last executing test programs:

11.417311634s ago: executing program 0 (id=4542):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000040)={'veth0_to_hsr\x00', {0x2, 0x4e21, @empty}})
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWSET={0xfffffdc3, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x4000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x80}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}}, 0x0)

11.322226741s ago: executing program 0 (id=4543):
add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000240)="000000000000003299b8f276dc75584a8d87d907005858367d61f49e1639a48f614a54a8192c2876b7f843cd3a3c07288fa0f1e28983b5cdc2e29b6e", 0x3c, 0xffffffffffffffff)
syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x8080)
socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mknod$loop(&(0x7f0000000080)='./bus\x00', 0x1, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x2)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000180)=0x7a, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20001840)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x20000000, 0x4041}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000000)=ANY=[@ANYBLOB="12011001020000082505a1a44000010203010902"], 0xfffffffffffffffc)
r6 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x2080)
ioctl$LOOP_SET_FD(r6, 0x4c00, r5)
dup2(r5, r3)

10.465256648s ago: executing program 3 (id=4550):
r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="37df163529da2d3cc1edfe1fcc09c9499f16c7", 0x13}], 0x1}}], 0x1, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000340)={0x200000, 0x200000, 0x0, 0x0, 0x5989})
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000180)="441f08d600270bcf724ef54e91e6ffbe002a5f89000000000000000000", 0x1d)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[])

8.868548426s ago: executing program 1 (id=4553):
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='attr\x00')
getdents(r0, &(0x7f0000000000)=""/39, 0x82)
getdents(r0, 0xffffffffffffffff, 0x5a)
write$FUSE_NOTIFY_STORE(r0, &(0x7f00000009c0)={0x2b, 0x4, 0x0, {0x2, 0xb, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b)
syz_open_procfs$pagemap(0x0, &(0x7f00000000c0))
symlinkat(&(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000980), 0x2, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000001240)={[0x2]}, 0x8, 0x80800)
ppoll(&(0x7f0000001280)=[{r2, 0x20}], 0x1, &(0x7f0000001300), 0x0, 0x0)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff})
r4 = syz_open_dev$evdev(&(0x7f0000000200), 0x0, 0x0)
ioctl$EVIOCSCLOCKID(r4, 0x40084504, &(0x7f0000ffcffc))
r5 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r3, @ANYRES8=r5, @ANYRES16=r1], 0x0)

8.029273192s ago: executing program 0 (id=4554):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/3\x00')
pread64(r0, &(0x7f0000000080)=""/237, 0xed, 0x0)
mmap$fb(&(0x7f0000ff8000/0x7000)=nil, 0x7000, 0x2000002, 0x4010, r0, 0xb3000)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
inotify_init()
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r4=>0x0})
r5 = epoll_create1(0x0)
migrate_pages(0x0, 0x9, &(0x7f0000000040)=0x9, &(0x7f0000000380)=0x102)
fcntl$dupfd(r5, 0x2, 0xffffffffffffffff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
mremap(&(0x7f00004d6000/0x4000)=nil, 0x4000, 0x4000, 0x2, &(0x7f00001e2000/0x4000)=nil)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f0000724000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000290000/0x4000)=nil)
syz_emit_ethernet(0x95, 0x0, &(0x7f0000000100)={0x80000001, 0x8000001, [0x997, 0x8bf, 0xe4b, 0xc70]})
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r8, &(0x7f0000000080)={0x0, 0x1, 0x3, 0x1}, 0x8)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f00000003c0)={0x48, 0xc, r4, 0x0, 0x0, 0x200000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000000)={0x28, 0x6, r4, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000})

7.225386533s ago: executing program 3 (id=4557):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000100)={0x68, r2, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x1c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7f7c}, {0x8, 0x0, 0x8}, {0x8, 0x0, 0x8}]}, @NL80211_ATTR_IE={0x2d, 0x2a, [@mesh_chsw={0x76, 0x6, {0x3, 0x3, 0x2d, 0x2}}, @prep={0x83, 0x1f, {{}, 0x25, 0x2, @broadcast, 0x3, @void, 0x2, 0x7, @device_b, 0x9}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000494}, 0x40000)

6.746326404s ago: executing program 3 (id=4559):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @pix_mp={0xf, 0x5be7, 0x50323234, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0xb325}, {0x10000001, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x4, 0x489aa92e}, {0x5}, {0xff, 0x7}], 0x1, 0xc, 0x2, 0x0, 0x3}}, 0xfffffffd})
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, 0x0, 0x0, 0x10)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})
ioctl$vim2m_VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000000)={0x1, 0xbc3, 0x3})
keyctl$update(0x2, 0x0, &(0x7f0000000380)="c8bd1d2418c573f8151ad173e2", 0xd)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f0000002dc0)=@multiplanar_userptr={0x0, 0x1, 0x4, 0x0, 0x7, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, "488dc807"}, 0x1004, 0x2, {0x0}, 0x10000003})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0xf000, 0x0, 0x7f, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xddccb000, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x3}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x0, 0x3}, {0x1000, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x1a, 0xa8}, {0x10000, 0xd000, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0xfc, 0x86, 0xfe}, {0xeeee8000, 0x80a0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x4}, {0xd000, 0x80a0000, 0x0, 0x82, 0x0, 0x10, 0x4, 0xe}, {0x6000}, {0x1, 0xfffe}, 0x60050031, 0x0, 0x0, 0x10, 0x1, 0x0, 0x900, [0x0, 0x0, 0x10000, 0x3]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30"], 0x7c}}, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4140aecd, &(0x7f0000000100))

5.999214195s ago: executing program 0 (id=4562):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1})
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0)

5.725352222s ago: executing program 1 (id=4563):
socket$packet(0x11, 0x2, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket(0x11, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05000000c73800000004000009"], 0x48)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
syz_open_dev$vim2m(&(0x7f0000000500), 0x1, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$video4linux(&(0x7f0000000000), 0xf, 0x101800)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_usb_connect(0x6, 0x24, &(0x7f00000001c0)=ANY=[], 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))
socket$inet_smc(0x2b, 0x1, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_route(0x10, 0x3, 0x0)
unshare(0x6a040000)
mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = gettid()
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x15, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r0, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

5.471126855s ago: executing program 3 (id=4564):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/config', 0x0, 0x1ce)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'})
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_gfeatures={0x33}})
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0xc})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000000)
sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWSET={0x34, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x5c}, 0x1, 0x0, 0x0, 0x890}, 0x0)
close(0x3)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0xfffe, 0x2}, 0x4)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="0100000000000000000001000500050007000000000008000900030000001400200000000000000000000000e1ffe000000108000a0000000000060002000600000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$fou(&(0x7f0000000180), r8)
sendmsg$FOU_CMD_GET(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x24, r9, 0x1, 0x70bd28, 0x25dffbfb, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x33}]}, 0x24}, 0x1, 0x0, 0x0, 0x40050}, 0xc4)

3.923415705s ago: executing program 2 (id=4568):
r0 = socket$kcm(0x29, 0x2, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, 0x0, 0x2100c0, 0x0)
r1 = getpid()
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ANNOUNCE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r2, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x90}, 0x4004840)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x2088c1, 0x0)
ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000100)={0xa, 0x7, 0x3, 0x6, 0x1b})
ioctl$TIOCMSET(r3, 0x5418, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x38, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0xc, 0x5, 0x0, 0x0, @u64=0xffffffffffffff78}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)
close_range(r4, 0xffffffffffffffff, 0x0)
recvmmsg(r0, &(0x7f00000015c0)=[{{0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/161, 0xa1}, {&(0x7f0000001340)=""/9, 0x9}, {&(0x7f0000001380)}, {&(0x7f00000013c0)=""/16, 0x10}, {&(0x7f0000001400)=""/50, 0x32}, {&(0x7f0000001440)=""/114, 0x72}], 0x7, &(0x7f0000001540)=""/90, 0x5a}, 0xfa0}], 0x1, 0x3, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0)
prlimit64(r1, 0x0, &(0x7f0000000000), 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)

3.477154192s ago: executing program 3 (id=4570):
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x0)
r3 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
memfd_secret(0x0)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
r6 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='%(,c\xbe\xfbL:', 0x0)
r7 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000000)='source', &(0x7f00000000c0)='%.,:', 0x0)
write$binfmt_format(r3, &(0x7f0000000100)='-1\x00', 0x2)
close_range(r3, 0xffffffffffffffff, 0x0)
sendmmsg$unix(r0, &(0x7f0000000b40), 0x42, 0x80)
close(r0)
connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xcb)
r8 = socket(0x10, 0x3, 0x0)
write(r8, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000fe000040000a0000", 0x1c)
timer_create(0x3, 0x0, &(0x7f0000044000))

3.437860543s ago: executing program 1 (id=4571):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x42, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
r0 = socket$inet6(0xa, 0x80002, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r2}, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r3, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x40000)
ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r6, 0x40045304, &(0x7f0000000100)={{}, {0x0, 0x3}, 0x2})
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}, 0x8}], 0x1, 0x12, &(0x7f00000002c0))
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000e00)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010002000020000000002500000008000300", @ANYRES32=r9, @ANYBLOB="08002600b41400000a000600ffffffffffff000008003500000000000a00340002020202020200002000508009000100408922a0bd000000050002"], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

3.380596426s ago: executing program 2 (id=4573):
r0 = socket$nl_route(0x10, 0x3, 0x0) (async)
r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000040)={0x8, @vbi={0x1d6f, 0xfffffffa, 0x9, 0xb5315258, [0x400], [0x800, 0x40], 0x2}}) (async)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r2, &(0x7f0000000340)="5cba9c7180746a286c7dfe2428e291a4b3ff36f3f235124749ea6077974103b14219f2bf4ad47d6fdb353c91c0a704c989c78f39d6b386d07d50843f75f4f9a68651bbec437e7eda3319d343c3d12baa4439f588b3d4b5f67924104b6412e203f93a0a08b9943b45a9e0bee3ce287bbaea4b58291bd0d09c2caf5a38c4f726062153a98b74443619b74c715a49cdecd124d5efd1c2ab15c5d48baff1d2bb85d132c317072a13e5d8df1114e0428636a2a4920bc9fe917f5b797f0117b2659959dc7050b63ecb98ae3583a7646c7262ebc8c4cbcc51c4abc61661fc6c3ca1ef08de9f3adec828633281018908350bda7de0d64975f9a5e33cdc601211bcef5524f78e5443e09c4603cb985fe662f8ed8bf1c73f9e00", 0x115) (async)
ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) (async)
io_uring_setup(0x5237, &(0x7f00000002c0)={0x0, 0xc356, 0x0, 0x8000000, 0x348}) (async, rerun: 32)
write$dsp(r2, &(0x7f0000000080)="c229", 0x2) (async, rerun: 32)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)) (async)
socket$netlink(0x10, 0x3, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1922b}, [@IFLA_EVENT={0x8, 0x2c, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)

3.101419321s ago: executing program 4 (id=4574):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x2, 0x0)
sendfile(r0, r0, 0x0, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="6a0500000000000079107c0000000000050000000000000095fdffffff000000"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x22e, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan0\x00')
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000002, 0x1010, r1, 0x0)
recvmsg$can_j1939(r1, &(0x7f0000001300)={&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000001340)=[{&(0x7f0000000100)=""/4096, 0x1000}, {&(0x7f0000001100)=""/146, 0x5d}, {&(0x7f00000011c0)=""/144, 0x90}], 0x3, &(0x7f00000012c0)=""/14, 0xe}, 0x10000)

2.97753086s ago: executing program 4 (id=4575):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r1=>0x0})
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000300)={0x20, 0x1, 0x4, "94c161ee"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_connect$uac1(0x4, 0xb1, &(0x7f0000000480)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9f, 0x3, 0x1, 0xfa, 0x0, 0xe8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x3, 0x59}, [@output_terminal={0x9, 0x24, 0x3, 0x4, 0x305, 0x2, 0x2, 0xfd}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x101, 0x2, 0x4, 0x9, 0x6, 0x1}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xf, 0x4, 0x0, 0x9, 'MO', 'L'}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x0, 0x4, 0x9, 0x9, "915e353fe8"}, @as_header={0x7, 0x24, 0x1, 0x81, 0x5, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x400, 0x3, 0x80, 0xa1, {0x7, 0x25, 0x1, 0x1, 0x6, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x7f, 0x4, 0x2, 0x7, "6ce8657f"}]}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0xf2, 0x4, 0x1, {0x7, 0x25, 0x1, 0x2, 0x5, 0xe}}}}}}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x2f, 0x3, 0xd, 0x0, 0x9}, 0x63, &(0x7f0000000180)={0x5, 0xf, 0x63, 0x4, [@ssp_cap={0x1c, 0x10, 0xa, 0x9e, 0x4, 0x7, 0x0, 0x401, [0xff000f, 0x101ff3f, 0xcf, 0x3f30]}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x0, 0x7, 0x9, 0x7}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "a382c97de52a5f437a7818a167741e26"}, @ssp_cap={0x24, 0x10, 0xa, 0x9, 0x6, 0xdf, 0x0, 0x1ff, [0x0, 0xff00cf, 0x30, 0xffc000, 0xc00f, 0xf]}]}, 0x5, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x3012}}, {0x91, &(0x7f00000006c0)=@string={0x91, 0x3, "8d732b88d565ddc52933f35e6984a0de02ca4d53ee94ee09f3ecdd677eb3a24544c20078271e0145e4b77214e444c0bf9c4d1a63880dcc5a9fcbb4a1a0a1123fa6fc92064765e46437fc491c142d65567d08bba3d868ebed540fcabc0d133cc35080f5eb9a4e67a78cbb4d5f13eb7b18f144e141929754c51f9ec20cfcc8793bf35bce05724d1ecb66c249a1da22e7"}}, {0xf1, &(0x7f0000000940)=@string={0xf1, 0x3, "844ca7bd598abd88cc1557b59d8259949217902af71abe136c3f46b85059d3091c5a3fdd6567882e6c527963265ec0d37cf4f7d1243d8439101e57cfc3a3f5ae1967d41d9398a9a8ebb6f48d212c368a985300c7055213d91d469260183406a3c3acd7eb26bc2b9902db5a05fe98957bb027785b1aa931c272cc37762968a0b480d4f4a588843812860585252562041a6a9f4bdad6d5a0841ccd9085fbca2fe8dda721f6253216d4513ad25701913d22c5689c29ac9f03defab88cf487f605e15b3784266667a9e6579353a8b9c85ef55e91905d43776bb5266944af26813fda52a986190a529ddf54a375092486c0"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x44c}}, {0x66, &(0x7f0000000380)=@string={0x66, 0x3, "33e197e2340f88855609d859a3a31c823dc77a1045968dddfd461c58f70f72926d83903175b9064cc72469120eeef6500d513236276e7aaf56a790418e0cefa2244f6b0585a86215c5fa2c047e9131db854f72eb23b7f98a57f1a5d4f960f4ff129530a3"}}]})
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000b00)={0x2c, &(0x7f0000000900)={0x0, 0xe, 0x4, "52b16000"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x0, 0xf, 0x4, "c7a13997"}, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000340)={0x20, 0x3, 0x4, "a13b1f21"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000240)={0x20, 0xb, 0x4, "91d69eed"}, 0x0, 0x0, 0x0, 0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000200), 0x80a02, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000080)={0x1, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", <r5=>0xffffffffffffffff})
dup3(r5, r4, 0x0)
r6 = syz_io_uring_setup(0x3924, &(0x7f0000000080)={0x0, 0x2, 0x10100, 0x0, 0x1}, &(0x7f0000000780)=<r7=>0x0, &(0x7f00000001c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="340000001c00070c000000000000000007000000", @ANYRES32=r1, @ANYBLOB="fb00060b0a000200aaaaaaaaaabb00000c000e"], 0x34}}, 0x0)

2.621672867s ago: executing program 2 (id=4576):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x7, 0x280002)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, r0, 0xff033000)
syz_clone(0x418c7400, 0x0, 0xffffffffffffffe6, 0x0, 0x0, 0x0) (async)
syz_clone(0x418c7400, 0x0, 0xffffffffffffffe6, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)

2.493052489s ago: executing program 1 (id=4577):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002b80)=@delchain={0x650, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x620, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x170, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x120, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x88, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "17b31b88cd50d147badf2a1a38c77df97be64641cc7318b2ce8ccdad6a96b06c832c85fddaca6ed96ea16ef202d71b42b21893487cead96a7ed371addafba26ca026c638c16771ecfe003896b993b75dc4111355a036c11ea5ca4b1fab502e611260caea6dd386e39e886b9878b03b39dc015359b12cc7be6f"}}, @TCF_EM_NBYTE={0x18, 0x2, 0x0, 0x0, {{0x4b2a}, {0x8, 0x5, 0x2, "aeb25e3e76"}}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x484, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xb4, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x69, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e66d3b14a3b76"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x108, 0x1f, 0x0, 0x0, {{0xb}, {0x4}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0xa4, 0x3, 0x0, 0x0, {{0xf}, {0x68, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast1}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x401, 0x1000002, 0x7, 0xe3f, 0x4}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @remote}]}, {0xd, 0x6, "6c73dc20ec0f1f62d7"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0xe0, 0xe, 0x0, 0x0, {{0x7}, {0x4}, {0xb5, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8b92c63ac0f4245eecd529108"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x650}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b000000000000", 0x10, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

