last executing test programs:

1m44.744956268s ago: executing program 2 (id=861):
r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mmap(&(0x7f0000eb8000/0x4000)=nil, 0x4000, 0x3, 0x8010, r0, 0xe0bd8000)
futex(&(0x7f0000000000)=0x1, 0xd, 0x1, 0x0, 0x0, 0x2)
r1 = accept4$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs, &(0x7f0000000100)=0x6e, 0x80800)
sendmsg$sock(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000140)="33e1898f06e031538b2f6d79636db2cf5187faf59a2cd01c3e687c54f70b601c8b0400cefdb39e77e7b36b73d1e223b4a85471a857df281015ae222b2d550c6cf1d218", 0x43}, {&(0x7f00000001c0)="c331a7f23f641ec3e849eb5b0cf9899a1e555b802fb8b902f367cd72e95b4e6cf1fae7affdd05bc62c2d6ce80ae9376f93f55be938e2c8ed907e43e364c2bb97a641e1b81e98910af69515e55147e48b8fa0780b30b19fab9817ce86eb9cdf51c0f7d958f09071f6efad8f600c995b110ae5b430a286a5c0c72200545dbabcdac5fb9a3d045060f3c702590cc12897b6a4d2c064a64f073bab5a3dd16d0d277293769db07ba7604f6c77f3ad0fd3f4099c3572eaf50025c2b0a04be364f76613abd64fa2e69d1b7b89d7282178f30ccc104c76061c5c", 0xd6}, {&(0x7f00000002c0)="fdf59ceaa9", 0x5}], 0x3, &(0x7f0000000340)=[@mark={{0x14, 0x1, 0x24, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0xfffffffffffffffd}}, @mark={{0x14}}, @txtime={{0x18, 0x1, 0x3d, 0x10}}, @txtime={{0x18, 0x1, 0x3d, 0x80000001}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0x7}}], 0xa8}, 0x20004040)
futex(&(0x7f000000cffc)=0x4, 0x9, 0x4, 0x0, 0x0, 0x400000)
futex(&(0x7f000000cffc), 0x5, 0x2000, 0x0, &(0x7f0000000000)=0x6, 0x4ffffff)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x200, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

1m43.692400047s ago: executing program 2 (id=866):
r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mmap(&(0x7f0000eb8000/0x4000)=nil, 0x4000, 0x3, 0x8010, r0, 0xe0bd8000)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2800001, 0xc3072, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) (fail_nth: 3)

1m43.20352018s ago: executing program 2 (id=868):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x7}, {0xffff, 0xffff}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x6c, 0x2c, 0xd27, 0x30bd26, 0x8000003, {0x0, 0x0, 0x0, r3, {0x0, 0xfff4}, {}, {0x6, 0xffed}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xf800}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x31, 0x1, 0x8001}, {0x0, 0x6a6, 0xffff, 0x5, 0x3, 0x2}}}, @TCF_EM_CONTAINER={0x10, 0x2, 0x0, 0x0, {{0xffff, 0xf8, 0x7540}, "fcd908"}}]}]}]}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x24008004}, 0x0)

1m43.097684562s ago: executing program 2 (id=870):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000180)=@file={0x1}, 0x6e)
listen(r0, 0x0) (async)
r1 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r1, &(0x7f0000000000)=@file={0x1}, 0x6e)
setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000340)={0x77359400}, 0x2c) (async)
connect$unix(r1, &(0x7f0000000080)=@file={0x1}, 0x6e) (async)
close(0x3) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket(0x2, 0x80805, 0x0) (async, rerun: 32)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (rerun: 32)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) (async)
unshare(0x26020480)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff})
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0)
r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
r9 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r9, 0x0) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000200)={<r10=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f0000000280)={r10, 0xfffffffb}, &(0x7f00000002c0)=0x8) (async, rerun: 64)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r5) (rerun: 64)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2c250000000c0000200012800c0001006d6163766c616e00100002800a000900000000000000000008000500", @ANYRES64=r3], 0x48}}, 0x0)

1m42.553801429s ago: executing program 2 (id=871):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = ioctl$KVM_GET_STATS_FD_vm(0xffffffffffffffff, 0xaece)
setsockopt$inet6_tcp_int(r1, 0x6, 0x3, &(0x7f0000000100)=0x3d36, 0x4)
r2 = epoll_create1(0x80000)
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_open_dev$radio(&(0x7f0000000940), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_QUERYMENU(r7, 0xc02c5625, &(0x7f0000000040)={0x98f904, 0x2, @value=0x5})
r8 = fanotify_init(0x40, 0x1)
fanotify_mark(r8, 0x20, 0x1010, r3, &(0x7f0000000140)='./file0\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
ioctl$TIOCMGET(r9, 0x5415, &(0x7f0000000280))
connect$tipc(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r11, 0xae60)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r12, 0x4138ae84, &(0x7f00000001c0)={{0xdddd1000, 0x1000, 0x8, 0xf0, 0x0, 0xfd, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x10}, {0x2, 0x267000, 0xb, 0x9, 0x8, 0x2, 0x9, 0xa, 0x5, 0xf, 0x3, 0xc7}, {0xd000, 0xe6e50002, 0xb, 0x0, 0x5, 0x7, 0x4, 0x0, 0xc, 0x0, 0x6, 0x3}, {0x8000000, 0x80a0000, 0x8, 0xfc, 0x40, 0x4f, 0x2, 0x72, 0x6, 0x3}, {0x2, 0x0, 0x9, 0x1, 0x3, 0x9, 0x9, 0x5, 0x5, 0x44, 0xe, 0x4b}, {0x2, 0xd000, 0x0, 0x7, 0x3, 0x6c, 0x1, 0x8, 0x4, 0x8d, 0x1}, {0x6000, 0x1000, 0x10, 0x9d, 0x3, 0xfe, 0x0, 0xb, 0x5, 0x7, 0x0, 0xf9}, {0x100000, 0x8000000, 0xd, 0x17, 0x3, 0x2, 0xff, 0x0, 0x14, 0x6, 0x2, 0x7}, {0xeeee8000, 0x5}, {0x2, 0x9}, 0x40010002, 0x0, 0x70000, 0x300, 0x5, 0x2000, 0xeeef0000, [0xffffffffffffff47, 0x401, 0x8, 0x6]})
ioctl$KVM_SET_LAPIC(r12, 0x4400ae8f, &(0x7f0000000300)={"597aebb3200720801b0e6ba1c3c9395fa6939c9dfe61db731224a32e0e42a97ae54fa5934b3561c8b03878ea755360e1f5398d1ba0cabf6cf8281c713f1e24f6703e7b2139576f37f3343e77d5a7cc22391cd2cdcb81ce51eebfc55762fb866b1c78576c01006aa946b4bc5c06fd6e52e796c7e52630b4abf83a601b07f7178f50c4c9c50a210675d61beb4e28c375f45f347b81fc61fc31b0d3b2bca1ddda53e9f1999cc99ba57f5f6f0674748cc787ecf4cc36db31b276f802c8fab94774fc2370e62ff40f62ba4d27133b1529efbfaea33f7e3c24b64c38b64c2002349c8a1e2dee73e24eb570aeeeba66d4d5f2ffe4b52bc0e341fd3772ac3e465da234d70e806555d345ac3b45dc1c229c8e127e1fe544b70bbad8f3b79e5c0562b10958531e17656b1ab6ef9c7352b709c2a19b3bdd33613c9ef2eeacafb51d090a45032a89ad46bd2859bce48ae4f90f977d83d39db160f6c075af0c77130e5429f8b5e31569d78aa49f670474a4430357acfe713640fdeed88971b78b69b1652bd6e1d6ef4c3d9eb2e32871efaa26bae28839c51799f881fbebd0dda92b58bff3429d89641d35c0d4818137038f7463ba658e8cfa8c504e9c0833d41ae483f2d64aa6ec60199e2eb121c90a8a4956b4121504a1913c2052b33500fc610ca396fd549de3462c2e6a7164c931fd7900707f8ab4498bbad75109d28f421fb7a1d276e15a497a385c23189b33d4e02efb94670e07a03a4908b990a925542154c86694d84c65bac5a0e9e2f2e36b95aac26d64447ffd828f831380bc6eece3db2c18693d29b59760ed2ebabd7b9bf874126a7f08205c81a0df5ff169b236cf3d05002f1798913f3f75292f1f1c42a9151170309d0bda87447719341e85b7aa07f07965205c37ea21b5504eb97eab44a70a7b2597ce0af2608c5cc2a85366ec11e47e2a197c6e038f6f9f4d1d25edb077f6d98d44305c4ebc803047409dfa8e6f93d9ce63ab434957924dbdefefc99bff0bb4a68142e04c7c20954541728ed4505377ba88ec208ce064e3c8a7943577e20804932e0571a902cf0c45c54dbacb9968ed15fee9234fff2f631990bf840f5693d285ecd94688c63a251dd2e2a7d0049ee2c45c1e695b87711cf5a6d31414d0f708e5d0fc03b2f37becf1e3267ff6b4d740c2b5d905ecf572d2c9f06b5da649af020b6931dfe057442e2cf12f28d93fd1b49f5716a0c2d773250c2caf8f52f2da9412ae377ed6f74a2f0123d6bb9fae78c37a88f029f1ecaf91d023bbf90a6110b21a015b3a6a4b5e54433c662e6162b114c128c158b8391eb5b57f8cdd4be5207bfbaded1a2063852f15fd2a9d00becc20d2432846c6254625d0af44119fd273ea85ccd4e18e47456bd72ea67a334d65368a8858322d8a1bd2786eb36138fa0b3600f44d03ba84615fcf998500"})
close_range(r4, 0xffffffffffffffff, 0x0)
fcntl$setstatus(r0, 0x4, 0x40000)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080)={0x30000001})

1m42.281424316s ago: executing program 2 (id=872):
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_dev$dri(&(0x7f0000000380), 0xe819, 0x393340)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004ec0)=ANY=[@ANYBLOB="28000000400007012bbd700000080000017a03000400c2800c0001800800108004000580040002"], 0x28}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000180)={{{@in=@private=0xa010102, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x0, 0x4e20, 0x0, 0x2, 0xa0, 0x20, 0x73, 0x0, 0xee00}, {0x8, 0x9, 0x81, 0x3a4, 0x4, 0x8, 0x6, 0x1}, {0x0, 0xffffffffffff98c9, 0x3ff, 0xffff}, 0x0, 0x6e6bc0, 0x2, 0x0, 0x6, 0x3}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d3, 0x32}, 0xa, @in=@multicast2, 0x3500, 0x2, 0x1, 0x6, 0x0, 0x1, 0x5}}, 0xe8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000030000005800018044000400200001000a000000000000000000000000000000400000000000000000000000200002000a00000000000000fc"], 0x6c}}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001c00), 0x2c80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xad)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r6, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x81)
sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r9=>0x0})
bind$can_j1939(r8, &(0x7f0000000340)={0x1d, r9, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
sendmsg$nl_route_sched(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r9, {0x5, 0x10}, {0xfff1, 0x9}, {0x2, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48040}, 0x20000050)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
recvmmsg(r11, 0x0, 0x0, 0x700, 0x0)
sendfile(r10, 0xffffffffffffffff, 0x0, 0x578410eb)

1m42.110085923s ago: executing program 32 (id=872):
socket$inet6_mptcp(0xa, 0x1, 0x106)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_open_dev$dri(&(0x7f0000000380), 0xe819, 0x393340)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmmsg$unix(r0, 0x0, 0x0, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004ec0)=ANY=[@ANYBLOB="28000000400007012bbd700000080000017a03000400c2800c0001800800108004000580040002"], 0x28}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000180)={{{@in=@private=0xa010102, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x0, 0x4e20, 0x0, 0x2, 0xa0, 0x20, 0x73, 0x0, 0xee00}, {0x8, 0x9, 0x81, 0x3a4, 0x4, 0x8, 0x6, 0x1}, {0x0, 0xffffffffffff98c9, 0x3ff, 0xffff}, 0x0, 0x6e6bc0, 0x2, 0x0, 0x6, 0x3}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d3, 0x32}, 0xa, @in=@multicast2, 0x3500, 0x2, 0x1, 0x6, 0x0, 0x1, 0x5}}, 0xe8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000030000005800018044000400200001000a000000000000000000000000000000400000000000000000000000200002000a00000000000000fc"], 0x6c}}, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001c00), 0x2c80, 0x0)
ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xad)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r6, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x81)
sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r9=>0x0})
bind$can_j1939(r8, &(0x7f0000000340)={0x1d, r9, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
sendmsg$nl_route_sched(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r9, {0x5, 0x10}, {0xfff1, 0x9}, {0x2, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x48040}, 0x20000050)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
recvmmsg(r11, 0x0, 0x0, 0x700, 0x0)
sendfile(r10, 0xffffffffffffffff, 0x0, 0x578410eb)

8.648460716s ago: executing program 4 (id=1259):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaa"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800008080b634280100"/20, @ANYRES32, @ANYRESDEC=r1], 0x0, 0x7, 0xffffffffffffffd2, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94)
r2 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0xfffffffc, {{@in6=@private0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4e20, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x3, 0x2, 0x2, 0x0, 0x0, 0x0, 0x4000000000000000, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000, 0x1ff}, 0x800, 0x6e6bba, 0x0, 0x0, 0x0, 0x1}}, 0xb8}}, 0x2c000010)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r6, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900000000000000000000000000001800", [0x0, 0x2000000000001]}})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0xa000, 0x0)
ioctl$TIOCGPTPEER(r7, 0x5441, 0x6f0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x103400, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000200)={0x48})
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, 0x40, 0x107, 0xfffffffe, 0x0, {0x1, 0x7c}, [@nested={0x4, 0x142}, @nested={0x10, 0x1, 0x0, 0x1, [@typed={0x4, 0x1c}, @typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={0xffffffffffffffff, 0xd2a727af3cb3995f, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0}}, 0x10)
ioctl$FBIO_WAITFORVSYNC(r8, 0x40044620, 0x0)
lstat(&(0x7f0000000300)='./file0\x00', 0x0)
getpid()
connect$can_bcm(r6, &(0x7f0000000140)={0x1d, r10}, 0x10)
getresuid(&(0x7f0000000540), &(0x7f0000000580), &(0x7f00000005c0))

8.388919679s ago: executing program 0 (id=1260):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000140)=ANY=[], 0x9)
sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback, 0x3000000}, 0x1c)

7.835621094s ago: executing program 1 (id=1261):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
fstat(r0, &(0x7f0000000040))
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f00000000c0)=[@sack_perm, @window={0x3, 0x9, 0x6}, @window={0x3, 0x8, 0x640}], 0x3)
recvmmsg(r2, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000001a40)=[{&(0x7f0000001580)=""/179, 0xb3}, {0x0}, {0x0}, {0x0}, {&(0x7f0000001880)=""/193, 0xc1}, {&(0x7f0000001980)=""/158, 0x9e}], 0x6}, 0x7}], 0x1, 0x100, &(0x7f0000002040)={0x0, 0x989680})
sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40182, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000001800000000000000", @ANYRES32, @ANYBLOB="537fb660690d65ce81abdf902f614efc9aa646166fac49d71ef44420", @ANYRES64=0x0], 0x20)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_GUEST_MEMFD(r5, 0xc040aed4, &(0x7f00000001c0)={0x1000200001ee0000, 0x3})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r6 = socket(0x1e, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x4000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, &(0x7f0000000480), 0x0)
syz_open_procfs(0x0, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x98}}, 0x0)
syz_usb_connect(0x1, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2, &(0x7f0000000380)=ANY=[@ANYBLOB="ffe3d9658d332484517b711960407843a0b30ecd7c03d97aa0f02dae8561c1f79ea49ac2ecc8cd062a12a5"]}]})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)

7.470079342s ago: executing program 0 (id=1264):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x3ada82, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = memfd_create(&(0x7f00000008c0)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\xfd\x89\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\rW\xef\x10\xd6d#\xf2\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8\x1f\xb2C\xf8\'?]\x16C\x166\xc0\xbcJT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8', 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000009500"/32], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
pwritev(r2, &(0x7f0000000540)=[{&(0x7f0000000880)="eb", 0x1}], 0x1, 0x7ffffd, 0x8)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58)
r4 = accept$alg(r3, 0x0, 0x0)
sendfile(r4, r2, 0x0, 0x2000081)
syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f0000000180)=[{{&(0x7f0000000580)=@rc={0x1f, @none}, 0x80, &(0x7f0000001b80)=[{&(0x7f0000000640)=""/100, 0x64}, {&(0x7f0000000100)=""/10, 0xa}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f0000000b00)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/159, 0x9f}, {&(0x7f0000001b00)=""/70, 0x46}], 0x6, &(0x7f0000001c00)=""/165, 0xa5}, 0xbb}], 0x1, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="34000000200025a729a17000fddbdf250a0000cdff0000019f0001000800060000000000080017004e204e2305001500020000"], 0x34}, 0x1, 0x0, 0x0, 0x20008081}, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000440)={'ip_vti0\x00', &(0x7f00000000c0)={'gretap0\x00', 0x0, 0x8000, 0x76d, 0xd3, 0x400, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x3, 0x0, 0x6, 0x4, 0x0, @multicast2, @private=0xa010100}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r7, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @local, @loopback}}}})

6.90447829s ago: executing program 4 (id=1266):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}]}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x40044)
unshare(0x2c020400)
msgget$private(0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0)
msgrcv(0x0, &(0x7f0000000000)={0x0, ""/19}, 0x2000, 0x0, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x2, 0x3e, 0x4c, 0x62, 0x0, 0x4, 0x6, 0x0, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0x1c, 0xd, 0x3, 0x9, [{@dev={0xac, 0x14, 0x14, 0x26}, 0x4}, {@multicast1, 0x5}, {@multicast1, 0x1}]}, @lsrr={0x83, 0x3, 0x6c}, @ssrr={0x89, 0x3, 0x9a}]}}, {{0x4e21, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x5, 0x0, 0x34}}}}}}, 0x0)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000180)="480000001400190d7ebdeb75fd0d9c562c84d8c033aae421962ea6ff3cd3c461ebe430a2ed7a80ffe0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6", 0x48}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000c00)=ANY=[@ANYBLOB="bf16000000000000b70700000100000048700000e4ff0000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f798585fb5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c26211a2b975eb4a9d08501c000c00000000000097e50f118c4a3b05489d1d1245cb774879b0871dd61703eefe87ff070000000000008cca1a363b2b28add613658171122dc01e0a77d7c44b009fdac91fc827f5797532750d4d4639f11089feb3f25b4695c6dac2cabfa04e2c16fa741b0665bb33be6f0e742213d0bf5528a601b5934b867f39f7d776ac00a434949b4455b7c6c678de4d9740d8dff6169c664b55ce550fb4e686ae169d9f7abbeb08e02799374ae0081858bdf144d8c7fb67dcec5e43a0e8099e543116b1b7d144b5613845cca4388344d82de45f0c1b7d041db040fd777791232d5db32d14bc1c3d000000000000000000000016a1049b6f094e504c28d7daa2f61b2a7c14d2343b4308b36e6b141371c958406e212b3accb45f87aef8bd5e2181fd7826b9e5cb2f6a63f113491239dca17e4fb33e670daf1cd7a99015ae9e1ca32b4e64dc38b55d525bd10971b0898be9d6e6154dfc99b20622b604b87ba03524c2fed51056d672b1b966657de5c86ab09195fba55af17663fecf1b5c5a76cf07615c7ee54c361449e275371a8c4243b9060ecdeecfb1603b061a8a62159830049061800953f7d00c43c95068c62c2ca1ad7fea9de97216dbc9c8e36a5607608e77d1d7d72b78b4f1eab8e40000000000000000adc90eb850f42f44e4b48c9cc39412c0ce6c9f4b95936ec36efc8dfbc54eb44affe1cd0f14d124df0c29c51b5628646b8155a1859358aa08f71fd2d9b2c4288a0d8870e8767173c65476e1a4f000c580f61d73f5be35ca1aa1235cf309650cdf8c6cd950c477890089be400b26dedec1199479b1b5adfaf2b6e05b7f90c9098ed4accddabd802ac5dc1b436e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf8}, 0x48)

