1712.383458][T28779]  ? security_file_ioctl_compat+0xcb/0x2d0
[ 1712.383477][T28779]  ? __ia32_compat_sys_ioctl+0x128/0x840
[ 1712.383497][T28779]  ? __do_fast_syscall_32+0xb6/0x2b0
[ 1712.383520][T28779]  ? do_fast_syscall_32+0x34/0x80
[ 1712.383542][T28779]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1712.383606][T28779]  ? kasan_quarantine_put+0xdd/0x220
[ 1712.383629][T28779]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1712.383662][T28779]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1712.383685][T28779]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1712.383710][T28779]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1712.383734][T28779]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1712.383770][T28779]  ? __lock_acquire+0xab9/0xd20
[ 1712.383801][T28779]  kvm_vm_compat_ioctl+0x265/0x330
[ 1712.383829][T28779]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[ 1712.383853][T28779]  ? __fget_files+0x3a0/0x420
[ 1712.383870][T28779]  ? __fget_files+0x2a/0x420
[ 1712.383891][T28779]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1712.383914][T28779]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1712.383937][T28779]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1712.383958][T28779]  ? __fget_files+0x3a0/0x420
[ 1712.383978][T28779]  ? fput+0xa0/0xd0
[ 1712.384003][T28779]  ? ksys_write+0x22a/0x250
[ 1712.384021][T28779]  ? exc_page_fault+0x82/0x100
[ 1712.384048][T28779]  ? __pfx_ksys_write+0x10/0x10
[ 1712.384074][T28779]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1712.384099][T28779]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1712.384126][T28779]  __do_fast_syscall_32+0xb6/0x2b0
[ 1712.384151][T28779]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1712.384179][T28779]  do_fast_syscall_32+0x34/0x80
[ 1712.384203][T28779]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1712.384224][T28779] RIP: 0023:0xf7f32539
[ 1712.384241][T28779] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1712.384255][T28779] RSP: 002b:00000000f542655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1712.384274][T28779] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004020ae46
[ 1712.384285][T28779] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[ 1712.384295][T28779] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1712.384306][T28779] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1712.384316][T28779] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1712.384343][T28779]  </TASK>
[ 1712.737403][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1712.865748][T23919] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1712.876337][T23919] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1712.890672][T23919] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1712.901259][T23919] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1712.915659][T23919] usb 4-1: config 168 has an invalid descriptor of length 255, skipping remainder of the config
[ 1712.926405][T23919] usb 4-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1712.942944][T23919] usb 4-1: string descriptor 0 read error: -22
[ 1712.966082][T23919] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1712.975214][T23919] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1712.994425][T23919] adutux 4-1:168.0: interrupt endpoints not found
[ 1713.192564][T23919] usb 4-1: USB disconnect, device number 62
[ 1714.228132][T28799] FAULT_INJECTION: forcing a failure.
[ 1714.228132][T28799] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1714.241596][T28799] CPU: 1 UID: 0 PID: 28799 Comm: syz.3.5699 Not tainted syzkaller #0 PREEMPT(full) 
[ 1714.241611][T28799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1714.241617][T28799] Call Trace:
[ 1714.241623][T28799]  <TASK>
[ 1714.241628][T28799]  dump_stack_lvl+0x189/0x250
[ 1714.241646][T28799]  ? __pfx____ratelimit+0x10/0x10
[ 1714.241659][T28799]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1714.241671][T28799]  ? __pfx__printk+0x10/0x10
[ 1714.241683][T28799]  ? __might_fault+0xb0/0x130
[ 1714.241702][T28799]  should_fail_ex+0x414/0x560
[ 1714.241720][T28799]  _copy_from_iter+0x1de/0x1790