2.492716253s ago: executing program 0 (id=4578):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
getresgid(0x0, 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@newqdisc={0x4c, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)
r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r5, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc)
write$vga_arbiter(r5, &(0x7f0000000200)=@unlock_all, 0xb)
r6 = fsopen(&(0x7f0000000200)='binfmt_misc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58)
r7 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$kcm(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000380)="7df46aba3e0a1c8a7018edd4dbc1f57f99943f5acc664591b5c4f5e7e404777022a0c667acd4c8ab5dfeda8faabbbd368aafe7fd2c49b1cf55196401da72a912150b3edf30267d094a93e7fd21017b22113c241919dcd34f78238729b84a1f4c4b02dae2f0f99cc8f147975d1e9b880019900c7be1c8b97175e41dc3eeca7992cbd557cd133ccfdda9fafecc254238b36f9e3d798d7cc137bad8698e82b94a5751fbe593466728a4", 0xa8}], 0x1}, 0x4)
r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000480)=@IORING_OP_LINKAT={0x27, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', &(0x7f0000000440)='./file0\x00', 0xffffffffffffffff, 0x400, 0x0, {0x0, r8}})
open(&(0x7f0000000140)='./file0\x00', 0x400800, 0xff)

2.193936228s ago: executing program 2 (id=4579):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @pix_mp={0xf, 0x5be7, 0x50323234, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0xb325}, {0x10000001, 0x9}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x4, 0x489aa92e}, {0x5}, {0xff, 0x7}], 0x1, 0xc, 0x2, 0x0, 0x3}}, 0xfffffffd})
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, 0x0, 0x0, 0x10)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f0000000140)={0x7, 0x1, 0x2})
ioctl$vim2m_VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f0000000000)={0x1, 0xbc3, 0x3})
keyctl$update(0x2, 0x0, &(0x7f0000000380)="c8bd1d2418c573f8151ad173e2", 0xd)
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f0000002dc0)=@multiplanar_userptr={0x0, 0x1, 0x4, 0x0, 0x7, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x20, 0x0, "488dc807"}, 0x1004, 0x2, {0x0}, 0x10000003})
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0xf000, 0x0, 0x7f, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xddccb000, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x3}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x0, 0x3}, {0x1000, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x1a, 0xa8}, {0x10000, 0xd000, 0x0, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0xfc, 0x86, 0xfe}, {0xeeee8000, 0x80a0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x4}, {0xd000, 0x80a0000, 0x0, 0x82, 0x0, 0x10, 0x4, 0xe}, {0x6000}, {0x1, 0xfffe}, 0x60050031, 0x0, 0x0, 0x10, 0x1, 0x0, 0x900, [0x0, 0x0, 0x10000, 0x3]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30"], 0x7c}}, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4140aecd, &(0x7f0000000100))

2.143327498s ago: executing program 1 (id=4580):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = syz_io_uring_setup(0x1714, &(0x7f0000002040)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0}, {0x0, 0x0, 0x2}, {0x0}, {0x0}]}, 0x4}, 0x1)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_COPY(r7, 0xc028aa05, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5800000f0206030000000000000000000000000705000100070000000900020073797a31000000000c0007800800130000008a47a913eb0bf35c212759ed42000005000500020000000500040001000000120020006861"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_TRANSLATE(r9, 0xc018ae85, &(0x7f0000000300)={0x1000})

1.717327449s ago: executing program 4 (id=4581):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000050, 0x0, 0x0, 0xb49, 0x9, 0x3, 0xffffff82, 0x3}, 0x0)
connect$unix(r2, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r3, 0x29, 0xb, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty, 0x1000}, 0x1c)
recvmmsg(r3, &(0x7f00000009c0)=[{{0x0, 0x0, 0x0}, 0x4}], 0x65942126f3d7b6a8, 0x2, 0x0)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1, 0x2c}, 0x1c)
mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000240)=':', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0x8, @empty}, 0x1c)
shutdown(r0, 0x1)

805.769065ms ago: executing program 4 (id=4582):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000100)={0x68, r2, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x1c, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7f7c}, {0x8, 0x0, 0x8}, {0x8, 0x0, 0x8}]}, @NL80211_ATTR_IE={0x2d, 0x2a, [@mesh_chsw={0x76, 0x6, {0x3, 0x3, 0x2d, 0x2}}, @prep={0x83, 0x1f, {{}, 0x25, 0x2, @broadcast, 0x3, @void, 0x2, 0x7, @device_b, 0x9}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000494}, 0x40000)

612.960508ms ago: executing program 4 (id=4583):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000240)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "ff00f5", 0x18, 0x6, 0x0, @remote, @local, {[], {{0xfe80, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@mptcp=@ack={0x1e, 0x4, 0x1f}]}}}}}}}}, 0x0)

494.384435ms ago: executing program 0 (id=4584):
socket$nl_route(0x10, 0x3, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x40000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x2e)
pselect6(0x40, &(0x7f0000000040)={0x2, 0x0, 0x8, 0x7, 0xffffffffffffffe8, 0x402, 0x6}, 0x0, 0x0, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="12000000120001000200000000000000100000000c00001700000000000000000f10"], 0x30}], 0x1, 0x0, 0x0, 0x20004000}, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0, 0xfffffffffffffdaf}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000440), 0x1, 0x0)
write$khugepaged_scan(r4, &(0x7f0000000300), 0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0xbc, 0x24, 0x8, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xffe0}, {}, {0xfff2, 0x9}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x2, 0x0, 0xf, 0xff, 0x0, 0x2, 0xb, 0x3, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x1], 0x1, [0x1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x4000], [0x0, 0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x30, 0xc, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x49}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x6}]}]}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4040000}, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r6, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0)
r8 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x8240, 0x0)
read$alg(r8, 0x0, 0x0)
getsockopt$inet_pktinfo(r8, 0x0, 0x8, &(0x7f0000000140)={<r9=>0x0, @remote, @remote}, &(0x7f00000001c0)=0xc)
sendmsg$nl_route(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@ipv4_newaddr={0xfffffffffffffebc, 0x14, 0x300, 0x70bd2d, 0x25dfdbfe, {0x2, 0x20, 0x48, 0xff, r9}, [@IFA_LOCAL={0x8, 0x2, @private=0xa010100}, @IFA_LABEL={0x14, 0x3, 'veth1_virt_wifi\x00'}, @IFA_BROADCAST={0x8, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFA_CACHEINFO={0x14, 0x6, {0x3ff, 0xfffeffff, 0xffffffff, 0x5}}, @IFA_ADDRESS={0x8, 0x1, @broadcast}, @IFA_TARGET_NETNSID={0x8, 0xa, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x44050}, 0x2000d050)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="1400000010000100000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011000100"/111], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a0b04000000000000000002000000300004802c0001800900010068617368000000001c000280080002400000000c080004400000000d0800074000000001090001007379723000000014000000110001000000000000000000eeffff0900"/132], 0x84}, 0x1, 0x0, 0x0, 0x801}, 0x0)
syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x801)

365.359718ms ago: executing program 4 (id=4585):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4)
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x45, 0x4, 0x4e})
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0xd}, 0x1c)
recvmmsg(r0, &(0x7f00000002c0), 0x220, 0x100, 0x0)

170.76821ms ago: executing program 2 (id=4586):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002b80)=@delchain={0x62c, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xe, 0x2}, {0x0, 0xe}, {0x6, 0xa}}, [@filter_kind_options=@f_flow={{0x9}, {0x5fc, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x158, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x108, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x68, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa"}}, @TCF_EM_NBYTE={0x14, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x1, 0x6, "eb"}}}, @TCF_EM_CONTAINER={0x88, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "17b31b88cd50d147badf2a1a38c77df97be64641cc7318b2ce8ccdad6a96b06c832c85fddaca6ed96ea16ef202d71b42b21893487cead96a7ed371addafba26ca026c638c16771ecfe003896b993b75dc4111355a036c11ea5ca4b1fab502e611260caea6dd386e39e886b9878b03b39dc015359b12cc7be6f"}}]}, @TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_IPSET={0x10, 0x2, 0x0, 0x0, {{0xffd3, 0x8, 0x8}, {0x3, 0x6}}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0xf0a, 0x3, 0x6c0}, {0x5, 0x0, 0x3, 0x7ff}}}, @TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0xf, 0x7, 0x7f}, {{0x4, 0x1, 0x0, 0x1}, {0x1, 0x1}}}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_ACT={0x478, 0x9, 0x0, 0x1, [@m_gact={0x140, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x9d, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x2680, 0xffffffffffffffff}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1abe}}]}, {0xed, 0x6, "f2984ea5ae0b0909ca5198b5e56548da1af4efe458d68e8346a5ad6fa8d75b3efbcec03667694b23e57efb5dea177c9fec912eda500f92ad241d4a3e1eb9b05c2461a1e89e99a22f43eb3b64257b78512c9df802c3ea23ede5e978e8db3be47630f9b48cdfcee2130369da2ce7473e6324d4fc0342cb38a9e544eb6f4e0148acb294b877f68eb4b6b13e38196c311c9ebb06d7a5ee9ead5689128fa35472611715963d35fb43d3014ff74e144932866ca97f5c001aab6053dd7ce7d38a407074614c2a21063cc49a687085d3ab9d042fcc913d8377863381be46ad8fade1f71945e9d5053fd5d1123d"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0xb4, 0x1b, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e23}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e20}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @rand_addr=0x64010101}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @dev={0xac, 0x14, 0x14, 0x30}}]}, {0x69, 0x6, "effbbfbb9975b98b391b34602a99202c04f8aff0f475c3649e7f9024793790e685860edfb7d78570905ca6acc9165a1fb42c399f209c0f00a8f4866f081cd17e904ddc3210cc30ec49b70f2b1fb3ead1fe143d5356ac58b602d03fa75b270e66d3b14a3b76"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x108, 0x1f, 0x0, 0x0, {{0xb}, {0x4}, {0xd9, 0x6, "364a95306a0125f7c7762d651b8604a6d91ec4567f627089ed8d3453859a3d2c79d3d70f085dca8af621c4a5da976ca910f38151f1a68c0e0730e7273e6af4eab8e2ea5df8cb0f6ab249f7561ea8c0dd3e562e5e6a1db3a546a7f7c5f1d0ae94557d9f43b53f0c2e3edaf804191d2d3a1cbdae068d8e342ed2d4e751b25b639e2536238fb6a4824a50b9c6bb62944110874faeed2eb2a6db4dfa6ff7d67302260dd8c80e3c4c3a3a11f1d204106eec615119eaaa73bd0bb3e2d774039d9c7e0d445019a712cc0c16707a7b8505b7c94133ceccee82"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3, 0x3}}}}, @m_tunnel_key={0xa4, 0x3, 0x0, 0x0, {{0xf}, {0x68, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @loopback}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @broadcast}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @multicast1}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e24}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x401, 0x1000002, 0x7, 0xe3f, 0x4}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @remote}]}, {0xd, 0x6, "6c73dc20ec0f1f62d7"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_xt={0xd4, 0xe, 0x0, 0x0, {{0x7}, {0x4}, {0xa9, 0x6, "2a0caebad864038ff40a5d287f3088600ceb92031a440f806744f2c29cd762b34d1c3e200652a37a380abee23790e6050e067b4335afeb4ae4a0dfe9fa72cc1df85464324a30272ee56c17d0913025ba5b385f50249552b3d0baa66c6ffc89df47949c8e52874be2547d84a88eaf65c1a57f44be2ac8409dc80a1286dc54b446bceacb288bceeb018feed674cd3991cf602a4e1e2de9b27bb4036b0ac3e4a6048cdd4ebfc8"}, {0xc}, {0xc, 0x8, {0x3}}}}]}]}}]}, 0x62c}, 0x1, 0x0, 0x0, 0x80}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f, 0xa1}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400})

52.572567ms ago: executing program 3 (id=4587):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r2, &(0x7f0000000600)=[{&(0x7f0000000200)="1d2595f50d35d3c5f253bb9ef809d582823be6d34b501a869e6bda3afab9bfe845ce", 0x22}], 0x1)
write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0xfffffffc)
r3 = syz_open_dev$radio(&(0x7f0000002b40), 0x3, 0x2)
ioctl$VIDIOC_QUERYMENU(r3, 0xc02c5625, &(0x7f0000000000)={0x98f907, 0x0, @value=0x500000000})
connect$inet(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r5, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, &(0x7f0000000040)=0x9)
ioctl$SNDCTL_DSP_SETTRIGGER(r5, 0x40045010, &(0x7f0000000080)=0x7)
r6 = syz_open_dev$sndctrl(0x0, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000840))
syz_open_dev$sndpcmp(0x0, 0x0, 0xa2c65)
sendmsg$nl_route(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)

25.309688ms ago: executing program 1 (id=4588):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1})
syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0)

0s ago: executing program 2 (id=4589):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x3, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7c, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x80000000, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5b, 0x1, 0x24, 0x6, 0x5, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x5, 0x9, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x0, 0x7, 0x4, 0x8, 0x400, 0x80, 0x0, 0x5, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0xd, 0xea4, 0xffffffff, 0x5, 0x7, 0x7fff, 0x5a80, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x8, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x9, 0x1, 0x3, 0x6c0, 0xbc46, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x8, 0x7fff, 0x0, 0x5, 0x8, 0x4, 0x9, 0x2, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xfffffffa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2e9, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x1, 0x16, 0xffffffff, 0x80000003, 0x5, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x738, 0x1, 0x6c1b, 0x80, 0x4, 0x5, 0xb1e, 0x20000d7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x901, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'batadv_slave_0\x00', 0x1000})
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'erspan0\x00', <r4=>0x0})
bind$packet(r3, &(0x7f0000000040)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}, 0x14)
sendto$inet6(r3, &(0x7f0000000800)="4103082c1116480401020200c52cf7c25975e005b02f000006892f000300897c6b118777faffffff3066090cb600c5471d130a66321a54e7df305fbe258161b6fd8f2428652265d94c6fdbaefc57376a57c2feffff188be9427c323ef024a37016d2a7f9ab6e7941a6fc4f95aa73c1dfff4941f6503b5bd8c91db22cd33795481c94085fa12cdc679ac2a5d7b5d99b93fb07acb0da680e78b74c74aae8d7690d5986a9af81622a0ac210bc7b5ca5fed11cb54d046642670041e846bb184ff5d39fe8516d2d2a8d84e6e7dfcb2b8a8023444db513a3d7a124b59f0a5cd36489dbbb75cce3145d0ea3c3aa21af7cbcbc7a7575db782e757ca543109f5ddcec4930aa91f4119ea3d1f56140cb86cfe0724b23904ef5d05c725ee23918a502b1afe09fb0757d", 0xfc13, 0x880, 0x0, 0xfffffffffffffef0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000001c0)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_wolinfo={0x3, 0x8, 0xfffffffd, "8f1151239582"}})
syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fffffff, 0x2)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