6.212174253s ago: executing program 3 (id=1268):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0200001900010000000000fddbdf25e0000001000000000000000000000000ac0200000000000000000004000000000003000bffff00000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000001000000000000000000000000000000800000000000000000000000000000000000000200000000000000020000000084010500e0000002000000000000000000000000000000003c00000000000000ffffffff000000000000000000000000ff34000000020000000000000000000000000000ac1e0001000000000000000000000000000000003c0000000a0000000000000000000000000000000000000002000000000000000008000000080000fcffffff000000000000000000000000000000000000000033000000000000007f0000010000000000000000000000000335000003020000000000000002000000000000fe80000000000000000000000000002f0000000033000000000000000a010101000000000000000000000000043500000001010000000000bf0a00000000000100000000000000000000000000000001000004d43c00000000000000e000000100000000000000000000000003000000000108000b0000000000000000040000fc00000000000000000000000000000100000000330000000a000000ac1414bb000000000000000000000000fdffffff05"], 0x23c}, 0x1, 0x0, 0x0, 0x4004}, 0x4000)

5.953431893s ago: executing program 3 (id=1269):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xffffffff, 0x0, 0xb49, 0x9, 0x8000000000000001, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
r3 = socket$key(0xf, 0x3, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
read$dsp(0xffffffffffffffff, &(0x7f0000000140)=""/21, 0x15)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYRES64], 0xa0}}, 0x4)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(r3, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000400)={{{@in=@private=0xa010102, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80, 0x4d}, {0x0, 0x0, 0x0, 0x8, 0x5, 0x0, 0xfffffffffffffffe, 0xffff}, {0xffffffffffffffff}, 0x0, 0x6e6bbc, 0x1, 0x0, 0x4}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x4, 0x1, 0x0, 0x4}}, 0xe8)
syz_open_dev$dri(0x0, 0x7, 0x220042)
r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x80800)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)=[0x0], &(0x7f0000000340), 0x0, 0x1})
r6 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000006c0), 0x2, 0x0)
write$apparmor_exec(r6, &(0x7f0000000a40)=ANY=[@ANYBLOB='stack :'], 0xe4)
r7 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/unix\x00')
r8 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r8, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x1c)
r9 = socket$unix(0x1, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$unix(r9, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e20}, 0x6e)
pread64(r7, &(0x7f00000004c0)=""/167, 0xa7, 0x2)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0)

5.865517754s ago: executing program 4 (id=1270):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x800000000, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
io_setup(0x206, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f00000005c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xef, r0, &(0x7f0000001400)="95", 0x1}])
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
openat$cgroup_devices(0xffffffffffffffff, 0x0, 0x2, 0x0)

4.749177859s ago: executing program 5 (id=1271):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f000000cffc), 0x80, 0x0, 0x0, 0x0, 0x0)
prctl$PR_MCE_KILL(0x4e, 0x1, 0x4000)
prctl$PR_MCE_KILL(0x21, 0x1, 0x2)
prctl$PR_SET_SECCOMP(0x4e, 0x1, 0x0)

4.140439232s ago: executing program 1 (id=1272):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x1, 0x470bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x64e10, 0x36a01}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x3}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @lowpan={{0xb}, {0x4}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x400c080}, 0x20004001)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/input/devices\x00', 0x0, 0x0)

3.962535143s ago: executing program 1 (id=1273):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x34, r1, 0x5, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_4ADDR={0x5}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x4}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x34}}, 0x8000)

3.757285776s ago: executing program 5 (id=1274):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = landlock_create_ruleset(&(0x7f0000000080)={0x8000}, 0x18, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0x5451, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r4, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x0, 0x40002042, 0x0, {0x1}})
io_uring_enter(r5, 0x47f6, 0x0, 0x4, 0x0, 0x0)

3.684595537s ago: executing program 1 (id=1275):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.479720277s ago: executing program 0 (id=1276):
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
modify_ldt$write(0x1, &(0x7f00000000c0)={0x8, 0x100000, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f0000000000)={0x2, 0x0, 0x4, 0x4, 0xfffffffffffffffb, 0x27, 0xf57, 0x2002}, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$setregs(0xd, r1, 0xb3, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cbd678cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r1, 0x1, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78})
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000100)={0x4f0f004, 0xffff0001})

3.288949372s ago: executing program 3 (id=1277):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c020000190001000000000000000000fc0200000000000000000000000000000000000000000000000000000000000000000003000000000200002008000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000fdffffffffffffff00000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000040000000000000000000000dd020000000000000000000000000000000000000000000084010500ac14143b000000000000000000000000000000002b0000000000"], 0x23c}}, 0x0)

3.12756642s ago: executing program 1 (id=1278):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
io_setup(0x5, &(0x7f0000000140)=<r1=>0x0)
io_uring_enter(0xffffffffffffffff, 0x627, 0x14, 0x43, 0x0, 0x0)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x3e6f, 0x10100, 0x0, 0x1}, &(0x7f0000001240)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0)
r5 = eventfd2(0x0, 0x0)
io_submit(r1, 0x1, &(0x7f0000000280)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x5, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r5}])
ppoll(&(0x7f0000000040)=[{r5, 0x240}], 0x1, 0x0, 0x0, 0x0)
shutdown(r0, 0x0)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000180)=@raw={'raw\x00', 0x3c1, 0x3, 0x1390, 0x1128, 0xffffff80, 0x178, 0x0, 0x178, 0x12c0, 0x22b, 0x258, 0x12c0, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x1100, 0x1128, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.cpu/syz0\x00'}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x6, 0x5}, {0x2, 0x5, 0x9}}}}, {{@ipv6={@loopback, @private0, [], [], 'wg2\x00', 'veth1\x00', {0xff}, {0xff}, 0x0, 0x0, 0x1, 0x14}, 0x0, 0x160, 0x198, 0x0, {}, [@common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x3, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, @private1, [], [], [], 0x2080, 0x1d71}}, @inet=@rpfilter={{0x28}, {0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x1, 0x4}, {0x4, 0x3, 0x2}, {0x2, 0x2, 0x4}, 0x401, 0xde3}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x13f0)

3.075849967s ago: executing program 3 (id=1279):
r0 = io_uring_setup(0x400f, &(0x7f0000000100)={0x0, 0x7f48, 0xc044, 0x0, 0xfe})
mmap$IORING_OFF_SQ_RING(&(0x7f00006ec000/0x4000)=nil, 0x4000, 0x3000008, 0x10, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000004600), 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
mknod$loop(0x0, 0x2000, 0x0)
ioctl$TCSETSW2(r3, 0x80047456, &(0x7f0000000040)={0x3, 0xb, 0xfffffffe, 0x7fffffff, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf", 0xffffffff})

3.01301876s ago: executing program 4 (id=1280):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00', <r2=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, 0x0, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_IFINDEX={0x8}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}]}, 0x48}, 0x1, 0x0, 0x0, 0x8040}, 0x40044)
unshare(0x2c020400)
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0)
msgrcv(0x0, &(0x7f0000000000)={0x0, ""/19}, 0x2000, 0x0, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000000)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x2, 0x3e, 0x4c, 0x62, 0x0, 0x4, 0x6, 0x0, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0x1c, 0xd, 0x3, 0x9, [{@dev={0xac, 0x14, 0x14, 0x26}, 0x4}, {@multicast1, 0x5}, {@multicast1, 0x1}]}, @lsrr={0x83, 0x3, 0x6c}, @ssrr={0x89, 0x3, 0x9a}]}}, {{0x4e21, 0x4e24, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x10, 0x5, 0x0, 0x34}}}}}}, 0x0)
bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r2}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000180)="480000001400190d7ebdeb75fd0d9c562c84d8c033aae421962ea6ff3cd3c461ebe430a2ed7a80ffe0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6", 0x48}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000c00)=ANY=[@ANYBLOB="bf16000000000000b70700000100000048700000e4ff0000bc700000000000009500faff000000008aa1210b29017b83c8e96e6405f798585fb5030b3388b0409a814343f1ae341b74efa745a12f5c0685e5261482e31e0cacc902c97e6145ef48004d26342c94f56a39359ba56724e4535d80ffbd6848d53382c26211a2b975eb4a9d08501c000c00000000000097e50f118c4a3b05489d1d1245cb774879b0871dd61703eefe87ff070000000000008cca1a363b2b28add613658171122dc01e0a77d7c44b009fdac91fc827f5797532750d4d4639f11089feb3f25b4695c6dac2cabfa04e2c16fa741b0665bb33be6f0e742213d0bf5528a601b5934b867f39f7d776ac00a434949b4455b7c6c678de4d9740d8dff6169c664b55ce550fb4e686ae169d9f7abbeb08e02799374ae0081858bdf144d8c7fb67dcec5e43a0e8099e543116b1b7d144b5613845cca4388344d82de45f0c1b7d041db040fd777791232d5db32d14bc1c3d000000000000000000000016a1049b6f094e504c28d7daa2f61b2a7c14d2343b4308b36e6b141371c958406e212b3accb45f87aef8bd5e2181fd7826b9e5cb2f6a63f113491239dca17e4fb33e670daf1cd7a99015ae9e1ca32b4e64dc38b55d525bd10971b0898be9d6e6154dfc99b20622b604b87ba03524c2fed51056d672b1b966657de5c86ab09195fba55af17663fecf1b5c5a76cf07615c7ee54c361449e275371a8c4243b9060ecdeecfb1603b061a8a62159830049061800953f7d00c43c95068c62c2ca1ad7fea9de97216dbc9c8e36a5607608e77d1d7d72b78b4f1eab8e40000000000000000adc90eb850f42f44e4b48c9cc39412c0ce6c9f4b95936ec36efc8dfbc54eb44affe1cd0f14d124df0c29c51b5628646b8155a1859358aa08f71fd2d9b2c4288a0d8870e8767173c65476e1a4f000c580f61d73f5be35ca1aa1235cf309650cdf8c6cd950c477890089be400b26dedec1199479b1b5adfaf2b6e05b7f90c9098ed4accddabd802ac5dc1b436e"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffcf8}, 0x48)

2.805891901s ago: executing program 4 (id=1281):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r0, 0x84, 0x7f, &(0x7f0000000340)="6985759cd9340009", 0x8)
r1 = socket$inet6(0xa, 0x2, 0x0)
getsockopt$sock_buf(r1, 0x1, 0x13, &(0x7f0000000280)=""/137, &(0x7f00000001c0)=0x89)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000140)={0x14000, 0x0, {0xffffffffffffffff}, {0xffffffffffffffff}, 0x8000000000000000})
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r2, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r3)
close(r3)
unshare(0x6a040000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x940d, 0x0, 0x9, 0x0, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0)
syz_emit_ethernet(0xc2, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x40505330, &(0x7f0000000180)={0x800100, 0xffffffff, 0x22, 0xe1d9, 0x1101, 0xff})
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000080)={0x84, @private=0xa010100, 0x15, 0x3, 'sh\x00', 0x28, 0x0, 0x70}, 0x2c)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000740)=@newsa={0x140, 0x1a, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0xa, 0x0, 0x20, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x0, 0x1000000000000192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffe, 0x3fc}, 0x80, 0x3505, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @replay_thresh={0x8, 0xb, 0x7f}]}, 0x140}}, 0x844)
r8 = socket$kcm(0xa, 0x2, 0x0)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r9, 0x0, 0x487, 0x0, 0x0)
sendmsg$sock(r8, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
sendmsg$sock(r8, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffc}, 0x80, 0x0}, 0x0)

2.523517429s ago: executing program 0 (id=1282):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000003c0)={0x84, &(0x7f0000000040)=ANY=[@ANYBLOB="00000100000005"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000002c0)='./binderfs/binder0\x00', 0x800, 0x0) (rerun: 32)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000040)={0x1, 0x0, &(0x7f00000001c0)=[@enter_looper], 0x1, 0x0, &(0x7f0000001a40)}) (async, rerun: 64)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x8, 0x181000) (async, rerun: 64)
syz_usb_connect(0x2, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xff, 0x5, 0x17, 0x40, 0x5ac, 0x225, 0xf732, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xbb, 0x0, 0x0, 0x3, 0xe2, 0x2}}]}}]}}, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000580)={0x2c, &(0x7f0000000380)=ANY=[@ANYBLOB="001504"], 0x0, 0x0, 0x0, 0x0})

2.432058787s ago: executing program 5 (id=1283):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0200001900010000000000fddbdf25e0000001000000000000000000000000ac0200000000000000000004000000000003000bffff00000a00800000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffffffffffff000000000000000001000000000000000000000000000000800000000000000000000000000000000000000400000000000000020000000084010500e0000002000000000000000000000000000000003c00000000000000ffffffff000000000000000000000000ff34000000020000000000000000000000000000ac1e0001000000000000000000000000000000003c0000000a0000000000000000000000000000000000000002000000000000000008000000080000fcffffff000000000000000000000000000000000000000033000000000000007f0000010000000000000000000000000335000003020000000000000002000000000000fe80000000000000000000000000002f0000000033000000000000000a010101000000000000000000000000043500000001010000000000bf0a00000000000100000000000000000000000000000001000004d43c00000000000000e000000100000000000000000000000003000000000108000b0000000000000000040000fc00000000000000000000000000000100000000330000000a000000ac1414bb000000000000000000000000fdffffff05"], 0x23c}, 0x1, 0x0, 0x0, 0x4004}, 0x4000)

2.273490011s ago: executing program 5 (id=1284):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = socket$inet_sctp(0x2, 0x1, 0x84) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e20, 0x9, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7}}, 0x80, 0x8, 0x6, 0x7ffd, 0x8, 0x7, 0x9}, &(0x7f0000000140)=0x9c) (async)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='clear_refs\x00') (async)
r5 = syz_usb_connect(0x4, 0x2d, 0x0, 0x0)
syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000000)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r5, 0x0, 0x0) (async)
syz_usb_control_io$printer(r5, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0) (async)
r6 = msgget$private(0x0, 0x435f76f616fcc2c7)
msgsnd(r6, &(0x7f0000000200)=ANY=[@ANYBLOB], 0x8, 0x0) (async)
syz_usb_control_io(r5, 0x0, 0x0) (async)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0) (async)
r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_FREEZE(r3, 0x400c620e, &(0x7f0000000100)={0x0, 0x0, 0x3}) (async)
read$FUSE(r4, &(0x7f0000002480)={0x2020}, 0x2020)
syz_io_uring_setup(0x88f, 0x0, 0x0, &(0x7f0000000280)) (async)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r8, 0x4bfa, 0x41)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r7, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1, 0x3})

2.114601369s ago: executing program 1 (id=1285):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x7, &(0x7f00000001c0)=0x8, 0x4) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'ip_vti0\x00', <r1=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x1d, r1}, 0x10, &(0x7f00000005c0)={&(0x7f0000000100)=@can={{}, 0x80, 0x3, 0x4, 0x2, "07000000008000"}, 0x10}}, 0x4b2281376c22b9a9) (async)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000040)=[{}], &(0x7f0000000080)=0x8) (async)
syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201100153a42908f00a71729188010203010902240001060000000904020002ffffff0009050b0000000000000905", @ANYRES16], 0x0)

1.791105691s ago: executing program 0 (id=1286):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x2a, 0x2, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]})
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000480)={'vcan0\x00'})
dup(0xffffffffffffffff)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4)
sendmsg$NL80211_CMD_GET_WIPHY(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="0103000000000000000001000000080001001000000008000300", @ANYRES64=r2, @ANYBLOB="0c0099000200000004000000"], 0x30}}, 0x44)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40000)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad", 0x1)
mremap(&(0x7f0000d71000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000179000/0x2000)=nil)
mremap(&(0x7f000056c000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000e09000/0x2000)=nil)
r6 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0x0, 0x800, 0x0, 0xa7})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r7 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2a00)
ioctl$SG_GET_VERSION_NUM(r7, 0x2284, 0x0)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa)

1.669413029s ago: executing program 4 (id=1287):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
sendmsg$inet6(0xffffffffffffffff, 0x0, 0x40044)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="b4050000000000007112180000000000bc201000210000009500000000000000159bb11d55cd54f795ebc6c48b7ee57df364594defe47aa18c81fbb86c6042dbf743a90b61bae3a57ba478e003fe723b194058bc41fc8c6082cee0dce6c4e98c8804a03eb15abe991b86e1c207e4b9c2e545253ec3e0a8800fd697685e0d14ef22ee60615176aa2972a57268ec0127b3869d981e769df4fd0f63d8bde942339d7e8fa10c87b5562d7cd8a361f5801b6e29c575dac7f00846c103fa144116db9a8a8850b0715c590a250c52c2b47c7a4176a8c5e2702c9ad3df0cc0"], &(0x7f0000003ff6)='GPL\x00', 0xa, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48)
write$binfmt_register(r4, &(0x7f00000004c0)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x0, 0x3a, '#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xea(J\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{G\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xbd\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132?\xbf\xb2\x93B\x01\'#\xc0v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde44m\x96+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x8c\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xa1W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a', 0x3a, '#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xeahJ\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xbf7K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xd3W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a', 0x3a, './file0'}, 0x237)
socket(0x2, 0x3, 0x2)
sendmsg$IPSET_CMD_FLUSH(r3, 0x0, 0x480c4)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = dup(r5)
ioctl$PTP_EXTTS_REQUEST2(r6, 0x40603d07, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
syz_80211_join_ibss(&(0x7f0000000180)='wlan1\x00', &(0x7f0000000200)=@default_ibss_ssid, 0x6, 0x2)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f00000000c0)={<r7=>0x0})
ioctl$DRM_IOCTL_GEM_CLOSE(0xffffffffffffffff, 0x40086409, &(0x7f0000000100)={r7})
socket$kcm(0x29, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket(0x2, 0x80805, 0x0)
r8 = socket$inet_sctp(0x2, 0x5, 0x84)
socket$kcm(0xa, 0x2, 0x0)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_FLUSH(r9, 0x0, 0x485, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'lblc\x00', 0x20, 0xa7e, 0x400070}, 0x2c)