[ 1714.241735][T28799]  ? rcu_is_watching+0x15/0xb0
[ 1714.241749][T28799]  ? kmalloc_reserve+0xbd/0x290
[ 1714.241760][T28799]  ? __pfx__copy_from_iter+0x10/0x10
[ 1714.241771][T28799]  ? __build_skb_around+0x262/0x3f0
[ 1714.241787][T28799]  ? netlink_sendmsg+0x642/0xb30
[ 1714.241797][T28799]  ? skb_put+0x11b/0x210
[ 1714.241808][T28799]  netlink_sendmsg+0x6b2/0xb30
[ 1714.241823][T28799]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1714.241834][T28799]  ? __import_iovec+0x5d4/0x7f0
[ 1714.241844][T28799]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1714.241859][T28799]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1714.241868][T28799]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1714.241878][T28799]  __sock_sendmsg+0x21c/0x270
[ 1714.241893][T28799]  ____sys_sendmsg+0x505/0x830
[ 1714.241907][T28799]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1714.241926][T28799]  ___sys_sendmsg+0x21f/0x2a0
[ 1714.241937][T28799]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1714.241965][T28799]  ? __fget_files+0x2a/0x420
[ 1714.241974][T28799]  ? __fget_files+0x3a0/0x420
[ 1714.241988][T28799]  __sys_sendmsg+0x164/0x220
[ 1714.242000][T28799]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1714.242015][T28799]  ? __pfx_ksys_write+0x10/0x10
[ 1714.242030][T28799]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1714.242045][T28799]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1714.242060][T28799]  __do_fast_syscall_32+0xb6/0x2b0
[ 1714.242074][T28799]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1714.242088][T28799]  do_fast_syscall_32+0x34/0x80
[ 1714.242102][T28799]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1714.242114][T28799] RIP: 0023:0xf701d539
[ 1714.242123][T28799] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1714.242131][T28799] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1714.242143][T28799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[ 1714.242150][T28799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1714.242156][T28799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1714.242161][T28799] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1714.242167][T28799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1714.242182][T28799]  </TASK>
[ 1715.613442][T28816] netlink: 'syz.5.5705': attribute type 1 has an invalid length.
[ 1715.683093][T28816] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1715.893339][T28816] bond1: (slave gretap1): making interface the new active one
[ 1716.001786][T28818] xt_CT: No such helper "snmp"
[ 1716.021496][T28816] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1716.235262][T28825] FAULT_INJECTION: forcing a failure.
[ 1716.235262][T28825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1716.259362][T28825] CPU: 1 UID: 0 PID: 28825 Comm: syz.3.5708 Not tainted syzkaller #0 PREEMPT(full) 
[ 1716.259387][T28825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1716.259398][T28825] Call Trace:
[ 1716.259405][T28825]  <TASK>
[ 1716.259413][T28825]  dump_stack_lvl+0x189/0x250
[ 1716.259442][T28825]  ? __pfx____ratelimit+0x10/0x10
[ 1716.259464][T28825]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1716.259487][T28825]  ? __pfx__printk+0x10/0x10
[ 1716.259506][T28825]  ? __might_fault+0xb0/0x130
[ 1716.259541][T28825]  should_fail_ex+0x414/0x560
[ 1716.259571][T28825]  _copy_from_user+0x2d/0xb0
[ 1716.259594][T28825]  dev_ethtool+0xd0/0x19c0
[ 1716.259619][T28825]  ? __lock_acquire+0xab9/0xd20
[ 1716.259644][T28825]  ? __pfx_dev_ethtool+0x10/0x10
[ 1716.259674][T28825]  ? dev_load+0x21/0x1f0
[ 1716.259706][T28825]  ? dev_load+0x21/0x1f0
[ 1716.259732][T28825]  dev_ioctl+0x392/0x1150
[ 1716.259760][T28825]  compat_sock_ioctl+0xc3b/0xc80
[ 1716.259788][T28825]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 1716.259813][T28825]  ? __fget_files+0x3a0/0x420
[ 1716.259830][T28825]  ? __fget_files+0x2a/0x420
[ 1716.259850][T28825]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1716.259874][T28825]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1716.259899][T28825]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1716.259921][T28825]  ? __fget_files+0x3a0/0x420