9][ T1210] usb 1-1: Manufacturer: ä…€
[ 1048.257462][ T1210] usb 1-1: SerialNumber: Ñ™
[ 1048.700667][T19864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1048.710690][T19865] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1048.728216][T19864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1048.732398][T19865] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1048.762055][ T1210] usbhid 1-1:1.0: can't add hid device: -71
[ 1048.768231][ T1210] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[ 1048.780674][ T1210] usb 1-1: USB disconnect, device number 91
[ 1050.042908][T19900] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4092'.
[ 1051.168838][   T30] audit: type=1326 audit(1754880128.611:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.211588][   T30] audit: type=1326 audit(1754880128.611:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.233964][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1051.244955][   T30] audit: type=1326 audit(1754880128.611:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.267295][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1051.276302][   T30] audit: type=1326 audit(1754880128.611:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.313175][   T30] audit: type=1326 audit(1754880128.611:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.335506][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1051.342383][   T30] audit: type=1326 audit(1754880128.611:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.382860][   T30] audit: type=1326 audit(1754880128.611:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.405181][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1051.428865][   T30] audit: type=1326 audit(1754880128.611:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.451209][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1051.459625][   T30] audit: type=1326 audit(1754880128.611:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.527486][   T30] audit: type=1326 audit(1754880128.611:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19904 comm="syz.2.4094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33c998ebe9 code=0x7ffc0000
[ 1051.892843][ T1210] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 1052.118897][ T1210] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1052.129994][ T1210] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1052.144026][ T1210] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1052.430304][ T1210] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1052.517905][ T1210] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1052.527369][ T1210] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1052.591802][ T1210] usb 1-1: Manufacturer: syz
[ 1052.629768][ T1210] usb 1-1: config 0 descriptor??
[ 1052.839497][T19941] netdevsim netdevsim3: Direct firmware load for nel/config failed with error -2
[ 1052.851575][T19941] netdevsim netdevsim3: Falling back to sysfs fallback for: nel/config
[ 1053.067781][ T1210] appleir 0003:05AC:8243.0022: unknown main item tag 0x0
[ 1053.080865][ T1210] appleir 0003:05AC:8243.0022: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[ 1053.762625][T19945] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4106'.
[ 1054.396265][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.409936][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.461169][T19966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1055.511835][T19426] usb 1-1: USB disconnect, device number 92
[ 1055.551922][T19966] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1056.226435][T19977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4118'.
[ 1056.435656][T19987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1056.445831][T19987] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1056.463796][T19988] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4121'.
[ 1057.061743][T20001] vlan2: entered allmulticast mode
[ 1057.073841][T20001] erspan0: entered allmulticast mode
[ 1057.295937][T20010] kAFS: unable to lookup cell '.,'
[ 1057.677104][T20018] syzkaller1: entered promiscuous mode
[ 1057.700210][T20018] syzkaller1: entered allmulticast mode
[ 1057.951528][T20022] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4131'.
[ 1058.127260][T20026] FAULT_INJECTION: forcing a failure.
[ 1058.127260][T20026] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1058.182661][T20026] CPU: 1 UID: 0 PID: 20026 Comm: syz.4.4133 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1058.182682][T20026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1058.182692][T20026] Call Trace:
[ 1058.182698][T20026]  <TASK>
[ 1058.182705][T20026]  dump_stack_lvl+0x189/0x250
[ 1058.182726][T20026]  ? __pfx____ratelimit+0x10/0x10
[ 1058.182747][T20026]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1058.182776][T20026]  ? __pfx__printk+0x10/0x10
[ 1058.182795][T20026]  ? __might_fault+0xb0/0x130
[ 1058.182821][T20026]  should_fail_ex+0x414/0x560
[ 1058.182841][T20026]  _copy_from_iter+0x1db/0x16f0
[ 1058.182857][T20026]  ? rcu_is_watching+0x15/0xb0
[ 1058.182871][T20026]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1058.182891][T20026]  ? __pfx__copy_from_iter+0x10/0x10
[ 1058.182905][T20026]  ? __build_skb_around+0x257/0x3e0
[ 1058.182927][T20026]  ? netlink_sendmsg+0x642/0xb30
[ 1058.182945][T20026]  ? skb_put+0x11b/0x210
[ 1058.182968][T20026]  netlink_sendmsg+0x6b2/0xb30
[ 1058.182992][T20026]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1058.183013][T20026]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1058.183035][T20026]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1058.183050][T20026]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1058.183070][T20026]  __sock_sendmsg+0x21c/0x270
[ 1058.183089][T20026]  ____sys_sendmsg+0x505/0x830
[ 1058.183105][T20026]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1058.183124][T20026]  ? import_iovec+0x74/0xa0
[ 1058.183141][T20026]  ___sys_sendmsg+0x21f/0x2a0
[ 1058.183156][T20026]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1058.183190][T20026]  ? __fget_files+0x2a/0x420
[ 1058.183202][T20026]  ? __fget_files+0x3a0/0x420
[ 1058.183220][T20026]  __x64_sys_sendmsg+0x19b/0x260
[ 1058.183235][T20026]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1058.183255][T20026]  ? __pfx_ksys_write+0x10/0x10
[ 1058.183271][T20026]  ? rcu_is_watching+0x15/0xb0
[ 1058.183287][T20026]  ? do_syscall_64+0xbe/0x3b0
[ 1058.183309][T20026]  do_syscall_64+0xfa/0x3b0
[ 1058.183326][T20026]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1058.183350][T20026]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1058.183363][T20026]  ? clear_bhb_loop+0x60/0xb0
[ 1058.183384][T20026]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1058.183401][T20026] RIP: 0033:0x7f7589b8ebe9
[ 1058.183417][T20026] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1058.183433][T20026] RSP: 002b:00007f758aa71038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1058.183451][T20026] RAX: ffffffffffffffda RBX: 00007f7589db5fa0 RCX: 00007f7589b8ebe9
[ 1058.183464][T20026] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[ 1058.183476][T20026] RBP: 00007f758aa71090 R08: 0000000000000000 R09: 0000000000000000
[ 1058.183487][T20026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1058.183497][T20026] R13: 00007f7589db6038 R14: 00007f7589db5fa0 R15: 00007f7589edfa28
[ 1058.183526][T20026]  </TASK>
[ 1058.904602][T20028] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4134'.
[ 1063.246852][   T43] usb 2-1: new high-speed USB device number 109 using dummy_hcd
[ 1063.617795][T20082] kAFS: unable to lookup cell '.,'
[ 1063.896806][   T43] usb 2-1: Using ep0 maxpacket: 32
[ 1063.910874][   T43] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[ 1063.920147][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1063.928539][   T43] usb 2-1: Product: syz
[ 1063.932787][   T43] usb 2-1: Manufacturer: syz
[ 1063.939710][   T43] usb 2-1: SerialNumber: syz
[ 1063.955798][   T43] usb 2-1: config 0 descriptor??
[ 1063.963173][   T43] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[ 1065.000797][T20075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1065.187220][T20075] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1065.281585][T20097] netlink: 'syz.4.4149': attribute type 5 has an invalid length.
[ 1065.289730][   T43] gspca_ov534_9: reg_w failed -110
[ 1065.618665][   T43] gspca_ov534_9: Unknown sensor 0000
[ 1065.618731][   T43] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[ 1065.656136][   T43] usb 2-1: USB disconnect, device number 109
[ 1065.854821][T20108] netlink: 104 bytes leftover after parsing attributes in process `syz.4.4156'.
[ 1066.042895][   T30] audit: type=1804 audit(1754880143.721:786): pid=20111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4157" name="/newroot/179/file1" dev="fuse" ino=1 res=1 errno=0
[ 1066.163589][T20122] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4160'.
[ 1066.978322][   T43] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1067.222732][   T43] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1067.233031][   T43] usb 3-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1067.244211][   T43] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1067.253368][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1067.663025][T20121] kAFS: unable to lookup cell '.,'
[ 1068.633022][T20137] netlink: 188 bytes leftover after parsing attributes in process `syz.0.4166'.
[ 1068.833102][T20141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1068.854916][T20141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1069.553940][   T43] usb 3-1: USB disconnect, device number 104
[ 1071.858230][T20181] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1071.887321][T20181] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1072.656787][T14010] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1072.973927][T14010] usb 3-1: Using ep0 maxpacket: 8
[ 1073.000239][T14010] usb 3-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[ 1073.009977][T14010] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1073.068789][T20206] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.4183'.
[ 1073.108440][T14010] usb 3-1: Product: syz
[ 1073.117069][T14010] usb 3-1: Manufacturer: syz
[ 1073.126380][T14010] usb 3-1: SerialNumber: syz
[ 1073.142511][T14010] usb 3-1: config 0 descriptor??
[ 1073.164785][T14010] usb 3-1: selecting invalid altsetting 3
[ 1073.210065][   T30] audit: type=1326 audit(1754880150.871:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1073.236871][T19411] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 1073.290388][T14010] comedi comedi5: could not set alternate setting 3 in high speed
[ 1073.299036][   T30] audit: type=1326 audit(1754880150.871:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1073.328784][T14010] usbdux 3-1:0.0: driver 'usbdux' failed to auto-configure device.
[ 1073.485792][T14010] usbdux 3-1:0.0: probe with driver usbdux failed with error -22
[ 1073.493992][   T30] audit: type=1326 audit(1754880150.871:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1073.556635][T14010] usb 3-1: USB disconnect, device number 105
[ 1073.567122][T19411] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1073.577497][T19411] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1073.586655][T19411] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1073.595912][T19411] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1074.012409][   T30] audit: type=1326 audit(1754880150.871:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=116 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1074.066068][T20213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1074.074574][   T30] audit: type=1326 audit(1754880150.871:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1074.104942][T20213] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1074.137075][   T30] audit: type=1326 audit(1754880150.871:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1074.187468][T20204] kAFS: unable to lookup cell '.,'
[ 1074.528676][   T30] audit: type=1326 audit(1754880150.871:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1074.745029][   T30] audit: type=1326 audit(1754880150.871:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1074.890943][   T30] audit: type=1326 audit(1754880150.871:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1074.902722][T20225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1075.001303][   T30] audit: type=1326 audit(1754880150.881:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20205 comm="syz.4.4183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1075.049610][T20225] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1075.847249][T19411] usb 2-1: new high-speed USB device number 110 using dummy_hcd
[ 1075.863954][T19426] usb 1-1: USB disconnect, device number 93
[ 1075.962472][T20239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4192'.
[ 1075.993605][T20239] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4192'.
[ 1076.018349][T19411] usb 2-1: Using ep0 maxpacket: 8
[ 1076.024106][T20239] netlink: 'syz.3.4192': attribute type 15 has an invalid length.
[ 1076.035052][T19411] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1076.598882][T19411] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1076.626842][T19411] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1076.757461][T19411] usb 2-1: config 0 descriptor??
[ 1077.134337][T19411] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1077.207087][T19426] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[ 1077.286778][ T1210] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 1077.366954][T19426] usb 1-1: Using ep0 maxpacket: 8
[ 1077.377046][T19426] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[ 1077.393417][T20266] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1077.401907][T19426] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1077.407370][T20266] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1077.410722][T19426] usb 1-1: Product: syz
[ 1077.422306][T19426] usb 1-1: Manufacturer: syz
[ 1077.427896][T19426] usb 1-1: SerialNumber: syz
[ 1077.461735][T19426] usb 1-1: config 0 descriptor??
[ 1077.475983][T19426] usb 1-1: selecting invalid altsetting 3
[ 1077.487159][T19426] comedi comedi5: could not set alternate setting 3 in high speed
[ 1077.495076][T19426] usbdux 1-1:0.0: driver 'usbdux' failed to auto-configure device.
[ 1077.527108][T19426] usbdux 1-1:0.0: probe with driver usbdux failed with error -22
[ 1077.558517][ T1210] usb 4-1: Using ep0 maxpacket: 32
[ 1077.587476][ T1210] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1077.596661][ T1210] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1077.613941][ T1210] usb 4-1: config 0 descriptor??
[ 1077.684442][T19426] usb 1-1: USB disconnect, device number 94
[ 1077.874173][ T1210] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1077.891850][ T1210] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1077.934924][ T1210] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1078.031287][ T1210] usb 4-1: media controller created
[ 1078.467212][ T1210] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1078.719933][T14010] usb 2-1: USB disconnect, device number 110
[ 1079.206854][ T1210] stb0899_attach: Driver disabled by Kconfig
[ 1079.213185][ T1210] az6027: no front-end attached
[ 1079.213185][ T1210] 
[ 1079.224866][ T1210] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1079.245539][ T1210] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input55
[ 1079.259760][ T1210] dvb-usb: schedule remote query interval to 400 msecs.
[ 1079.277082][T19426] usb 2-1: new high-speed USB device number 111 using dummy_hcd
[ 1079.279002][ T1210] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1079.436939][T19426] usb 2-1: Using ep0 maxpacket: 16
[ 1079.508316][T19433] usb 4-1: USB disconnect, device number 115
[ 1079.532449][T19426] usb 2-1: config 0 has an invalid interface number: 17 but max is 0
[ 1079.553234][T19426] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1079.594405][T19426] usb 2-1: config 0 has no interface number 0
[ 1079.650066][T19426] usb 2-1: New USB device found, idVendor=0408, idProduct=4034, bcdDevice=dd.cd
[ 1079.659775][T19433] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1079.678162][T19426] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1079.721894][T19426] usb 2-1: Product: syz
[ 1079.781331][T19426] usb 2-1: Manufacturer: syz
[ 1079.786163][T19426] usb 2-1: SerialNumber: syz
[ 1079.810955][T19426] usb 2-1: config 0 descriptor??
[ 1080.083815][T19426] usb 2-1: Found UVC 0.00 device syz (0408:4034)
[ 1080.111640][T19426] usb 2-1: No valid video chain found.
[ 1080.206781][ T1210] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 1080.386819][ T1210] usb 3-1: Using ep0 maxpacket: 32
[ 1080.966444][ T1210] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1081.022123][ T1210] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1081.054607][ T1210] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1081.115370][ T1210] usb 3-1: config 1 has no interface number 0
[ 1081.156983][ T1210] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1081.186804][ T1210] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1081.275049][ T1210] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1081.323334][ T1210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1081.388027][ T1210] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[ 1081.600566][ T1210] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[ 1082.281175][T20319] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4203'.
[ 1082.638426][T19411] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[ 1083.597654][T19411] usb 2-1: USB disconnect, device number 111
[ 1083.982399][T20320] syz.2.4203 (20320): drop_caches: 2
[ 1084.165319][ T1210] usb 3-1: USB disconnect, device number 106
[ 1084.184399][ T1210] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[ 1085.796749][T20358] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4219'.
[ 1086.976826][T14010] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 1087.262429][T14010] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1087.277254][T14010] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1087.296413][T14010] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1087.307330][T14010] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1087.336221][T14010] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1087.355170][T14010] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1087.371929][T14010] usb 4-1: Manufacturer: syz
[ 1087.395184][T14010] usb 4-1: config 0 descriptor??
[ 1087.579686][T20375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1087.623029][T20375] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1087.792456][T20384] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4225'.
[ 1087.828700][T14010] appleir 0003:05AC:8243.0023: unknown main item tag 0x0
[ 1087.847820][T14010] appleir 0003:05AC:8243.0023: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[ 1088.067532][T20373] FAULT_INJECTION: forcing a failure.
[ 1088.067532][T20373] name failslab, interval 1, probability 0, space 0, times 0
[ 1088.080992][T20373] CPU: 0 UID: 0 PID: 20373 Comm: syz.3.4222 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1088.081019][T20373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1088.081032][T20373] Call Trace:
[ 1088.081040][T20373]  <TASK>
[ 1088.081049][T20373]  dump_stack_lvl+0x189/0x250
[ 1088.081077][T20373]  ? __pfx____ratelimit+0x10/0x10
[ 1088.081104][T20373]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1088.081127][T20373]  ? __pfx__printk+0x10/0x10
[ 1088.081159][T20373]  ? __pfx___might_resched+0x10/0x10
[ 1088.081177][T20373]  ? fs_reclaim_acquire+0x7d/0x100
[ 1088.081211][T20373]  should_fail_ex+0x414/0x560
[ 1088.081241][T20373]  should_failslab+0xa8/0x100
[ 1088.081270][T20373]  __kmalloc_noprof+0xcb/0x4f0
[ 1088.081295][T20373]  ? kfree+0x4d/0x440
[ 1088.081316][T20373]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1088.081340][T20373]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1088.081365][T20373]  ? tomoyo_domain+0xd9/0x130