1.502050598s ago: executing program 3 (id=1288):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.103186257s ago: executing program 5 (id=1289):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)) (async)
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000500), 0x8, 0x0) (async)
r1 = syz_io_uring_setup(0x437d, &(0x7f0000000580)={0x0, 0x8b2, 0x13500, 0xfffffffe, 0x304}, &(0x7f0000000240), &(0x7f0000001880))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x21, &(0x7f0000000440)=r0, 0x1)
r2 = socket(0x10, 0x803, 0x0) (async)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
process_madvise(r3, 0x0, 0x0, 0x1, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) (async)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) (async)
sendmsg$NFT_BATCH(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000060a0b040000000000007f94050017000000f0ffff2700048024000180090001006d6574610000000014000280080002400000000908000140000000010c00034000000000000000020900020073797a3200000000140000001100010000000000000000000000000aa4d336b96c4f340c08c26a960426e0a4831643c6ff6a17981f1b90a4462255f49dbd6ff66059fbc374579fd789c23b9a1b8e1e5864e42913b133e5f740143bae3ada6190bd576f2b33bf423794211073ba8a3a38856c4cd20f6e0169d9632c9539e1c3020a0d21977d98041434d8cbdb"], 0x7c}, 0x1, 0x0, 0x0, 0x4040800}, 0x0) (async)
getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) (async)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f00000007c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000800)=ANY=[@ANYRES16=0x0, @ANYBLOB="0000000000118b0b000000000000afe6366f8b4426ebd2d02f4a4d6492e4bd0e010001002ffe00d10f12c69ab0b1c6f68cc172df8faa790ae50c7c6e30ce421a7061546b3fa48cb827b3496c6122afaf592ff5b791225d83d97c45f716137ae2479b"], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x4040080)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="400000001000390400000000000000", @ANYRES32=r5, @ANYBLOB="01980000000000002000128008000101000000001007751e000080080001000f44a9ea1be24194cf16e9586baae4202a5e5df958aace731be574102af965be890958c622cb91650e4a38e4dd001c8e249e755a8d7d0da01c79a32c4367843c4ae49dc6c5263cac9f245e5f4d5a9b7538f5fb17a1b9ab439e93e5b2be959985a6781f25ce871c7787c96b813c9239f9bc9cfc7a2fae13ccda6db329971defb5cb0d20d1773d6bbf7005b7ee7a19420fcf1e1ae41654811e6634", @ANYRESDEC=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r7 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r7, 0x89f2, &(0x7f0000004f40)={'gre0\x00', &(0x7f0000000240)={'gretap0\x00', r5, 0x1, 0x20, 0x0, 0x4, {{0x5, 0x4, 0x1, 0x8, 0x14, 0x67, 0x0, 0xdb, 0x29, 0x0, @empty, @empty}}}}) (async, rerun: 64)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) (rerun: 64)
ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) (async)
fcntl$lock(r8, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
r9 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000b40)=@mangle={'mangle\x00', 0x64, 0x6, 0x500, 0x360, 0x270, 0x0, 0x360, 0x360, 0x430, 0x430, 0x430, 0x430, 0x430, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [0xff], [0x0, 0xffffffff], 'gre0\x00', 'syzkaller1\x00', {}, {0xff}}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x599c, 0x6}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x270}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28}}, {{@uncond, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv6=@remote, 0x3a, 0x8, 0x6}}}, {{@ipv6={@local, @empty, [0x0, 0xff000000, 0xff000000], [], 'tunl0\x00', 'team_slave_0\x00', {}, {0xf7d589580f149d60}, 0x0, 0x5, 0x7}, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x2, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x560)
fcntl$lock(r7, 0x5, &(0x7f0000000080)={0x0, 0x6, 0x200b, 0x1fd}) (async)
fcntl$lock(r8, 0x7, &(0x7f0000000280)={0x2, 0x0, 0x2f, 0x2000000000000009}) (async)
execveat(r0, &(0x7f0000000600)='./file0\x00', &(0x7f0000000100)={[&(0x7f0000000880)='gre\x02\x00M \xb3b\xf3\xc7\x1c\x92\x8a\x8d\xe8\xd6\xed_B1L\x95;\xea\xc2\xb2\x96\xbcU\x1c$\x8e\xe0\x97\xabV;\x9fO\x1a\x0f\x9dq\xee\xca:f\x16\b C];p\x1d\x13/|d\xb7\x1ck\xba\x8et\xb1#\x19~\xe6>\xea\xa0\xf4\x05\xcf(D\x15\x8d\x96@\x83\ryw$\xcf\x82}h\xd3\x82%\x1d\xf9\r\x8a$\x85\xd4\xc8\xdb\xe4\x1c\xf4\x98\xbb-H4e\r\xfa\x8a\xbc?\x97|\x0f\x1e\x17\x8b?\x80\xce\xf9\xbd\x04\x04\x97\x83\xee\xa0\xdd\xb9}\x95\x98 \xf0\xeb\xa1\xfa\x14\xa0\xcc\xf12\x88\x0e\xdb\x1f\x99Gjc$h\x1e\xc5\xce\xffv\x10\x81\xca7\x86HRc\xfe\xc7X\x9azk\xea\x93\xc6\x1b\xf8\xc9\'\xa0l\xb1\x9bl\xee\xa8\x13\x05`PE.\\+O,\x8fl\xc4\vq\xb8\b*\xc5+\xbe\"\xc1']}, &(0x7f0000000300)={[&(0x7f00000001c0)='gre0\x00', &(0x7f0000000280)='%%^\x00', &(0x7f00000002c0)='!()\'.){\x00']}, 0x800) (async)
pread64(r8, &(0x7f00000003c0)=""/234, 0xea, 0x3) (async, rerun: 64)
r10 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000000)={'team0\x00', <r11=>0x0})
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newlink={0x54, 0x10, 0xffffffffffffffff, 0x30bd27, 0x25dfdbfb, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x39, {0x504, 0x347}}]}]}}}, @IFLA_LINK={0x8, 0x5, r11}]}, 0x54}, 0x1, 0x0, 0x0, 0x20044010}, 0x8000042)

931.645267ms ago: executing program 3 (id=1290):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x9, 0xc, 0x59565955, 0x2, 0x6, 0x6, 0x5, 0xa6e, 0x0, 0x2, 0x2, 0x5}})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r3, &(0x7f0000004100)={0x2020, 0x0, 0x0, <r4=>0x0}, 0x2020)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="400000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="a7ffa88800000000200012800900010069706970000000fa0f000280040013000500090000000008f33a5798cb485f3a9776f093ab3e544599d87862ad961fa67f7215b55c42d37b9a100eb2ec063287898534c013c8f11d376156badd398f094e0e3b0cae09b813a27158392211de2312f2526854a5a004cb08dad59319ee0f21d26b"], 0x40}}, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000680)={'bridge0\x00'})
socket(0x400000000010, 0x3, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r8, &(0x7f0000002640)={0x2020}, 0x2020)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, 0x0, 0x10)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
r12 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_udp_SIOCINQ(r12, 0x541b, &(0x7f00000000c0))
sendmsg$nl_xfrm(r11, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000016c0)=@newsa={0x138, 0x10, 0x1, 0xfff7fffe, 0x100, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@remote, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x40}, 0x70bd2a, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0)
sendmsg$nl_xfrm(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=@newsa={0x158, 0x10, 0x1, 0xfffffffe, 0x100, {{@in=@multicast2, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x2f, 0x0, r4}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc}, 0x70bd29, 0x3504, 0x2, 0x1, 0x0, 0x20}, [@algo_comp={0x67, 0x3, {{'deflate\x00'}, 0xf8, "6f85bf85a2fc88fd5132a7226878830e7135efbf027ac5cab808d6a4b3ab2c"}}]}, 0x158}, 0x1, 0x0, 0x0, 0x8801}, 0x0)

821.765864ms ago: executing program 5 (id=1291):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x10, 0x803, 0x0)
socket$unix(0x1, 0x1, 0x0)
r1 = memfd_create(&(0x7f0000000800)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd \xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\x83P\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\xd66hv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfa\x87$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\xb9F,e\xfa\xd7\xa2\xeb\xb1\xc9\xbe#\x92\xf3\x19\xe6\x83(\xfe\xf8i\xb9\xc1\xa0w\xea\xbf\xe5\x8d\xe9\x14\x130\xc3\xa5|/_\t\x98\xc3\xa7\x95!\xdf*\a\xd7\xfcv|\xb3Zc\xcf~\xf6\xe2\xa86Q\x9a$\x80\x85\x8b\t\xbf\xe6(\x12\xe0\xe1e\x81x]a\x145\xa7\xd2\n\x11h\xb9\xf5g\xc4%&\xbaRy\x8f\x85Q\xb9W\xe5\x06\xe2\xb3ryk}\x86\xc6\x04\x03i\x10\xa8\xc4\xcd`\xb8\xcfT))\xb7\x15\b%\xc8uC(C\x01\x1by\xbf \x10\xe8k\xea\x80\xd0P|\x11\xe5\xb9\x1d^\x92j\xb0\xa7\x1d', 0x7)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x4d091, r1, 0x4000000)
fcntl$addseals(r1, 0x409, 0x2)
r2 = openat$udambuf(0xffffff9c, &(0x7f0000000000), 0x2)
r3 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000040)=ANY=[@ANYBLOB="2072dc"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001b80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_MCAST_RATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r5, 0x439, 0xfffffffe, 0x20000, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040090}, 0x4004000)
r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
read(r7, 0x0, 0x0)
ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000340)={r1, 0x0, 0x2000, 0x1000})

0s ago: executing program 0 (id=1292):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(0x0, &(0x7f00000001c0)=[{&(0x7f0000000480)=""/243, 0xf3}], 0x1, 0x0, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000080), 0x800, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYBLOB=',g'])
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000004100)={0x2020}, 0x2020)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000040)=0x3bf6e, 0x4)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="2400000016000d190a762d7f08", 0xd}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff", 0x17}], 0x2}, 0x0)
r6 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/pm_test', 0x0, 0x10d)
syz_clone3(&(0x7f0000000300)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r6}}, 0x58)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x88302, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYRES32, @ANYBLOB], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)

kernel console output (not intermixed with test programs):