[ 1716.259943][T28825]  ? fput+0xa0/0xd0
[ 1716.259962][T28825]  ? ksys_write+0x22a/0x250
[ 1716.259983][T28825]  ? exc_page_fault+0x82/0x100
[ 1716.260007][T28825]  ? __pfx_ksys_write+0x10/0x10
[ 1716.260033][T28825]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1716.260059][T28825]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1716.260085][T28825]  __do_fast_syscall_32+0xb6/0x2b0
[ 1716.260111][T28825]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1716.260138][T28825]  do_fast_syscall_32+0x34/0x80
[ 1716.260162][T28825]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1716.260184][T28825] RIP: 0023:0xf701d539
[ 1716.260200][T28825] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1716.260215][T28825] RSP: 002b:00000000f540d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1716.260235][T28825] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000008946
[ 1716.260247][T28825] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1716.260259][T28825] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1716.260270][T28825] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1716.260281][T28825] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1716.260309][T28825]  </TASK>
[ 1716.590483][    C1] ==================================================================
[ 1716.598599][    C1] BUG: KASAN: stack-out-of-bounds in nft_ct_get_eval+0x100d/0x15c0
[ 1716.606476][    C1] Write of size 16 at addr ffffc90000a0868c by task syz.5.5707/28826
[ 1716.614521][    C1] 
[ 1716.616834][    C1] CPU: 1 UID: 0 PID: 28826 Comm: syz.5.5707 Not tainted syzkaller #0 PREEMPT(full) 
[ 1716.616849][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1716.616856][    C1] Call Trace:
[ 1716.616861][    C1]  <IRQ>
[ 1716.616866][    C1]  dump_stack_lvl+0x189/0x250
[ 1716.616883][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1716.616895][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1716.616907][    C1]  ? __pfx__printk+0x10/0x10
[ 1716.616922][    C1]  ? make_kuid+0x1d9/0x680
[ 1716.616934][    C1]  ? __virt_addr_valid+0xdc/0x5c0
[ 1716.616947][    C1]  ? __virt_addr_valid+0xdc/0x5c0
[ 1716.616960][    C1]  print_report+0xca/0x240
[ 1716.616972][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1716.616983][    C1]  kasan_report+0x118/0x150
[ 1716.616992][    C1]  ? __asan_memset+0x22/0x50
[ 1716.617005][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1716.617017][    C1]  kasan_check_range+0x2b0/0x2c0
[ 1716.617027][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1716.617039][    C1]  __asan_memcpy+0x40/0x70
[ 1716.617051][    C1]  nft_ct_get_eval+0x100d/0x15c0
[ 1716.617064][    C1]  ? __pfx_nft_ct_get_eval+0x10/0x10
[ 1716.617076][    C1]  ? __pfx_nft_ct_set_zone_eval+0x10/0x10
[ 1716.617089][    C1]  nft_do_chain+0x40c/0x1920
[ 1716.617103][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1716.617118][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[ 1716.617137][    C1]  nft_do_chain_ipv4+0x154/0x210
[ 1716.617149][    C1]  ? __pfx_nft_do_chain_ipv4+0x10/0x10
[ 1716.617161][    C1]  ? NF_HOOK+0x9a/0x3a0
[ 1716.617171][    C1]  ? iptable_mangle_hook+0x189/0x4c0
[ 1716.617184][    C1]  ? __pfx_nft_do_chain_ipv4+0x10/0x10
[ 1716.617196][    C1]  nf_hook_slow+0xc5/0x220
[ 1716.617207][    C1]  NF_HOOK+0x206/0x3a0
[ 1716.617217][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1716.617227][    C1]  ? NF_HOOK+0x9a/0x3a0
[ 1716.617236][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 1716.617244][    C1]  ? ip_rcv_core+0x7f7/0xd00
[ 1716.617254][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1716.617266][    C1]  ? __pfx_ip_rcv+0x10/0x10
[ 1716.617275][    C1]  __netif_receive_skb+0x143/0x380
[ 1716.617289][    C1]  ? process_backlog+0x2d5/0x14f0
[ 1716.617303][    C1]  process_backlog+0x60e/0x14f0
[ 1716.617320][    C1]  ? __pfx_process_backlog+0x10/0x10
[ 1716.617335][    C1]  __napi_poll+0xc7/0x360
[ 1716.617347][    C1]  ? skb_defer_free_flush+0x229/0x250
[ 1716.617361][    C1]  net_rx_action+0x5f7/0xdf0
