last executing test programs:

12.994674927s ago: executing program 1 (id=1984):
syz_mount_image$fuse(0x0, 0x0, 0x410, 0x0, 0x1, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
connect$tipc(r2, &(0x7f0000000040)=@id, 0x10)
sendmmsg$unix(r2, &(0x7f0000004400), 0x400000000000203, 0x101d0)

9.940196424s ago: executing program 1 (id=1999):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getegid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x9, 0x8031, 0xffffffffffffffff, 0x40ead000)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0x4008af12, 0x0)
madvise(&(0x7f0000130000/0xd000)=nil, 0xd000, 0x66)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000001c0))
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
syz_clone(0x920a200, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, &(0x7f0000000000)={0x7, 0x5, [{0xffff, 0x0, 0x8000000000000000}, {0x1, 0x0, 0x3}, {0x7, 0x0, 0x1}, {0x21571d77, 0x0, 0x5}, {0x2, 0x0, 0x8}, {0x400, 0x0, 0x7ff}, {0x7fff, 0x0, 0x8}, {0x3, 0x0, 0xffffffffffff3922}, {0xb, 0x0, 0x5}, {0x0, 0x0, 0x8}, {0x5, 0x0, 0x53af}, {0x4, 0x0, 0x9}, {0x7, 0x0, 0x80000001}, {0xf, 0x0, 0x6}, {0x7}, {0xfffffffe, 0x0, 0x3}]})

8.581047662s ago: executing program 3 (id=2003):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x4d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x0)
futex(0x0, 0xc, 0x1, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000200), 0xaad82, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000004c0)={0x38, 0x1403, 0x1, 0x70bd2d, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x854}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00'}, 0x94)
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="6e6f646f74732c756d61736b3d30303030303030303030303030303030303030303030312c00556d29f7c0056503281a76a9503e7c542d3e91739dc61f09561d7cd23d203e53ea734a628c28b946e06019f1ece862d6610de2e482c2db6334fd9da373f4c3a500aad006290b7a6f3c4fca3b325b6d368c88a8702a777a855340306f8005797d6616655ad4c48ab78ee025346385e450da4c5b3cc2c2c88e38330c0d5374b0343b9528fce918dccb07c4177c38c8a816b90f82a3051c258d75bda1d83b0e223f55f51654eb9946526399c2e9846d8a3779f7eef2755e7863ccc789e69da672d3e9cff2cf0d9f673732faeed5e143b0b1040595d54dfc5da624865d233fba076bdb4098e532b1421583ddee26a65d393ffb7f4c"], 0x1, 0x54c, &(0x7f0000000280)="$eJzs2s9qE1EUB+BjEpMiglmLiwE3rkL1CQySQjEgRLJQXDjQuMmIMLOZZNUH8Ql8Hp8kq24k0k5om/pnU+O0ne+DcA/5Jcy5MzD3Lu7HJ5/nR1+KTx++f429l0l0IqJ1EtGPVrSjcm8zts7qblx2HADAbTOZpMO6e2C38nyYnu7her8k02+1NAQAAAAAAAAAAMC1Of8PAM3j/P/dl+fDtLvZv21z/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoz8l6/Wj9l0/d/QEA/571HwCax/oPAM1j/QeA5nn77v3r4Xg8miTJXsTquJyW02qs8oPD8Wg/OdO/+NeqLKft8/x5lSfb+f14sMlf/DbvxrOnVX6avXozvpL34mj30wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuGSTn+hffrspy2q7ywZ/yqjo4HI/2Nz/YzjvxuHP1aj/Wu5wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcD3FYjlPs2yWK25xMXhYPc2b0s9dLXrRnPtc51sJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoU7FYztMsm+VF3Z0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdFsVjO0yyb5Tss6p4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/9/PAAAA//98b41D")
rmdir(&(0x7f0000000080)='./file0\x00')
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_opts(r7, 0x0, 0xd, 0xfffffffffffffffd, 0x5)
sendmsg$IPSET_CMD_GET_BYINDEX(r1, &(0x7f0000000840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000800)={&(0x7f0000000140)={0x1c, 0xf, 0x6, 0x205, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000040)

7.428231808s ago: executing program 3 (id=2006):
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea8001"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000340)={&(0x7f0000000140)=[{0x63, 0x3b93, 0x4d, &(0x7f0000000440)="d1596137019028b4e6973edf1911fbfc4c57a136ff048efb6d1ff9da18c7b520508922e15ef5a43a2403935d48ed4c365d55448dc474f02bfc8c827504ccfccbaca50d6089edf0b48722fa0da7"}], 0x1})

7.426062463s ago: executing program 1 (id=2007):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r2 = syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r2, 0x0, 0x40000000, 0x0)
ioprio_get$pid(0x2, r2)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, 0x0, 0x0)
close(r5)

7.217640201s ago: executing program 0 (id=2009):
syz_mount_image$fuse(0x0, 0x0, 0x410, 0x0, 0x1, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@id, 0x10)
sendmmsg$unix(r1, &(0x7f0000004400), 0x400000000000203, 0x101d0)

6.492028893s ago: executing program 1 (id=2011):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041)
r1 = socket$kcm(0x10, 0x2, 0x4)
bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x8001, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x4, 0x0, 0x0)
sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, 0x0, 0x4)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000001c0)={0x8, 0x1, {<r2=>0x0}, {0xee01}, 0x2, 0x40})
prlimit64(r2, 0x4, &(0x7f0000000040)={0x800080000000, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x96e5dec6a6392f5e, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDPRL(r4, 0x89f5, &(0x7f0000000800)={'sit0\x00', 0x0})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
getresgid(0x0, &(0x7f0000000540), &(0x7f0000000580)=<r5=>0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000005c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x0, r5}}, './bus\x00'})
ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, &(0x7f0000000200)={0x101, 0x80000001, 0x8, 0xe0000, 0x2, 0x2})
socket$inet6_udp(0xa, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08061cdc030ec080000000000000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f2130809d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff000000000000000000", 0x89}], 0x1}, 0x0)
syz_usb_connect(0x3, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)