gh-speed USB device number 48 using dummy_hcd
[  307.498822][ T5913] usb 4-1: Using ep0 maxpacket: 8
[  307.539393][ T5913] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  307.548377][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  307.560739][ T9039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  307.595203][ T9039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  307.664300][ T5913] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  307.721874][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  307.753544][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  307.807401][ T5913] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  307.814892][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  307.877748][ T5913] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  307.899997][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  307.957120][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  307.993971][ T5913] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  308.004605][ T9039] team0: Port device team_slave_0 added
[  308.010423][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  308.046816][ T5913] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  308.084126][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  308.112265][ T5913] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  308.119166][ T9039] team0: Port device team_slave_1 added
[  308.167166][ T5913] usb 4-1: string descriptor 0 read error: -22
[  308.185106][ T5913] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  308.229937][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.276920][ T5913] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  308.407084][ T9140] veth3: entered promiscuous mode
[  308.421633][ T9039] batman_adv: batadv0: Adding interface: batadv_slave_0
[  308.446822][ T9039] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  308.577663][ T9039] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  308.613892][ T9039] batman_adv: batadv0: Adding interface: batadv_slave_1
[  308.621522][ T5826] Bluetooth: hci3: command tx timeout
[  308.633556][ T9145] kvm: emulating exchange as write
[  308.641773][ T9039] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  308.685494][ T9039] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  308.700322][ T9145] netlink: 'syz.3.883': attribute type 37 has an invalid length.
[  308.857094][ T9039] hsr_slave_0: entered promiscuous mode
[  308.863902][ T9039] hsr_slave_1: entered promiscuous mode
[  308.870897][ T9039] debugfs: 'hsr0' already exists in 'hsr'
[  308.886589][ T9039] Cannot create hsr debugfs directory
[  308.904518][ T9152] tipc: Enabled bearer <udp:s>, priority 10
[  308.917323][ T5830] usb 4-1: USB disconnect, device number 48
[  309.305968][ T9039] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  309.331294][ T9039] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  309.376749][ T9039] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  309.391364][ T9039] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  309.447305][    T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  309.824446][ T9039] 8021q: adding VLAN 0 to HW filter on device bond0
[  309.901382][ T9039] 8021q: adding VLAN 0 to HW filter on device team0
[  309.939105][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  309.946348][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  310.010128][ T1342] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.017381][ T1342] bridge0: port 2(bridge_slave_1) entered forwarding state
[  310.091879][ T9188] netlink: 'syz.3.899': attribute type 10 has an invalid length.
[  310.119316][ T9188] netlink: 40 bytes leftover after parsing attributes in process `syz.3.899'.
[  310.168709][ T9188] batadv0: entered promiscuous mode
[  310.185987][ T9188] batadv0: entered allmulticast mode
[  310.216967][ T9188] bridge0: port 3(batadv0) entered blocking state
[  310.223809][ T9188] bridge0: port 3(batadv0) entered disabled state
[  310.243097][ T9188] bridge0: port 3(batadv0) entered blocking state
[  310.249746][ T9188] bridge0: port 3(batadv0) entered forwarding state
[  310.419778][ T9039] 8021q: adding VLAN 0 to HW filter on device batadv0
[  310.565871][ T9039] veth0_vlan: entered promiscuous mode
[  310.588629][ T9039] veth1_vlan: entered promiscuous mode
[  310.637017][ T1342] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  310.646776][ T1342] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  310.685076][ T9039] veth0_macvtap: entered promiscuous mode
[  310.701326][ T9039] veth1_macvtap: entered promiscuous mode
[  310.727973][ T9039] batman_adv: batadv0: Interface activated: batadv_slave_0
[  310.778378][ T9039] batman_adv: batadv0: Interface activated: batadv_slave_1
[  310.804863][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  310.806810][ T5875] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  310.832253][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  310.850285][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  310.868571][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  311.011504][ T5875] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  311.038316][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.053111][ T6651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.072461][ T5875] usb 4-1: config 0 descriptor??
[  311.088523][ T5875] cp210x 4-1:0.0: cp210x converter detected
[  311.099248][ T6651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.168628][ T1342] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  311.196543][ T1342] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  311.430780][ T9191] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  311.504058][ T5875] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  311.517514][ T5875] cp210x 4-1:0.0: failed to get vendor val 0x3711 size 2: -121
[  311.525399][ T5875] cp210x 4-1:0.0: GPIO initialisation failed: -121
[  311.549382][ T5875] usb 4-1: cp210x converter now attached to ttyUSB0
[  311.732863][ T5913] usb 4-1: USB disconnect, device number 49
[  311.772582][ T5913] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  311.802958][ T5913] cp210x 4-1:0.0: device disconnected
[  312.457393][ T9232] x_tables: duplicate underflow at hook 3
[  312.666540][ T5875] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  312.697481][ T5913] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  312.861585][ T5875] usb 4-1: config 1 has an invalid interface number: 7 but max is 0
[  312.897422][ T5875] usb 4-1: config 1 has no interface number 0
[  312.906572][ T5875] usb 4-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  312.919751][ T5913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  312.920066][ T5875] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  312.942778][ T5875] usb 4-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.951111][ T5913] usb 5-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[  312.975062][ T5875] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  312.994615][ T5913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.016442][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.031669][ T5913] usb 5-1: Product: syz
[  313.031671][ T5875] usb 4-1: Product: syz
[  313.031694][ T5875] usb 4-1: Manufacturer: syz
[  313.046293][ T5875] usb 4-1: SerialNumber: syz
[  313.051152][ T5913] usb 5-1: Manufacturer: syz
[  313.130782][ T5913] usb 5-1: SerialNumber: syz
[  313.140067][ T9231] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  313.166911][ T5913] usb 5-1: config 0 descriptor??
[  313.354079][ T9231] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  313.389926][ T5913] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  313.540363][ T5913] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2
[  313.613584][ T5913] usb 5-1: USB disconnect, device number 49
[  313.663665][ T5970] udevd[5970]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  313.703789][ T5875] sierra_net 4-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.3-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  313.782928][ T5875] sierra_net 4-1:1.7 wwan0: Submit SYNC failed -71
[  313.813174][ T5875] sierra_net 4-1:1.7 wwan0: Send SYNC failed, status -71
[  313.844220][ T5875] sierra_net 4-1:1.7 wwan0: Submit SYNC failed -71
[  313.874173][ T5875] sierra_net 4-1:1.7 wwan0: Send SYNC failed, status -71
[  313.915477][ T5875] usb 4-1: USB disconnect, device number 50
[  313.928213][ T5875] sierra_net 4-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.3-1, Sierra Wireless USB-to-WWAN Modem
[  314.019664][ T5875] sierra_net 4-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  315.147178][ T5875] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  315.321417][   T30] kauditd_printk_skb: 69 callbacks suppressed
[  315.321440][   T30] audit: type=1326 audit(1769687318.736:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9265 comm="syz.3.917" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5758f9aeb9 code=0x0
[  315.356895][ T5913] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  315.383010][ T5875] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  315.436908][ T5875] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  315.481618][ T5875] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  315.546661][ T9276] futex_wake_op: syz.3.917 tries to shift op by 32; fix this program
[  315.595180][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.749153][ T5875] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  315.769391][ T5875] usb 5-1: invalid MIDI out EP 0
[  316.042401][ T5875] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[  316.426057][   T44] usb 5-1: USB disconnect, device number 50
[  317.496546][ T5830] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  317.530949][ T9303] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  317.706603][ T5830] usb 5-1: Using ep0 maxpacket: 8
[  317.728233][ T5830] usb 5-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  317.756520][ T5830] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.775243][ T5830] usb 5-1: Product: syz
[  317.788760][ T5830] usb 5-1: Manufacturer: syz
[  317.803707][ T5830] usb 5-1: SerialNumber: syz
[  317.830492][ T5830] usb 5-1: config 0 descriptor??
[  317.875292][ T5830] gspca_main: sq905-2.14.0 probing 2770:9120
[  318.212825][ T9312] block device autoloading is deprecated and will be removed.
[  318.490543][ T5913] usb 4-1: new low-speed USB device number 51 using dummy_hcd
[  318.636680][ T5913] usb 4-1: device descriptor read/64, error -71
[  318.721881][ T5830] gspca_sq905: sq905_command: usb_control_msg failed 2 (-71)
[  318.730858][ T5830] sq905 5-1:0.0: probe with driver sq905 failed with error -71
[  318.787588][ T5830] usb 5-1: USB disconnect, device number 51
[  318.884752][ T5913] usb 4-1: new low-speed USB device number 52 using dummy_hcd
[  318.914973][ T9326] FAULT_INJECTION: forcing a failure.
[  318.914973][ T9326] name failslab, interval 1, probability 0, space 0, times 0
[  318.943602][ T9326] CPU: 0 UID: 0 PID: 9326 Comm: syz.5.934 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  318.943636][ T9326] Tainted: [L]=SOFTLOCKUP
[  318.943643][ T9326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  318.943659][ T9326] Call Trace:
[  318.943667][ T9326]  <TASK>
[  318.943676][ T9326]  dump_stack_lvl+0xe8/0x150
[  318.943708][ T9326]  should_fail_ex+0x412/0x560
[  318.943738][ T9326]  should_failslab+0xa8/0x100
[  318.943764][ T9326]  __kmalloc_cache_noprof+0x83/0x6e0
[  318.943782][ T9326]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  318.943803][ T9326]  ? sctp_add_bind_addr+0x8c/0x370
[  318.943829][ T9326]  sctp_add_bind_addr+0x8c/0x370
[  318.943853][ T9326]  sctp_copy_local_addr_list+0x314/0x4f0
[  318.943879][ T9326]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  318.943901][ T9326]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  318.943924][ T9326]  ? sctp_v6_is_any+0x64/0x80
[  318.943946][ T9326]  ? sctp_copy_one_addr+0x93/0x360
[  318.943970][ T9326]  sctp_bind_addr_copy+0xb3/0x3c0
[  318.943992][ T9326]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  318.944025][ T9326]  sctp_connect_new_asoc+0x2ff/0x6b0
[  318.944055][ T9326]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  318.944088][ T9326]  ? __local_bh_enable_ip+0xd0/0x130
[  318.944112][ T9326]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  318.944135][ T9326]  ? security_sctp_bind_connect+0x7e/0x2c0
[  318.944159][ T9326]  sctp_sendmsg+0x1528/0x2c10
[  318.944199][ T9326]  ? __pfx_sctp_sendmsg+0x10/0x10
[  318.944222][ T9326]  ? aa_sk_perm+0x15a/0x960
[  318.944246][ T9326]  ? aa_sk_perm+0x82d/0x960
[  318.944267][ T9326]  ? __might_fault+0xaf/0x130
[  318.944303][ T9326]  ? __pfx_aa_sk_perm+0x10/0x10
[  318.944329][ T9326]  ? sock_rps_record_flow+0x19/0x400
[  318.944360][ T9326]  ? inet_sendmsg+0x2f4/0x370
[  318.944391][ T9326]  __sys_sendto+0x627/0x7a0
[  318.944419][ T9326]  ? __pfx___sys_sendto+0x10/0x10
[  318.944440][ T9326]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  318.944477][ T9326]  ? __fget_files+0x3a0/0x420
[  318.944510][ T9326]  ? ksys_write+0x242/0x270
[  318.944540][ T9326]  ? __pfx_ksys_write+0x10/0x10
[  318.944575][ T9326]  __x64_sys_sendto+0xde/0x100
[  318.944604][ T9326]  do_syscall_64+0xe2/0xf80
[  318.944624][ T9326]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.944643][ T9326]  ? trace_irq_disable+0x37/0x100
[  318.944662][ T9326]  ? clear_bhb_loop+0x60/0xb0
[  318.944687][ T9326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.944712][ T9326] RIP: 0033:0x7fa47999aeb9
[  318.944731][ T9326] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  318.944748][ T9326] RSP: 002b:00007fa47a85e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  318.944770][ T9326] RAX: ffffffffffffffda RBX: 00007fa479c15fa0 RCX: 00007fa47999aeb9
[  318.944789][ T9326] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  318.944802][ T9326] RBP: 00007fa47a85e090 R08: 000020000005ffe4 R09: 000000000000001c
[  318.944816][ T9326] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  318.944846][ T9326] R13: 00007fa479c16038 R14: 00007fa479c15fa0 R15: 00007fa479d3fa48
[  318.944881][ T9326]  </TASK>
[  319.336550][ T5913] usb 4-1: device descriptor read/64, error -71
[  319.687166][ T5913] usb usb4-port1: attempt power cycle
[  319.936349][ T9332] random: crng reseeded on system resumption
[  320.046507][ T5913] usb 4-1: new low-speed USB device number 53 using dummy_hcd
[  320.067487][ T5913] usb 4-1: device descriptor read/8, error -71
[  320.306994][ T5913] usb 4-1: new low-speed USB device number 54 using dummy_hcd
[  320.337989][ T5913] usb 4-1: device descriptor read/8, error -71
[  320.447261][ T5913] usb usb4-port1: unable to enumerate USB device
[  320.507822][ T9338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.938'.
[  320.986581][ T5830] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  321.151276][ T5830] usb 2-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55
[  321.179600][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.200300][ T5830] usb 2-1: Product: syz
[  321.209532][ T5830] usb 2-1: Manufacturer: syz
[  321.221874][ T5830] usb 2-1: SerialNumber: syz
[  321.242372][ T5830] usb 2-1: config 0 descriptor??
[  321.267729][ T5830] gspca_main: sonixb-2.14.0 probing 0c45:6005
[  321.666053][ T9364] netlink: 'syz.5.945': attribute type 2 has an invalid length.
[  321.694643][ T5830] input: sonixb as /devices/platform/dummy_hcd.1/usb2/2-1/input/input15
[  321.706346][ T9364] netlink: 36 bytes leftover after parsing attributes in process `syz.5.945'.
[  321.892526][ T9342] netlink: 72 bytes leftover after parsing attributes in process `syz.1.939'.
[  321.907138][ T9368] netlink: 12 bytes leftover after parsing attributes in process `syz.0.946'.
[  321.923631][ T5830] usb 2-1: USB disconnect, device number 28
[  322.041311][ T9368] team0: Device vti0 is of different type
[  322.390105][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  322.396592][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  322.525057][   T30] audit: type=1326 audit(1769687325.956:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  322.609679][   T30] audit: type=1326 audit(1769687325.986:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  322.781667][   T30] audit: type=1326 audit(1769687326.046:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  322.866541][   T30] audit: type=1326 audit(1769687326.046:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  323.031019][   T30] audit: type=1326 audit(1769687326.046:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  323.132959][   T30] audit: type=1326 audit(1769687326.046:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  323.233815][   T30] audit: type=1326 audit(1769687326.046:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  323.309510][   T30] audit: type=1326 audit(1769687326.046:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.0.948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  323.409527][ T9400] bridge1: entered promiscuous mode
[  323.414827][ T9400] bridge1: entered allmulticast mode
[  324.126608][   T44] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  324.329816][   T44] usb 4-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a
[  324.346556][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.369213][   T44] usb 4-1: config 0 descriptor??
[  324.403689][   T44] gspca_main: sn9c2028-2.14.0 probing 0c45:8001
[  324.602702][ T9411] netlink: 68 bytes leftover after parsing attributes in process `syz.3.956'.
[  324.800318][   T44] gspca_sn9c2028: read1 error -71
[  324.815479][   T44] gspca_sn9c2028: read1 error -71
[  324.831804][   T44] gspca_sn9c2028: read1 error -71
[  324.846292][   T44] sn9c2028 4-1:0.0: probe with driver sn9c2028 failed with error -71
[  324.874537][   T44] usb 4-1: USB disconnect, device number 55
[  325.365049][ T9443] net_ratelimit: 1 callbacks suppressed
[  325.365068][ T9443] netlink: zone id is out of range
[  325.388378][ T9443] netlink: zone id is out of range
[  325.393648][ T9443] netlink: zone id is out of range
[  325.413840][ T9443] netlink: zone id is out of range
[  325.420507][ T9443] netlink: zone id is out of range
[  325.429873][ T9451] netlink: 24 bytes leftover after parsing attributes in process `syz.4.958'.
[  325.439850][ T9443] netlink: zone id is out of range
[  325.446271][ T9443] netlink: zone id is out of range
[  325.479891][ T9451] netlink: 60 bytes leftover after parsing attributes in process `syz.4.958'.
[  325.505228][ T9443] netlink: zone id is out of range
[  325.521991][ T9443] netlink: zone id is out of range
[  325.528770][ T9451] vlan0: entered promiscuous mode
[  325.534753][ T9443] netlink: zone id is out of range
[  325.634309][ T5915] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  325.825745][ T5915] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  325.856100][ T5915] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 7
[  325.908232][ T5915] usb 2-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  325.931206][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.958097][ T5915] usb 2-1: config 0 descriptor??
[  325.970086][ T9449] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  326.190836][ T5915] usbhid 2-1:0.0: can't add hid device: -71
[  326.205066][ T5915] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  326.227369][ T5915] usb 2-1: USB disconnect, device number 29
[  326.309332][    T9] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  326.385309][ T9450] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.429767][ T9483] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.445093][ T9450] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  326.470751][ T9483] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  326.496458][    T9] usb 5-1: Using ep0 maxpacket: 32
[  326.508901][    T9] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  326.531611][    T9] usb 5-1: config 0 has no interface number 0
[  326.539258][    T9] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  326.548056][ T5915] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  326.560151][    T9] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  326.602968][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.637177][    T9] usb 5-1: Product: syz
[  326.646818][    T9] usb 5-1: Manufacturer: syz
[  326.666497][    T9] usb 5-1: SerialNumber: syz
[  326.672909][ T9488] netlink: 8 bytes leftover after parsing attributes in process `syz.5.968'.
[  326.697880][    T9] usb 5-1: config 0 descriptor??
[  326.728960][    T9] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  326.793805][    T9] em28xx 5-1:0.132: Video interface 132 found:
[  326.987184][    T9] em28xx 5-1:0.132: unknown em28xx chip ID (39)
[  327.096103][ T9510] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 3, id = 0
[  327.141069][ T9513] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  327.312290][    T9] em28xx 5-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  327.362336][    T9] em28xx 5-1:0.132: board has no eeprom
[  327.436769][    T9] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  327.455420][    T9] em28xx 5-1:0.132: analog set to bulk mode.
[  327.524872][ T5830] em28xx 5-1:0.132: Registering V4L2 extension
[  327.695461][    T9] usb 5-1: USB disconnect, device number 52
[  327.823002][    T9] em28xx 5-1:0.132: Disconnecting em28xx
[  328.163195][ T9536] fuse: Bad value for 'fd'
[  328.169761][ T9536] netlink: 32 bytes leftover after parsing attributes in process `syz.5.977'.
[  328.183722][ T9536] netlink: 44 bytes leftover after parsing attributes in process `syz.5.977'.
[  328.545592][ T5830] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[  328.561839][ T5830] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  328.591017][ T5830] em28xx 5-1:0.132: No AC97 audio processor
[  328.631747][ T5830] usb 5-1: Decoder not found
[  328.650985][ T5830] em28xx 5-1:0.132: failed to create media graph
[  328.669548][ T5830] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  328.693747][ T5830] em28xx 5-1:0.132: Remote control support is not available for this card.
[  328.731940][    T9] em28xx 5-1:0.132: Closing input extension
[  328.819437][    T9] em28xx 5-1:0.132: Freeing device
[  330.444462][ T9566] usb usb8: usbfs: process 9566 (syz.4.985) did not claim interface 0 before use
[  330.664099][ T5830] IPVS: starting estimator thread 0...
[  330.800436][ T9572] IPVS: using max 39 ests per chain, 93600 per kthread
[  331.246906][ T5830] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  331.256301][ T5913] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  331.426538][ T5913] usb 4-1: Using ep0 maxpacket: 32
[  331.440302][ T5913] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  331.452200][ T5913] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  331.463536][ T5913] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  331.493120][ T5913] usb 4-1: config 1 has no interface number 0
[  331.504726][ T5830] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  331.514365][ T5913] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  331.514398][ T5913] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  331.561461][ T5913] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  331.566636][ T5830] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.580965][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.602100][ T5830] usb 6-1: Product: syz
[  331.610294][ T5830] usb 6-1: Manufacturer: syz
[  331.616494][ T5830] usb 6-1: SerialNumber: syz
[  331.626166][ T5913] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  331.652817][ T5830] usb 6-1: config 0 descriptor??
[  331.676566][   T44] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  331.854378][   T44] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  331.864775][ T5913] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached
[  331.878039][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.895521][ T5913] usb 6-1: USB disconnect, device number 3
[  331.907829][   T44] usb 5-1: Product: syz
[  331.919289][   T44] usb 5-1: Manufacturer: syz
[  331.924799][   T44] usb 5-1: SerialNumber: syz