[ 1716.617378][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 1716.617394][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[ 1716.617408][    C1]  handle_softirqs+0x286/0x870
[ 1716.617420][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[ 1716.617432][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1716.617444][    C1]  __irq_exit_rcu+0xca/0x1f0
[ 1716.617454][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1716.617466][    C1]  irq_exit_rcu+0x9/0x30
[ 1716.617476][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1716.617489][    C1]  </IRQ>
[ 1716.617493][    C1]  <TASK>
[ 1716.617497][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1716.617508][    C1] RIP: 0010:__unix_dgram_recvmsg+0x8b4/0xd60
[ 1716.617520][    C1] Code: df 48 8b 4c 24 48 0f b6 04 01 84 c0 4c 8b 7c 24 28 48 8b 54 24 18 0f 85 db 03 00 00 8b 1a bf ff ff ff ff 89 de e8 0c 9c cf f7 <85> db 0f 89 1a 02 00 00 e8 bf 97 cf f7 49 8d 5c 24 38 48 89 d8 48
[ 1716.617529][    C1] RSP: 0018:ffffc900048776a0 EFLAGS: 00000297
[ 1716.617539][    C1] RAX: ffffffff89f06c04 RBX: 00000000ffffffff RCX: 0000000000000002
[ 1716.617547][    C1] RDX: ffff888030191e40 RSI: 00000000ffffffff RDI: 00000000ffffffff
[ 1716.617554][    C1] RBP: ffffc90004877830 R08: ffffc9000487775f R09: 0000000000000000
[ 1716.617561][    C1] R10: ffffc90004877740 R11: fffff5200090eeec R12: ffff8880925c4140
[ 1716.617568][    C1] R13: 0000000080000002 R14: ffff8880925c4174 R15: 1ffff9200090eee4
[ 1716.617578][    C1]  ? __unix_dgram_recvmsg+0x8b4/0xd60
[ 1716.617592][    C1]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[ 1716.617604][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1716.617615][    C1]  ? unix_dgram_recvmsg+0xb1/0xd0
[ 1716.617628][    C1]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[ 1716.617640][    C1]  sock_recvmsg_nosec+0x186/0x1c0
[ 1716.617654][    C1]  ____sys_recvmsg+0x3aa/0x460
[ 1716.617671][    C1]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1716.617682][    C1]  ? get_compat_msghdr+0x37e/0x4a0
[ 1716.617695][    C1]  ? ___sys_recvmsg+0x1c4/0x510
[ 1716.617705][    C1]  ? kfree+0x4d/0x6d0
[ 1716.617718][    C1]  ___sys_recvmsg+0x1b5/0x510
[ 1716.617730][    C1]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1716.617749][    C1]  ? __fget_files+0x3a0/0x420
[ 1716.617770][    C1]  do_recvmmsg+0x36a/0x770
[ 1716.617793][    C1]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1716.617819][    C1]  ? __ia32_compat_sys_ioctl+0x824/0x840
[ 1716.617839][    C1]  __sys_recvmmsg+0x19d/0x280
[ 1716.617851][    C1]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1716.617861][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1716.617874][    C1]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1716.617887][    C1]  __do_fast_syscall_32+0xb6/0x2b0
[ 1716.617904][    C1]  do_fast_syscall_32+0x34/0x80
[ 1716.617919][    C1]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1716.617932][    C1] RIP: 0023:0xf7f32539
[ 1716.617941][    C1] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1716.617950][    C1] RSP: 002b:00000000f540555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1716.617961][    C1] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0
[ 1716.617968][    C1] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[ 1716.617974][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1716.617980][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1716.617986][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1716.617995][    C1]  </TASK>
[ 1716.618000][    C1] 
[ 1717.167280][    C1] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90000a01000 allocated at irq_init_percpu_irqstack+0x342/0x4a0
[ 1717.181171][    C1] The buggy address belongs to the physical page:
[ 1717.187578][    C1] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb8908
[ 1717.196322][    C1] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
[ 1717.204201][    C1] raw: 00fff00000002000 ffffea0002e24208 ffffea0002e24208 0000000000000000
[ 1717.212765][    C1] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 1717.221324][    C1] page dumped because: kasan: bad access detected
[ 1717.227726][    C1] page_owner info is not present (never set?)