5.232170289s ago: executing program 4 (id=2017):
pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
io_setup(0x5, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001440)=[&(0x7f0000000200)={0x300000000000000, 0x0, 0x20, 0x1, 0x4000, r0, 0x0, 0x0, 0x5, 0x0, 0x2}])

5.096359389s ago: executing program 2 (id=2018):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = io_uring_setup(0x3450, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000140)={0x1, 0x81}, 0xffffffffffffff3b)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0xffffffff, 0x1582603b6fab213b)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x5})
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000880))
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)='bfs\x00', 0x4, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x2200}], 0x0, 0xa}, 0x20)

5.085400738s ago: executing program 4 (id=2019):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

4.952080845s ago: executing program 2 (id=2020):
r0 = socket(0x1e, 0x4, 0x0)
connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x8}, 0x48)
sendmsg$NFT_MSG_GETGEN(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x14, 0x10, 0xa, 0x801, 0x0, 0x0, {0x4, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x20008011)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r2, 0x0)
syz_emit_ethernet(0x5a, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60ff00f500240600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="90c2000098b26816a099ba907800001e0aa500ac1414bb00"], 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, &(0x7f0000000100), 0x0}, 0x20)
sendmmsg$unix(r0, &(0x7f0000004400), 0x400000000000203, 0x0)

4.664221333s ago: executing program 2 (id=2021):
socket(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0)
pipe2(&(0x7f00000004c0), 0x800)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x20680, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x446102)
iopl(0x3)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5}, @NFTA_XFRM_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_XFRM_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}, {0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}]}]}], {0x14}}, 0xa4}}, 0x0)
syz_io_uring_setup(0x4e1, &(0x7f0000000100)={0x0, 0x1ffffd, 0x10100, 0xfffffffe, 0x9}, &(0x7f0000000300), &(0x7f00000002c0))

3.914220219s ago: executing program 0 (id=2022):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
socket$key(0xf, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000018c0)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x22}, 0x94)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r2, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000240)="cf9900ffffffff7f00000001000000000000005ac1d932df0d3e5d0142fcd74f6d43c8f9d9025512685c5007fd79d19ef09419ef4d3eca4dc2f10c80aef058c515eaa77423ebd991b2f6c90f32fb9868d6b4a69aa9", 0x55}], 0x1, 0x0, 0x0, 0x80040000}}], 0x1, 0x20000810)
setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001840)=@newlink={0x54, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xa011}, [@IFLA_XDP={0x2c, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x3}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x1}, @IFLA_XDP_FD={0x8, 0x1, r1}, @IFLA_XDP_EXPECTED_FD={0x8, 0x8, r1}]}, @IFLA_GROUP={0x8}]}, 0x54}, 0x1, 0x0, 0x0, 0x200480d4}, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
socket$kcm(0xf, 0x0, 0x2)

3.898468405s ago: executing program 3 (id=2023):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="280500003d0007010000000000000000017c0000040000000c00018006000600800a"], 0x528}}, 0xc000)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd700000000000020202000500030000000000090001"], 0x28}, 0x1, 0x40030000000000}, 0x14) (fail_nth: 6)

3.891235599s ago: executing program 4 (id=2024):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x1, 0x8, 0x1, 0x0, {{0x5, 0x4, 0x0, 0x3, 0x12, 0x64, 0x0, 0x0, 0x0, 0x0, @loopback, @empty, {[@noop, @timestamp_addr={0x44, 0x0, 0xef, 0x1, 0x2, [{@loopback, 0x9}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xb09}, {@multicast1, 0x3}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}, {@local, 0x9}, {@broadcast, 0x4}]}]}}}}})
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x8000, 0x0)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f00000000c0), 0x4)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x1b, 0x8032, 0xffffffffffffffff, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x800, 0x2)
creat(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
r6 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f00000002c0)={0x0, 0x0, 0x4}, 0x8)
syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[], 0xa, 0x234, &(0x7f0000000900)="$eJzs279rE2Ecx/HPXS7pNdpWrDqIQlGsLjb+mBxE3Tr1H+hU2qjFE6tVsEWwWdRB6OTm4iQIDo4idRMn/wAHwU0pdgg4OfTkzvvR5JLmB5ecpO/X0ueez/Pkee7oJd82iQDsWVc1IUOGCt7BMfvA+riR9ZYA9Ikb/Ny23JgZhgAG282RrHcAIBtb16SXp6Rf1UfzyhXCssCrAL5tStqYfKo1Bbk5JOn1F8mK6oetinTUCnLD1nB9ffFKOh3ON4q14UNbqkjFKN+3IxyWKq7/+GdOhuvv14hGNZb38oMaD9ZfiOYfaVnvWJ2XSAAADBxDU63yXQeYur7olM81zfN+fr5pXvDzCy3yi9HxUNSafTHz4IN7edvLp+bvOAu7bRNAA2YX9//X43E71+L+t5rc//V/JwDov+WV1VtzjuM+lvxG+V7QEzTC/wjEPbnEmFQa4XsObQwO36FMRN5j7OjJJaevTybPPb2zMOONjUnqzYX6jxtqEH2f/ndNoh6zF1e+pnHi558nS8/fvW9n8NsOlzCj37rZjXK1boxMqYfnNZG4C+Ycu73pxprrdrhow6eL+MMBdtrPRAD6rXT/9lJpeWX17GJO0o1yPnzBn/6x6Vf2pZr6Pp/dTgGkLX7Rb5RWEj1u7eHMp8+/q5fePOti5SuSPha7mAgAAAAAAAAAAAAAAOoc0uGstwAAAACgT5Lf/rk7mvZXl7I+RwAAAAAAAAAAAAAAAAAABs3fAAAA///PtQqI")
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r6, 0x84, 0x73, 0x0, &(0x7f00000002c0))
r7 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r7, 0x0, 0x0)