[  331.969064][   T44] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  332.032399][ T5915] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  332.131443][ T5830] usb 4-1: USB disconnect, device number 56
[  332.148290][ T5830] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  332.356120][ T9593] FAULT_INJECTION: forcing a failure.
[  332.356120][ T9593] name failslab, interval 1, probability 0, space 0, times 0
[  332.369256][ T9593] CPU: 0 UID: 0 PID: 9593 Comm: syz.1.994 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  332.369290][ T9593] Tainted: [L]=SOFTLOCKUP
[  332.369297][ T9593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  332.369310][ T9593] Call Trace:
[  332.369318][ T9593]  <TASK>
[  332.369326][ T9593]  dump_stack_lvl+0xe8/0x150
[  332.369360][ T9593]  should_fail_ex+0x412/0x560
[  332.369391][ T9593]  should_failslab+0xa8/0x100
[  332.369415][ T9593]  __kmalloc_cache_noprof+0x83/0x6e0
[  332.369434][ T9593]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  332.369460][ T9593]  ? sctp_add_bind_addr+0x8c/0x370
[  332.369480][ T9593]  sctp_add_bind_addr+0x8c/0x370
[  332.369498][ T9593]  sctp_copy_local_addr_list+0x314/0x4f0
[  332.369545][ T9593]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  332.369566][ T9593]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  332.369590][ T9593]  ? sctp_v6_is_any+0x64/0x80
[  332.369612][ T9593]  ? sctp_copy_one_addr+0x93/0x360
[  332.369640][ T9593]  sctp_bind_addr_copy+0xb3/0x3c0
[  332.369656][ T9593]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  332.369680][ T9593]  sctp_connect_new_asoc+0x2ff/0x6b0
[  332.369716][ T9593]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  332.369751][ T9593]  ? __local_bh_enable_ip+0xd0/0x130
[  332.369769][ T9593]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  332.369791][ T9593]  ? security_sctp_bind_connect+0x7e/0x2c0
[  332.369818][ T9593]  sctp_sendmsg+0x1528/0x2c10
[  332.369847][ T9593]  ? __pfx_sctp_sendmsg+0x10/0x10
[  332.369863][ T9593]  ? aa_sk_perm+0x15a/0x960
[  332.369899][ T9593]  ? aa_sk_perm+0x82d/0x960
[  332.369921][ T9593]  ? __might_fault+0xaf/0x130
[  332.369957][ T9593]  ? __pfx_aa_sk_perm+0x10/0x10
[  332.369982][ T9593]  ? sock_rps_record_flow+0x19/0x400
[  332.370016][ T9593]  ? inet_sendmsg+0x2f4/0x370
[  332.370041][ T9593]  __sys_sendto+0x627/0x7a0
[  332.370078][ T9593]  ? __pfx___sys_sendto+0x10/0x10
[  332.370101][ T9593]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  332.370137][ T9593]  ? __fget_files+0x3a0/0x420
[  332.370171][ T9593]  ? ksys_write+0x242/0x270
[  332.370200][ T9593]  ? __pfx_ksys_write+0x10/0x10
[  332.370235][ T9593]  __x64_sys_sendto+0xde/0x100
[  332.370274][ T9593]  do_syscall_64+0xe2/0xf80
[  332.370296][ T9593]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.370316][ T9593]  ? trace_irq_disable+0x37/0x100
[  332.370334][ T9593]  ? clear_bhb_loop+0x60/0xb0
[  332.370358][ T9593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.370378][ T9593] RIP: 0033:0x7f2bf6b9aeb9
[  332.370393][ T9593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  332.370405][ T9593] RSP: 002b:00007f2bf4df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  332.370443][ T9593] RAX: ffffffffffffffda RBX: 00007f2bf6e15fa0 RCX: 00007f2bf6b9aeb9
[  332.370459][ T9593] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  332.370472][ T9593] RBP: 00007f2bf4df6090 R08: 000020000005ffe4 R09: 000000000000001c
[  332.370486][ T9593] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  332.370499][ T9593] R13: 00007f2bf6e16038 R14: 00007f2bf6e15fa0 R15: 00007f2bf6f3fa48
[  332.370530][ T9593]  </TASK>
[  333.096763][ T5915] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  333.154606][ T5915] ath9k_htc: Failed to initialize the device
[  333.227011][ T5915] usb 5-1: ath9k_htc: USB layer deinitialized
[  333.370444][ T9599] loop6: detected capacity change from 0 to 524288000
[  334.062110][ T9606] netlink: 8 bytes leftover after parsing attributes in process `syz.3.996'.
[  334.388976][ T9612] FAULT_INJECTION: forcing a failure.
[  334.388976][ T9612] name failslab, interval 1, probability 0, space 0, times 0
[  334.833617][ T9612] CPU: 1 UID: 0 PID: 9612 Comm: syz.0.999 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  334.833652][ T9612] Tainted: [L]=SOFTLOCKUP
[  334.833659][ T9612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  334.833672][ T9612] Call Trace:
[  334.833684][ T9612]  <TASK>
[  334.833693][ T9612]  dump_stack_lvl+0xe8/0x150
[  334.833726][ T9612]  should_fail_ex+0x412/0x560
[  334.833757][ T9612]  should_failslab+0xa8/0x100
[  334.833783][ T9612]  __kmalloc_cache_noprof+0x83/0x6e0
[  334.833806][ T9612]  ? allocate_file_region_entries+0x1ef/0x5b0
[  334.833842][ T9612]  ? do_raw_spin_unlock+0xf5/0x210
[  334.833870][ T9612]  allocate_file_region_entries+0x1ef/0x5b0
[  334.833911][ T9612]  ? __pfx_allocate_file_region_entries+0x10/0x10
[  334.833952][ T9612]  __vma_reservation_common+0x6fb/0x8f0
[  334.833992][ T9612]  __unmap_hugepage_range+0x134c/0x1710
[  334.834047][ T9612]  unmap_vmas+0x4b4/0x5c0
[  334.834081][ T9612]  ? __pfx_unmap_vmas+0x10/0x10
[  334.834108][ T9612]  ? kmem_cache_prefill_sheaf+0x6d/0x480
[  334.834138][ T9612]  ? lock_acquire+0x106/0x330
[  334.834168][ T9612]  ? kmem_cache_return_sheaf+0x78/0x340
[  334.834198][ T9612]  ? lock_acquire+0x106/0x330
[  334.834231][ T9612]  ? tlb_gather_mmu+0x233/0x300
[  334.834256][ T9612]  vms_clear_ptes+0x37b/0x570
[  334.834297][ T9612]  ? __pfx_vms_clear_ptes+0x10/0x10
[  334.834323][ T9612]  ? mas_store_gfp+0x784/0x850
[  334.834359][ T9612]  ? __pfx_mas_store_gfp+0x10/0x10
[  334.834381][ T9612]  vms_complete_munmap_vmas+0x205/0x890
[  334.834415][ T9612]  ? __mas_set_range+0x12f/0x3c0
[  334.834448][ T9612]  do_vmi_align_munmap+0x3b7/0x4b0
[  334.834495][ T9612]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  334.834555][ T9612]  do_vmi_munmap+0x252/0x2d0
[  334.834591][ T9612]  mremap_to+0x270/0x850
[  334.834627][ T9612]  ? __pfx_mremap_to+0x10/0x10
[  334.834673][ T9612]  __se_sys_mremap+0xd37/0xfc0
[  334.834709][ T9612]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  334.834746][ T9612]  ? __pfx___se_sys_mremap+0x10/0x10
[  334.834778][ T9612]  ? fput+0xa0/0xd0
[  334.834803][ T9612]  ? ksys_write+0x242/0x270
[  334.834841][ T9612]  ? __pfx_ksys_write+0x10/0x10
[  334.834877][ T9612]  ? __x64_sys_mremap+0x20/0xc0
[  334.834904][ T9612]  do_syscall_64+0xe2/0xf80
[  334.834926][ T9612]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.834945][ T9612]  ? trace_irq_disable+0x37/0x100
[  334.834964][ T9612]  ? clear_bhb_loop+0x60/0xb0
[  334.834989][ T9612]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.835009][ T9612] RIP: 0033:0x7f9c3e59aeb9
[  334.835028][ T9612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  334.835045][ T9612] RSP: 002b:00007f9c3f3d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  334.835067][ T9612] RAX: ffffffffffffffda RBX: 00007f9c3e815fa0 RCX: 00007f9c3e59aeb9
[  334.835083][ T9612] RDX: 0000000000200000 RSI: 0000000000600600 RDI: 0000200000000000
[  334.835096][ T9612] RBP: 00007f9c3f3d1090 R08: 0000200000a00000 R09: 0000000000000000
[  334.835109][ T9612] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002
[  334.835122][ T9612] R13: 00007f9c3e816038 R14: 00007f9c3e815fa0 R15: 00007f9c3e93fa48
[  334.835156][ T9612]  </TASK>
[  335.211922][ T9615] binder: 9613:9615 ioctl c0306201 200000000280 returned -22
[  335.415766][   T30] audit: type=1326 audit(1769687338.816:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa47999aeb9 code=0x7ffc0000
[  335.441911][   T30] audit: type=1326 audit(1769687338.816:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=268 compat=0 ip=0x7fa47999aeb9 code=0x7ffc0000
[  335.469870][   T30] audit: type=1326 audit(1769687338.816:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa47999aeb9 code=0x7ffc0000
[  335.494711][   T30] audit: type=1326 audit(1769687338.816:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa47999aeb9 code=0x7ffc0000
[  335.526805][   T30] audit: type=1326 audit(1769687338.816:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa47999aeb9 code=0x7ffc0000
[  335.550337][ T9618] fuse: Bad value for 'fd'
[  335.660862][   T30] audit: type=1326 audit(1769687338.816:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa47999c747 code=0x7ffc0000
[  335.755916][   T30] audit: type=1326 audit(1769687338.816:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fa47995b78e code=0x7ffc0000
[  335.931734][   T30] audit: type=1326 audit(1769687338.826:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fa47995b78e code=0x7ffc0000
[  336.035998][ T9626] fuse: Bad value for 'fd'
[  336.052404][ T5913] usb 5-1: USB disconnect, device number 53
[  336.081370][   T30] audit: type=1326 audit(1769687338.826:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fa47995b78e code=0x7ffc0000
[  336.168286][   T30] audit: type=1326 audit(1769687338.826:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9617 comm="syz.5.1002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa47995b78e code=0x7ffc0000
[  337.381256][ T9656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1012'.
[  337.722907][ T9663] capability: warning: `syz.1.1015' uses 32-bit capabilities (legacy support in use)
[  337.785760][ T9663] net_ratelimit: 45 callbacks suppressed
[  337.785775][ T9663] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  339.607178][ T5913] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  339.797011][ T5913] usb 2-1: Using ep0 maxpacket: 8
[  339.805337][ T5913] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  339.815358][ T5913] usb 2-1: config 0 has no interface number 0
[  339.823110][ T5913] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  339.873154][ T5913] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  339.908039][ T5913] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  339.920109][ T5913] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  339.966009][ T5913] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  340.006963][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.040394][ T5913] usb 2-1: Product: syz
[  340.044634][ T5913] usb 2-1: Manufacturer: syz
[  340.066342][ T5913] usb 2-1: SerialNumber: syz
[  340.259813][ T5913] usb 2-1: config 0 descriptor??
[  340.500658][ T5913] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  340.728111][ T5913] usb 2-1: USB disconnect, device number 31
[  342.896512][ T5875] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  342.936600][   T50] wlan0: Trigger new scan to find an IBSS to join
[  343.059355][ T5875] usb 5-1: config 0 has an invalid interface number: 100 but max is 2
[  343.068127][ T5875] usb 5-1: config 0 has an invalid descriptor of length 179, skipping remainder of the config
[  343.088952][ T5875] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[  343.098125][ T5875] usb 5-1: config 0 has no interface number 0
[  343.104596][ T5875] usb 5-1: too many endpoints for config 0 interface 100 altsetting 154: 59, using maximum allowed: 30
[  343.118137][ T5875] usb 5-1: config 0 interface 100 altsetting 154 has 0 endpoint descriptors, different from the interface descriptor's value: 59
[  343.132029][ T5875] usb 5-1: config 0 interface 100 has no altsetting 0
[  343.139597][ T5875] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  343.149976][ T5875] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.172807][ T5875] usb 5-1: config 0 descriptor??
[  343.217899][ T9831] netlink: 'syz.0.1040': attribute type 1 has an invalid length.
[  343.227638][ T5913] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  343.388596][ T5913] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  343.431236][ T5913] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  343.454382][ T5913] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  343.490388][ T5913] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  343.549515][ T5913] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  343.564318][ T5913] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  343.573897][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  343.603554][ T5913] usb 2-1: Product: syz
[  343.645946][ T9818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  343.657212][ T9818] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  343.693519][ T5913] usb 2-1: Manufacturer: syz
[  343.720588][ T5913] cdc_wdm 2-1:1.0: skipping garbage
[  343.726070][ T5913] cdc_wdm 2-1:1.0: skipping garbage
[  343.744509][ T5875] usb 5-1: USB disconnect, device number 54
[  343.748920][ T5913] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  343.759480][ T5913] cdc_wdm 2-1:1.0: Unknown control protocol
[  343.928765][   T44] usb 2-1: USB disconnect, device number 32
[  344.271347][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  344.271366][   T30] audit: type=1326 audit(1769687347.706:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.0.1044" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c3e59aeb9 code=0x0
[  344.329695][ T9917] sctp: [Deprecated]: syz.0.1044 (pid 9917) Use of int in maxseg socket option.
[  344.329695][ T9917] Use struct sctp_assoc_value instead
[  344.597916][ T5875] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  344.779309][ T5875] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  344.829758][ T5875] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  344.840327][ T5830] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  344.850968][ T5875] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  344.860634][ T5875] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  344.872547][ T5875] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  344.887721][ T5875] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  344.897553][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  344.905864][ T5875] usb 2-1: Product: syz
[  344.911970][ T5875] usb 2-1: Manufacturer: syz
[  344.953484][ T5875] cdc_wdm 2-1:1.0: skipping garbage
[  344.959085][ T5875] cdc_wdm 2-1:1.0: skipping garbage
[  344.968974][ T5875] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  344.975630][ T5875] cdc_wdm 2-1:1.0: Unknown control protocol
[  345.005276][ T5830] usb 4-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  345.014945][ T5830] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.033623][ T5830] usb 4-1: config 0 descriptor??
[  345.148406][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.154200][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.160181][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.166071][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.172048][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.177981][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.184024][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.189883][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.195936][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.201816][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.216507][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.226469][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.233520][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.239251][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.246266][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.251962][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.258120][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.263834][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.269651][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.275553][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.285018][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.294297][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.299983][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.306715][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.312461][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.319329][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.325035][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.331089][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.336792][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.346866][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.352605][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.360058][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.365896][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.371772][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.377699][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.383759][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.389636][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.395563][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.401809][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.407799][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.413633][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.419521][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.425403][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.431304][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.437240][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.443134][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.449026][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.454942][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.460859][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.466773][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.472656][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.478556][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.484423][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.490130][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.495972][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.502046][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.508105][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.513998][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.519719][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.525524][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.531228][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.537036][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.542825][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.548625][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.554351][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.560153][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.566036][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.571915][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.577880][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.583773][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.589700][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.595574][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.601458][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.616632][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.622685][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.628383][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.634122][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.640002][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.645674][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.651486][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.657415][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.663119][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.668917][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.674804][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.680530][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.686345][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.692233][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.697958][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.703765][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.709478][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.716588][    C0] cdc_wdm 2-1:1.0: Stall on int endpoint
[  345.722316][    C0] cdc_wdm 2-1:1.0: Cannot schedule work
[  345.734781][ T5830] kaweth 4-1:0.0: Firmware present in device.
[  345.741972][ T5830] kaweth 4-1:0.0: Statistics collection: 0
[  345.748119][ T5830] kaweth 4-1:0.0: Multicast filter limit: 0
[  345.755339][ T5830] kaweth 4-1:0.0: MTU: 0
[  345.757616][   T44] usb 2-1: USB disconnect, device number 33
[  345.759681][ T5830] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00
[  345.976791][ T1107] wlan0: Trigger new scan to find an IBSS to join
[  346.327998][ T9933] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  346.360106][ T5830] kaweth 4-1:0.0: Error setting receive filter
[  346.367013][ T5830] kaweth 4-1:0.0: probe with driver kaweth failed with error -5
[  346.494044][ T5830] usb 4-1: USB disconnect, device number 57
[  346.794736][ T9978] x_tables: duplicate underflow at hook 3
[  347.237197][ T6649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.906563][ T5904] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  347.986855][  T797] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  348.097760][   T10] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  348.163799][  T797] dvb_usb_az6027 3-1:0.0: probe with driver dvb_usb_az6027 failed with error -2
[  348.173109][   T10] dvb_usb_az6027 1-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  348.201504][ T5904] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  348.218768][   T10] usb 1-1: USB disconnect, device number 31
[  348.224800][ T5904] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.256539][ T5904] usb 5-1: Product: syz
[  348.348731][ T5904] usb 5-1: Manufacturer: syz
[  348.374999][ T5904] usb 5-1: SerialNumber: syz
[  348.387793][  T797] usb 3-1: USB disconnect, device number 53
[  348.413534][ T5904] usb 5-1: config 0 descriptor??
[  348.433495][ T5904] ch341 5-1:0.0: ch341-uart converter detected
[  349.767744][ T9994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  349.797298][ T9994] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  349.837290][ T5904] usb 5-1: ch341-uart converter now attached to ttyUSB0
[  350.061952][ T5913] usb 5-1: USB disconnect, device number 55
[  350.091796][ T5913] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[  350.147118][ T5913] ch341 5-1:0.0: device disconnected
[  350.711047][T10121] netlink: 'syz.4.1071': attribute type 29 has an invalid length.
[  350.756468][T10121] netlink: 'syz.4.1071': attribute type 29 has an invalid length.
[  350.814497][T10121] netlink: 596 bytes leftover after parsing attributes in process `syz.4.1071'.
[  352.461526][  T797] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  352.513748][T10158] binder: 10157:10158 ioctl 4018620d 0 returned -22
[  352.531647][   T30] audit: type=1326 audit(1769687355.946:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.583610][   T30] audit: type=1326 audit(1769687355.946:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.588434][T10158] binder: 10157:10158 ioctl c018620c 200000000380 returned -1
[  352.646576][  T797] usb 5-1: device descriptor read/64, error -71
[  352.681232][   T30] audit: type=1326 audit(1769687355.946:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.681268][   T30] audit: type=1326 audit(1769687355.946:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9c3e55b78e code=0x7ffc0000
[  352.681298][   T30] audit: type=1326 audit(1769687355.946:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.681327][   T30] audit: type=1326 audit(1769687355.946:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.681357][   T30] audit: type=1326 audit(1769687355.946:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.681393][   T30] audit: type=1326 audit(1769687355.946:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.681423][   T30] audit: type=1326 audit(1769687355.946:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.681453][   T30] audit: type=1326 audit(1769687355.946:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10157 comm="syz.0.1080" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  352.937017][  T797] usb 5-1: new high-speed USB device number 57 using dummy_hcd
[  353.337071][  T797] usb 5-1: device descriptor read/64, error -71
[  353.447981][  T797] usb usb5-port1: attempt power cycle