[ 1717.233765][    C1] 
[ 1717.236068][    C1] Memory state around the buggy address:
[ 1717.241675][    C1]  ffffc90000a08580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1717.249715][    C1]  ffffc90000a08600: 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00
[ 1717.257758][    C1] >ffffc90000a08680: 00 00 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00
[ 1717.265798][    C1]                          ^
[ 1717.270364][    C1]  ffffc90000a08700: 00 00 00 00 00 00 f2 f2 f2 f2 00 00 f3 f3 f3 f3
[ 1717.278406][    C1]  ffffc90000a08780: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
[ 1717.286462][    C1] ==================================================================
[ 1717.294674][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1717.301870][    C1] CPU: 1 UID: 0 PID: 28826 Comm: syz.5.5707 Not tainted syzkaller #0 PREEMPT(full) 
[ 1717.311217][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1717.321253][    C1] Call Trace:
[ 1717.324512][    C1]  <IRQ>
[ 1717.327335][    C1]  dump_stack_lvl+0x99/0x250
[ 1717.331903][    C1]  ? __asan_memcpy+0x40/0x70
[ 1717.336469][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1717.341648][    C1]  ? __pfx__printk+0x10/0x10
[ 1717.346215][    C1]  vpanic+0x237/0x6d0
[ 1717.350176][    C1]  ? __pfx_vpanic+0x10/0x10
[ 1717.354666][    C1]  panic+0xb9/0xc0
[ 1717.358367][    C1]  ? __pfx_panic+0x10/0x10
[ 1717.362761][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1717.368631][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1717.374504][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1717.379598][    C1]  check_panic_on_warn+0x89/0xb0
[ 1717.384522][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1717.389612][    C1]  end_report+0x78/0x160
[ 1717.393831][    C1]  kasan_report+0x129/0x150
[ 1717.398313][    C1]  ? __asan_memset+0x22/0x50
[ 1717.402884][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1717.407973][    C1]  kasan_check_range+0x2b0/0x2c0
[ 1717.412909][    C1]  ? nft_ct_get_eval+0x100d/0x15c0
[ 1717.417997][    C1]  __asan_memcpy+0x40/0x70
[ 1717.422394][    C1]  nft_ct_get_eval+0x100d/0x15c0
[ 1717.427307][    C1]  ? __pfx_nft_ct_get_eval+0x10/0x10
[ 1717.432567][    C1]  ? __pfx_nft_ct_set_zone_eval+0x10/0x10
[ 1717.438266][    C1]  nft_do_chain+0x40c/0x1920
[ 1717.442836][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1717.448013][    C1]  ? __pfx_nft_do_chain+0x10/0x10
[ 1717.453024][    C1]  nft_do_chain_ipv4+0x154/0x210
[ 1717.457937][    C1]  ? __pfx_nft_do_chain_ipv4+0x10/0x10
[ 1717.463373][    C1]  ? NF_HOOK+0x9a/0x3a0
[ 1717.467514][    C1]  ? iptable_mangle_hook+0x189/0x4c0
[ 1717.472775][    C1]  ? __pfx_nft_do_chain_ipv4+0x10/0x10
[ 1717.478210][    C1]  nf_hook_slow+0xc5/0x220
[ 1717.482616][    C1]  NF_HOOK+0x206/0x3a0
[ 1717.486665][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1717.491752][    C1]  ? NF_HOOK+0x9a/0x3a0
[ 1717.495883][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[ 1717.500450][    C1]  ? ip_rcv_core+0x7f7/0xd00
[ 1717.505015][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[ 1717.510123][    C1]  ? __pfx_ip_rcv+0x10/0x10
[ 1717.514597][    C1]  __netif_receive_skb+0x143/0x380
[ 1717.519689][    C1]  ? process_backlog+0x2d5/0x14f0
[ 1717.524691][    C1]  process_backlog+0x60e/0x14f0
[ 1717.529521][    C1]  ? __pfx_process_backlog+0x10/0x10
[ 1717.534786][    C1]  __napi_poll+0xc7/0x360
[ 1717.539091][    C1]  ? skb_defer_free_flush+0x229/0x250
[ 1717.544465][    C1]  net_rx_action+0x5f7/0xdf0
[ 1717.549037][    C1]  ? __pfx_net_rx_action+0x10/0x10