3.778924193s ago: executing program 2 (id=2025):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000600), r0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x24000000)

3.369497357s ago: executing program 3 (id=2026):
r0 = landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = fsopen(&(0x7f0000001640)='afs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x1, 0x0)
fchdir(r2)
syz_clone3(&(0x7f00000003c0)={0x10100, &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000180)=<r3=>0x0, {0x41}, &(0x7f0000000300)=""/121, 0x79, &(0x7f0000001480)=""/221, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6, {r2}}, 0x58)
r4 = gettid()
syz_clone3(&(0x7f00000015c0)={0xc0800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x3b}, &(0x7f0000000480)=""/4096, 0x1000, &(0x7f0000000200)=""/255, &(0x7f0000001580)=[r3, 0xffffffffffffffff, r4], 0x3, {r2}}, 0x58)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)

3.368578953s ago: executing program 1 (id=2027):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, <r4=>r2})
ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00')
ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000540)=0x1)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x800, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r5, <r6=>0xffffffffffffffff}, &(0x7f00000008c0), &(0x7f00000003c0)='%pB    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r6, <r7=>0xffffffffffffffff}, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r8, 0x0, 0xe, 0x48000000, &(0x7f0000000300)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.872597964s ago: executing program 2 (id=2028):
prlimit64(0xffffffffffffffff, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000080)={0x0, 0x0, "b2d8f8e77ab2332d21644baf6c907902f9f25f7213c53e80ab517c412c400ec87403532622fe60e1c4d2be1b49d489a406c27759826b565edfddf3ba0231556e5f2a88065c0a960381094ba68dd5dcea98550919fecdafef292fd10b2985aca4426670e0ec35a8c9cb9aad285b776a4541e51908b33655fbb0c03dd0784308c26fed170bc32bfc57409a166228c30fecd7d40d26bbf2b764d350b150b22492789aad27573f2c37e0f5e36cee1027916b381ae45f64805d537d181a56388fba6be8c58aff329074f9ed83d1e6ea2a9e4ee26a66b620166cbb26853926a8be715dc8bd1ec8b6b75144fc6a4fd0b6663cb7006798412710e5deb41e1d03955498e0"})
ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_control={0x2, {0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYRESHEX=r0], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfff}, 0x94)
r1 = getpid()
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)={0xa4, 0x0, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x80}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x2c}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'Q.931\x00'}}]}, 0xa4}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
syz_open_dev$swradio(0x0, 0x1, 0x2)
close(0x3)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffe5b}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000002c0)={0x4ecd, 0x60088}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_generic(0x10, 0x3, 0x10)
fsopen(&(0x7f0000000140)='f2fs\x00', 0x1)

2.872128284s ago: executing program 4 (id=2029):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e502000000000000000007000000", @ANYRES32=r2, @ANYBLOB="200001"], 0x38}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x4004090}, 0x8000042)
socket$phonet_pipe(0x23, 0x5, 0x2)

2.824195914s ago: executing program 3 (id=2030):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = io_uring_setup(0x3450, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000140)={0x1, 0x81}, 0xffffffffffffff3b)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0xffffffff, 0x1582603b6fab213b)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0x0, 0x5})
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000880))
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)='bfs\x00', 0x4, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x2200}], 0x0, 0xa}, 0x20)

2.636109624s ago: executing program 0 (id=2031):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
msgget$private(0x0, 0xc)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000000)={{0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3})
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
timer_create(0x6, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[], 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x4b, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)
syz_io_uring_setup(0x2c0c, &(0x7f0000000400)={0x0, 0x0, 0x4002}, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x5)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f00000012c0)={0x0, 0x0, r5, r5, 0x7, 0xa, 0x3, 0x3, {0x7fff, 0xa, 0xff, 0x0, 0x5, 0xc, 0x3, 0x1, 0xfffa, 0x2, 0x6, 0x0, 0x8000, 0x5, "9a303f1b9372a91fb7a1849863ffcc2ada9a633af69c5bfc25a5099bc6535850"}})
r6 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000004c0)={0x0, <r7=>0x0})
ioctl$sock_FIOSETOWN(r6, 0x8901, &(0x7f0000000200)=r7)
read$midi(0xffffffffffffffff, &(0x7f0000000300)=""/10, 0xa)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4)
sendmmsg(r3, &(0x7f0000001500)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x500, 0x80000, @remote, 0x0, 0x3}, 0x80, 0x0}, 0x5b4}], 0x1, 0xc040)