[  353.507533][T10192] FAULT_INJECTION: forcing a failure.
[  353.507533][T10192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  353.507648][T10192] CPU: 0 UID: 0 PID: 10192 Comm: syz.1.1087 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  353.507682][T10192] Tainted: [L]=SOFTLOCKUP
[  353.507690][T10192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  353.507703][T10192] Call Trace:
[  353.507711][T10192]  <TASK>
[  353.507720][T10192]  dump_stack_lvl+0xe8/0x150
[  353.507753][T10192]  should_fail_ex+0x412/0x560
[  353.507784][T10192]  _copy_to_user+0x31/0xb0
[  353.507818][T10192]  simple_read_from_buffer+0xe1/0x170
[  353.507847][T10192]  proc_fail_nth_read+0x1bb/0x230
[  353.507881][T10192]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  353.507915][T10192]  ? rw_verify_area+0x2a6/0x4d0
[  353.507944][T10192]  ? rcu_is_watching+0x15/0xb0
[  353.507962][T10192]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  353.507995][T10192]  vfs_read+0x20c/0xa70
[  353.508022][T10192]  ? fdget_pos+0x246/0x320
[  353.508049][T10192]  ? __pfx___mutex_lock+0x10/0x10
[  353.508073][T10192]  ? __pfx_vfs_read+0x10/0x10
[  353.508104][T10192]  ? __fget_files+0x2a/0x420
[  353.508131][T10192]  ? __fget_files+0x3a0/0x420
[  353.508151][T10192]  ? __fget_files+0x2a/0x420
[  353.508183][T10192]  ksys_read+0x150/0x270
[  353.508215][T10192]  ? __pfx_ksys_read+0x10/0x10
[  353.508258][T10192]  do_syscall_64+0xe2/0xf80
[  353.508278][T10192]  ? rcu_is_watching+0x15/0xb0
[  353.508296][T10192]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.508316][T10192]  ? clear_bhb_loop+0x60/0xb0
[  353.508341][T10192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.508361][T10192] RIP: 0033:0x7f2bf6b5b78e
[  353.508381][T10192] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  353.508407][T10192] RSP: 002b:00007f2bf4df5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  353.508429][T10192] RAX: ffffffffffffffda RBX: 00007f2bf4df66c0 RCX: 00007f2bf6b5b78e
[  353.508445][T10192] RDX: 000000000000000f RSI: 00007f2bf4df60a0 RDI: 0000000000000005
[  353.508458][T10192] RBP: 00007f2bf4df6090 R08: 0000000000000000 R09: 0000000000000000
[  353.508471][T10192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  353.508483][T10192] R13: 00007f2bf6e16038 R14: 00007f2bf6e15fa0 R15: 00007f2bf6f3fa48
[  353.508517][T10192]  </TASK>
[  353.786680][  T797] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  353.807271][  T797] usb 5-1: device descriptor read/8, error -71
[  353.856521][ T5830] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  353.940549][T10202] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1089'.
[  354.018014][ T5830] usb 2-1: Using ep0 maxpacket: 32
[  354.020096][ T5830] usb 2-1: config 0 has an invalid interface number: 230 but max is 0
[  354.020124][ T5830] usb 2-1: config 0 has no interface number 0
[  354.020169][ T5830] usb 2-1: config 0 interface 230 has no altsetting 0
[  354.022295][ T5830] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  354.022324][ T5830] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.022352][ T5830] usb 2-1: Product: syz
[  354.022368][ T5830] usb 2-1: Manufacturer: syz
[  354.022384][ T5830] usb 2-1: SerialNumber: syz
[  354.030887][ T5830] usb 2-1: config 0 descriptor??
[  354.033527][ T5830] ums-usbat 2-1:0.230: USB Mass Storage device detected
[  354.055312][ T5830] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  354.066618][  T797] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  354.087163][  T797] usb 5-1: device descriptor read/8, error -71
[  354.197326][  T797] usb usb5-port1: unable to enumerate USB device
[  354.723467][T10226] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1094'.
[  355.164295][T10247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  355.178682][T10247] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  355.354596][T10255] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  355.387245][T10255] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  355.786620][ T5913] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  355.958264][ T5913] usb 4-1: config index 0 descriptor too short (expected 31515, got 27)
[  355.976502][ T5913] usb 4-1: config 18 has too many interfaces: 163, using maximum allowed: 32
[  355.991397][ T5913] usb 4-1: config 18 has an invalid descriptor of length 192, skipping remainder of the config
[  356.011437][ T5913] usb 4-1: config 18 has 0 interfaces, different from the descriptor's value: 163
[  356.027299][ T5913] usb 4-1: New USB device found, idVendor=19d2, idProduct=a778, bcdDevice=96.b0
[  356.047016][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.370446][ T5830] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5
[  356.510429][ T5888] usb 2-1: USB disconnect, device number 34
[  356.646515][  T797] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  356.725216][ T5913] usb 4-1: string descriptor 0 read error: -71
[  356.738727][ T5913] usb 4-1: USB disconnect, device number 58
[  356.826588][  T797] usb 1-1: Using ep0 maxpacket: 8
[  356.836916][  T797] usb 1-1: New USB device found, idVendor=0fe9, idProduct=db01, bcdDevice=e9.9b
[  356.846086][  T797] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.854928][  T797] usb 1-1: Product: syz
[  356.863044][  T797] usb 1-1: Manufacturer: syz
[  356.868449][  T797] usb 1-1: SerialNumber: syz
[  356.875549][  T797] usb 1-1: config 0 descriptor??
[  356.886074][  T797] dvb-usb: found a 'DViCO FusionHDTV DVB-T USB (LGZ201)' in warm state.
[  356.895354][  T797] dvb-usb: bulk message failed: -22 (2/0)
[  356.905863][  T797] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  356.917745][  T797] dvbdev: DVB: registering new adapter (DViCO FusionHDTV DVB-T USB (LGZ201))
[  356.928545][  T797] usb 1-1: media controller created
[  356.944894][  T797] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  357.153547][T10308] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1105'.
[  357.168049][  T797] cxusb: set interface failed
[  357.176924][  T797] dvb-usb: bulk message failed: -22 (1/0)
[  357.269578][  T797] DVB: Unable to find symbol mt352_attach()
[  357.277811][  T797] dvb-usb: no frontend was attached by 'DViCO FusionHDTV DVB-T USB (LGZ201)'
[  357.397840][  T797] rc_core: IR keymap rc-dvico-portable not found
[  357.433512][  T797] Registered IR keymap rc-empty
[  357.442726][  T797] rc rc0: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  357.482677][  T797] input: DViCO FusionHDTV DVB-T USB (LGZ201) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input17
[  357.526015][  T797] dvb-usb: schedule remote query interval to 100 msecs.
[  357.542849][  T797] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully initialized and connected.
[  357.558788][  T797] usb 1-1: USB disconnect, device number 32
[  357.649806][  T797] dvb-usb: DViCO FusionHDTV DVB-T USB (LGZ201) successfully deinitialized and disconnected.
[  358.473297][T10362] openvswitch: netlink: Flow key attr not present in new flow.
[  358.768763][T10374] tipc: Started in network mode
[  358.773823][T10374] tipc: Node identity 7f000001, cluster identity 4711
[  358.780792][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  358.780807][   T30] audit: type=1326 audit(1769687362.196:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  358.813805][T10374] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  358.908969][   T30] audit: type=1326 audit(1769687362.196:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  359.052635][T10374] tipc: Enabling of bearer <eth:pimreg1> rejected, failed to enable media
[  359.084667][   T30] audit: type=1326 audit(1769687362.196:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  359.129074][   T30] audit: type=1326 audit(1769687362.196:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  359.226568][   T30] audit: type=1326 audit(1769687362.196:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  359.346780][   T30] audit: type=1326 audit(1769687362.196:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  359.377054][   T30] audit: type=1326 audit(1769687362.196:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c3e59aeb9 code=0x7ffc0000
[  359.462191][   T30] audit: type=1326 audit(1769687362.196:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9c3e59c747 code=0x7ffc0000
[  359.484996][   T30] audit: type=1326 audit(1769687362.196:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f9c3e55b78e code=0x7ffc0000
[  359.489222][T10385] tipc: Started in network mode
[  359.511459][   T30] audit: type=1326 audit(1769687362.196:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10366 comm="syz.0.1111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f9c3e55b78e code=0x7ffc0000
[  359.568521][T10385] tipc: Node identity 2d0000000000000000e7, cluster identity 4711
[  359.578735][  T797] usb 4-1: new full-speed USB device number 59 using dummy_hcd
[  359.770295][  T797] usb 4-1: config 4 has an invalid interface number: 231 but max is 0
[  359.786989][  T797] usb 4-1: config 4 has no interface number 0
[  359.811502][  T797] usb 4-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  359.820719][  T797] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.828822][  T797] usb 4-1: Product: syz
[  359.833133][  T797] usb 4-1: Manufacturer: syz
[  359.838708][  T797] usb 4-1: SerialNumber: syz
[  359.853736][T10399] lo: left allmulticast mode
[  359.885254][  T797] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  360.315902][  T797] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  360.363951][  T797] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  360.551410][  T797] usb 4-1: USB disconnect, device number 59
[  360.802342][T10415] netlink: 'syz.5.1121': attribute type 1 has an invalid length.
[  360.902479][T10417] fuse: Unknown parameter '³jˆ´'
[  360.932076][T10417] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1122'.
[  361.256976][ T5888] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  361.406534][ T5888] usb 1-1: device descriptor read/64, error -71
[  361.416945][ T5913] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  361.579760][ T5913] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  361.606948][ T5913] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  361.627081][T10452] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  361.657937][ T5888] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  361.677336][ T5913] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  361.692767][ T5913] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  361.703952][ T5913] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.715689][ T5913] usb 6-1: Product: syz
[  361.720230][ T5913] usb 6-1: Manufacturer: syz
[  361.725096][ T5913] usb 6-1: SerialNumber: syz
[  361.816737][ T5888] usb 1-1: device descriptor read/64, error -71
[  361.886632][ T5875] usb 4-1: new full-speed USB device number 60 using dummy_hcd
[  361.926768][ T5888] usb usb1-port1: attempt power cycle
[  362.021802][T10429] kvm: Disabled LAPIC found during irq injection
[  362.102546][ T5875] usb 4-1: config 0 has an invalid interface number: 113 but max is 0
[  362.122295][ T5875] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  362.139996][ T5875] usb 4-1: config 0 has no interface number 0
[  362.157020][ T5913] usb 6-1: 0:2 : does not exist
[  362.178535][ T5875] usb 4-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  362.246607][ T5913] usb 6-1: USB disconnect, device number 4
[  362.276485][ T5888] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  362.279256][ T5875] usb 4-1: config 0 interface 113 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  362.342781][ T5888] usb 1-1: device descriptor read/8, error -71
[  362.357846][ T5875] usb 4-1: config 0 interface 113 has no altsetting 0
[  362.371758][ T5896] udevd[5896]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  362.466102][ T5875] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  362.476165][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.495312][ T5875] usb 4-1: Product: syz
[  362.500431][ T5875] usb 4-1: Manufacturer: syz
[  362.505191][ T5875] usb 4-1: SerialNumber: syz
[  362.518833][ T5875] usb 4-1: config 0 descriptor??
[  362.541155][ T5875] pn533_usb 4-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint
[  362.615755][T10485] tipc: Enabled bearer <ib:vxcan1>, priority 10
[  362.626537][ T5888] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  362.667065][ T5888] usb 1-1: device descriptor read/8, error -71
[  362.780383][ T5888] usb usb1-port1: unable to enumerate USB device
[  362.966730][ T5875] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  363.138631][ T5875] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  363.156502][ T5875] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  363.182770][ T5875] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  363.212555][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.245769][ T5875] usb 2-1: config 0 descriptor??
[  363.736887][ T5830] tipc: Node number set to 2130706433
[  363.909310][ T5875] usb 2-1: string descriptor 0 read error: -22
[  363.927827][ T5875] input: HID 256c:006d as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0009/input/input18
[  363.936719][   T44] usb 5-1: new high-speed USB device number 60 using dummy_hcd
[  364.050519][ T5875] input: HID 256c:006d as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0009/input/input19
[  364.114936][   T44] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  364.176102][   T44] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  364.185717][   T44] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  364.204291][   T44] usb 5-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[  364.232840][ T5875] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0009/input/input20
[  364.271324][   T44] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.312927][   T44] usb 5-1: Product: syz
[  364.334471][T10520] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode
[  364.346955][   T44] usb 5-1: Manufacturer: syz
[  364.358529][   T44] usb 5-1: SerialNumber: syz
[  364.403110][   T44] usb 5-1: config 0 descriptor??
[  364.418964][T10520] kernel profiling enabled (shift: 6)
[  364.449672][   T44] uvcvideo 5-1:0.0: Found UVC 34.00 device syz (8086:0b5b)
[  364.468217][ T5875] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0009/input/input21
[  364.490100][   T44] uvcvideo 5-1:0.0: No valid video chain found.
[  364.614918][ T5875] uclogic 0003:256C:006D.0009: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0
[  364.656202][   T44] usb 5-1: USB disconnect, device number 60
[  364.895833][ T5875] usb 2-1: USB disconnect, device number 35
[  364.934576][ T5913] usb 4-1: USB disconnect, device number 60
[  364.942600][T10539] fido_id[10539]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  365.495183][T10574] binder: 10559:10574 ioctl c018620b 200000000240 returned -14
[  365.636837][ T5913] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  365.826468][ T5913] usb 1-1: Using ep0 maxpacket: 16
[  365.854478][T10605] program syz.1.1142 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  365.866755][  T797] usb 5-1: new high-speed USB device number 61 using dummy_hcd
[  365.876342][ T5913] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  365.886070][ T5913] usb 1-1: config 1 has an invalid descriptor of length 65, skipping remainder of the config
[  365.898434][ T5913] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  365.908578][ T5913] usb 1-1: config 1 has no interface number 1
[  365.915442][ T5913] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  365.931566][ T5913] usb 1-1: config 1 interface 2 altsetting 1 has an endpoint descriptor with address 0x48, changing to 0x8
[  365.945268][ T5913] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x8 has an invalid bInterval 22, changing to 8
[  365.957279][ T5913] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x8 has invalid maxpacket 17086, setting to 1024
[  366.014730][ T5913] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  366.026927][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.062589][ T5913] usb 1-1: Product: syz
[  366.080430][ T5913] usb 1-1: Manufacturer: syz
[  366.094501][  T797] usb 5-1: device descriptor read/64, error -71
[  366.100903][ T5913] usb 1-1: SerialNumber: syz
[  366.416692][T10565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  366.425819][T10565] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  366.433829][  T797] usb 5-1: new high-speed USB device number 62 using dummy_hcd
[  366.586499][  T797] usb 5-1: device descriptor read/64, error -71
[  366.707636][  T797] usb usb5-port1: attempt power cycle
[  367.056586][  T797] usb 5-1: new high-speed USB device number 63 using dummy_hcd
[  367.087484][  T797] usb 5-1: device descriptor read/8, error -71
[  367.326682][  T797] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  367.357570][  T797] usb 5-1: device descriptor read/8, error -71
[  367.495349][  T797] usb usb5-port1: unable to enumerate USB device
[  367.697624][ T5904] usb 2-1: new low-speed USB device number 36 using dummy_hcd
[  367.856493][ T5904] usb 2-1: Invalid ep0 maxpacket: 64
[  367.996522][ T5904] usb 2-1: new low-speed USB device number 37 using dummy_hcd
[  368.157028][T10654] fuse: Bad value for 'user_id'
[  368.162059][T10654] fuse: Bad value for 'user_id'
[  368.176446][ T5904] usb 2-1: Invalid ep0 maxpacket: 64
[  368.182625][ T5904] usb usb2-port1: attempt power cycle
[  368.471731][T10661] fuse: Bad value for 'fd'
[  368.574343][T10660] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 232
[  368.726522][ T5904] usb 2-1: new low-speed USB device number 38 using dummy_hcd
[  368.770775][ T5904] usb 2-1: Invalid ep0 maxpacket: 64
[  368.801596][ T5913] usb 1-1: USB disconnect, device number 37
[  368.902189][ T5896] udevd[5896]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  368.926488][ T5904] usb 2-1: new low-speed USB device number 39 using dummy_hcd
[  369.160144][ T5904] usb 2-1: Invalid ep0 maxpacket: 64
[  369.165994][ T5904] usb usb2-port1: unable to enumerate USB device
[  369.196545][   T44] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  369.262030][T10704] syzkaller1: entered promiscuous mode
[  369.267987][T10704] syzkaller1: entered allmulticast mode
[  369.361653][   T44] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  369.369959][   T44] usb 5-1: config 0 has no interface number 0
[  369.376110][   T44] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  369.416638][   T44] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  369.436475][   T44] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  369.463611][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.488068][T10711] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1158'.
[  369.498256][   T44] usb 5-1: config 0 descriptor??
[  369.523912][T10711] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1158'.
[  369.610073][T10326] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  369.619232][T10326] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  369.628504][T10326] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  369.638608][T10326] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  369.906678][ T5915] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  369.946283][   T44] input: HID 04d9:a055 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:04D9:A055.000A/input/input22
[  370.078336][ T5915] usb 4-1: Using ep0 maxpacket: 32
[  370.095114][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.107618][ T5915] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.118869][   T44] holtek_kbd 0003:04D9:A055.000A: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.4-1/input1
[  370.164294][ T5915] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  370.177755][ T5915] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.196200][ T5915] usb 4-1: config 0 descriptor??
[  370.230735][   T44] usb 5-1: USB disconnect, device number 65
[  370.330996][T10745] fido_id[10745]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  370.650892][ T5915] ft260 0003:0403:6030.000B: unknown main item tag 0x0
[  370.667187][T10789] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1164'.
[  370.688193][ T5915] ft260 0003:0403:6030.000B: unknown main item tag 0x0
[  370.734447][T10786] batadv1: entered promiscuous mode
[  370.755776][T10792] : entered promiscuous mode
[  370.796590][   T44] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  370.842148][ T5915] ft260 0003:0403:6030.000B: chip code: 6424 8183
[  370.999965][   T44] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  371.017937][ T5904] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  371.025928][   T44] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  371.025957][   T44] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  371.026042][   T44] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  371.042044][   T44] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  371.065414][ T5915] ft260 0003:0403:6030.000B: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[  371.100493][   T44] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  371.242125][   T44] usb 5-1: Product: syz
[  371.246543][   T44] usb 5-1: Manufacturer: syz
[  371.252627][ T5904] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  371.296453][ T5904] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 171, changing to 11
[  371.318097][ T5904] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  371.359486][   T44] cdc_wdm 5-1:1.0: skipping garbage
[  371.377893][   T44] cdc_wdm 5-1:1.0: skipping garbage
[  371.383325][   T44] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  371.473753][ T5915] ft260 0003:0403:6030.000B: failed to retrieve status: -71
[  371.488894][ T5915] ft260 0003:0403:6030.000B: failed to reset I2C controller: -71
[  371.492579][ T5904] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  371.592118][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.652073][ T5915] usb 4-1: USB disconnect, device number 61
[  371.730126][T10792] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  371.770718][   T44] usb 5-1: USB disconnect, device number 66
[  372.280394][  T797] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  372.446502][  T797] usb 6-1: Using ep0 maxpacket: 16
[  372.467535][  T797] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  372.497964][  T797] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  372.521954][  T797] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  372.537733][  T797] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  372.548579][  T797] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  372.646074][  T797] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  372.646104][  T797] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  372.646124][  T797] usb 6-1: Manufacturer: syz
[  372.666850][  T797] usb 6-1: config 0 descriptor??
[  372.667150][ T5875] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  372.749701][ T5904] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  372.753024][ T5904] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input23
[  372.818218][ T5904] usb 2-1: USB disconnect, device number 40
[  372.818316][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  372.829878][ T5875] usb 4-1: Using ep0 maxpacket: 32
[  372.839726][ T5875] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[  372.839758][ T5875] usb 4-1: config 0 has no interface number 0
[  372.839825][ T5875] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  372.839853][ T5875] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  372.839879][ T5875] usb 4-1: config 0 interface 126 has no altsetting 0
[  372.888581][T10846] sg_write: data in/out 183286/8 bytes for SCSI command 0x0-- guessing data in;
[  372.888581][T10846]    program syz.5.1170 not setting count and/or reply_len properly
[  372.976879][ T5875] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  372.976912][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.976935][ T5875] usb 4-1: Product: syz
[  372.976951][ T5875] usb 4-1: Manufacturer: syz