[ 1717.554127][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[ 1717.559392][    C1]  handle_softirqs+0x286/0x870
[ 1717.564133][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[ 1717.568871][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[ 1717.574132][    C1]  __irq_exit_rcu+0xca/0x1f0
[ 1717.578697][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[ 1717.583874][    C1]  irq_exit_rcu+0x9/0x30
[ 1717.588091][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1717.593704][    C1]  </IRQ>
[ 1717.596614][    C1]  <TASK>
[ 1717.599520][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1717.605478][    C1] RIP: 0010:__unix_dgram_recvmsg+0x8b4/0xd60
[ 1717.611461][    C1] Code: df 48 8b 4c 24 48 0f b6 04 01 84 c0 4c 8b 7c 24 28 48 8b 54 24 18 0f 85 db 03 00 00 8b 1a bf ff ff ff ff 89 de e8 0c 9c cf f7 <85> db 0f 89 1a 02 00 00 e8 bf 97 cf f7 49 8d 5c 24 38 48 89 d8 48
[ 1717.631056][    C1] RSP: 0018:ffffc900048776a0 EFLAGS: 00000297
[ 1717.637102][    C1] RAX: ffffffff89f06c04 RBX: 00000000ffffffff RCX: 0000000000000002
[ 1717.645068][    C1] RDX: ffff888030191e40 RSI: 00000000ffffffff RDI: 00000000ffffffff
[ 1717.653015][    C1] RBP: ffffc90004877830 R08: ffffc9000487775f R09: 0000000000000000
[ 1717.660962][    C1] R10: ffffc90004877740 R11: fffff5200090eeec R12: ffff8880925c4140
[ 1717.668909][    C1] R13: 0000000080000002 R14: ffff8880925c4174 R15: 1ffff9200090eee4
[ 1717.676864][    C1]  ? __unix_dgram_recvmsg+0x8b4/0xd60
[ 1717.682218][    C1]  ? __pfx___unix_dgram_recvmsg+0x10/0x10
[ 1717.687914][    C1]  ? __lock_acquire+0xab9/0xd20
[ 1717.692743][    C1]  ? unix_dgram_recvmsg+0xb1/0xd0
[ 1717.697745][    C1]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[ 1717.703270][    C1]  sock_recvmsg_nosec+0x186/0x1c0
[ 1717.708272][    C1]  ____sys_recvmsg+0x3aa/0x460
[ 1717.713015][    C1]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1717.718272][    C1]  ? get_compat_msghdr+0x37e/0x4a0
[ 1717.723358][    C1]  ? ___sys_recvmsg+0x1c4/0x510
[ 1717.728198][    C1]  ? kfree+0x4d/0x6d0
[ 1717.732155][    C1]  ___sys_recvmsg+0x1b5/0x510
[ 1717.736808][    C1]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1717.741985][    C1]  ? __fget_files+0x3a0/0x420
[ 1717.746641][    C1]  do_recvmmsg+0x36a/0x770
[ 1717.751053][    C1]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1717.755967][    C1]  ? __ia32_compat_sys_ioctl+0x824/0x840
[ 1717.761580][    C1]  __sys_recvmmsg+0x19d/0x280
[ 1717.766238][    C1]  ? __pfx___sys_recvmmsg+0x10/0x10
[ 1717.771413][    C1]  ? rcu_is_watching+0x15/0xb0
[ 1717.776152][    C1]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[ 1717.782283][    C1]  __do_fast_syscall_32+0xb6/0x2b0
[ 1717.787376][    C1]  do_fast_syscall_32+0x34/0x80
[ 1717.792206][    C1]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1717.798515][    C1] RIP: 0023:0xf7f32539
[ 1717.802562][    C1] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1717.822145][    C1] RSP: 002b:00000000f540555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[ 1717.830535][    C1] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0
[ 1717.838486][    C1] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000
[ 1717.846435][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1717.854389][    C1] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1717.862339][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1717.870289][    C1]  </TASK>
[ 1717.873561][    C1] Kernel Offset: disabled
[ 1717.877866][    C1] Rebooting in 86400 seconds..