2.602610186s ago: executing program 4 (id=2032):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r0 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000001c0)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000005000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0)="155b0256e5598fc9b35e5c85f55ab75dc8f9928bb30537c94fd78d1d26caed548f7aa412fcd71e4d655952313f7c7a5cc561d5754f583c56ea2213b6b2ad069b5c8cae89e4197e651413cd986b5cf1274bb300a6d83ab2190e378590caed639791da355f470a00640f7246f8ec08c685fe55b5c9393b5ada5a5fefc5ca87e6bb3b388f245f715173d09abec04092b48d8b962ea3dc542bf018e63790f4f33858d3ef05ab20380b7d4cfd26ae0b3f2514f324f0e376701a2aa796edecb0f99ea27b54e929baa1ce537362441ab612b5c5e0b2dc5205ed8c7bbf419d79616cd78714a5", 0xe2, r0}, 0x68)
r1 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000240)='syz0\x00', 0x200002, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000280), 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000fd00000c0000005bfffffff7"], &(0x7f0000001f80)=""/226, 0x18, 0xe2, 0x2, 0xfffffffe}, 0x28)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r2, 0x0, 0x9}, 0x18)
r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r3}, 0x8)
close(r4)
sendmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)="d8001c00180081064e81f782db44fd56170d12a0b9b545c7", 0x18}], 0x1}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x2000009, 0x100010, r4, 0x0)

1.214943148s ago: executing program 3 (id=2033):
syz_mount_image$fuse(0x0, 0x0, 0x410, 0x0, 0x1, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@id, 0x10)
sendmmsg$unix(r1, &(0x7f0000004400), 0x400000000000203, 0x101d0)

888.218521ms ago: executing program 4 (id=2034):
syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100004b41460860163209ea800102030109021e00"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000340)={&(0x7f0000000140)=[{0x63, 0x3b93, 0x4d, &(0x7f0000000440)="d1596137019028b4e6973edf1911fbfc4c57a136ff048efb6d1ff9da18c7b520508922e15ef5a43a2403935d48ed4c365d55448dc474f02bfc8c827504ccfccbaca50d6089edf0b48722fa0da7"}], 0x1})

720.887911ms ago: executing program 1 (id=2035):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='bbr', 0x3)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)

598.397335ms ago: executing program 0 (id=2036):
socket$inet6_sctp(0xa, 0x1, 0x84)
setrlimit(0x2, &(0x7f0000000000)={0x4000051, 0xfffffffa})
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000800000/0x800000)=nil)
eventfd2(0x0, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000007c0)={{r0}, &(0x7f0000000740), &(0x7f0000000780)='%+9llu \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1d, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x20, &(0x7f0000000200)="df33c9f7b9a60000000000002000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

452.074202ms ago: executing program 0 (id=2037):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x1000, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) (fail_nth: 6)

71.951534ms ago: executing program 0 (id=2038):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r2)
sendmsg$WG_CMD_SET_DEVICE(r2, &(0x7f0000001000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4084}, 0x20000010)

0s ago: executing program 2 (id=2039):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x28060400)
r4 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_io_uring_setup(0x189, &(0x7f0000000080)={0x0, 0x0, 0x11000, 0x10}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_TIMEOUT={0xb, 0x4, 0x0, 0x0, 0x5, &(0x7f0000000200)={0x77359400}, 0x1, 0x4})
io_uring_enter(r5, 0x2def, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r5, 0x18, &(0x7f0000000140)={0x5, r5, 0x1c, {0x9, 0x1}, 0x6}, 0x1)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f00005f5000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000640)={0x2, 0x5, 0x20, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x100, 0x0, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x2c}}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x80}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e21, @broadcast}}]}, 0x50}}, 0x0)
r9 = socket$inet6(0xa, 0x2, 0x0)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r11 = dup(r10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r11, 0x2000)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
sendmsg$inet6(r9, &(0x7f00000000c0)={&(0x7f0000000080)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x14}}, 0x1c, 0x0, 0x0, &(0x7f0000004540)=[@hopopts={{0x18, 0x29, 0x36, {0x1}}}, @pktinfo={{0x24, 0x29, 0x32, {@loopback}}}], 0x40}, 0x40)

kernel console output (not intermixed with test programs):