[  372.976968][ T5875] usb 4-1: SerialNumber: syz
[  372.980351][ T5875] usb 4-1: config 0 descriptor??
[  372.981488][T10861] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  372.981636][T10861] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  373.218729][T10866] usb usb8: usbfs: process 10866 (syz.4.1174) did not claim interface 0 before use
[  373.491402][ T5875] ir_usb 4-1:0.126: IR Dongle converter detected
[  373.501957][T10866] xt_connbytes: Forcing CT accounting to be enabled
[  373.509273][T10866] SET target dimension over the limit!
[  373.590181][T10893] netlink: 'syz.5.1170': attribute type 10 has an invalid length.
[  373.599648][T10893] batman_adv: batadv0: Adding interface: netdevsim0
[  373.606335][T10893] batman_adv: batadv0: The MTU of interface netdevsim0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  373.657417][  T797] rc_core: IR keymap rc-hauppauge not found
[  373.664286][  T797] Registered IR keymap rc-empty
[  373.695354][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  373.700509][T10893] batman_adv: batadv0: Interface activated: netdevsim0
[  373.704619][ T5875] usb 4-1: IR Dongle converter now attached to ttyUSB0
[  373.721688][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  373.721704][   T30] audit: type=1326 audit(1769687377.156:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10845 comm="syz.5.1170" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa47999aeb9 code=0x0
[  373.759855][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  373.794108][  T797] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  373.845565][  T797] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input24
[  373.887981][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  373.934923][T10861] netlink: 'syz.3.1173': attribute type 21 has an invalid length.
[  373.947097][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  373.975597][T10861] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1173'.
[  374.014793][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.087554][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.119677][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.158259][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.196544][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.215645][T10912] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  374.246633][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.290683][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.416950][  T797] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  374.460457][  T797] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  374.474583][  T797] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  375.494850][ T5915] usb 4-1: USB disconnect, device number 62
[  375.538901][ T5915] ir-usb ttyUSB0: IR Dongle converter now disconnected from ttyUSB0
[  375.617245][ T5915] ir_usb 4-1:0.126: device disconnected
[  375.674666][ T5875] usb 6-1: USB disconnect, device number 5
[  376.109731][   T44] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  376.193554][T10978] FAULT_INJECTION: forcing a failure.
[  376.193554][T10978] name failslab, interval 1, probability 0, space 0, times 0
[  376.267444][T10978] CPU: 1 UID: 0 PID: 10978 Comm: syz.3.1186 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  376.267478][T10978] Tainted: [L]=SOFTLOCKUP
[  376.267486][T10978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  376.267499][T10978] Call Trace:
[  376.267507][T10978]  <TASK>
[  376.267516][T10978]  dump_stack_lvl+0xe8/0x150
[  376.267548][T10978]  should_fail_ex+0x412/0x560
[  376.267579][T10978]  should_failslab+0xa8/0x100
[  376.267604][T10978]  __kmalloc_cache_noprof+0x83/0x6e0
[  376.267624][T10978]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  376.267646][T10978]  ? sctp_add_bind_addr+0x8c/0x370
[  376.267671][T10978]  sctp_add_bind_addr+0x8c/0x370
[  376.267715][T10978]  sctp_copy_local_addr_list+0x314/0x4f0
[  376.267741][T10978]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  376.267762][T10978]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  376.267793][T10978]  ? sctp_v6_is_any+0x64/0x80
[  376.267815][T10978]  ? sctp_copy_one_addr+0x93/0x360
[  376.267840][T10978]  sctp_bind_addr_copy+0xb3/0x3c0
[  376.267863][T10978]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  376.267897][T10978]  sctp_connect_new_asoc+0x2ff/0x6b0
[  376.267928][T10978]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  376.267962][T10978]  ? __local_bh_enable_ip+0xd0/0x130
[  376.267980][T10978]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  376.268004][T10978]  ? security_sctp_bind_connect+0x7e/0x2c0
[  376.268029][T10978]  sctp_sendmsg+0x1528/0x2c10
[  376.268071][T10978]  ? __pfx_sctp_sendmsg+0x10/0x10
[  376.268094][T10978]  ? aa_sk_perm+0x15a/0x960
[  376.268119][T10978]  ? aa_sk_perm+0x82d/0x960
[  376.268141][T10978]  ? __might_fault+0xaf/0x130
[  376.268178][T10978]  ? __pfx_aa_sk_perm+0x10/0x10
[  376.268205][T10978]  ? sock_rps_record_flow+0x19/0x400
[  376.268237][T10978]  ? inet_sendmsg+0x2f4/0x370
[  376.268270][T10978]  __sys_sendto+0x627/0x7a0
[  376.268298][T10978]  ? __pfx___sys_sendto+0x10/0x10
[  376.268321][T10978]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  376.268359][T10978]  ? __fget_files+0x3a0/0x420
[  376.268394][T10978]  ? ksys_write+0x242/0x270
[  376.268427][T10978]  ? __pfx_ksys_write+0x10/0x10
[  376.268462][T10978]  __x64_sys_sendto+0xde/0x100
[  376.268491][T10978]  do_syscall_64+0xe2/0xf80
[  376.268513][T10978]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.268532][T10978]  ? trace_irq_disable+0x37/0x100
[  376.268553][T10978]  ? clear_bhb_loop+0x60/0xb0
[  376.268578][T10978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  376.268599][T10978] RIP: 0033:0x7f5758f9aeb9
[  376.268617][T10978] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  376.268637][T10978] RSP: 002b:00007f5759d74028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  376.268658][T10978] RAX: ffffffffffffffda RBX: 00007f5759215fa0 RCX: 00007f5758f9aeb9
[  376.268673][T10978] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  376.268686][T10978] RBP: 00007f5759d74090 R08: 000020000005ffe4 R09: 000000000000001c
[  376.268700][T10978] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  376.268712][T10978] R13: 00007f5759216038 R14: 00007f5759215fa0 R15: 00007f575933fa48
[  376.268747][T10978]  </TASK>
[  376.876512][   T44] usb 2-1: Using ep0 maxpacket: 16
[  376.889501][   T44] usb 2-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  376.898777][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.916739][   T44] usb 2-1: Product: syz
[  376.921018][   T44] usb 2-1: Manufacturer: syz
[  376.925642][   T44] usb 2-1: SerialNumber: syz
[  377.259213][T10984] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1187'.
[  377.287172][T10962] program syz.1.1184 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  377.329353][   T44] usb 2-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  377.338836][T10984] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1187'.
[  377.498996][   T44] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  377.583252][   T44] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  377.608722][   T44] usb 2-1: media controller created
[  377.661825][   T44] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  377.739021][   T44] zl10353_read_register: readreg error (reg=127, ret==-71)
[  377.930491][   T44] dvb_usb_gl861 2-1:157.0: probe with driver dvb_usb_gl861 failed with error -5
[  377.988704][   T44] usb 2-1: USB disconnect, device number 41
[  378.236273][T11048] FAULT_INJECTION: forcing a failure.
[  378.236273][T11048] name failslab, interval 1, probability 0, space 0, times 0
[  378.281302][T11048] CPU: 0 UID: 0 PID: 11048 Comm: syz.3.1198 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  378.281334][T11048] Tainted: [L]=SOFTLOCKUP
[  378.281342][T11048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  378.281354][T11048] Call Trace:
[  378.281361][T11048]  <TASK>
[  378.281369][T11048]  dump_stack_lvl+0xe8/0x150
[  378.281411][T11048]  should_fail_ex+0x412/0x560
[  378.281440][T11048]  should_failslab+0xa8/0x100
[  378.281466][T11048]  __kmalloc_cache_noprof+0x83/0x6e0
[  378.281485][T11048]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  378.281506][T11048]  ? sctp_add_bind_addr+0x8c/0x370
[  378.281550][T11048]  sctp_add_bind_addr+0x8c/0x370
[  378.281576][T11048]  sctp_copy_local_addr_list+0x314/0x4f0
[  378.281601][T11048]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  378.281623][T11048]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  378.281647][T11048]  ? sctp_v6_is_any+0x64/0x80
[  378.281670][T11048]  ? sctp_copy_one_addr+0x93/0x360
[  378.281695][T11048]  sctp_bind_addr_copy+0xb3/0x3c0
[  378.281718][T11048]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  378.281753][T11048]  sctp_connect_new_asoc+0x2ff/0x6b0
[  378.281783][T11048]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  378.281818][T11048]  ? __local_bh_enable_ip+0xd0/0x130
[  378.281835][T11048]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  378.281860][T11048]  ? security_sctp_bind_connect+0x7e/0x2c0
[  378.281885][T11048]  sctp_sendmsg+0x1528/0x2c10
[  378.281928][T11048]  ? __pfx_sctp_sendmsg+0x10/0x10
[  378.281952][T11048]  ? aa_sk_perm+0x15a/0x960
[  378.281977][T11048]  ? aa_sk_perm+0x82d/0x960
[  378.281999][T11048]  ? __might_fault+0xaf/0x130
[  378.282036][T11048]  ? __pfx_aa_sk_perm+0x10/0x10
[  378.282063][T11048]  ? sock_rps_record_flow+0x19/0x400
[  378.282096][T11048]  ? inet_sendmsg+0x2f4/0x370
[  378.282127][T11048]  __sys_sendto+0x627/0x7a0
[  378.282156][T11048]  ? __pfx___sys_sendto+0x10/0x10
[  378.282178][T11048]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  378.282216][T11048]  ? __fget_files+0x3a0/0x420
[  378.282251][T11048]  ? ksys_write+0x242/0x270
[  378.282284][T11048]  ? __pfx_ksys_write+0x10/0x10
[  378.282320][T11048]  __x64_sys_sendto+0xde/0x100
[  378.282349][T11048]  do_syscall_64+0xe2/0xf80
[  378.282371][T11048]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.282397][T11048]  ? trace_irq_disable+0x37/0x100
[  378.282417][T11048]  ? clear_bhb_loop+0x60/0xb0
[  378.282442][T11048]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  378.282463][T11048] RIP: 0033:0x7f5758f9aeb9
[  378.282482][T11048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  378.282500][T11048] RSP: 002b:00007f5759d74028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  378.282522][T11048] RAX: ffffffffffffffda RBX: 00007f5759215fa0 RCX: 00007f5758f9aeb9
[  378.282537][T11048] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  378.282551][T11048] RBP: 00007f5759d74090 R08: 000020000005ffe4 R09: 000000000000001c
[  378.282565][T11048] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  378.282578][T11048] R13: 00007f5759216038 R14: 00007f5759215fa0 R15: 00007f575933fa48
[  378.282612][T11048]  </TASK>
[  378.884030][T11057] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1197'.
[  378.946658][   T44] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  379.161582][   T44] usb 1-1: Using ep0 maxpacket: 8
[  379.435161][T11077] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  379.480932][   T44] usb 1-1: unable to get BOS descriptor or descriptor too short
[  379.502027][   T44] usb 1-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf
[  379.513323][   T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.538944][   T44] usb 1-1: Product: syz
[  379.927409][   T44] usb 1-1: Manufacturer: syz
[  379.939959][   T44] usb 1-1: SerialNumber: syz
[  379.978928][ T1342] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  380.180900][   T44] usb 1-1: selecting invalid altsetting 1
[  380.204069][   T44] catc 1-1:8.0: Can't set altsetting 1.
[  380.227609][   T44] catc 1-1:8.0: probe with driver catc failed with error -5
[  380.277269][   T44] usb 1-1: USB disconnect, device number 38
[  381.086872][   T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  381.247422][   T10] usb 6-1: device descriptor read/64, error -71
[  381.489792][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  381.545073][T11126] FAULT_INJECTION: forcing a failure.
[  381.545073][T11126] name failslab, interval 1, probability 0, space 0, times 0
[  381.558558][T11126] CPU: 1 UID: 0 PID: 11126 Comm: syz.0.1212 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  381.558591][T11126] Tainted: [L]=SOFTLOCKUP
[  381.558600][T11126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  381.558612][T11126] Call Trace:
[  381.558620][T11126]  <TASK>
[  381.558628][T11126]  dump_stack_lvl+0xe8/0x150
[  381.558659][T11126]  should_fail_ex+0x412/0x560
[  381.558689][T11126]  should_failslab+0xa8/0x100
[  381.558714][T11126]  __kmalloc_cache_noprof+0x83/0x6e0
[  381.558732][T11126]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  381.558755][T11126]  ? sctp_add_bind_addr+0x8c/0x370
[  381.558780][T11126]  sctp_add_bind_addr+0x8c/0x370
[  381.558804][T11126]  sctp_copy_local_addr_list+0x314/0x4f0
[  381.558829][T11126]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  381.558851][T11126]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  381.558873][T11126]  ? sctp_v6_is_any+0x64/0x80
[  381.558896][T11126]  ? sctp_copy_one_addr+0x93/0x360
[  381.558920][T11126]  sctp_bind_addr_copy+0xb3/0x3c0
[  381.558941][T11126]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  381.558975][T11126]  sctp_connect_new_asoc+0x2ff/0x6b0
[  381.559004][T11126]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  381.559037][T11126]  ? __local_bh_enable_ip+0xd0/0x130
[  381.559059][T11126]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  381.559083][T11126]  ? security_sctp_bind_connect+0x7e/0x2c0
[  381.559119][T11126]  sctp_sendmsg+0x1528/0x2c10
[  381.559156][T11126]  ? __pfx_sctp_sendmsg+0x10/0x10
[  381.559186][T11126]  ? aa_sk_perm+0x15a/0x960
[  381.559210][T11126]  ? aa_sk_perm+0x82d/0x960
[  381.559231][T11126]  ? __might_fault+0xaf/0x130
[  381.559266][T11126]  ? __pfx_aa_sk_perm+0x10/0x10
[  381.559292][T11126]  ? sock_rps_record_flow+0x19/0x400
[  381.559322][T11126]  ? inet_sendmsg+0x2f4/0x370
[  381.559352][T11126]  __sys_sendto+0x627/0x7a0
[  381.559380][T11126]  ? __pfx___sys_sendto+0x10/0x10
[  381.559401][T11126]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  381.559435][T11126]  ? __fget_files+0x3a0/0x420
[  381.559467][T11126]  ? ksys_write+0x242/0x270
[  381.559498][T11126]  ? __pfx_ksys_write+0x10/0x10
[  381.559533][T11126]  __x64_sys_sendto+0xde/0x100
[  381.559561][T11126]  do_syscall_64+0xe2/0xf80
[  381.559582][T11126]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.559601][T11126]  ? trace_irq_disable+0x37/0x100
[  381.559619][T11126]  ? clear_bhb_loop+0x60/0xb0
[  381.559642][T11126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.559660][T11126] RIP: 0033:0x7f9c3e59aeb9
[  381.559678][T11126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  381.559694][T11126] RSP: 002b:00007f9c3f3d1028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  381.559716][T11126] RAX: ffffffffffffffda RBX: 00007f9c3e815fa0 RCX: 00007f9c3e59aeb9
[  381.559729][T11126] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  381.559742][T11126] RBP: 00007f9c3f3d1090 R08: 000020000005ffe4 R09: 000000000000001c
[  381.559756][T11126] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  381.559767][T11126] R13: 00007f9c3e816038 R14: 00007f9c3e815fa0 R15: 00007f9c3e93fa48
[  381.559800][T11126]  </TASK>
[  381.875053][  T797] usb 2-1: new low-speed USB device number 42 using dummy_hcd
[  381.885264][   T10] usb 6-1: device descriptor read/64, error -71
[  381.996773][   T10] usb usb6-port1: attempt power cycle
[  382.086648][  T797] usb 2-1: Invalid ep0 maxpacket: 64
[  382.228678][  T797] usb 2-1: new low-speed USB device number 43 using dummy_hcd
[  382.347129][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  382.357627][ T5875] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  382.386534][  T797] usb 2-1: Invalid ep0 maxpacket: 64
[  382.392322][  T797] usb usb2-port1: attempt power cycle
[  382.400646][   T10] usb 6-1: device descriptor read/8, error -71
[  382.508069][ T5875] usb 1-1: device descriptor read/64, error -71
[  382.649222][   T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  382.677810][   T10] usb 6-1: device descriptor read/8, error -71
[  382.736464][  T797] usb 2-1: new low-speed USB device number 44 using dummy_hcd
[  382.748707][ T5875] usb 1-1: new full-speed USB device number 40 using dummy_hcd
[  382.779188][  T797] usb 2-1: Invalid ep0 maxpacket: 64
[  382.796863][   T10] usb usb6-port1: unable to enumerate USB device
[  382.906489][ T5875] usb 1-1: device descriptor read/64, error -71
[  382.912852][  T797] usb 2-1: new low-speed USB device number 45 using dummy_hcd
[  382.937414][  T797] usb 2-1: Invalid ep0 maxpacket: 64
[  382.943102][  T797] usb usb2-port1: unable to enumerate USB device
[  383.030317][ T5875] usb usb1-port1: attempt power cycle
[  383.216586][ T5915] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[  383.368250][ T5915] usb 5-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  383.379969][ T5915] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  383.391665][ T5915] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  383.396647][ T5875] usb 1-1: new full-speed USB device number 41 using dummy_hcd
[  383.403611][ T5915] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  383.419558][ T5915] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.430759][T11144] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22
[  383.443264][ T5875] usb 1-1: device descriptor read/8, error -71
[  383.699551][ T5875] usb 1-1: new full-speed USB device number 42 using dummy_hcd
[  383.727473][ T5875] usb 1-1: device descriptor read/8, error -71
[  383.820517][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  383.829285][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  383.838410][ T5875] usb usb1-port1: unable to enumerate USB device
[  383.895085][T11151] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  383.905352][T11151] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  383.989409][T11151] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  384.005468][T11151] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  384.025344][T11151] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  384.038616][T11151] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  384.067784][T11151] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  384.078739][T11151] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  384.095327][T11151] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  384.113006][T11151] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  384.129122][T11151] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  384.256854][ T5915] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  384.265709][ T5915] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input26
[  384.322132][ T5915] usb 5-1: USB disconnect, device number 67
[  384.328403][    C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  384.405021][T11186] FAULT_INJECTION: forcing a failure.
[  384.405021][T11186] name failslab, interval 1, probability 0, space 0, times 0
[  384.446773][T11186] CPU: 0 UID: 0 PID: 11186 Comm: syz.3.1223 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  384.446807][T11186] Tainted: [L]=SOFTLOCKUP
[  384.446814][T11186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  384.446826][T11186] Call Trace:
[  384.446835][T11186]  <TASK>
[  384.446844][T11186]  dump_stack_lvl+0xe8/0x150
[  384.446877][T11186]  should_fail_ex+0x412/0x560
[  384.446907][T11186]  should_failslab+0xa8/0x100
[  384.446934][T11186]  __kmalloc_cache_noprof+0x83/0x6e0
[  384.446953][T11186]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  384.446976][T11186]  ? sctp_add_bind_addr+0x8c/0x370
[  384.447001][T11186]  sctp_add_bind_addr+0x8c/0x370
[  384.447027][T11186]  sctp_copy_local_addr_list+0x314/0x4f0
[  384.447051][T11186]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  384.447079][T11186]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  384.447103][T11186]  ? sctp_v6_is_any+0x64/0x80
[  384.447133][T11186]  ? sctp_copy_one_addr+0x93/0x360
[  384.447157][T11186]  sctp_bind_addr_copy+0xb3/0x3c0
[  384.447180][T11186]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  384.447213][T11186]  sctp_connect_new_asoc+0x2ff/0x6b0
[  384.447243][T11186]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  384.447276][T11186]  ? __local_bh_enable_ip+0xd0/0x130
[  384.447294][T11186]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  384.447317][T11186]  ? security_sctp_bind_connect+0x7e/0x2c0
[  384.447342][T11186]  sctp_sendmsg+0x1528/0x2c10
[  384.447383][T11186]  ? __pfx_sctp_sendmsg+0x10/0x10
[  384.447406][T11186]  ? aa_sk_perm+0x15a/0x960
[  384.447432][T11186]  ? aa_sk_perm+0x82d/0x960
[  384.447453][T11186]  ? __might_fault+0xaf/0x130
[  384.447490][T11186]  ? __pfx_aa_sk_perm+0x10/0x10
[  384.447517][T11186]  ? sock_rps_record_flow+0x19/0x400
[  384.447550][T11186]  ? inet_sendmsg+0x2f4/0x370
[  384.447581][T11186]  __sys_sendto+0x627/0x7a0
[  384.447610][T11186]  ? __pfx___sys_sendto+0x10/0x10
[  384.447631][T11186]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  384.447669][T11186]  ? __fget_files+0x3a0/0x420
[  384.447702][T11186]  ? ksys_write+0x242/0x270
[  384.447734][T11186]  ? __pfx_ksys_write+0x10/0x10
[  384.447769][T11186]  __x64_sys_sendto+0xde/0x100
[  384.447796][T11186]  do_syscall_64+0xe2/0xf80
[  384.447813][T11186]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.447829][T11186]  ? trace_irq_disable+0x37/0x100
[  384.447849][T11186]  ? clear_bhb_loop+0x60/0xb0
[  384.447870][T11186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.447886][T11186] RIP: 0033:0x7f5758f9aeb9
[  384.447902][T11186] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  384.447916][T11186] RSP: 002b:00007f5759d74028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  384.447935][T11186] RAX: ffffffffffffffda RBX: 00007f5759215fa0 RCX: 00007f5758f9aeb9
[  384.447947][T11186] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  384.447958][T11186] RBP: 00007f5759d74090 R08: 000020000005ffe4 R09: 000000000000001c
[  384.447969][T11186] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  384.447979][T11186] R13: 00007f5759216038 R14: 00007f5759215fa0 R15: 00007f575933fa48
[  384.448005][T11186]  </TASK>
[  385.181232][T11195] xt_CT: No such helper "pptp"
[  385.187491][ T5826] Bluetooth: hci0: command 0x0406 tx timeout
[  385.236472][ T5875] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  385.408254][ T5875] usb 2-1: Using ep0 maxpacket: 32
[  385.480031][ T5875] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  385.506453][ T5875] usb 2-1: config 0 has no interface number 0
[  385.515977][ T5875] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  385.540038][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.557026][ T5875] usb 2-1: Product: syz
[  385.567882][ T5875] usb 2-1: Manufacturer: syz
[  385.572648][ T5875] usb 2-1: SerialNumber: syz
[  385.595204][ T5875] usb 2-1: config 0 descriptor??
[  385.613573][ T5875] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  385.642943][ T5875] usb 2-1: selecting invalid altsetting 1
[  385.679586][ T5875] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  385.716921][ T5875] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  385.757939][ T5875] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  385.786521][ T5875] usb 2-1: media controller created
[  385.980584][ T5875] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  386.061470][ T5826] Bluetooth: hci2: command 0x0406 tx timeout
[  386.067781][ T5826] Bluetooth: hci1: command 0x0406 tx timeout
[  386.148737][ T5823] Bluetooth: hci4: command 0x0406 tx timeout
[  386.155229][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[  386.951468][  T797] usb 4-1: new full-speed USB device number 63 using dummy_hcd
[  386.993248][T11261] loop7: detected capacity change from 0 to 16384
[  387.088347][T11261] loop7: detected capacity change from 16384 to 0