[ 1088.081390][T20373]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1088.081416][T20373]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1088.081445][T20373]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1088.081486][T20373]  ? __lock_acquire+0xab9/0xd20
[ 1088.081534][T20373]  ? __fget_files+0x2a/0x420
[ 1088.081554][T20373]  ? __fget_files+0x2a/0x420
[ 1088.081570][T20373]  ? __fget_files+0x3a0/0x420
[ 1088.081585][T20373]  ? __fget_files+0x2a/0x420
[ 1088.081606][T20373]  security_file_ioctl+0xcb/0x2d0
[ 1088.081633][T20373]  __se_sys_ioctl+0x47/0x170
[ 1088.081660][T20373]  do_syscall_64+0xfa/0x3b0
[ 1088.081688][T20373]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1088.081707][T20373]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1088.081726][T20373]  ? clear_bhb_loop+0x60/0xb0
[ 1088.081748][T20373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1088.081766][T20373] RIP: 0033:0x7fdcf898ebe9
[ 1088.081784][T20373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1088.081801][T20373] RSP: 002b:00007fdcf9732038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1088.081822][T20373] RAX: ffffffffffffffda RBX: 00007fdcf8bb5fa0 RCX: 00007fdcf898ebe9
[ 1088.081837][T20373] RDX: 0000200000000400 RSI: 0000000081044804 RDI: 0000000000000004
[ 1088.081850][T20373] RBP: 00007fdcf9732090 R08: 0000000000000000 R09: 0000000000000000
[ 1088.081863][T20373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1088.081874][T20373] R13: 00007fdcf8bb6038 R14: 00007fdcf8bb5fa0 R15: 00007fdcf8cdfa28
[ 1088.081905][T20373]  </TASK>
[ 1088.082205][T20373] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1088.834335][T20401] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4228'.
[ 1088.916766][T20398] netlink: 'syz.2.4229': attribute type 10 has an invalid length.
[ 1088.925473][T20398] dummy0: left promiscuous mode
[ 1088.933186][T20398] batman_adv: batadv0: Removing interface: dummy0
[ 1088.956255][T20398] dummy0: entered promiscuous mode
[ 1088.965965][T20398] team0: Port device dummy0 added
[ 1088.975784][T20400] netlink: 'syz.2.4229': attribute type 10 has an invalid length.
[ 1088.995197][T20400] dummy0: left promiscuous mode
[ 1089.008193][T20400] team0: Port device dummy0 removed
[ 1089.036320][T20400] bond0: (slave dummy0): Enslaving as an active interface with an up link
[ 1089.655755][T20408] FAULT_INJECTION: forcing a failure.
[ 1089.655755][T20408] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1089.669968][T20408] CPU: 1 UID: 0 PID: 20408 Comm: syz.3.4232 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1089.669994][T20408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1089.670005][T20408] Call Trace:
[ 1089.670012][T20408]  <TASK>
[ 1089.670020][T20408]  dump_stack_lvl+0x189/0x250
[ 1089.670047][T20408]  ? __pfx____ratelimit+0x10/0x10
[ 1089.670074][T20408]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1089.670097][T20408]  ? __pfx__printk+0x10/0x10
[ 1089.670124][T20408]  ? __might_fault+0xb0/0x130
[ 1089.670160][T20408]  should_fail_ex+0x414/0x560
[ 1089.670190][T20408]  _copy_from_user+0x2d/0xb0
[ 1089.670212][T20408]  ___sys_recvmsg+0x12e/0x510
[ 1089.670246][T20408]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1089.670294][T20408]  ? __might_fault+0xb0/0x130
[ 1089.670324][T20408]  do_recvmmsg+0x307/0x770
[ 1089.670352][T20408]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1089.670381][T20408]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1089.670425][T20408]  __x64_sys_recvmmsg+0x190/0x240
[ 1089.670449][T20408]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1089.670468][T20408]  ? rcu_is_watching+0x15/0xb0
[ 1089.670493][T20408]  ? do_syscall_64+0xbe/0x3b0
[ 1089.670523][T20408]  do_syscall_64+0xfa/0x3b0
[ 1089.670548][T20408]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1089.670573][T20408]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1089.670592][T20408]  ? clear_bhb_loop+0x60/0xb0
[ 1089.670615][T20408]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1089.670633][T20408] RIP: 0033:0x7fdcf898ebe9
[ 1089.670650][T20408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1089.670667][T20408] RSP: 002b:00007fdcf9732038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1089.670687][T20408] RAX: ffffffffffffffda RBX: 00007fdcf8bb5fa0 RCX: 00007fdcf898ebe9
[ 1089.670701][T20408] RDX: 015cbc1ab4c0933f RSI: 0000200000001980 RDI: 0000000000000003
[ 1089.670714][T20408] RBP: 00007fdcf9732090 R08: 0000000000000000 R09: 0000000000000000
[ 1089.670726][T20408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1089.670738][T20408] R13: 00007fdcf8bb6038 R14: 00007fdcf8bb5fa0 R15: 00007fdcf8cdfa28
[ 1089.670767][T20408]  </TASK>
[ 1089.887956][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1089.903447][T19426] usb 4-1: USB disconnect, device number 116
[ 1090.833158][T20420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1090.841981][T20420] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1091.096880][T19426] usb 2-1: new high-speed USB device number 112 using dummy_hcd
[ 1091.248697][T19426] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1091.257993][T19426] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1091.292032][T19426] usb 2-1: config 0 descriptor??
[ 1091.315568][T19426] cp210x 2-1:0.0: cp210x converter detected
[ 1091.523952][T19426] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1091.565821][T19426] cp210x 2-1:0.0: querying part number failed
[ 1091.648182][T19426] usb 2-1: cp210x converter now attached to ttyUSB0
[ 1091.686960][T19426] usb 2-1: USB disconnect, device number 112
[ 1091.724244][T19426] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1091.746922][T19426] cp210x 2-1:0.0: device disconnected
[ 1092.002898][T20439] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4240'.
[ 1092.192397][T20444] vti0: entered promiscuous mode
[ 1092.284985][T20444] vti0: entered allmulticast mode
[ 1092.787890][ T1210] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 1093.106820][ T1210] usb 1-1: Using ep0 maxpacket: 32
[ 1093.145632][ T1210] usb 1-1: too many configurations: 9, using maximum allowed: 8
[ 1093.204389][ T1210] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1093.215417][ T1210] usb 1-1: can't read configurations, error -61
[ 1093.314595][T20464] netdevsim netdevsim2: Direct firmware load for nel/config failed with error -2
[ 1093.328972][T20464] netdevsim netdevsim2: Falling back to sysfs fallback for: nel/config
[ 1093.425532][ T1210] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[ 1093.759861][ T1210] usb 1-1: Using ep0 maxpacket: 32
[ 1093.835221][ T1210] usb 1-1: too many configurations: 9, using maximum allowed: 8
[ 1093.853326][ T1210] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1093.861483][ T1210] usb 1-1: can't read configurations, error -61
[ 1093.875183][ T1210] usb usb1-port1: attempt power cycle
[ 1094.506799][ T1210] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[ 1094.902621][ T1210] usb 1-1: device descriptor read/8, error -71
[ 1095.632060][T20501] netdevsim netdevsim0: Direct firmware load for nel/config failed with error -2
[ 1095.864273][T19411] IPVS: starting estimator thread 0...
[ 1095.876663][T20501] netdevsim netdevsim0: Falling back to sysfs fallback for: nel/config
[ 1096.148813][T20505] IPVS: using max 30 ests per chain, 72000 per kthread
[ 1096.633119][T20509] kAFS: unable to lookup cell '(/c¾ûL'
[ 1096.660117][T20509] overlayfs: missing 'lowerdir'
[ 1096.787561][T20510] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4257'.
[ 1097.385240][T20487] delete_channel: no stack
[ 1097.390586][T19426] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[ 1097.626953][T19426] usb 4-1: Using ep0 maxpacket: 16
[ 1097.671498][T19426] usb 4-1: config 0 has an invalid interface number: 17 but max is 0
[ 1097.681431][T19426] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1097.693547][T19426] usb 4-1: config 0 has no interface number 0
[ 1097.701978][T19426] usb 4-1: New USB device found, idVendor=0408, idProduct=4034, bcdDevice=dd.cd
[ 1097.711198][T19426] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1097.719446][T19426] usb 4-1: Product: syz
[ 1097.723645][T19426] usb 4-1: Manufacturer: syz
[ 1097.728881][T19426] usb 4-1: SerialNumber: syz
[ 1097.741478][T19426] usb 4-1: config 0 descriptor??
[ 1098.053484][T19426] usb 4-1: Found UVC 0.00 device syz (0408:4034)
[ 1098.059976][T19426] usb 4-1: No valid video chain found.
[ 1098.069020][T20519] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4260'.
[ 1098.429343][T19426] usb 4-1: USB disconnect, device number 117
[ 1098.886793][ T1210] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1099.447646][ T1210] usb 1-1: config 0 has no interfaces?
[ 1099.592780][ T1210] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1099.756911][ T1210] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1099.788444][ T1210] usb 1-1: Product: syz
[ 1099.795444][ T1210] usb 1-1: Manufacturer: syz
[ 1099.803969][ T1210] usb 1-1: SerialNumber: syz
[ 1099.820512][ T1210] usb 1-1: config 0 descriptor??
[ 1100.168227][T14010] usb 4-1: new full-speed USB device number 118 using dummy_hcd
[ 1100.259198][T20532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1100.273769][T20532] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1100.505629][T14010] usb 4-1: config 0 has no interfaces?
[ 1100.512900][T20532] block device autoloading is deprecated and will be removed.
[ 1100.662899][T14010] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1101.098682][T20551] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4267'.
[ 1101.203666][T20551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1101.218797][T20551] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1101.266982][T14010] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1101.286359][T14010] usb 4-1: Product: syz
[ 1101.322313][T14010] usb 4-1: Manufacturer: syz
[ 1101.335251][T14010] usb 4-1: SerialNumber: syz
[ 1101.355501][T14010] usb 4-1: config 0 descriptor??
[ 1101.680688][T20539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1101.690845][T20539] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1101.706229][T20539] program syz.3.4264 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1102.083614][T19426] usb 1-1: USB disconnect, device number 99
[ 1104.096853][T19411] usb 4-1: USB disconnect, device number 118
[ 1104.126915][T14010] usb 2-1: new full-speed USB device number 113 using dummy_hcd
[ 1104.355889][T14010] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1104.408983][T14010] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1104.480920][T20618] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1104.505997][T14010] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1104.543361][T14010] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1104.775590][T14010] usb 2-1: config 0 descriptor??
[ 1104.847974][T14010] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1104.871291][T14010] dvb-usb: bulk message failed: -22 (3/0)
[ 1104.974254][T14010] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1105.260106][T20626] netlink: 'syz.1.4274': attribute type 7 has an invalid length.
[ 1105.270482][T20626] netlink: 'syz.1.4274': attribute type 8 has an invalid length.
[ 1105.312353][T14010] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1105.319870][T14010] usb 2-1: media controller created
[ 1105.456812][T19431] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1105.490980][T20633] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4279'.
[ 1105.634054][T14010] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1105.737026][T19431] usb 1-1: Using ep0 maxpacket: 32
[ 1105.748199][T14010] dvb-usb: bulk message failed: -22 (6/0)
[ 1105.758752][T19431] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1105.773157][T19431] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1105.800771][T19431] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1105.811594][T19431] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1105.835864][T14010] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1105.860970][T14010] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input56
[ 1105.922472][T19431] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1105.935849][T19431] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1105.953128][T14010] dvb-usb: schedule remote query interval to 150 msecs.
[ 1105.969201][T14010] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1106.035342][T19431] usb 1-1: New USB device found, idVendor=04e7, idProduct=6651, bcdDevice=ba.8a
[ 1106.126996][T14010] dvb-usb: bulk message failed: -22 (1/0)
[ 1106.134321][T14010] dvb-usb: error while querying for an remote control event.
[ 1106.336865][T19431] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.351323][T19431] usb 1-1: Product: syz
[ 1106.375925][T19431] usb 1-1: Manufacturer: syz
[ 1106.396869][T19411] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1106.401256][T19431] usb 1-1: SerialNumber: syz
[ 1106.463193][T19431] usb 1-1: config 0 descriptor??
[ 1106.501535][T19431] usb 1-1: bad CDC descriptors
[ 1106.506768][T14010] dvb-usb: bulk message failed: -22 (1/0)
[ 1106.512529][T14010] dvb-usb: error while querying for an remote control event.
[ 1106.520443][T19431] cdc_acm 1-1:0.0: Zero length descriptor references
[ 1106.608690][T19411] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1106.625913][T19411] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1106.650884][T19431] cdc_acm 1-1:0.0: probe with driver cdc_acm failed with error -22
[ 1106.669482][T19411] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1106.678717][T19411] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.698893][T19411] usb 3-1: Product: syz
[ 1106.773102][T19411] usb 3-1: Manufacturer: syz
[ 1106.793462][ T1210] dvb-usb: bulk message failed: -22 (1/0)
[ 1106.806905][ T1210] dvb-usb: error while querying for an remote control event.
[ 1106.847286][T19411] usb 3-1: SerialNumber: syz
[ 1106.875108][ T1210] usb 2-1: USB disconnect, device number 113
[ 1106.984076][ T1210] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1107.181434][T19411] usb 3-1: USB disconnect, device number 107
[ 1107.795805][T20649] bridge1: entered promiscuous mode
[ 1107.801854][T20649] bridge1: entered allmulticast mode
[ 1107.816974][T20649] program syz.2.4285 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1108.159335][T19431] usb 4-1: new full-speed USB device number 119 using dummy_hcd
[ 1108.166898][ T1210] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 1108.374138][T19431] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[ 1108.383750][T19431] usb 4-1: config 0 has no interface number 0
[ 1108.396020][T19431] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[ 1108.405469][ T1210] usb 3-1: Using ep0 maxpacket: 8
[ 1108.470850][T19431] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1108.494814][T19431] usb 4-1: config 0 descriptor??
[ 1108.531413][T19431] usb 4-1: selecting invalid altsetting 1
[ 1108.540300][T19431] dvb_ttusb_budget: ttusb_init_controller: error
[ 1108.546638][T19431] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[ 1108.664836][T19431] DVB: Unable to find symbol cx22700_attach()
[ 1108.705051][T19431] DVB: Unable to find symbol tda10046_attach()
[ 1108.711351][T19431] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[ 1108.727245][ T1210] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1108.760565][ T1210] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1108.784208][ T1210] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1108.833089][ T1210] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1108.866414][ T1210] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1108.898782][T20664] FAULT_INJECTION: forcing a failure.
[ 1108.898782][T20664] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1108.914803][ T1210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1108.933081][T20664] CPU: 1 UID: 0 PID: 20664 Comm: syz.1.4288 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1108.933125][T20664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1108.933139][T20664] Call Trace:
[ 1108.933154][T20664]  <TASK>
[ 1108.933164][T20664]  dump_stack_lvl+0x189/0x250
[ 1108.933195][T20664]  ? __pfx____ratelimit+0x10/0x10
[ 1108.933225][T20664]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1108.933252][T20664]  ? __pfx__printk+0x10/0x10
[ 1108.933296][T20664]  should_fail_ex+0x414/0x560
[ 1108.933332][T20664]  strncpy_from_user+0x36/0x290
[ 1108.933364][T20664]  getname_flags+0xf3/0x540
[ 1108.933390][T20664]  io_openat_prep+0x236/0x5a0
[ 1108.933422][T20664]  ? __pfx_io_openat_prep+0x10/0x10
[ 1108.933463][T20664]  ? io_task_refs_refill+0xbb/0x180
[ 1108.933488][T20664]  io_submit_sqes+0x8f3/0x1d10
[ 1108.933544][T20664]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1108.933589][T20664]  ? ksys_write+0x1cb/0x250
[ 1108.933620][T20664]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1108.933644][T20664]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1108.933673][T20664]  ? __pfx_vfs_write+0x10/0x10
[ 1108.933702][T20664]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1108.933736][T20664]  ? __fget_files+0x3a0/0x420
[ 1108.933761][T20664]  ? fput+0xa0/0xd0
[ 1108.933782][T20664]  ? ksys_write+0x22a/0x250
[ 1108.933811][T20664]  ? __pfx_ksys_write+0x10/0x10
[ 1108.933835][T20664]  ? rcu_is_watching+0x15/0xb0
[ 1108.933861][T20664]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1108.933890][T20664]  do_syscall_64+0xfa/0x3b0
[ 1108.933918][T20664]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1108.933945][T20664]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.933965][T20664]  ? clear_bhb_loop+0x60/0xb0
[ 1108.933989][T20664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.934009][T20664] RIP: 0033:0x7f9b6f58ebe9
[ 1108.934027][T20664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1108.934045][T20664] RSP: 002b:00007f9b70475038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1108.934066][T20664] RAX: ffffffffffffffda RBX: 00007f9b6f7b6090 RCX: 00007f9b6f58ebe9
[ 1108.934081][T20664] RDX: 0000000000000000 RSI: 0000000000003516 RDI: 0000000000000004
[ 1108.934094][T20664] RBP: 00007f9b70475090 R08: 0000000000000000 R09: 00000000fffffdcf
[ 1108.934107][T20664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1108.934119][T20664] R13: 00007f9b6f7b6128 R14: 00007f9b6f7b6090 R15: 00007f9b6f8dfa28
[ 1108.934158][T20664]  </TASK>
[ 1108.936054][T14010] usb 1-1: USB disconnect, device number 100
[ 1109.186902][ T1210] usb 3-1: Product: syz
[ 1109.191245][ T1210] usb 3-1: Manufacturer: syz
[ 1109.195940][ T1210] usb 3-1: SerialNumber: syz
[ 1109.639285][T14010] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1109.738104][T20672] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1109.747048][T20672] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1109.800131][T14010] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1109.812008][T14010] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1109.825077][T14010] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1109.834532][T14010] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1109.851793][T14010] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1109.864298][T14010] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1109.906852][T14010] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1109.915145][T14010] usb 1-1: Product: syz
[ 1109.921632][T14010] usb 1-1: Manufacturer: syz
[ 1109.938465][T14010] cdc_wdm 1-1:1.0: skipping garbage
[ 1109.949456][T14010] cdc_wdm 1-1:1.0: skipping garbage
[ 1109.956615][T14010] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[ 1109.977544][ T1210] usb 3-1: 0:2 : does not exist
[ 1110.024967][ T1210] usb 3-1: USB disconnect, device number 108
[ 1110.059369][T14010] cdc_wdm 1-1:1.0: Unknown control protocol
[ 1110.154673][T19431] usb 1-1: USB disconnect, device number 101
[ 1110.226971][T20678] tipc: Invalid UDP bearer configuration
[ 1110.227023][T20678] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[ 1110.316451][T20681] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1110.327426][T20681] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1110.377495][T20683] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4295'.