73][T11111] netlink: 'syz.2.1436': attribute type 72 has an invalid length.
[  566.063344][ T5951] usb 4-1: unable to get BOS descriptor or descriptor too short
[  566.073346][ T5951] usb 4-1: unable to read config index 0 descriptor/start: -71
[  566.397313][ T5951] usb 4-1: can't read configurations, error -71
[  566.548381][ T5183] Bluetooth: hci4: unexpected event for opcode 0x0803
[  566.969068][T11118] netlink: 'syz.1.1438': attribute type 72 has an invalid length.
[  567.360710][T11120] bridge: RTM_NEWNEIGH with invalid ether address
[  567.368780][T11120] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  568.280963][T11131] dvmrp1: tun_chr_ioctl cmd 1074025677
[  568.286945][T11131] dvmrp1: linktype set to 6
[  568.617550][T11142] omfs: Bad value for 'uid'
[  568.622174][T11142] omfs: Bad value for 'uid'
[  568.785760][ T5951] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  569.023446][T11144] Bluetooth: MGMT ver 1.23
[  569.361610][ T5951] usb 3-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice= e.32
[  569.372398][T11146] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1446'.
[  569.372872][ T5951] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.397240][ T5951] usb 3-1: Product: syz
[  569.401445][ T5951] usb 3-1: Manufacturer: syz
[  569.406941][ T5951] usb 3-1: SerialNumber: syz
[  569.464049][ T5951] usb 3-1: config 0 descriptor??
[  569.477550][ T5951] pwc: Logitech/Cisco VT Camera webcam detected.
[  569.672392][T11125] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  569.690944][ T5951] pwc: Failed to set LED on/off time (-71)
[  569.701303][ T5951] pwc: send_video_command error -71
[  569.706567][ T5951] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  569.733408][ T5951] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  569.852442][ T5994] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  570.466138][ T5951] usb 3-1: USB disconnect, device number 34
[  570.901281][ T5994] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  570.914965][ T5994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.928029][ T5994] usb 2-1: Product: syz
[  570.933450][ T5994] usb 2-1: Manufacturer: syz
[  570.938997][ T5994] usb 2-1: SerialNumber: syz
[  570.949017][ T5994] usb 2-1: config 0 descriptor??
[  570.974993][ T5994] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  570.995527][ T5994] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  571.007060][ T5994] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  571.017562][ T5994] usb 2-1: media controller created
[  571.040858][ T5994] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  571.049666][ T5996] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  571.146222][ T5994] DVB: Unable to find symbol mt352_attach()
[  571.156919][   T24] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  571.172162][T11152] dvb-usb: bulk message failed: -22 (7/0)
[  571.195652][ T5996] usb 5-1: Using ep0 maxpacket: 32
[  571.215506][ T5994] DVB: Unable to find symbol nxt6000_attach()
[  571.222206][ T5994] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  571.234751][ T5996] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  571.243267][ T5996] usb 5-1: config 0 has no interface number 0
[  571.254351][ T5994] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input45
[  571.267927][ T5994] dvb-usb: schedule remote query interval to 1000 msecs.
[  571.276253][ T5994] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  571.300308][ T5994] dvb-usb: bulk message failed: -22 (7/0)
[  571.309648][ T5996] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  571.319461][ T5996] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.327457][ T5996] usb 5-1: Product: syz
[  571.332061][ T5994] dvb-usb: bulk message failed: -22 (7/0)
[  571.358766][ T5994] usb 2-1: USB disconnect, device number 27
[  571.366689][ T5996] usb 5-1: Manufacturer: syz
[  571.382114][   T24] usb 4-1: Using ep0 maxpacket: 8
[  571.391181][ T5996] usb 5-1: SerialNumber: syz
[  571.403492][   T24] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  571.404167][ T5996] usb 5-1: config 0 descriptor??
[  571.438094][   T24] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  571.465887][   T24] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  571.476098][ T5996] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  571.488031][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.496816][T11165] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1453'.
[  571.507610][   T24] usb 4-1: Product: syz
[  571.529349][   T24] usb 4-1: Manufacturer: syz
[  571.547756][   T24] usb 4-1: SerialNumber: syz
[  571.659283][ T5994] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  571.667778][   T24] usb 4-1: config 0 descriptor??
[  571.687406][ T5996] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  571.906674][ T5996] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  571.940479][   T24] usb 4-1: USB disconnect, device number 37
[  572.211753][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  572.220346][ T5994] usb 5-1: USB disconnect, device number 38
[  572.237263][ T5994] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  572.308278][ T5994] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  572.323312][T11175] netlink: 'syz.1.1456': attribute type 153 has an invalid length.
[  572.469339][ T5994] quatech2 5-1:0.51: device disconnected
[  573.635938][T11191] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1461'.
[  573.672993][   T24] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  573.844942][   T24] usb 1-1: config 0 has an invalid interface number: 217 but max is 0
[  573.857924][   T24] usb 1-1: config 0 has no interface number 0
[  573.886127][   T24] usb 1-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  573.905638][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.915294][   T24] usb 1-1: Product: syz
[  573.919713][   T24] usb 1-1: Manufacturer: syz
[  573.924956][   T24] usb 1-1: SerialNumber: syz
[  573.964304][   T24] usb 1-1: config 0 descriptor??
[  573.988897][   T24] hub 1-1:0.217: bad descriptor, ignoring hub
[  574.004536][   T24] hub 1-1:0.217: probe with driver hub failed with error -5
[  574.151227][ T5994] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  574.992475][T11210] fuse: Bad value for 'fd'