[  387.128773][  T797] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  387.160623][  T797] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  387.178624][ T5875] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-110
[  387.186683][ T5875] zl10353_read_register: readreg error (reg=127, ret==-110)
[  387.194382][  T797] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  387.256808][ T5826] Bluetooth: hci0: command 0x0406 tx timeout
[  387.267729][  T797] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.514392][  T797] usb 4-1: usb_control_msg returned -32
[  387.523349][  T797] usbtmc 4-1:16.0: can't read capabilities
[  387.975304][T11287] FAULT_INJECTION: forcing a failure.
[  387.975304][T11287] name failslab, interval 1, probability 0, space 0, times 0
[  387.989026][T11287] CPU: 0 UID: 0 PID: 11287 Comm: syz.4.1235 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  387.989051][T11287] Tainted: [L]=SOFTLOCKUP
[  387.989056][T11287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  387.989065][T11287] Call Trace:
[  387.989087][T11287]  <TASK>
[  387.989096][T11287]  dump_stack_lvl+0xe8/0x150
[  387.989140][T11287]  should_fail_ex+0x412/0x560
[  387.989169][T11287]  should_failslab+0xa8/0x100
[  387.989194][T11287]  __kmalloc_cache_noprof+0x83/0x6e0
[  387.989208][T11287]  ? __sctp_v6_cmp_addr+0x1e6/0x510
[  387.989224][T11287]  ? sctp_add_bind_addr+0x8c/0x370
[  387.989242][T11287]  sctp_add_bind_addr+0x8c/0x370
[  387.989259][T11287]  sctp_copy_local_addr_list+0x314/0x4f0
[  387.989276][T11287]  ? sctp_copy_local_addr_list+0xa4/0x4f0
[  387.989290][T11287]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  387.989306][T11287]  ? sctp_v6_is_any+0x64/0x80
[  387.989321][T11287]  ? sctp_copy_one_addr+0x93/0x360
[  387.989338][T11287]  sctp_bind_addr_copy+0xb3/0x3c0
[  387.989352][T11287]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[  387.989376][T11287]  sctp_connect_new_asoc+0x2ff/0x6b0
[  387.989396][T11287]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  387.989419][T11287]  ? __local_bh_enable_ip+0xd0/0x130
[  387.989431][T11287]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  387.989447][T11287]  ? security_sctp_bind_connect+0x7e/0x2c0
[  387.989464][T11287]  sctp_sendmsg+0x1528/0x2c10
[  387.989491][T11287]  ? __pfx_sctp_sendmsg+0x10/0x10
[  387.989507][T11287]  ? aa_sk_perm+0x15a/0x960
[  387.989524][T11287]  ? aa_sk_perm+0x82d/0x960
[  387.989538][T11287]  ? __might_fault+0xaf/0x130
[  387.989575][T11287]  ? __pfx_aa_sk_perm+0x10/0x10
[  387.989614][T11287]  ? sock_rps_record_flow+0x19/0x400
[  387.989636][T11287]  ? inet_sendmsg+0x2f4/0x370
[  387.989658][T11287]  __sys_sendto+0x627/0x7a0
[  387.989677][T11287]  ? __pfx___sys_sendto+0x10/0x10
[  387.989692][T11287]  ? __mutex_unlock_slowpath+0x1bd/0x7d0
[  387.989717][T11287]  ? __fget_files+0x3a0/0x420
[  387.989740][T11287]  ? ksys_write+0x242/0x270
[  387.989762][T11287]  ? __pfx_ksys_write+0x10/0x10
[  387.989785][T11287]  __x64_sys_sendto+0xde/0x100
[  387.989804][T11287]  do_syscall_64+0xe2/0xf80
[  387.989819][T11287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.989832][T11287]  ? trace_irq_disable+0x37/0x100
[  387.989848][T11287]  ? clear_bhb_loop+0x60/0xb0
[  387.989865][T11287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.989879][T11287] RIP: 0033:0x7f2f27f9aeb9
[  387.989892][T11287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  387.989905][T11287] RSP: 002b:00007f2f28d89028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  387.989920][T11287] RAX: ffffffffffffffda RBX: 00007f2f28215fa0 RCX: 00007f2f27f9aeb9
[  387.989932][T11287] RDX: 0000000000034000 RSI: 0000200000847fff RDI: 0000000000000004
[  387.989941][T11287] RBP: 00007f2f28d89090 R08: 000020000005ffe4 R09: 000000000000001c
[  387.989951][T11287] R10: 00000000000000e0 R11: 0000000000000246 R12: 0000000000000002
[  387.989959][T11287] R13: 00007f2f28216038 R14: 00007f2f28215fa0 R15: 00007f2f2833fa48
[  387.989982][T11287]  </TASK>
[  388.351126][ T5826] Bluetooth: hci1: command 0x0406 tx timeout
[  388.353108][ T5823] Bluetooth: hci2: command 0x0406 tx timeout
[  388.357474][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[  388.363296][ T5823] Bluetooth: hci4: command 0x0406 tx timeout
[  388.437257][   T44] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  388.490812][T11299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1233'.
[  388.505155][T11299] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1233'.
[  388.658918][ T5875] usb 2-1: USB disconnect, device number 46
[  388.729529][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  388.744229][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.771370][   T44] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  388.806270][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.933416][   T44] usb 6-1: config 0 descriptor??
[  388.946488][   T24] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  389.040567][ T5875] usb 4-1: USB disconnect, device number 63
[  389.076524][   T24] usb 5-1: device descriptor read/64, error -71
[  389.172182][   T44] usbhid 6-1:0.0: can't add hid device: -71
[  389.179124][   T44] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  389.207995][   T44] usb 6-1: USB disconnect, device number 10
[  389.334587][   T24] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  389.496611][   T24] usb 5-1: device descriptor read/64, error -71
[  389.537311][   T44] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  389.606739][   T24] usb usb5-port1: attempt power cycle
[  389.708290][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  389.719938][   T44] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  389.729872][   T44] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  389.747030][   T44] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  389.758868][   T44] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.773110][   T44] usb 6-1: config 0 descriptor??
[  389.865321][T11368] program syz.1.1244 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  389.946645][   T24] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  389.967712][ T5913] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  389.977476][   T24] usb 5-1: device descriptor read/8, error -71
[  390.008788][   T44] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  390.126880][ T5913] usb 4-1: Using ep0 maxpacket: 32
[  390.136715][ T5888] usb 1-1: new full-speed USB device number 43 using dummy_hcd
[  390.155162][ T5913] usb 4-1: config 0 has an invalid interface number: 196 but max is 0
[  390.167094][ T5913] usb 4-1: config 0 has no interface number 0
[  390.173335][ T5913] usb 4-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  390.183685][ T5913] usb 4-1: config 0 interface 196 has no altsetting 0
[  390.192686][ T5913] usb 4-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  390.203746][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.212811][ T5913] usb 4-1: Product: syz
[  390.218023][ T5913] usb 4-1: Manufacturer: syz
[  390.223738][ T5913] usb 4-1: SerialNumber: syz
[  390.228742][   T24] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  390.247617][ T5913] usb 4-1: config 0 descriptor??
[  390.255875][T11354] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  390.258886][   T24] usb 5-1: device descriptor read/8, error -71
[  390.308071][ T5888] usb 1-1: config 0 has an invalid interface number: 8 but max is 0
[  390.316263][ T5888] usb 1-1: config 0 has no interface number 0
[  390.322522][ T5888] usb 1-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[  390.335374][ T5888] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  390.346578][ T5888] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  390.361129][ T5888] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  390.370623][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  390.379987][ T5828] Bluetooth: hci3: command 0x0c1a tx timeout
[  390.380645][ T5888] usb 1-1: Product: syz
[  390.390533][ T5888] usb 1-1: SerialNumber: syz
[  390.395381][   T24] usb usb5-port1: unable to enumerate USB device
[  390.410260][ T5888] usb 1-1: config 0 descriptor??
[  390.424759][ T5888] cm109 1-1:0.8: invalid payload size 0, expected 4
[  390.441605][ T5888] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input28
[  390.595549][   T10] usb 6-1: USB disconnect, device number 11
[  390.683785][ T5913] ipheth 4-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[  390.732376][ T5913] ipheth 4-1:0.196: probe with driver ipheth failed with error -71
[  390.777442][T11372] 8021q: adding VLAN 0 to HW filter on device bond2
[  390.787965][T11372] team0: Port device bond2 added
[  390.801142][    C1] cm109 1-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  390.815155][ T5913] usb 4-1: USB disconnect, device number 64
[  391.056222][T11431] netlink: 'syz.0.1245': attribute type 2 has an invalid length.
[  391.066482][T11431] : entered promiscuous mode
[  391.144530][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  391.154229][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  391.161444][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  391.168682][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  391.176123][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  391.183318][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  391.190428][  T797] usb 1-1: USB disconnect, device number 43
[  391.190503][    C0] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71
[  391.203375][    C0] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  391.232433][  T797] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  391.542542][T11494] Cannot find del_set index 2 as target
[  391.556726][   T10] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  391.706450][   T10] usb 2-1: device descriptor read/64, error -71
[  391.839375][T11500] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  391.915031][T11501] random: crng reseeded on system resumption
[  391.957701][   T10] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  392.106458][   T10] usb 2-1: device descriptor read/64, error -71
[  392.226930][   T10] usb usb2-port1: attempt power cycle
[  392.490750][T11504] netlink: 'syz.5.1255': attribute type 1 has an invalid length.
[  392.566558][   T10] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  392.597059][   T10] usb 2-1: device descriptor read/8, error -71
[  392.665765][T11509] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  392.708436][T11509] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  392.755667][T11509] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  392.876511][   T10] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  392.919544][   T10] usb 2-1: device descriptor read/8, error -71
[  393.046761][   T10] usb usb2-port1: unable to enumerate USB device
[  394.643567][T11542] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1261'.
[  394.882886][T11547] Cannot find del_set index 2 as target
[  395.116585][ T5913] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  395.287935][ T5913] usb 1-1: Using ep0 maxpacket: 16
[  395.303633][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  395.322556][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.333314][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  395.348810][ T5913] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  395.358926][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.382547][ T5913] usb 1-1: config 0 descriptor??
[  395.512587][T11561] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1267'.
[  395.558136][T11561] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1267'.
[  395.614680][T11562] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  395.939620][ T5888] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  396.119374][ T5888] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  396.160300][ T5888] usb 6-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=70.54
[  396.227377][ T5888] usb 6-1: New USB device strings: Mfr=1, Product=34, SerialNumber=7
[  396.271440][ T5888] usb 6-1: Product: syz
[  396.281312][ T5888] usb 6-1: Manufacturer: syz
[  396.289353][ T5888] usb 6-1: SerialNumber: syz
[  396.321773][ T5888] usb 6-1: config 0 descriptor??
[  396.438763][ T5888] gspca_main: conex-2.14.0 probing 0572:0041
[  397.143582][ T5888] usb 6-1: USB disconnect, device number 12
[  398.673569][ T5913] usbhid 1-1:0.0: can't add hid device: -71
[  398.716557][ T5913] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  398.740261][ T5913] usb 1-1: USB disconnect, device number 44
[  399.184295][T11637] Cannot find del_set index 2 as target
[  399.916486][ T5913] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  400.074847][ T5913] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  400.085746][ T5913] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.109500][ T5913] usb 1-1: config 0 descriptor??
[  400.118345][ T5913] cp210x 1-1:0.0: cp210x converter detected
[  400.363257][ T5913] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -71
[  400.389379][ T5888] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  400.415933][ T5913] cp210x 1-1:0.0: failed to get vendor val 0x3711 size 2: -71
[  400.425985][ T5913] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  400.485053][ T5913] usb 1-1: cp210x converter now attached to ttyUSB0
[  400.523434][ T5913] usb 1-1: USB disconnect, device number 45
[  400.544989][ T5913] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  400.571501][ T5888] usb 2-1: Using ep0 maxpacket: 8
[  400.583339][ T5888] usb 2-1: config 6 has an invalid interface number: 2 but max is 0
[  400.599658][ T5888] usb 2-1: config 6 has no interface number 0
[  400.620752][ T5888] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  400.646873][ T5913] cp210x 1-1:0.0: device disconnected
[  400.676527][ T5888] usb 2-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  400.709368][   T10] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  400.766539][ T5888] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  400.800748][ T5888] usb 2-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  400.828343][   T10] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  400.846469][ T5875] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  400.870491][ T5888] usb 2-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  400.925848][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.954417][ T5888] usb 2-1: Product: syz
[  400.969485][ T5888] usb 2-1: Manufacturer: syz
[  400.986467][ T5888] usb 2-1: SerialNumber: syz
[  401.018842][ T5875] usb 5-1: Using ep0 maxpacket: 16
[  401.037824][ T5888] hso 2-1:6.2: Failed to find BULK IN ep
[  401.058518][ T5875] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  401.076447][ T5875] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.110022][ T5875] usb 5-1: Product: syz
[  401.114251][ T5875] usb 5-1: Manufacturer: syz
[  401.149914][ T5875] usb 5-1: SerialNumber: syz
[  401.192881][T11734] netlink: 64 bytes leftover after parsing attributes in process `syz.5.1289'.
[  401.231015][ T5888] usb 2-1: USB disconnect, device number 51
[  401.385092][ T5875] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  401.447556][ T5875] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  401.926884][T11751] fuse: Bad value for 'fd'
[  402.108684][ T5875] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  402.128198][ T5875] usb 5-1: media controller created
[  402.202064][ T5875] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  402.259426][T11753] ------------[ cut here ]------------
[  402.265225][T11753] usb 5-1: BOGUS control dir, pipe 80004880 doesn't match bRequestType c0
[  402.273802][T11753] WARNING: drivers/usb/core/urb.c:414 at usb_submit_urb+0x1052/0x18b0, CPU#0: syz.5.1291/11753
[  402.284314][T11753] Modules linked in:
[  402.288490][T11753] CPU: 0 UID: 0 PID: 11753 Comm: syz.5.1291 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  402.299497][T11753] Tainted: [L]=SOFTLOCKUP
[  402.303828][T11753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  402.314000][T11753] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  402.319719][T11753] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  402.339693][T11753] RSP: 0018:ffffc9001b3ff708 EFLAGS: 00010246
[  402.345799][T11753] RAX: 0000000000000000 RBX: ffff88814d367500 RCX: 0000000080004880
[  402.354124][T11753] RDX: ffff888141aae9c0 RSI: ffffffff8c5dcc40 RDI: ffffffff8ffc2c70
[  402.362184][T11753] RBP: 1ffff1100f0a1b7c R08: 00000000000000c0 R09: 0000000000000000
[  402.370352][T11753] R10: ffffc9001b3ff800 R11: fffff5200367ff0c R12: ffff888028380100
[  402.378756][T11753] R13: ffff88807850dbe0 R14: 0000000080004880 R15: ffff888141aae9c0
[  402.387128][T11753] FS:  00007fa47a83d6c0(0000) GS:ffff8881256f5000(0000) knlGS:0000000000000000
[  402.396105][T11753] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  402.402818][T11753] CR2: 0000001b31424220 CR3: 0000000034650000 CR4: 00000000003526f0
[  402.410898][T11753] Call Trace:
[  402.414215][T11753]  <TASK>
[  402.417250][T11753]  ? __init_swait_queue_head+0xa9/0x150
[  402.422852][T11753]  usb_start_wait_urb+0x12b/0x510
[  402.427992][T11753]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  402.433633][T11753]  usb_control_msg+0x232/0x3e0
[  402.438715][T11753]  gl861_ctrl_msg+0x207/0x420
[  402.443468][T11753]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[  402.449248][T11753]  ? aa_path_link+0x450/0x10f0
[  402.454079][T11753]  gl861_i2c_master_xfer+0x439/0x6a0
[  402.459803][T11753]  __i2c_transfer+0x79a/0x1ee0
[  402.464775][T11753]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  402.470833][T11753]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  402.476700][T11753]  ? i2c_transfer+0xc8/0x2d0
[  402.481361][T11753]  i2c_transfer+0x1cc/0x2d0
[  402.485894][T11753]  i2c_transfer_buffer_flags+0x10d/0x1a0
[  402.491564][T11753]  ? __lock_acquire+0x6b5/0x2cf0
[  402.496565][T11753]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[  402.502800][T11753]  ? i2cdev_read+0xe8/0x250
[  402.507404][T11753]  i2cdev_read+0x10d/0x250
[  402.511840][T11753]  ? __pfx_i2cdev_read+0x10/0x10
[  402.516870][T11753]  vfs_read+0x20c/0xa70
[  402.521051][T11753]  ? __pfx_vfs_read+0x10/0x10
[  402.525747][T11753]  ? __fget_files+0x2a/0x420
[  402.530375][T11753]  ? __fget_files+0x2a/0x420
[  402.534998][T11753]  ? __fget_files+0x3a0/0x420
[  402.539869][T11753]  ? __fget_files+0x2a/0x420
[  402.544480][T11753]  ksys_read+0x150/0x270
[  402.548916][T11753]  ? __pfx_ksys_read+0x10/0x10
[  402.553708][T11753]  do_syscall_64+0xe2/0xf80
[  402.558252][T11753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.564325][T11753]  ? trace_irq_disable+0x37/0x100
[  402.569393][T11753]  ? clear_bhb_loop+0x60/0xb0
[  402.574088][T11753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.580468][T11753] RIP: 0033:0x7fa47999aeb9
[  402.584909][T11753] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  402.604586][T11753] RSP: 002b:00007fa47a83d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  402.613055][T11753] RAX: ffffffffffffffda RBX: 00007fa479c16090 RCX: 00007fa47999aeb9
[  402.621108][T11753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
[  402.629155][T11753] RBP: 00007fa479a08c1f R08: 0000000000000000 R09: 0000000000000000
[  402.637387][T11753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  402.645729][T11753] R13: 00007fa479c16128 R14: 00007fa479c16090 R15: 00007fa479d3fa48
[  402.653933][T11753]  </TASK>
[  402.657000][T11753] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  402.664307][T11753] CPU: 0 UID: 0 PID: 11753 Comm: syz.5.1291 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  402.675249][T11753] Tainted: [L]=SOFTLOCKUP
[  402.679578][T11753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  402.689634][T11753] Call Trace:
[  402.692925][T11753]  <TASK>
[  402.695856][T11753]  vpanic+0x1e0/0x670
[  402.699865][T11753]  panic+0xc5/0xd0
[  402.703613][T11753]  ? __pfx_panic+0x10/0x10
[  402.708065][T11753]  __warn+0x315/0x4a0
[  402.712069][T11753]  ? usb_submit_urb+0x1052/0x18b0
[  402.717108][T11753]  ? usb_submit_urb+0x1052/0x18b0
[  402.722146][T11753]  __report_bug+0x29a/0x540
[  402.726672][T11753]  ? usb_submit_urb+0x1052/0x18b0
[  402.731721][T11753]  ? __pfx___report_bug+0x10/0x10
[  402.736781][T11753]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  402.742658][T11753]  ? lockdep_hardirqs_on+0x7a/0x110
[  402.747877][T11753]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  402.753723][T11753]  ? stack_depot_save_flags+0x3f3/0x810
[  402.759294][T11753]  report_bug_entry+0x19a/0x290
[  402.764153][T11753]  ? usb_submit_urb+0x1114/0x18b0
[  402.769188][T11753]  ? usb_submit_urb+0x1119/0x18b0
[  402.774229][T11753]  handle_bug+0xca/0x200
[  402.778874][T11753]  exc_invalid_op+0x1a/0x50
[  402.783389][T11753]  asm_exc_invalid_op+0x1a/0x20
[  402.788252][T11753] RIP: 0010:usb_submit_urb+0x1114/0x18b0
[  402.793904][T11753] Code: 00 00 00 00 00 fc ff df 0f b6 44 05 00 84 c0 0f 85 91 05 00 00 45 0f b6 45 00 48 8b 7c 24 18 48 8b 74 24 10 4c 89 fa 44 89 f1 <67> 48 0f b9 3a 49 bf 00 00 00 00 00 fc ff df e9 c2 f2 ff ff 89 e9
[  402.813529][T11753] RSP: 0018:ffffc9001b3ff708 EFLAGS: 00010246
[  402.819626][T11753] RAX: 0000000000000000 RBX: ffff88814d367500 RCX: 0000000080004880
[  402.827626][T11753] RDX: ffff888141aae9c0 RSI: ffffffff8c5dcc40 RDI: ffffffff8ffc2c70
[  402.835609][T11753] RBP: 1ffff1100f0a1b7c R08: 00000000000000c0 R09: 0000000000000000
[  402.843595][T11753] R10: ffffc9001b3ff800 R11: fffff5200367ff0c R12: ffff888028380100
[  402.851592][T11753] R13: ffff88807850dbe0 R14: 0000000080004880 R15: ffff888141aae9c0
[  402.859597][T11753]  ? usb_submit_urb+0x10a3/0x18b0
[  402.864737][T11753]  ? __init_swait_queue_head+0xa9/0x150
[  402.870301][T11753]  usb_start_wait_urb+0x12b/0x510
[  402.875775][T11753]  ? __pfx_usb_start_wait_urb+0x10/0x10
[  402.881371][T11753]  usb_control_msg+0x232/0x3e0
[  402.886162][T11753]  gl861_ctrl_msg+0x207/0x420
[  402.890849][T11753]  ? __pfx_gl861_ctrl_msg+0x10/0x10
[  402.896055][T11753]  ? aa_path_link+0x450/0x10f0
[  402.900842][T11753]  gl861_i2c_master_xfer+0x439/0x6a0
[  402.906146][T11753]  __i2c_transfer+0x79a/0x1ee0
[  402.910939][T11753]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  402.916760][T11753]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  402.922578][T11753]  ? i2c_transfer+0xc8/0x2d0
[  402.927207][T11753]  i2c_transfer+0x1cc/0x2d0
[  402.931725][T11753]  i2c_transfer_buffer_flags+0x10d/0x1a0
[  402.937368][T11753]  ? __lock_acquire+0x6b5/0x2cf0
[  402.942320][T11753]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[  402.948498][T11753]  ? i2cdev_read+0xe8/0x250
[  402.953043][T11753]  i2cdev_read+0x10d/0x250
[  402.957471][T11753]  ? __pfx_i2cdev_read+0x10/0x10
[  402.962418][T11753]  vfs_read+0x20c/0xa70
[  402.966605][T11753]  ? __pfx_vfs_read+0x10/0x10
[  402.971302][T11753]  ? __fget_files+0x2a/0x420
[  402.975897][T11753]  ? __fget_files+0x2a/0x420
[  402.980487][T11753]  ? __fget_files+0x3a0/0x420
[  402.985159][T11753]  ? __fget_files+0x2a/0x420
[  402.989760][T11753]  ksys_read+0x150/0x270
[  402.994011][T11753]  ? __pfx_ksys_read+0x10/0x10
[  402.998791][T11753]  do_syscall_64+0xe2/0xf80
[  403.003300][T11753]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.009369][T11753]  ? trace_irq_disable+0x37/0x100
[  403.014407][T11753]  ? clear_bhb_loop+0x60/0xb0
[  403.019109][T11753]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.025018][T11753] RIP: 0033:0x7fa47999aeb9
[  403.029441][T11753] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  403.049078][T11753] RSP: 002b:00007fa47a83d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  403.057527][T11753] RAX: ffffffffffffffda RBX: 00007fa479c16090 RCX: 00007fa47999aeb9
[  403.065503][T11753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
[  403.073476][T11753] RBP: 00007fa479a08c1f R08: 0000000000000000 R09: 0000000000000000
[  403.081465][T11753] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  403.089451][T11753] R13: 00007fa479c16128 R14: 00007fa479c16090 R15: 00007fa479d3fa48
[  403.097453][T11753]  </TASK>
[  403.101105][T11753] Kernel Offset: disabled
[  403.105456][T11753] Rebooting in 86400 seconds..