[ 1110.496781][ T1210] usb 3-1: new high-speed USB device number 109 using dummy_hcd
[ 1110.646920][ T1210] usb 3-1: Using ep0 maxpacket: 32
[ 1110.654461][ T1210] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[ 1110.676907][T14010] usb 2-1: new high-speed USB device number 114 using dummy_hcd
[ 1110.702284][ T1210] usb 3-1: config 0 has no interface number 0
[ 1110.716482][ T1210] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1110.750267][ T1210] usb 3-1: config 0 interface 85 has no altsetting 0
[ 1110.762976][ T1210] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1110.773116][ T1210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1110.783030][ T1210] usb 3-1: Product: syz
[ 1110.787513][ T1210] usb 3-1: Manufacturer: syz
[ 1110.792289][ T1210] usb 3-1: SerialNumber: syz
[ 1110.803293][ T1210] usb 3-1: config 0 descriptor??
[ 1110.846849][T14010] usb 2-1: Using ep0 maxpacket: 32
[ 1110.856082][T14010] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1110.872354][T14010] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1110.890999][T14010] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1110.903632][T14010] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1110.922375][T14010] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1110.933422][T14010] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1110.955247][T14010] usb 2-1: New USB device found, idVendor=04e7, idProduct=6651, bcdDevice=ba.8a
[ 1110.970032][T14010] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1110.978702][T14010] usb 2-1: Product: syz
[ 1110.982980][T14010] usb 2-1: Manufacturer: syz
[ 1110.993418][T14010] usb 2-1: SerialNumber: syz
[ 1111.006159][T14010] usb 2-1: config 0 descriptor??
[ 1111.024359][T14010] usb 2-1: bad CDC descriptors
[ 1111.032104][T14010] cdc_acm 2-1:0.0: Zero length descriptor references
[ 1111.039391][T14010] cdc_acm 2-1:0.0: probe with driver cdc_acm failed with error -22
[ 1111.357843][ T1210] appletouch 3-1:0.85: Geyser mode initialized.
[ 1111.412340][ T1210] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input57
[ 1111.426265][T19431] usb 4-1: USB disconnect, device number 119
[ 1111.473191][ T1210] usb 3-1: USB disconnect, device number 109
[ 1111.512737][ T1210] appletouch 3-1:0.85: input: appletouch disconnected
[ 1111.793970][T20702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4300'.
[ 1111.804403][T20702] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4300'.
[ 1112.354859][T20706] netlink: 'syz.3.4301': attribute type 5 has an invalid length.
[ 1112.465291][T20715] FAULT_INJECTION: forcing a failure.
[ 1112.465291][T20715] name failslab, interval 1, probability 0, space 0, times 0
[ 1112.478291][T20715] CPU: 0 UID: 0 PID: 20715 Comm: syz.2.4303 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1112.478317][T20715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1112.478329][T20715] Call Trace:
[ 1112.478337][T20715]  <TASK>
[ 1112.478346][T20715]  dump_stack_lvl+0x189/0x250
[ 1112.478373][T20715]  ? __pfx____ratelimit+0x10/0x10
[ 1112.478398][T20715]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1112.478421][T20715]  ? __pfx__printk+0x10/0x10
[ 1112.478453][T20715]  ? __pfx___might_resched+0x10/0x10
[ 1112.478469][T20715]  ? fs_reclaim_acquire+0x7d/0x100
[ 1112.478503][T20715]  should_fail_ex+0x414/0x560
[ 1112.478533][T20715]  should_failslab+0xa8/0x100
[ 1112.478562][T20715]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1112.478587][T20715]  ? security_inode_alloc+0x39/0x330
[ 1112.478610][T20715]  security_inode_alloc+0x39/0x330
[ 1112.478630][T20715]  inode_init_always_gfp+0x9ed/0xdc0
[ 1112.478664][T20715]  ? __pfx_sock_alloc_inode+0x10/0x10
[ 1112.478687][T20715]  alloc_inode+0x82/0x1b0
[ 1112.478714][T20715]  __sock_create+0x12d/0x9f0
[ 1112.478748][T20715]  mptcp_subflow_create_socket+0xfd/0xb40
[ 1112.478782][T20715]  ? __lock_acquire+0xab9/0xd20
[ 1112.478812][T20715]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[ 1112.478852][T20715]  __mptcp_nmpc_sk+0x150/0x720
[ 1112.478872][T20715]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1112.478891][T20715]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[ 1112.478925][T20715]  mptcp_setsockopt+0xedb/0x3560
[ 1112.478944][T20715]  ? __lock_acquire+0xab9/0xd20
[ 1112.478976][T20715]  ? aa_sk_perm+0x81e/0x950
[ 1112.479001][T20715]  ? __pfx_mptcp_setsockopt+0x10/0x10
[ 1112.479027][T20715]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1112.479057][T20715]  ? __fget_files+0x2a/0x420
[ 1112.479072][T20715]  ? aa_sock_opt_perm+0xff/0x1b0
[ 1112.479091][T20715]  ? sock_common_setsockopt+0x36/0xc0
[ 1112.479117][T20715]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1112.479144][T20715]  do_sock_setsockopt+0x17c/0x1b0
[ 1112.479178][T20715]  __x64_sys_setsockopt+0x13f/0x1b0
[ 1112.479201][T20715]  do_syscall_64+0xfa/0x3b0
[ 1112.479227][T20715]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1112.479251][T20715]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.479269][T20715]  ? clear_bhb_loop+0x60/0xb0
[ 1112.479292][T20715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1112.479311][T20715] RIP: 0033:0x7f33c998ebe9
[ 1112.479326][T20715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1112.479343][T20715] RSP: 002b:00007f33ca8c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1112.479363][T20715] RAX: ffffffffffffffda RBX: 00007f33c9bb5fa0 RCX: 00007f33c998ebe9
[ 1112.479377][T20715] RDX: 0000000000000013 RSI: 0000000000000000 RDI: 0000000000000003
[ 1112.479389][T20715] RBP: 00007f33ca8c4090 R08: 0000000000000004 R09: 0000000000000000
[ 1112.479400][T20715] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1112.479412][T20715] R13: 00007f33c9bb6038 R14: 00007f33c9bb5fa0 R15: 00007f33c9cdfa28
[ 1112.479442][T20715]  </TASK>
[ 1112.480676][T20715] socket: no more sockets
[ 1113.326969][ T1210] usb 2-1: USB disconnect, device number 114
[ 1113.897385][T20731] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1114.217159][T20743] FAULT_INJECTION: forcing a failure.
[ 1114.217159][T20743] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1114.236977][T20743] CPU: 1 UID: 0 PID: 20743 Comm: syz.3.4309 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1114.237019][T20743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1114.237034][T20743] Call Trace:
[ 1114.237043][T20743]  <TASK>
[ 1114.237053][T20743]  dump_stack_lvl+0x189/0x250
[ 1114.237085][T20743]  ? __pfx____ratelimit+0x10/0x10
[ 1114.237117][T20743]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1114.237144][T20743]  ? __pfx__printk+0x10/0x10
[ 1114.237176][T20743]  ? __might_fault+0xb0/0x130
[ 1114.237220][T20743]  should_fail_ex+0x414/0x560
[ 1114.237256][T20743]  _copy_from_user+0x2d/0xb0
[ 1114.237284][T20743]  ___sys_recvmsg+0x12e/0x510
[ 1114.237315][T20743]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1114.237366][T20743]  ? __fget_files+0x3a0/0x420
[ 1114.237399][T20743]  do_recvmmsg+0x307/0x770
[ 1114.237433][T20743]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1114.237481][T20743]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1114.237534][T20743]  __x64_sys_recvmmsg+0x190/0x240
[ 1114.237562][T20743]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1114.237585][T20743]  ? rcu_is_watching+0x15/0xb0
[ 1114.237613][T20743]  ? do_syscall_64+0xbe/0x3b0
[ 1114.237649][T20743]  do_syscall_64+0xfa/0x3b0
[ 1114.237681][T20743]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1114.237711][T20743]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1114.237734][T20743]  ? clear_bhb_loop+0x60/0xb0
[ 1114.237761][T20743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1114.237783][T20743] RIP: 0033:0x7fdcf898ebe9
[ 1114.237803][T20743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1114.237822][T20743] RSP: 002b:00007fdcf6bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1114.237846][T20743] RAX: ffffffffffffffda RBX: 00007fdcf8bb6180 RCX: 00007fdcf898ebe9
[ 1114.237863][T20743] RDX: 015cbc1ab4c0933f RSI: 0000200000001980 RDI: 0000000000000005
[ 1114.237878][T20743] RBP: 00007fdcf6bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1114.237892][T20743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1114.237906][T20743] R13: 00007fdcf8bb6218 R14: 00007fdcf8bb6180 R15: 00007fdcf8cdfa28
[ 1114.237940][T20743]  </TASK>
[ 1114.737322][T14010] usb 3-1: new full-speed USB device number 110 using dummy_hcd
[ 1115.082124][T14010] usb 3-1: config 0 has no interfaces?
[ 1115.117120][T19426] usb 2-1: new high-speed USB device number 115 using dummy_hcd
[ 1115.287520][T19426] usb 2-1: Using ep0 maxpacket: 32
[ 1115.299471][T14010] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1115.308662][T14010] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1115.320449][T14010] usb 3-1: Product: syz
[ 1115.325013][T19426] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1115.355290][T14010] usb 3-1: Manufacturer: syz
[ 1115.366421][T19426] usb 2-1: config 0 interface 0 altsetting 16 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1115.379158][T14010] usb 3-1: SerialNumber: syz
[ 1115.395540][T14010] usb 3-1: config 0 descriptor??
[ 1115.503468][T19426] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1115.579640][T20753] netlink: 104 bytes leftover after parsing attributes in process `syz.4.4314'.
[ 1115.586986][T19426] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1115.613941][T19426] usb 2-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1115.627653][T19426] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1115.642411][T20747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1115.652545][T20747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1115.666784][T20747] program syz.2.4311 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1115.688961][T19426] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[ 1115.699029][T19426] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1115.717531][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.723951][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.747717][T19426] usb 2-1: config 0 descriptor??
[ 1116.565419][T20777] FAULT_INJECTION: forcing a failure.
[ 1116.565419][T20777] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1116.659588][T19426] usbhid 2-1:0.0: can't add hid device: -71
[ 1116.692661][T19426] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1116.697386][T20777] CPU: 0 UID: 0 PID: 20777 Comm: syz.3.4321 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1116.697422][T20777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1116.697444][T20777] Call Trace:
[ 1116.697454][T20777]  <TASK>
[ 1116.697469][T20777]  dump_stack_lvl+0x189/0x250
[ 1116.697507][T20777]  ? __pfx____ratelimit+0x10/0x10
[ 1116.697542][T20777]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1116.697572][T20777]  ? __pfx__printk+0x10/0x10
[ 1116.697608][T20777]  ? __might_fault+0xb0/0x130
[ 1116.697658][T20777]  should_fail_ex+0x414/0x560
[ 1116.697696][T20777]  _copy_from_user+0x2d/0xb0
[ 1116.697726][T20777]  __sys_bpf+0x1ed/0x870
[ 1116.697763][T20777]  ? __pfx___sys_bpf+0x10/0x10
[ 1116.697813][T20777]  ? ksys_write+0x22a/0x250
[ 1116.697850][T20777]  ? __pfx_ksys_write+0x10/0x10
[ 1116.697880][T20777]  ? rcu_is_watching+0x15/0xb0
[ 1116.697914][T20777]  __x64_sys_bpf+0x7c/0x90
[ 1116.697947][T20777]  do_syscall_64+0xfa/0x3b0
[ 1116.697982][T20777]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1116.698015][T20777]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1116.698040][T20777]  ? clear_bhb_loop+0x60/0xb0
[ 1116.698070][T20777]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1116.698095][T20777] RIP: 0033:0x7fdcf898ebe9
[ 1116.698131][T20777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1116.698152][T20777] RSP: 002b:00007fdcf9732038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1116.698178][T20777] RAX: ffffffffffffffda RBX: 00007fdcf8bb5fa0 RCX: 00007fdcf898ebe9
[ 1116.698197][T20777] RDX: 0000000000000020 RSI: 0000200000000380 RDI: 0000000000000001
[ 1116.698213][T20777] RBP: 00007fdcf9732090 R08: 0000000000000000 R09: 0000000000000000
[ 1116.698247][T20777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1116.698261][T20777] R13: 00007fdcf8bb6038 R14: 00007fdcf8bb5fa0 R15: 00007fdcf8cdfa28
[ 1116.698293][T20777]  </TASK>
[ 1116.961142][T20776] netlink: 'syz.0.4320': attribute type 5 has an invalid length.
[ 1117.086874][T19426] usb 2-1: USB disconnect, device number 115
[ 1117.765197][T20795] netlink: 'syz.1.4327': attribute type 4 has an invalid length.
[ 1117.885959][T19431] usb 3-1: USB disconnect, device number 110
[ 1118.301205][T20803] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4330'.
[ 1118.370315][T20804] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4330'.
[ 1118.886790][T19431] usb 4-1: new full-speed USB device number 120 using dummy_hcd
[ 1118.943617][T20825] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1118.977602][T20825] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1119.069172][T19431] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1119.103603][T20825] kAFS: unable to lookup cell '.,'
[ 1119.111501][T19431] usb 4-1: not running at top speed; connect to a high speed hub
[ 1119.167116][T19431] usb 4-1: config 1 has an invalid interface number: 138 but max is 0
[ 1119.176295][T19431] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1119.226788][T14010] usb 1-1: new full-speed USB device number 102 using dummy_hcd
[ 1119.259770][T19431] usb 4-1: config 1 has no interface number 0
[ 1119.273070][T19431] usb 4-1: config 1 interface 138 altsetting 252 endpoint 0xC has invalid wMaxPacketSize 0
[ 1119.339115][T19431] usb 4-1: config 1 interface 138 has no altsetting 0
[ 1119.653414][T19431] usb 4-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae
[ 1119.666841][T19431] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1119.675178][T19431] usb 4-1: Product: syz
[ 1119.682322][T19431] usb 4-1: Manufacturer: syz
[ 1119.693916][T19431] usb 4-1: SerialNumber: syz
[ 1119.818130][T14010] usb 1-1: config 0 has no interfaces?
[ 1119.830133][T14010] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1119.839540][T14010] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1119.850035][T14010] usb 1-1: Product: syz
[ 1119.861883][T14010] usb 1-1: Manufacturer: syz
[ 1119.876439][T14010] usb 1-1: SerialNumber: syz
[ 1120.199323][T20813] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4335'.
[ 1120.324070][T20813] openvswitch: netlink: push_nsh: missing base or metadata attributes
[ 1120.333101][T14010] usb 1-1: config 0 descriptor??
[ 1120.359933][T20813] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1120.400686][T19431] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[ 1120.470578][T19431] usb 4-1: USB disconnect, device number 120
[ 1120.595994][T20824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1120.606079][T20824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1120.620159][T20824] program syz.0.4338 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1120.645528][T15895] udevd[15895]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1122.414829][T14010] usb 1-1: USB disconnect, device number 102
[ 1122.950698][T20865] netlink: 'syz.2.4346': attribute type 1 has an invalid length.
[ 1123.093732][T20865] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1123.144105][T20868] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1123.229562][T20868] bond2: (slave vxcan3): The slave device specified does not support setting the MAC address
[ 1123.314608][T20868] bond2: (slave vxcan3): Error -95 calling set_mac_address
[ 1123.471134][T20870] bond3: entered promiscuous mode
[ 1123.478941][T20870] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1123.491882][T20870] bond2: (slave bond3): Enslaving as an active interface with a down link
[ 1123.531208][T20865] macvlan2: entered promiscuous mode
[ 1123.538325][T20865] macvlan2: entered allmulticast mode
[ 1123.550112][T20865] bond2: entered promiscuous mode
[ 1123.559238][T20865] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1123.572932][T20865] bond2: left promiscuous mode
[ 1124.233264][T14010] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 1124.293357][T20895] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1124.591645][T20901] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0
[ 1124.602699][T14010] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1124.735566][T14010] usb 1-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1124.750978][T14010] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1124.761472][T14010] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1125.101679][T20910] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1125.185901][T20886] kAFS: unable to lookup cell '.,'
[ 1125.927158][T20917] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4359'.
[ 1126.855022][T19431] usb 1-1: USB disconnect, device number 103
[ 1126.970318][T20931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1126.979539][T20931] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1127.426850][T19409] usb 1-1: new high-speed USB device number 104 using dummy_hcd
[ 1127.646728][T19409] usb 1-1: Using ep0 maxpacket: 32
[ 1127.680762][T19409] usb 1-1: config 0 has an invalid interface number: 74 but max is 1
[ 1127.692898][T19409] usb 1-1: config 0 has no interface number 1
[ 1127.764270][T19409] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa
[ 1127.779179][T19409] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1127.790488][T19409] usb 1-1: Product: syz
[ 1128.138410][T19409] usb 1-1: Manufacturer: syz
[ 1128.143062][T19409] usb 1-1: SerialNumber: syz
[ 1128.180421][T19409] usb 1-1: config 0 descriptor??
[ 1128.713988][T19409] snd-usb-audio 1-1:0.74: probe with driver snd-usb-audio failed with error -22
[ 1128.752215][T19431] usb 1-1: USB disconnect, device number 104
[ 1129.181902][T15944] udevd[15944]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.74/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1129.216930][T19426] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 1129.467355][T20974] netlink: 80 bytes leftover after parsing attributes in process `syz.0.4377'.
[ 1129.503134][T19426] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1129.513960][T19426] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1129.532549][T19426] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1129.556589][T19426] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1129.645608][T20976] netlink: 96 bytes leftover after parsing attributes in process `syz.2.4378'.
[ 1129.695207][T20979] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 2, id = 0
[ 1129.794419][T20968] kAFS: unable to lookup cell '.,'
[ 1129.974801][T20985] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4382'.
[ 1130.187052][T19409] usb 3-1: new high-speed USB device number 111 using dummy_hcd
[ 1130.201160][T20995] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4385'.
[ 1130.227080][ T1210] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1130.295038][T20999] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4387'.
[ 1130.306379][T20999] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4387'.
[ 1130.317381][T20999] netlink: 52 bytes leftover after parsing attributes in process `syz.1.4387'.
[ 1130.330435][T20999] FAULT_INJECTION: forcing a failure.
[ 1130.330435][T20999] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1130.353088][T20999] CPU: 0 UID: 0 PID: 20999 Comm: syz.1.4387 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1130.353112][T20999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1130.353125][T20999] Call Trace:
[ 1130.353133][T20999]  <TASK>
[ 1130.353142][T20999]  dump_stack_lvl+0x189/0x250
[ 1130.353169][T20999]  ? __pfx____ratelimit+0x10/0x10
[ 1130.353194][T20999]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1130.353217][T20999]  ? __pfx__printk+0x10/0x10
[ 1130.353243][T20999]  ? __might_fault+0xb0/0x130
[ 1130.353280][T20999]  should_fail_ex+0x414/0x560
[ 1130.353318][T20999]  _copy_from_user+0x2d/0xb0
[ 1130.353342][T20999]  kstrtouint_from_user+0xc4/0x170