[  575.000933][ T5994] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  575.036803][ T5994] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  575.054419][   T24] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  575.055242][ T5994] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  575.078998][ T5994] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  575.090190][ T5994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.113605][T11199] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  575.203770][   T24] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  575.212197][   T24] dib0700: firmware download failed at 7 with -22
[  575.243139][ T5951] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[  575.243748][   T24] usb 1-1: USB disconnect, device number 56
[  575.280929][ T5996] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  575.328257][T11199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.337860][T11199] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.428048][ T5951] usb 5-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  575.437552][ T5996] usb 2-1: Using ep0 maxpacket: 8
[  575.443206][ T5951] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.443248][ T5985] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  575.451238][ T5951] usb 5-1: Product: syz
[  575.451258][ T5951] usb 5-1: Manufacturer: syz
[  575.451270][ T5951] usb 5-1: SerialNumber: syz
[  575.455768][ T5996] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  575.482795][ T5996] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  575.495430][ T5951] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  575.508024][ T5996] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  575.517647][ T5996] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.529079][ T5996] usb 2-1: Product: syz
[  575.533333][ T5996] usb 2-1: Manufacturer: syz
[  575.538652][ T5996] usb 2-1: SerialNumber: syz
[  575.547094][ T5996] usb 2-1: config 0 descriptor??
[  575.609729][ T5985] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  575.622252][ T5985] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  575.634528][ T5985] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  575.646471][ T5985] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  575.655997][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.667446][T11214] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  575.721997][ T5951] vp7045: USB control message 'out' went wrong.
[  575.730686][ T5951] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  575.741911][ T5951] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  575.754678][ T5951] usb 5-1: USB disconnect, device number 39
[  575.762443][   T24] usb 2-1: USB disconnect, device number 28
[  575.817610][ T5996] usb 1-1: new full-speed USB device number 57 using dummy_hcd
[  575.870918][T11214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  575.880213][T11214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  575.969154][ T5996] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  575.980756][ T5996] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  575.991051][ T5996] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  576.010820][ T5996] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  576.020534][ T5996] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.032079][ T5996] usb 1-1: config 0 descriptor??
[  576.142748][ T5994] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  576.153131][ T5994] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input46
[  576.202873][    C0] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  576.211955][ T5994] usb 4-1: USB disconnect, device number 38
[  576.227238][   T56] block nbd0: Possible stuck request ffff888025995080: control (read@0,1024B). Runtime 150 seconds
[  576.238387][   T56] block nbd0: Possible stuck request ffff888025995240: control (read@1024,1024B). Runtime 150 seconds
[  576.250055][   T56] block nbd0: Possible stuck request ffff888025995400: control (read@2048,1024B). Runtime 150 seconds
[  576.261438][   T56] block nbd0: Possible stuck request ffff8880259955c0: control (read@3072,1024B). Runtime 150 seconds
[  576.471914][ T5985] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  576.540460][ T5985] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input47
[  577.044319][T11223] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1472'.
[  577.084209][   T24] usb 1-1: USB disconnect, device number 57
[  577.135036][ T5985] usb 3-1: USB disconnect, device number 35
[  577.135107][    C1] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  578.903133][T11246] netlink: 'syz.4.1480': attribute type 9 has an invalid length.
[  578.921499][T11246] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1480'.
[  580.161440][T11261] ieee802154 phy0 wpan0: encryption failed: -22
[  581.074601][T11269] ieee802154 phy0 wpan0: encryption failed: -22
[  582.031078][ T5985] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  582.761530][T11278] omfs: Bad value for 'uid'
[  582.766119][T11278] omfs: Bad value for 'uid'
[  583.635034][ T5985] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  583.662684][ T5985] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  583.682235][ T5985] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  583.693954][ T5985] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  583.703822][ T5985] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.723130][T11273] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  583.857349][T11287] netlink: 1752 bytes leftover after parsing attributes in process `syz.4.1491'.
[  584.241248][T11273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.256042][T11273] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.397340][ T5985] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[  585.500445][ T5985] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input48
[  585.597388][T11302] FAULT_INJECTION: forcing a failure.
[  585.597388][T11302] name failslab, interval 1, probability 0, space 0, times 0
[  585.611059][T11302] CPU: 0 UID: 0 PID: 11302 Comm: syz.4.1496 Not tainted syzkaller #0 PREEMPT(full) 
[  585.611083][T11302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  585.611092][T11302] Call Trace:
[  585.611099][T11302]  <TASK>
[  585.611106][T11302]  dump_stack_lvl+0x189/0x250
[  585.611133][T11302]  ? __pfx____ratelimit+0x10/0x10
[  585.611154][T11302]  ? __pfx_dump_stack_lvl+0x10/0x10
[  585.611173][T11302]  ? __pfx__printk+0x10/0x10
[  585.611197][T11302]  ? __pfx___might_resched+0x10/0x10
[  585.611220][T11302]  ? fs_reclaim_acquire+0x7d/0x100
[  585.611234][T11302]  should_fail_ex+0x414/0x560
[  585.611250][T11302]  should_failslab+0xa8/0x100
[  585.611269][T11302]  kmem_cache_alloc_noprof+0x74/0x6e0
[  585.611290][T11302]  ? rcu_is_watching+0x15/0xb0
[  585.611313][T11302]  ? flock_lock_inode+0x21f/0x1420
[  585.611327][T11302]  ? locks_get_lock_context+0xc7/0x3d0
[  585.611349][T11302]  flock_lock_inode+0x21f/0x1420
[  585.611364][T11302]  ? __lock_acquire+0xab9/0xd20
[  585.611386][T11302]  ? __pfx___might_resched+0x10/0x10
[  585.611402][T11302]  ? __pfx_flock_lock_inode+0x10/0x10
[  585.611413][T11302]  ? __pfx_aa_file_perm+0x10/0x10
[  585.611430][T11302]  locks_lock_inode_wait+0x107/0x410
[  585.611452][T11302]  ? __pfx_locks_lock_inode_wait+0x10/0x10
[  585.611478][T11302]  ? __fget_files+0x2a/0x420
[  585.611501][T11302]  ? common_file_perm+0x1b5/0x230
[  585.611532][T11302]  __se_sys_flock+0x467/0x5b0
[  585.611557][T11302]  ? __pfx___se_sys_flock+0x10/0x10
[  585.611607][T11302]  ? __pfx_ksys_write+0x10/0x10
[  585.611628][T11302]  ? do_syscall_64+0xbe/0xfa0
[  585.611652][T11302]  do_syscall_64+0xfa/0xfa0
[  585.611672][T11302]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.611687][T11302]  ? asm_sysvec_call_function_single+0x1a/0x20
[  585.611711][T11302]  ? clear_bhb_loop+0x60/0xb0
[  585.611732][T11302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  585.611747][T11302] RIP: 0033:0x7f0768f8eec9
[  585.611758][T11302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  585.611767][T11302] RSP: 002b:00007f0769e78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000049
[  585.611779][T11302] RAX: ffffffffffffffda RBX: 00007f07691e6090 RCX: 00007f0768f8eec9
[  585.611786][T11302] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 000000000000000b
[  585.611792][T11302] RBP: 00007f0769e78090 R08: 0000000000000000 R09: 0000000000000000
[  585.611798][T11302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  585.611805][T11302] R13: 00007f07691e6128 R14: 00007f07691e6090 R15: 00007ffc166154b8
[  585.611835][T11302]  </TASK>
[  585.942494][   T24] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  586.490551][ T5985] usb 4-1: USB disconnect, device number 39
[  586.496998][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  586.606969][   T24] usb 3-1: Using ep0 maxpacket: 8
[  586.616189][   T24] usb 3-1: config index 0 descriptor too short (expected 30, got 18)
[  586.643811][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  586.668266][   T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  586.708715][   T24] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  586.718672][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.746356][   T24] usb 3-1: Product: syz
[  586.758652][   T24] usb 3-1: Manufacturer: syz
[  586.777035][   T24] usb 3-1: SerialNumber: syz
[  586.788481][   T24] usb 3-1: config 0 descriptor??
[  586.932415][T11312] dvmrp1: tun_chr_ioctl cmd 1074025677
[  586.938130][T11312] dvmrp1: linktype set to 6
[  587.009612][ T5996] usb 3-1: USB disconnect, device number 36
[  587.357417][   T24] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  587.600518][   T24] usb 5-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice= e.32
[  587.627181][T11322] FAULT_INJECTION: forcing a failure.
[  587.627181][T11322] name failslab, interval 1, probability 0, space 0, times 0
[  587.640511][T11322] CPU: 1 UID: 0 PID: 11322 Comm: syz.1.1500 Not tainted syzkaller #0 PREEMPT(full) 
[  587.640535][T11322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  587.640546][T11322] Call Trace:
[  587.640553][T11322]  <TASK>
[  587.640561][T11322]  dump_stack_lvl+0x189/0x250
[  587.640588][T11322]  ? __pfx____ratelimit+0x10/0x10
[  587.640608][T11322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  587.640628][T11322]  ? __pfx__printk+0x10/0x10
[  587.640656][T11322]  ? __pfx___might_resched+0x10/0x10
[  587.640678][T11322]  ? fs_reclaim_acquire+0x7d/0x100
[  587.640700][T11322]  should_fail_ex+0x414/0x560
[  587.640727][T11322]  should_failslab+0xa8/0x100
[  587.640747][T11322]  kmem_cache_alloc_node_noprof+0x77/0x710
[  587.640770][T11322]  ? __alloc_skb+0x112/0x2d0
[  587.640787][T11322]  ? netlink_autobind+0xdb/0x300
[  587.640811][T11322]  __alloc_skb+0x112/0x2d0
[  587.640833][T11322]  netlink_sendmsg+0x5c6/0xb30
[  587.640861][T11322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  587.640884][T11322]  ? aa_sock_msg_perm+0xf1/0x1d0
[  587.640907][T11322]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  587.640924][T11322]  ? __pfx_netlink_sendmsg+0x10/0x10
[  587.640944][T11322]  __sock_sendmsg+0x21c/0x270
[  587.640971][T11322]  ____sys_sendmsg+0x505/0x830
[  587.640995][T11322]  ? __pfx_____sys_sendmsg+0x10/0x10
[  587.641022][T11322]  ? import_iovec+0x74/0xa0
[  587.641043][T11322]  ___sys_sendmsg+0x21f/0x2a0
[  587.641066][T11322]  ? __pfx____sys_sendmsg+0x10/0x10
[  587.641123][T11322]  ? __fget_files+0x2a/0x420
[  587.641139][T11322]  ? __fget_files+0x3a0/0x420
[  587.641167][T11322]  __x64_sys_sendmsg+0x19b/0x260
[  587.641191][T11322]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  587.641208][T11322]  ? irqentry_exit+0x74/0x90
[  587.641263][T11322]  do_syscall_64+0xfa/0xfa0
[  587.641283][T11322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.641299][T11322]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  587.641315][T11322]  ? clear_bhb_loop+0x60/0xb0
[  587.641335][T11322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  587.641352][T11322] RIP: 0033:0x7f75e2b8eec9
[  587.641368][T11322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  587.641383][T11322] RSP: 002b:00007f75e0db4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  587.641402][T11322] RAX: ffffffffffffffda RBX: 00007f75e2de6180 RCX: 00007f75e2b8eec9
[  587.641415][T11322] RDX: 0000000000000090 RSI: 00002000000002c0 RDI: 0000000000000008
[  587.641426][T11322] RBP: 00007f75e0db4090 R08: 0000000000000000 R09: 0000000000000000
[  587.641437][T11322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.641446][T11322] R13: 00007f75e2de6218 R14: 00007f75e2de6180 R15: 00007ffef442a5c8
[  587.641475][T11322]  </TASK>
[  587.920229][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  587.928389][   T24] usb 5-1: Product: syz
[  587.932937][   T24] usb 5-1: Manufacturer: syz
[  587.937690][   T24] usb 5-1: SerialNumber: syz
[  587.944811][   T24] usb 5-1: config 0 descriptor??
[  587.955592][   T24] pwc: Logitech/Cisco VT Camera webcam detected.