[ 1130.353373][T20999]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1130.353418][T20999]  proc_fail_nth_write+0x88/0x200
[ 1130.353440][T20999]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1130.353467][T20999]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1130.353490][T20999]  vfs_write+0x27b/0xb30
[ 1130.353524][T20999]  ? __pfx_vfs_write+0x10/0x10
[ 1130.353551][T20999]  ? __fget_files+0x2a/0x420
[ 1130.353571][T20999]  ? __fget_files+0x3a0/0x420
[ 1130.353588][T20999]  ? __fget_files+0x2a/0x420
[ 1130.353613][T20999]  ksys_write+0x145/0x250
[ 1130.353640][T20999]  ? __pfx_ksys_write+0x10/0x10
[ 1130.353662][T20999]  ? rcu_is_watching+0x15/0xb0
[ 1130.353687][T20999]  ? do_syscall_64+0xbe/0x3b0
[ 1130.353717][T20999]  do_syscall_64+0xfa/0x3b0
[ 1130.353742][T20999]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1130.353766][T20999]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1130.353784][T20999]  ? clear_bhb_loop+0x60/0xb0
[ 1130.353806][T20999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1130.353824][T20999] RIP: 0033:0x7f9b6f58d69f
[ 1130.353840][T20999] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1130.353856][T20999] RSP: 002b:00007f9b70496030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1130.353876][T20999] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9b6f58d69f
[ 1130.353889][T20999] RDX: 0000000000000001 RSI: 00007f9b704960a0 RDI: 0000000000000004
[ 1130.353901][T20999] RBP: 00007f9b70496090 R08: 0000000000000000 R09: 0000000000000000
[ 1130.353911][T20999] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[ 1130.353921][T20999] R13: 00007f9b6f7b6038 R14: 00007f9b6f7b5fa0 R15: 00007f9b6f8dfa28
[ 1130.353949][T20999]  </TASK>
[ 1130.354313][T21001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1130.356857][T19409] usb 3-1: Using ep0 maxpacket: 32
[ 1130.386066][T21001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1130.605748][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1130.605772][ T1210] usb 1-1: Using ep0 maxpacket: 8
[ 1130.623879][ T1210] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1130.635865][ T1210] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1130.649135][T19409] usb 3-1: config 0 has an invalid interface number: 184 but max is 0
[ 1130.662489][T19409] usb 3-1: config 0 has no interface number 0
[ 1130.669819][T19409] usb 3-1: config 0 interface 184 has no altsetting 0
[ 1130.689411][ T1210] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1130.699875][ T1210] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1130.715387][ T1210] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1130.725329][T19409] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 1130.734661][T19409] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1130.743221][T19409] usb 3-1: Product: syz
[ 1130.747783][T19409] usb 3-1: Manufacturer: syz
[ 1130.752465][T19409] usb 3-1: SerialNumber: syz
[ 1130.757630][ T1210] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1130.769623][T19409] usb 3-1: config 0 descriptor??
[ 1130.783755][T19409] smsc75xx v1.0.0
[ 1131.010183][ T1210] usb 1-1: GET_CAPABILITIES returned 0
[ 1131.015781][ T1210] usbtmc 1-1:16.0: can't read capabilities
[ 1131.217317][ T1210] usb 1-1: USB disconnect, device number 105
[ 1131.609863][T21014] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4391'.
[ 1131.629057][T20982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1131.638150][T20982] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1131.690244][T19409] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000040: -71
[ 1131.694518][T19426] usb 4-1: USB disconnect, device number 121
[ 1131.814285][T19409] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[ 1131.844909][T19409] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[ 1131.923911][T19409] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[ 1131.951853][T19409] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[ 1131.979749][T19409] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[ 1131.992098][T19409] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71
[ 1132.035638][T21021] loop2: detected capacity change from 0 to 7
[ 1132.099724][T21021] Dev loop2: unable to read RDB block 7
[ 1132.105741][T21021]  loop2: unable to read partition table
[ 1132.112908][T21021] loop2: partition table beyond EOD, truncated
[ 1132.121992][T21021] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1132.239799][T21026] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4394'.
[ 1132.256855][T19409] usb 3-1: USB disconnect, device number 111
[ 1132.579795][T21032] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.4396'.
[ 1132.620472][T21032] netlink: zone id is out of range
[ 1132.668307][T21032] netlink: get zone limit has 8 unknown bytes
[ 1132.739554][T21037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4397'.
[ 1133.389097][T21050] netlink: 40 bytes leftover after parsing attributes in process `syz.0.4401'.
[ 1133.598140][T21054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1133.613027][T21054] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1133.675506][T21054] kAFS: unable to lookup cell '.,'
[ 1133.957336][T19426] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 1134.121454][T19426] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1134.169255][T19426] usb 4-1: config 1 has an invalid interface number: 43 but max is 1
[ 1134.192419][T19426] usb 4-1: config 1 has no interface number 1
[ 1134.210916][T19426] usb 4-1: config 1 interface 0 altsetting 247 endpoint 0x4 has invalid maxpacket 600, setting to 64
[ 1134.244263][T19426] usb 4-1: config 1 interface 0 has no altsetting 0
[ 1134.263810][T19426] usb 4-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice=f6.75
[ 1134.299119][T19426] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1134.316340][T19426] usb 4-1: Product: syz
[ 1134.326995][T19426] usb 4-1: Manufacturer: syz
[ 1134.332122][T19426] usb 4-1: SerialNumber: syz
[ 1134.370231][T21066] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4406'.
[ 1134.423570][T21066] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1134.455549][T21070] macvlan3: entered promiscuous mode
[ 1134.462026][T21070] macvlan3: entered allmulticast mode
[ 1134.473360][T21070] bond3: entered promiscuous mode
[ 1134.480664][T21070] 8021q: adding VLAN 0 to HW filter on device macvlan3
[ 1134.524003][T21070] bond3: left promiscuous mode
[ 1135.126881][ T1210] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1135.286822][ T1210] usb 1-1: Using ep0 maxpacket: 8
[ 1135.296611][ T1210] usb 1-1: config 10 has an invalid interface number: 193 but max is 0
[ 1135.310392][ T1210] usb 1-1: config 10 has no interface number 0
[ 1135.323907][ T1210] usb 1-1: New USB device found, idVendor=0bda, idProduct=0129, bcdDevice=be.93
[ 1135.334086][ T1210] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1135.344220][ T1210] usb 1-1: Product: syz
[ 1135.349787][ T1210] usb 1-1: Manufacturer: syz
[ 1135.354656][ T1210] usb 1-1: SerialNumber: syz
[ 1136.122665][ T1210] rtsx_usb 1-1:10.193: probe with driver rtsx_usb failed with error -22
[ 1136.142421][ T1210] usb 1-1: USB disconnect, device number 106
[ 1136.567141][T19409] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 1136.674999][T19426] gspca_main: spca501-2.14.0 probing 0000:0000
[ 1136.696505][T19426] gspca_spca501: reg write: error -71
[ 1136.709263][T19426] spca501 4-1:1.0: Reg write failed for 0x02,0x0f,0x05
[ 1136.724303][T21097] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4415'.
[ 1136.810870][T19409] usb 2-1: device descriptor read/64, error -71
[ 1136.810954][T19426] spca501 4-1:1.0: probe with driver spca501 failed with error -22
[ 1136.853366][T19426] usb 4-1: USB disconnect, device number 122
[ 1137.077398][T19409] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 1137.087987][T21101] kvm: pic: non byte write
[ 1137.308863][T19409] usb 2-1: device descriptor read/64, error -71
[ 1137.417820][T19409] usb usb2-port1: attempt power cycle
[ 1137.498746][T21108] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[ 1137.756907][T19409] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[ 1137.777601][T19409] usb 2-1: device descriptor read/8, error -71
[ 1138.016847][T19409] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1138.078799][T19409] usb 2-1: device descriptor read/8, error -71
[ 1138.117912][T21119] netdevsim netdevsim3: Direct firmware load for nel/config failed with error -2
[ 1138.127747][T21119] netdevsim netdevsim3: Falling back to sysfs fallback for: nel/config
[ 1138.204363][T19409] usb usb2-port1: unable to enumerate USB device
[ 1139.686842][T19433] usb 3-1: new full-speed USB device number 112 using dummy_hcd
[ 1139.856075][T19433] usb 3-1: config 0 has no interfaces?
[ 1139.877204][T19426] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 1139.903945][T19433] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1139.914776][T19433] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1139.925383][T19433] usb 3-1: Product: syz
[ 1139.931198][T19433] usb 3-1: Manufacturer: syz
[ 1139.941262][T19433] usb 3-1: SerialNumber: syz
[ 1139.959402][T19433] usb 3-1: config 0 descriptor??
[ 1140.047238][   T43] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[ 1140.068376][T19426] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1140.083892][T19426] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1140.107627][T19426] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1140.299405][T21130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1140.308789][T19426] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1140.323170][T21130] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1140.333334][T19426] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1140.349787][T21130] program syz.2.4425 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1140.407747][   T43] usb 4-1: device descriptor read/64, error -71
[ 1140.439632][T19426] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1140.460841][T19426] usb 1-1: Manufacturer: syz
[ 1140.490954][T19426] usb 1-1: config 0 descriptor??
[ 1140.676790][   T43] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1140.836863][   T43] usb 4-1: device descriptor read/64, error -71
[ 1140.935009][T21151] netlink: 'syz.1.4433': attribute type 3 has an invalid length.
[ 1140.976808][T21151] netlink: 666 bytes leftover after parsing attributes in process `syz.1.4433'.
[ 1140.988035][   T43] usb usb4-port1: attempt power cycle
[ 1141.346901][   T43] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1141.369554][   T43] usb 4-1: device descriptor read/8, error -71
[ 1141.637424][   T43] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1141.667524][   T43] usb 4-1: device descriptor read/8, error -71
[ 1141.779554][   T43] usb usb4-port1: unable to enumerate USB device
[ 1141.836939][T19411] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1141.966780][T19411] usb 2-1: device descriptor read/64, error -71
[ 1142.114487][T19426] usbhid 1-1:0.0: can't add hid device: -71
[ 1142.120581][T19426] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1142.157301][T19426] usb 1-1: USB disconnect, device number 107
[ 1142.206773][T19411] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1142.356884][T19411] usb 2-1: device descriptor read/64, error -71
[ 1142.480504][T19411] usb usb2-port1: attempt power cycle
[ 1143.013768][   T43] usb 3-1: USB disconnect, device number 112
[ 1143.260231][T19411] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1143.297643][T21185] netlink: 'syz.0.4441': attribute type 1 has an invalid length.
[ 1143.356432][T21185] 8021q: adding VLAN 0 to HW filter on device bond4
[ 1143.431894][T19411] usb 2-1: device descriptor read/8, error -71
[ 1143.615341][T21184] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1143.633353][T21185] bond4: (slave veth3): Enslaving as an active interface with a down link
[ 1143.686775][T19411] usb 2-1: new high-speed USB device number 123 using dummy_hcd
[ 1143.711696][T21188] vlan2: entered allmulticast mode
[ 1143.717341][T21188] bond4: entered allmulticast mode
[ 1143.723400][T19411] usb 2-1: device descriptor read/8, error -71
[ 1143.734098][T21188] bond4: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[ 1143.837353][T19411] usb usb2-port1: unable to enumerate USB device
[ 1143.917040][T19426] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1144.126578][T19426] usb 4-1: Using ep0 maxpacket: 16
[ 1144.172971][T19426] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1144.318835][T19426] usb 4-1: config 0 has no interface number 0
[ 1144.434383][T19426] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1144.462254][T19426] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1144.557588][T19426] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1144.584427][T19426] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1144.625410][T21197] netlink: 'syz.1.4446': attribute type 1 has an invalid length.
[ 1144.656006][T21197] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1144.679515][T19426] usb 4-1: Product: syz
[ 1144.684975][T21197] bond2: (slave geneve2): making interface the new active one
[ 1144.695479][T21197] bond2: (slave geneve2): Enslaving as an active interface with an up link
[ 1144.706285][T20593] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1144.722120][T20593] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1144.731319][T20593] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1144.737034][T19426] usb 4-1: SerialNumber: syz
[ 1144.742267][T20593] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1144.817360][T19426] usb 4-1: config 0 descriptor??
[ 1144.844007][T19426] cm109 4-1:0.8: invalid payload size 0, expected 4
[ 1144.883509][T19426] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input58
[ 1145.371299][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1145.597523][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1145.604729][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1145.611911][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1145.619067][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1145.626213][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1145.626726][T19411] usb 4-1: USB disconnect, device number 127
[ 1145.633157][    C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1145.721222][T19411] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1146.052438][T21207] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4449'.
[ 1147.056771][T19426] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[ 1147.359808][T19426] usb 4-1: config 0 has no interfaces?
[ 1147.375180][T19426] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1147.384407][T19426] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1147.394238][T19426] usb 4-1: Product: syz
[ 1147.398595][T19433] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 1147.409656][T19426] usb 4-1: Manufacturer: syz
[ 1147.415194][T19426] usb 4-1: SerialNumber: syz
[ 1147.451663][T19426] usb 4-1: config 0 descriptor??
[ 1147.537296][T19433] usb 2-1: device descriptor read/64, error -71
[ 1147.674770][T21220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1147.685058][T21220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1147.700999][T21220] program syz.3.4452 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1147.777234][T19433] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 1147.916866][T19433] usb 2-1: device descriptor read/64, error -71
[ 1148.034873][T19433] usb usb2-port1: attempt power cycle
[ 1148.196389][T19426] usb 3-1: new high-speed USB device number 113 using dummy_hcd
[ 1148.393890][T19433] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 1148.453109][T19433] usb 2-1: device descriptor read/8, error -71
[ 1148.466198][T19426] usb 3-1: Using ep0 maxpacket: 8
[ 1148.507851][T19426] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1148.522981][T19426] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1148.533468][T19426] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1148.545875][T19426] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1148.561231][T19426] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1148.571177][T19426] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1148.756775][T19433] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1148.865778][T19426] usb 3-1: GET_CAPABILITIES returned 0
[ 1148.872006][T19426] usbtmc 3-1:16.0: can't read capabilities
[ 1148.878616][T19433] usb 2-1: device descriptor read/8, error -71
[ 1148.987136][T19433] usb usb2-port1: unable to enumerate USB device
[ 1149.159263][T19411] usb 3-1: USB disconnect, device number 113
[ 1149.357493][T21250] FAULT_INJECTION: forcing a failure.
[ 1149.357493][T21250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1149.373361][T21250] CPU: 0 UID: 0 PID: 21250 Comm: syz.0.4461 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1149.373387][T21250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1149.373399][T21250] Call Trace:
[ 1149.373407][T21250]  <TASK>
[ 1149.373416][T21250]  dump_stack_lvl+0x189/0x250
[ 1149.373449][T21250]  ? __pfx____ratelimit+0x10/0x10
[ 1149.373475][T21250]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1149.373497][T21250]  ? __pfx__printk+0x10/0x10
[ 1149.373524][T21250]  ? __might_fault+0xb0/0x130
[ 1149.373560][T21250]  should_fail_ex+0x414/0x560
[ 1149.373590][T21250]  _copy_from_iter+0x1db/0x16f0
[ 1149.373613][T21250]  ? rcu_is_watching+0x15/0xb0
[ 1149.373635][T21250]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1149.373662][T21250]  ? __pfx__copy_from_iter+0x10/0x10
[ 1149.373683][T21250]  ? __build_skb_around+0x257/0x3e0
[ 1149.373715][T21250]  ? netlink_sendmsg+0x642/0xb30
[ 1149.373742][T21250]  ? skb_put+0x11b/0x210
[ 1149.373773][T21250]  netlink_sendmsg+0x6b2/0xb30
[ 1149.373810][T21250]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1149.373840][T21250]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1149.373871][T21250]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1149.373892][T21250]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1149.373921][T21250]  __sock_sendmsg+0x21c/0x270
[ 1149.373947][T21250]  ____sys_sendmsg+0x505/0x830
[ 1149.373972][T21250]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1149.373999][T21250]  ? import_iovec+0x74/0xa0
[ 1149.374024][T21250]  ___sys_sendmsg+0x21f/0x2a0
[ 1149.374046][T21250]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1149.374098][T21250]  ? __fget_files+0x2a/0x420
[ 1149.374114][T21250]  ? __fget_files+0x3a0/0x420
[ 1149.374141][T21250]  __x64_sys_sendmsg+0x19b/0x260
[ 1149.374163][T21250]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1149.374191][T21250]  ? __pfx_ksys_write+0x10/0x10
[ 1149.374214][T21250]  ? rcu_is_watching+0x15/0xb0
[ 1149.374238][T21250]  ? do_syscall_64+0xbe/0x3b0
[ 1149.374269][T21250]  do_syscall_64+0xfa/0x3b0
[ 1149.374294][T21250]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1149.374319][T21250]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.374343][T21250]  ? clear_bhb_loop+0x60/0xb0
[ 1149.374366][T21250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1149.374385][T21250] RIP: 0033:0x7fee75f8ebe9
[ 1149.374402][T21250] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1149.374420][T21250] RSP: 002b:00007fee76e3c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1149.374447][T21250] RAX: ffffffffffffffda RBX: 00007fee761b5fa0 RCX: 00007fee75f8ebe9
[ 1149.374462][T21250] RDX: 0000000000004004 RSI: 00002000000000c0 RDI: 0000000000000003
[ 1149.374475][T21250] RBP: 00007fee76e3c090 R08: 0000000000000000 R09: 0000000000000000
[ 1149.374487][T21250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1149.374499][T21250] R13: 00007fee761b6038 R14: 00007fee761b5fa0 R15: 00007fee762dfa28
[ 1149.374529][T21250]  </TASK>
[ 1149.656820][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1149.833868][T19411] usb 4-1: USB disconnect, device number 2
[ 1149.877388][T21258] netlink: 'syz.0.4465': attribute type 10 has an invalid length.
[ 1149.903934][T21258] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[ 1149.926593][T21260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1149.944499][T21260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1149.981480][T21258] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns
[ 1149.995002][T21258] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[ 1150.211220][T21270] netlink: 'syz.1.4469': attribute type 1 has an invalid length.
[ 1150.386906][T19433] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[ 1150.526760][T19433] usb 1-1: device descriptor read/64, error -71
[ 1150.766773][T19433] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 1150.896829][T19433] usb 1-1: device descriptor read/64, error -71
[ 1151.035316][T19433] usb usb1-port1: attempt power cycle
[ 1151.376772][T19433] usb 1-1: new high-speed USB device number 110 using dummy_hcd
[ 1151.438396][T19433] usb 1-1: device descriptor read/8, error -71
[ 1151.458254][T21287] FAULT_INJECTION: forcing a failure.
[ 1151.458254][T21287] name failslab, interval 1, probability 0, space 0, times 0
[ 1151.481449][T21287] CPU: 0 UID: 0 PID: 21287 Comm: syz.4.4474 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1151.481474][T21287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1151.481490][T21287] Call Trace:
[ 1151.481497][T21287]  <TASK>
[ 1151.481505][T21287]  dump_stack_lvl+0x189/0x250
[ 1151.481532][T21287]  ? __pfx____ratelimit+0x10/0x10
[ 1151.481558][T21287]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1151.481580][T21287]  ? __pfx__printk+0x10/0x10
[ 1151.481612][T21287]  ? __pfx___might_resched+0x10/0x10
[ 1151.481629][T21287]  ? fs_reclaim_acquire+0x7d/0x100
[ 1151.481663][T21287]  should_fail_ex+0x414/0x560
[ 1151.481691][T21287]  should_failslab+0xa8/0x100
[ 1151.481721][T21287]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1151.481747][T21287]  ? __alloc_skb+0x112/0x2d0
[ 1151.481779][T21287]  __alloc_skb+0x112/0x2d0
[ 1151.481809][T21287]  netlink_ack+0x146/0xa50
[ 1151.481834][T21287]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1151.481877][T21287]  netlink_rcv_skb+0x28c/0x470
[ 1151.481901][T21287]  ? __lock_acquire+0xab9/0xd20
[ 1151.481928][T21287]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1151.481957][T21287]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1151.481993][T21287]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1151.482027][T21287]  netlink_unicast+0x82c/0x9e0
[ 1151.482059][T21287]  ? __pfx_netlink_unicast+0x10/0x10
[ 1151.482085][T21287]  ? netlink_sendmsg+0x642/0xb30
[ 1151.482110][T21287]  ? skb_put+0x11b/0x210
[ 1151.482142][T21287]  netlink_sendmsg+0x805/0xb30
[ 1151.482178][T21287]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1151.482208][T21287]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1151.482247][T21287]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1151.482267][T21287]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1151.482296][T21287]  __sock_sendmsg+0x21c/0x270
[ 1151.482323][T21287]  ____sys_sendmsg+0x505/0x830
[ 1151.482347][T21287]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1151.482375][T21287]  ? import_iovec+0x74/0xa0
[ 1151.482401][T21287]  ___sys_sendmsg+0x21f/0x2a0
[ 1151.482422][T21287]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1151.482476][T21287]  ? __fget_files+0x2a/0x420
[ 1151.482493][T21287]  ? __fget_files+0x3a0/0x420
[ 1151.482519][T21287]  __x64_sys_sendmsg+0x19b/0x260
[ 1151.482538][T21287]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1151.482562][T21287]  ? __pfx_ksys_write+0x10/0x10
[ 1151.482583][T21287]  ? rcu_is_watching+0x15/0xb0
[ 1151.482605][T21287]  ? do_syscall_64+0xbe/0x3b0
[ 1151.482632][T21287]  do_syscall_64+0xfa/0x3b0
[ 1151.482654][T21287]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.482677][T21287]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1151.482693][T21287]  ? clear_bhb_loop+0x60/0xb0
[ 1151.482713][T21287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1151.482729][T21287] RIP: 0033:0x7f7589b8ebe9
[ 1151.482744][T21287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1151.482759][T21287] RSP: 002b:00007f758aa71038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1151.482777][T21287] RAX: ffffffffffffffda RBX: 00007f7589db5fa0 RCX: 00007f7589b8ebe9
[ 1151.482790][T21287] RDX: 0000000000000080 RSI: 00002000000001c0 RDI: 0000000000000003
[ 1151.482801][T21287] RBP: 00007f758aa71090 R08: 0000000000000000 R09: 0000000000000000
[ 1151.482811][T21287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1151.482822][T21287] R13: 00007f7589db6038 R14: 00007f7589db5fa0 R15: 00007f7589edfa28
[ 1151.482847][T21287]  </TASK>
[ 1151.811282][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1151.866578][T21292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1151.875304][T21292] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1151.920714][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1151.981023][T19433] usb 1-1: new high-speed USB device number 111 using dummy_hcd
[ 1152.011119][T19433] usb 1-1: device descriptor read/8, error -71
[ 1152.296415][T19411] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[ 1152.313008][T19433] usb usb1-port1: unable to enumerate USB device
[ 1152.446759][T19411] usb 4-1: device descriptor read/64, error -71
[ 1152.456820][T19426] usb 3-1: new full-speed USB device number 114 using dummy_hcd
[ 1152.623593][T19426] usb 3-1: config 0 has no interfaces?
[ 1152.635082][T19426] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1152.644603][T19426] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1152.656311][T19426] usb 3-1: Product: syz
[ 1152.660882][T19426] usb 3-1: Manufacturer: syz
[ 1152.665597][T19426] usb 3-1: SerialNumber: syz
[ 1152.693603][T19426] usb 3-1: config 0 descriptor??
[ 1152.749665][T19411] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[ 1152.791593][T21303] FAULT_INJECTION: forcing a failure.
[ 1152.791593][T21303] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1152.806412][T21303] CPU: 1 UID: 0 PID: 21303 Comm: syz.4.4480 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1152.806441][T21303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1152.806455][T21303] Call Trace:
[ 1152.806464][T21303]  <TASK>
[ 1152.806474][T21303]  dump_stack_lvl+0x189/0x250
[ 1152.806506][T21303]  ? __pfx____ratelimit+0x10/0x10
[ 1152.806536][T21303]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1152.806563][T21303]  ? __pfx__printk+0x10/0x10
[ 1152.806593][T21303]  ? __might_fault+0xb0/0x130
[ 1152.806634][T21303]  should_fail_ex+0x414/0x560
[ 1152.806672][T21303]  _copy_from_iter+0x1db/0x16f0
[ 1152.806698][T21303]  ? rcu_is_watching+0x15/0xb0
[ 1152.806722][T21303]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[ 1152.806753][T21303]  ? __pfx__copy_from_iter+0x10/0x10
[ 1152.806777][T21303]  ? __build_skb_around+0x257/0x3e0
[ 1152.806813][T21303]  ? netlink_sendmsg+0x642/0xb30
[ 1152.806842][T21303]  ? skb_put+0x11b/0x210
[ 1152.806878][T21303]  netlink_sendmsg+0x6b2/0xb30
[ 1152.806920][T21303]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1152.806954][T21303]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1152.806989][T21303]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1152.807007][T21303]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1152.807029][T21303]  __sock_sendmsg+0x21c/0x270
[ 1152.807068][T21303]  ____sys_sendmsg+0x505/0x830
[ 1152.807094][T21303]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1152.807140][T21303]  ? import_iovec+0x74/0xa0
[ 1152.807170][T21303]  ___sys_sendmsg+0x21f/0x2a0
[ 1152.807195][T21303]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1152.807250][T21303]  ? __fget_files+0x2a/0x420
[ 1152.807263][T21303]  ? __fget_files+0x3a0/0x420
[ 1152.807289][T21303]  __x64_sys_sendmsg+0x19b/0x260
[ 1152.807316][T21303]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1152.807351][T21303]  ? rcu_is_watching+0x15/0xb0
[ 1152.807378][T21303]  ? do_syscall_64+0xbe/0x3b0
[ 1152.807412][T21303]  do_syscall_64+0xfa/0x3b0
[ 1152.807440][T21303]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.807455][T21303]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1152.807471][T21303]  ? clear_bhb_loop+0x60/0xb0
[ 1152.807496][T21303]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1152.807519][T21303] RIP: 0033:0x7f7589b8ebe9
[ 1152.807540][T21303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1152.807560][T21303] RSP: 002b:00007f758aa71038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1152.807583][T21303] RAX: ffffffffffffffda RBX: 00007f7589db5fa0 RCX: 00007f7589b8ebe9
[ 1152.807599][T21303] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003
[ 1152.807614][T21303] RBP: 00007f758aa71090 R08: 0000000000000000 R09: 0000000000000000
[ 1152.807626][T21303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1152.807635][T21303] R13: 00007f7589db6038 R14: 00007f7589db5fa0 R15: 00007f7589edfa28
[ 1152.807659][T21303]  </TASK>
[ 1153.089627][T21298] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1153.098046][T19411] usb 4-1: device descriptor read/64, error -71
[ 1153.106049][T21265] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3990711838 (3990711838 ns) > initial count (2414439870 ns). Using initial count to start timer.
[ 1153.237693][T19411] usb usb4-port1: attempt power cycle
[ 1153.247375][T21298] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1153.311805][T21298] program syz.2.4476 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1153.428721][T21308] FAULT_INJECTION: forcing a failure.
[ 1153.428721][T21308] name failslab, interval 1, probability 0, space 0, times 0
[ 1153.446905][T21308] CPU: 0 UID: 0 PID: 21308 Comm: syz.0.4482 Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1153.446931][T21308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1153.446944][T21308] Call Trace:
[ 1153.446953][T21308]  <TASK>
[ 1153.446962][T21308]  dump_stack_lvl+0x189/0x250
[ 1153.446989][T21308]  ? __pfx____ratelimit+0x10/0x10
[ 1153.447016][T21308]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1153.447068][T21308]  ? __pfx__printk+0x10/0x10
[ 1153.447106][T21308]  ? __pfx___might_resched+0x10/0x10
[ 1153.447126][T21308]  ? fs_reclaim_acquire+0x7d/0x100
[ 1153.447167][T21308]  should_fail_ex+0x414/0x560
[ 1153.447201][T21308]  should_failslab+0xa8/0x100
[ 1153.447235][T21308]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1153.447265][T21308]  ? getname_flags+0xb8/0x540
[ 1153.447293][T21308]  getname_flags+0xb8/0x540
[ 1153.447320][T21308]  io_openat_prep+0x236/0x5a0
[ 1153.447350][T21308]  ? __pfx_io_openat_prep+0x10/0x10
[ 1153.447383][T21308]  ? io_task_refs_refill+0xbb/0x180
[ 1153.447411][T21308]  io_submit_sqes+0x8f3/0x1d10
[ 1153.447475][T21308]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1153.447527][T21308]  ? ksys_write+0x1cb/0x250
[ 1153.447560][T21308]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1153.447587][T21308]  ? __mutex_unlock_slowpath+0x1a1/0x760
[ 1153.447619][T21308]  ? __pfx_vfs_write+0x10/0x10
[ 1153.447652][T21308]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1153.447690][T21308]  ? __fget_files+0x3a0/0x420
[ 1153.447718][T21308]  ? fput+0xa0/0xd0
[ 1153.447742][T21308]  ? ksys_write+0x22a/0x250
[ 1153.447779][T21308]  ? __pfx_ksys_write+0x10/0x10
[ 1153.447806][T21308]  ? rcu_is_watching+0x15/0xb0
[ 1153.447835][T21308]  ? __x64_sys_io_uring_enter+0x21/0xf0
[ 1153.447869][T21308]  do_syscall_64+0xfa/0x3b0
[ 1153.447900][T21308]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1153.447929][T21308]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.447952][T21308]  ? clear_bhb_loop+0x60/0xb0
[ 1153.447979][T21308]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1153.448001][T21308] RIP: 0033:0x7fee75f8ebe9
[ 1153.448021][T21308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1153.448041][T21308] RSP: 002b:00007fee76e1b038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[ 1153.448072][T21308] RAX: ffffffffffffffda RBX: 00007fee761b6090 RCX: 00007fee75f8ebe9
[ 1153.448089][T21308] RDX: 0000000000000000 RSI: 0000000000003516 RDI: 0000000000000004
[ 1153.448104][T21308] RBP: 00007fee76e1b090 R08: 0000000000000000 R09: 00000000fffffdcf
[ 1153.448119][T21308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1153.448132][T21308] R13: 00007fee761b6128 R14: 00007fee761b6090 R15: 00007fee762dfa28
[ 1153.448179][T21308]  </TASK>
[ 1153.499961][T21310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1153.676867][T19411] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[ 1153.771486][T21310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1153.806953][T21310] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1153.840224][T21310] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1153.854181][T21310] program syz.4.4481 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1153.925291][T19411] usb 4-1: device descriptor read/8, error -71
[ 1154.176832][T19411] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[ 1154.197435][T19411] usb 4-1: device descriptor read/8, error -71
[ 1154.367548][T19411] usb usb4-port1: unable to enumerate USB device
[ 1154.514553][T21312] netdevsim netdevsim0: Direct firmware load for nel/config failed with error -2
[ 1154.539757][T21312] netdevsim netdevsim0: Falling back to sysfs fallback for: nel/config
[ 1155.029090][T19426] usb 3-1: USB disconnect, device number 114
[ 1155.196424][T21322] sock: sock_set_timeout: `syz.2.4485' (pid 21322) tries to set negative timeout
[ 1156.516779][T19433] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1156.622463][T21338] create_pit_timer: 28 callbacks suppressed
[ 1156.622475][T21338] kvm: requested 7542 ns i8254 timer period limited to 200000 ns
[ 1156.668813][T19433] usb 2-1: Using ep0 maxpacket: 32
[ 1156.675475][T19433] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[ 1156.684412][T19433] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[ 1156.709289][T19433] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[ 1156.720067][   T43] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[ 1156.744159][T19433] usb 2-1: config 1 has no interface number 0
[ 1156.752402][T19433] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1156.763647][T19433] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[ 1156.779032][T19433] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[ 1156.791324][T19433] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.829136][T19433] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[ 1156.896379][   T43] usb 4-1: Using ep0 maxpacket: 8
[ 1156.905978][   T43] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1156.918204][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1156.947022][   T43] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1156.990455][   T43] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1157.005930][   T43] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1157.016215][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1157.031462][T19433] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[ 1157.068958][T21350] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1157.080111][T21350] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1157.257430][   T43] usb 4-1: GET_CAPABILITIES returned 0
[ 1157.263075][   T43] usbtmc 4-1:16.0: can't read capabilities
[ 1157.465016][T19411] usb 2-1: USB disconnect, device number 2
[ 1157.477818][    C1] usbtmc 4-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[ 1157.487217][T21336] usbtmc 4-1:16.0: Unable to send data, error -71
[ 1157.500079][T19411] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[ 1157.551684][   T43] usb 4-1: USB disconnect, device number 7
[ 1158.206808][T19411] usb 1-1: new high-speed USB device number 112 using dummy_hcd
[ 1158.235303][T21367] netdevsim netdevsim1: Direct firmware load for nel/config failed with error -2
[ 1158.258190][T21367] netdevsim netdevsim1: Falling back to sysfs fallback for: nel/config
[ 1158.372915][T19411] usb 1-1: device descriptor read/64, error -71
[ 1158.616872][T19411] usb 1-1: new high-speed USB device number 113 using dummy_hcd
[ 1158.746793][T19411] usb 1-1: device descriptor read/64, error -71
[ 1158.858938][T19411] usb usb1-port1: attempt power cycle
[ 1159.206793][T19411] usb 1-1: new high-speed USB device number 114 using dummy_hcd
[ 1159.227194][T19411] usb 1-1: device descriptor read/8, error -71
[ 1159.347196][T14010] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[ 1159.466826][T19411] usb 1-1: new high-speed USB device number 115 using dummy_hcd
[ 1159.488903][T19411] usb 1-1: device descriptor read/8, error -71
[ 1159.508572][T14010] usb 4-1: Using ep0 maxpacket: 16
[ 1159.515354][T14010] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1159.524331][T14010] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1159.536316][T14010] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1159.553811][T14010] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1159.564614][T14010] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1159.583033][T14010] usb 4-1: Product: syz
[ 1159.589189][T14010] usb 4-1: Manufacturer: syz
[ 1159.593914][T14010] usb 4-1: SerialNumber: syz
[ 1159.599087][T19411] usb usb1-port1: unable to enumerate USB device
[ 1160.059947][T14010] usb 4-1: 0:2 : does not exist
[ 1160.606776][T19409] usb 3-1: new high-speed USB device number 115 using dummy_hcd
[ 1160.757219][T19409] usb 3-1: Using ep0 maxpacket: 32
[ 1160.764066][T19409] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1160.777550][T19409] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1160.840580][T19409] usb 3-1: config 0 descriptor??
[ 1160.883646][T14010] usb 4-1: USB disconnect, device number 8
[ 1161.055126][T19409] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1161.074678][T19409] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1161.094857][T19409] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1161.105840][T19409] usb 3-1: media controller created
[ 1161.126304][T19409] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1161.250845][   T30] audit: type=1326 audit(1754880238.921:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1161.319009][T21393] No buffer was provided with the request
[ 1161.332330][   T30] audit: type=1326 audit(1754880238.921:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1161.624338][   T30] audit: type=1326 audit(1754880238.921:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1161.646959][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1161.719243][   T30] audit: type=1326 audit(1754880238.921:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1161.743729][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1161.801967][   T30] audit: type=1326 audit(1754880238.921:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1161.826876][   T30] audit: type=1326 audit(1754880238.921:802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1161.849862][   T30] audit: type=1326 audit(1754880238.931:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1162.118835][   T30] audit: type=1326 audit(1754880238.931:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1162.154038][   T30] audit: type=1326 audit(1754880238.931:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1162.210518][   T30] audit: type=1326 audit(1754880238.931:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21387 comm="syz.4.4504" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1162.338340][T19409] stb0899_attach: Driver disabled by Kconfig
[ 1162.378822][T19409] az6027: no front-end attached
[ 1162.378822][T19409] 
[ 1162.459698][T19409] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1162.474960][T19409] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input59
[ 1162.523920][T19409] dvb-usb: schedule remote query interval to 400 msecs.
[ 1162.532537][T19409] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1162.626761][T19433] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[ 1162.646939][T19411] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[ 1162.678409][   T43] usb 3-1: USB disconnect, device number 115
[ 1162.803193][   T43] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1162.821148][T19411] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1162.840697][T21392] pim6reg: entered allmulticast mode
[ 1162.849641][T19433] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1162.860859][T19433] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1162.889049][T19411] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1162.889896][T19433] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 1162.913059][T21406] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4509'.
[ 1162.923580][T21392] pim6reg: left allmulticast mode
[ 1162.928947][T19411] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 1162.937337][T19433] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1162.958076][T19411] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1162.960016][T19433] usb 2-1: config 0 descriptor??
[ 1162.981639][T19411] usb 4-1: config 0 descriptor??
[ 1163.245520][T19411] usbhid 4-1:0.0: can't add hid device: -71
[ 1163.259066][T19411] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1163.289144][T19411] usb 4-1: USB disconnect, device number 9
[ 1163.322002][T21412] netlink: 'syz.0.4511': attribute type 33 has an invalid length.
[ 1163.355392][T21412] netlink: 164 bytes leftover after parsing attributes in process `syz.0.4511'.
[ 1163.402449][T19433] usbhid 2-1:0.0: can't add hid device: -71
[ 1163.415652][T19433] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1163.469287][T19433] usb 2-1: USB disconnect, device number 3
[ 1163.653861][T21421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1163.666067][T21421] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1163.959912][T21421] binder: 21420:21421 ioctl aece 0 returned -22
[ 1164.026880][T19409] usb 3-1: new high-speed USB device number 116 using dummy_hcd
[ 1164.188328][T19409] usb 3-1: device descriptor read/64, error -71
[ 1164.403857][   T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1164.424368][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1164.433536][T19409] usb 3-1: new high-speed USB device number 117 using dummy_hcd
[ 1164.442015][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1164.453778][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1164.586893][T19409] usb 3-1: device descriptor read/64, error -71
[ 1164.698519][T19409] usb usb3-port1: attempt power cycle
[ 1164.829120][T21445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1164.840577][T21445] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1165.046762][T19409] usb 3-1: new high-speed USB device number 118 using dummy_hcd
[ 1165.068160][T19409] usb 3-1: device descriptor read/8, error -71
[ 1165.316770][T19409] usb 3-1: new high-speed USB device number 119 using dummy_hcd
[ 1165.337503][T19409] usb 3-1: device descriptor read/8, error -71
[ 1165.457224][T19409] usb usb3-port1: unable to enumerate USB device
[ 1165.535864][T21451] input: syz0 as /devices/virtual/input/input60
[ 1166.986800][   T43] usb 3-1: new high-speed USB device number 120 using dummy_hcd
[ 1167.146874][   T43] usb 3-1: Using ep0 maxpacket: 8
[ 1167.154722][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1167.168202][   T43] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1167.184097][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.219885][   T43] usb 3-1: config 0 descriptor??
[ 1167.468631][   T43] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1167.629631][T21459] syz.0.4528 (21459): drop_caches: 1
[ 1167.633109][T21456] syz.0.4528 (21456): drop_caches: 1
[ 1168.280509][   T43] usb 3-1: USB disconnect, device number 120
[ 1169.096852][T19426] usb 1-1: new high-speed USB device number 116 using dummy_hcd
[ 1169.256734][T19426] usb 1-1: Using ep0 maxpacket: 16
[ 1169.286634][T19426] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[ 1169.302301][T19426] usb 1-1: config 0 has no interface number 0
[ 1169.320756][T19426] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 1169.520323][T19426] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 1169.536962][T19426] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1169.560199][T19426] usb 1-1: Product: syz
[ 1169.575483][T19426] usb 1-1: Manufacturer: syz
[ 1169.587326][T19426] usb 1-1: SerialNumber: syz
[ 1169.602540][T19426] usb 1-1: config 0 descriptor??
[ 1169.653234][T21493] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1169.662652][T19426] asix 1-1:0.251: probe with driver asix failed with error -22
[ 1169.880612][   T43] usb 1-1: USB disconnect, device number 116
[ 1170.077805][T19433] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1170.250010][T19433] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1170.260524][T19433] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1170.272389][T19433] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1170.282034][T19433] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1170.293259][T19433] usb 2-1: Manufacturer: syz
[ 1170.306001][T19433] usb 2-1: config 0 descriptor??
[ 1171.336759][T14010] usb 1-1: new high-speed USB device number 117 using dummy_hcd
[ 1171.513077][T14010] usb 1-1: Using ep0 maxpacket: 8
[ 1171.687362][T14010] usb 1-1: config 0 has no interfaces?
[ 1171.694427][T21534] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4548'.
[ 1172.516811][T19433] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[ 1172.816473][T19433] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1172.841026][T19433] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1172.868332][T19426] usb 2-1: USB disconnect, device number 4
[ 1172.874547][T19433] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1172.917237][T19433] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[ 1172.989258][T19433] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1173.015049][T19433] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1173.067252][T19433] usb 4-1: Manufacturer: syz
[ 1173.107150][T19433] usb 4-1: config 0 descriptor??
[ 1173.476838][T19426] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1173.546878][T19433] rc_core: IR keymap rc-hauppauge not found
[ 1173.573238][T19433] Registered IR keymap rc-empty
[ 1173.608971][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1173.666775][T19426] usb 2-1: device descriptor read/64, error -71
[ 1173.683711][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1173.727862][T19433] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[ 1173.782215][T19433] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input61
[ 1173.854516][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1173.924871][T14010] usb 1-1: string descriptor 0 read error: -71
[ 1173.936791][T19426] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1173.946313][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1173.980771][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1173.983587][T14010] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1174.047689][T14010] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1174.076877][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.078635][T14010] usb 1-1: config 0 descriptor??
[ 1174.099604][T19426] usb 2-1: device descriptor read/64, error -71
[ 1174.124764][T14010] usb 1-1: can't set config #0, error -71
[ 1174.127065][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.175158][T14010] usb 1-1: USB disconnect, device number 117
[ 1174.178641][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.238787][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.266886][T19426] usb usb2-port1: attempt power cycle
[ 1174.288371][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.306847][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.338483][T19433] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[ 1174.378872][T19433] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1174.578969][T19433] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1174.601415][T19433] usb 4-1: USB disconnect, device number 10
[ 1174.670874][T19426] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1174.715712][T19426] usb 2-1: device descriptor read/8, error -71
[ 1174.822524][T21561] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1175.034838][T19426] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[ 1175.068883][T19426] usb 2-1: device descriptor read/8, error -71
[ 1175.320334][T19426] usb usb2-port1: unable to enumerate USB device
[ 1176.301328][T19409] usb 1-1: new high-speed USB device number 118 using dummy_hcd
[ 1176.488393][T19409] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1176.502453][T19409] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1176.546567][T19409] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1176.566809][T19409] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1176.616761][T19409] usb 1-1: Manufacturer: syz
[ 1176.638867][T21590] binder: 21589:21590 ioctl c0045005 2000000002c0 returned -22
[ 1176.651016][T19409] usb 1-1: config 0 descriptor??
[ 1176.851555][T21592] netdevsim netdevsim3: Direct firmware load for nel/config failed with error -2
[ 1176.861027][T21592] netdevsim netdevsim3: Falling back to sysfs fallback for: nel/config
[ 1177.053023][   T30] kauditd_printk_skb: 34 callbacks suppressed
[ 1177.053041][   T30] audit: type=1326 audit(1754880254.731:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.121922][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.128530][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.167639][   T30] audit: type=1326 audit(1754880254.731:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.197287][   T30] audit: type=1326 audit(1754880254.731:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.229169][   T30] audit: type=1326 audit(1754880254.731:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.367253][   T30] audit: type=1326 audit(1754880254.731:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.472260][   T30] audit: type=1326 audit(1754880254.731:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.529410][   T30] audit: type=1326 audit(1754880254.731:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.575214][T21600] pim6reg: entered allmulticast mode
[ 1177.588883][T21600] pim6reg: left allmulticast mode
[ 1177.607206][   T30] audit: type=1326 audit(1754880254.731:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.850961][   T30] audit: type=1326 audit(1754880254.731:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1177.903827][   T30] audit: type=1326 audit(1754880254.731:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21596 comm="syz.4.4567" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7589b8ebe9 code=0x7ffc0000
[ 1178.341233][T21606] netlink: 'syz.2.4568': attribute type 5 has an invalid length.
[ 1178.976858][T19409] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[ 1179.390276][T14010] usb 1-1: USB disconnect, device number 118
[ 1179.522508][T19409] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1179.577585][T21638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1179.587904][T19409] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 1179.603125][T19409] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1179.621153][T21638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1179.649625][T19409] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1179.991382][T21623] kAFS: unable to lookup cell '.,'
[ 1180.397752][T21666] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1181.630120][T21678] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4584'.
[ 1181.855767][T14010] usb 4-1: USB disconnect, device number 11
[ 1182.043200][T21691] ==================================================================
[ 1182.051306][T21691] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.059904][T21691] Write of size 1280 at addr ffffc90003124b40 by task vivid-000-vid-c/21691
[ 1182.068581][T21691] 
[ 1182.070906][T21691] CPU: 1 UID: 0 PID: 21691 Comm: vivid-000-vid-c Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1182.070925][T21691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1182.070935][T21691] Call Trace:
[ 1182.070943][T21691]  <TASK>
[ 1182.070949][T21691]  dump_stack_lvl+0x189/0x250
[ 1182.070970][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.070992][T21691]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1182.071027][T21691]  ? __pfx__printk+0x10/0x10
[ 1182.071049][T21691]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 1182.071071][T21691]  ? __virt_addr_valid+0xdc/0x5c0
[ 1182.071091][T21691]  ? __virt_addr_valid+0xdc/0x5c0
[ 1182.071112][T21691]  print_report+0xca/0x240
[ 1182.071127][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.071149][T21691]  kasan_report+0x118/0x150
[ 1182.071173][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.071199][T21691]  kasan_check_range+0x2b0/0x2c0
[ 1182.071222][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.071245][T21691]  __asan_memcpy+0x40/0x70
[ 1182.071263][T21691]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.071314][T21691]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[ 1182.071335][T21691]  ? finish_task_switch+0x18b/0x950
[ 1182.071367][T21691]  ? __schedule+0x17ae/0x4cc0
[ 1182.071395][T21691]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[ 1182.071422][T21691]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1182.071447][T21691]  vivid_thread_vid_cap+0x8da/0x10d0
[ 1182.071477][T21691]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1182.071496][T21691]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1182.071516][T21691]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1182.071539][T21691]  ? __kthread_parkme+0x7b/0x200
[ 1182.071556][T21691]  ? __kthread_parkme+0x1a1/0x200
[ 1182.071576][T21691]  kthread+0x70e/0x8a0
[ 1182.071596][T21691]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1182.071622][T21691]  ? __pfx_kthread+0x10/0x10
[ 1182.071643][T21691]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1182.071661][T21691]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1182.071682][T21691]  ? __pfx_kthread+0x10/0x10
[ 1182.071702][T21691]  ret_from_fork+0x3f9/0x770
[ 1182.071719][T21691]  ? __pfx_ret_from_fork+0x10/0x10
[ 1182.071737][T21691]  ? __switch_to_asm+0x39/0x70
[ 1182.071758][T21691]  ? __switch_to_asm+0x33/0x70
[ 1182.071778][T21691]  ? __pfx_kthread+0x10/0x10
[ 1182.071798][T21691]  ret_from_fork_asm+0x1a/0x30
[ 1182.071826][T21691]  </TASK>
[ 1182.071832][T21691] 
[ 1182.297511][T21691] The buggy address belongs to a 3-page vmalloc region starting at 0xffffc90003122000 allocated at vb2_vmalloc_alloc+0xef/0x340
[ 1182.310744][T21691] The buggy address belongs to the physical page:
[ 1182.317178][T21691] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x7ffa4 pfn:0x312e3
[ 1182.326296][T21691] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1182.333411][T21691] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[ 1182.341997][T21691] raw: 000000000007ffa4 0000000000000000 00000001ffffffff 0000000000000000
[ 1182.350573][T21691] page dumped because: kasan: bad access detected
[ 1182.356983][T21691] page_owner tracks the page as allocated
[ 1182.362703][T21691] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 21689, tgid 21688 (syz.2.4589), ts 1182040711007, free_ts 1181997752468
[ 1182.382243][T21691]  post_alloc_hook+0x240/0x2a0
[ 1182.387018][T21691]  get_page_from_freelist+0x21e4/0x22c0
[ 1182.392595][T21691]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1182.398402][T21691]  alloc_pages_mpol+0x232/0x4a0
[ 1182.403252][T21691]  alloc_pages_noprof+0xa9/0x190
[ 1182.408209][T21691]  __vmalloc_node_range_noprof+0x97d/0x12f0
[ 1182.414117][T21691]  vmalloc_user_noprof+0xad/0xf0
[ 1182.419056][T21691]  vb2_vmalloc_alloc+0xef/0x340
[ 1182.423899][T21691]  __vb2_queue_alloc+0x9bf/0x15a0
[ 1182.428922][T21691]  vb2_core_reqbufs+0xc31/0x1420
[ 1182.433856][T21691]  __vb2_init_fileio+0x318/0xff0
[ 1182.438785][T21691]  vb2_core_poll+0x4c1/0x840
[ 1182.443386][T21691]  vb2_fop_poll+0x168/0x380
[ 1182.447894][T21691]  v4l2_poll+0x147/0x2c0
[ 1182.452148][T21691]  do_sys_poll+0x8c9/0x1070
[ 1182.456682][T21691]  __se_sys_ppoll+0x1ff/0x260
[ 1182.461382][T21691] page last free pid 15 tgid 15 stack trace:
[ 1182.467352][T21691]  __free_frozen_pages+0xbc4/0xd30
[ 1182.472473][T21691]  __tlb_remove_table+0x2d2/0x3b0
[ 1182.477492][T21691]  tlb_remove_table_rcu+0x85/0x100
[ 1182.482605][T21691]  rcu_core+0xca8/0x1770
[ 1182.486854][T21691]  handle_softirqs+0x283/0x870
[ 1182.491632][T21691]  run_ksoftirqd+0x9b/0x100
[ 1182.496132][T21691]  smpboot_thread_fn+0x53f/0xa60
[ 1182.501067][T21691]  kthread+0x70e/0x8a0
[ 1182.505139][T21691]  ret_from_fork+0x3f9/0x770
[ 1182.509732][T21691]  ret_from_fork_asm+0x1a/0x30
[ 1182.514510][T21691] 
[ 1182.516829][T21691] Memory state around the buggy address:
[ 1182.522453][T21691]  ffffc90003124f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1182.530515][T21691]  ffffc90003124f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1182.538582][T21691] >ffffc90003125000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1182.546637][T21691]                    ^
[ 1182.550702][T21691]  ffffc90003125080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1182.558766][T21691]  ffffc90003125100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 1182.566845][T21691] ==================================================================
[ 1182.613472][T21691] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1182.620700][T21691] CPU: 0 UID: 0 PID: 21691 Comm: vivid-000-vid-c Not tainted 6.17.0-rc1-syzkaller #0 PREEMPT(full) 
[ 1182.631478][T21691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1182.641541][T21691] Call Trace:
[ 1182.644847][T21691]  <TASK>
[ 1182.647795][T21691]  dump_stack_lvl+0x99/0x250
[ 1182.652401][T21691]  ? __asan_memcpy+0x40/0x70
[ 1182.656999][T21691]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1182.662216][T21691]  ? __pfx__printk+0x10/0x10
[ 1182.666812][T21691]  vpanic+0x281/0x750
[ 1182.670793][T21691]  ? preempt_schedule+0xae/0xc0
[ 1182.675649][T21691]  ? __pfx_vpanic+0x10/0x10
[ 1182.680156][T21691]  ? preempt_schedule_common+0x83/0xd0
[ 1182.685626][T21691]  ? preempt_schedule+0xae/0xc0
[ 1182.690474][T21691]  ? __pfx_preempt_schedule+0x10/0x10
[ 1182.695850][T21691]  panic+0xb9/0xc0
[ 1182.699577][T21691]  ? __pfx_panic+0x10/0x10
[ 1182.703997][T21691]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1182.709895][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.715533][T21691]  check_panic_on_warn+0x89/0xb0
[ 1182.720481][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.726117][T21691]  end_report+0x78/0x160
[ 1182.730368][T21691]  kasan_report+0x129/0x150
[ 1182.734889][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.740532][T21691]  kasan_check_range+0x2b0/0x2c0
[ 1182.745477][T21691]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.751110][T21691]  __asan_memcpy+0x40/0x70
[ 1182.755526][T21691]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[ 1182.761025][T21691]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[ 1182.766765][T21691]  ? finish_task_switch+0x18b/0x950
[ 1182.771977][T21691]  ? __schedule+0x17ae/0x4cc0
[ 1182.776674][T21691]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[ 1182.782842][T21691]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1182.788055][T21691]  vivid_thread_vid_cap+0x8da/0x10d0
[ 1182.793465][T21691]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1182.799197][T21691]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1182.805087][T21691]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1182.811420][T21691]  ? __kthread_parkme+0x7b/0x200
[ 1182.816357][T21691]  ? __kthread_parkme+0x1a1/0x200
[ 1182.821386][T21691]  kthread+0x70e/0x8a0
[ 1182.825475][T21691]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[ 1182.831196][T21691]  ? __pfx_kthread+0x10/0x10
[ 1182.835795][T21691]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1182.841000][T21691]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1182.846196][T21691]  ? __pfx_kthread+0x10/0x10
[ 1182.850787][T21691]  ret_from_fork+0x3f9/0x770
[ 1182.855376][T21691]  ? __pfx_ret_from_fork+0x10/0x10
[ 1182.860497][T21691]  ? __switch_to_asm+0x39/0x70
[ 1182.865262][T21691]  ? __switch_to_asm+0x33/0x70
[ 1182.870027][T21691]  ? __pfx_kthread+0x10/0x10
[ 1182.874614][T21691]  ret_from_fork_asm+0x1a/0x30
[ 1182.879385][T21691]  </TASK>
[ 1182.882819][T21691] Kernel Offset: disabled
[ 1182.887145][T21691] Rebooting in 86400 seconds..