[  588.145618][T11312] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  588.513745][T11332] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  588.848632][T11332] ./file0: Can't lookup blockdev
[  589.486084][ T5985] kernel write not supported for file /1062/clear_refs (pid: 5985 comm: kworker/1:6)
[  589.542085][T11308] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  590.098856][   T24] pwc: Failed to set LED on/off time (-71)
[  590.149479][   T24] pwc: send_video_command error -71
[  590.155670][   T24] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  590.194476][   T24] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  590.216023][   T24] usb 5-1: USB disconnect, device number 40
[  592.844652][ T5994] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  592.997076][ T5994] usb 4-1: Using ep0 maxpacket: 16
[  593.004177][ T5994] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  593.028593][T11383] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  593.259287][T11385] ./file0: Can't lookup blockdev
[  593.826189][ T5994] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  593.836628][ T5994] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  593.846313][ T5994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  593.922098][ T5994] usb 4-1: config 0 descriptor??
[  594.094821][   T30] audit: type=1804 audit(1758562532.899:3): pid=11392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1520" name="file0" dev="ramfs" ino=29966 res=1 errno=0
[  597.615703][ T5994] usbhid 4-1:0.0: can't add hid device: -71
[  597.625024][ T5994] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  597.666705][ T5994] usb 4-1: USB disconnect, device number 40
[  597.691369][T11414] dvmrp1: tun_chr_ioctl cmd 1074025677
[  597.698354][T11414] dvmrp1: linktype set to 6
[  597.892472][   T24] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  598.101985][   T24] usb 3-1: Using ep0 maxpacket: 8
[  598.124325][ T5985] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  598.131750][T11425] binder_alloc: 11421: binder_alloc_buf, no vma
[  598.142284][   T24] usb 3-1: config 0 has an invalid interface number: 107 but max is 0
[  598.157723][   T24] usb 3-1: config 0 has no interface number 0
[  598.170924][   T24] usb 3-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=54.48
[  598.185129][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.508544][   T24] usb 3-1: config 0 descriptor??
[  598.579399][ T5985] usb 5-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice= e.32
[  598.696657][ T5985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.777491][ T5985] usb 5-1: Product: syz
[  598.831540][   T24] usb 3-1: USB disconnect, device number 37
[  599.103401][T11401] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  599.123653][ T5985] usb 5-1: Manufacturer: syz
[  599.143016][ T5985] usb 5-1: SerialNumber: syz
[  599.179481][ T5985] usb 5-1: config 0 descriptor??
[  599.190221][ T5985] usb 5-1: can't set config #0, error -71
[  599.214465][ T5985] usb 5-1: USB disconnect, device number 41
[  599.517422][T11439] syzkaller1: tun_chr_ioctl cmd 1074025677
[  599.524021][T11439] syzkaller1: linktype set to 778
[  599.775114][T11442] ieee802154 phy0 wpan0: encryption failed: -22
[  600.910546][T11451] dvmrp1: tun_chr_ioctl cmd 1074025677
[  600.934113][T11451] dvmrp1: linktype set to 6
[  601.081812][T11465] ieee802154 phy0 wpan0: encryption failed: -22
[  601.798976][ T5996] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  603.026842][ T5996] usb 2-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice= e.32
[  603.046035][ T5996] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.109786][ T5996] usb 2-1: Product: syz
[  603.121989][ T5996] usb 2-1: Manufacturer: syz
[  603.126910][ T5996] usb 2-1: SerialNumber: syz
[  603.169544][ T5996] usb 2-1: config 0 descriptor??
[  603.239916][T11477] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  603.660345][ T5996] pwc: Logitech/Cisco VT Camera webcam detected.
[  603.687927][ T5996] pwc: Failed to set LED on/off time (-71)
[  603.703406][ T5996] pwc: send_video_command error -71
[  603.712228][ T5996] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  603.726506][ T5996] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71
[  603.738937][ T5996] usb 2-1: USB disconnect, device number 29
[  603.835563][ T5985] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  604.427448][T11482] ieee802154 phy0 wpan0: encryption failed: -22
[  604.443984][T11483] ieee802154 phy0 wpan0: encryption failed: -22
[  604.466281][ T5985] usb 4-1: Using ep0 maxpacket: 8
[  604.477953][ T5985] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  604.486468][ T5985] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  604.520283][ T5985] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  604.545194][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.554656][ T5985] usb 4-1: Product: syz
[  604.559039][ T5985] usb 4-1: Manufacturer: syz
[  604.563897][ T5985] usb 4-1: SerialNumber: syz
[  604.580088][ T5985] usb 4-1: config 0 descriptor??
[  604.742091][T11491] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  604.837043][ T5996] usb 4-1: USB disconnect, device number 41
[  604.875617][   T56] block nbd0: Possible stuck request ffff888025995080: control (read@0,1024B). Runtime 180 seconds
[  604.887006][   T56] block nbd0: Possible stuck request ffff888025995240: control (read@1024,1024B). Runtime 180 seconds
[  604.898688][   T56] block nbd0: Possible stuck request ffff888025995400: control (read@2048,1024B). Runtime 180 seconds
[  604.912522][   T56] block nbd0: Possible stuck request ffff8880259955c0: control (read@3072,1024B). Runtime 180 seconds
[  605.239490][T11502] syzkaller1: tun_chr_ioctl cmd 1074025677
[  605.245609][T11502] syzkaller1: linktype set to 778
[  605.940263][ T5875] Bluetooth: hci4: unexpected event for opcode 0x0803
[  606.517990][T11524] FAULT_INJECTION: forcing a failure.
[  606.517990][T11524] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  606.668472][T11524] CPU: 1 UID: 0 PID: 11524 Comm: syz.1.1557 Not tainted syzkaller #0 PREEMPT(full) 
[  606.668496][T11524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  606.668509][T11524] Call Trace:
[  606.668517][T11524]  <TASK>
[  606.668525][T11524]  dump_stack_lvl+0x189/0x250
[  606.668550][T11524]  ? __pfx____ratelimit+0x10/0x10
[  606.668570][T11524]  ? __pfx_dump_stack_lvl+0x10/0x10
[  606.668589][T11524]  ? __pfx__printk+0x10/0x10
[  606.668610][T11524]  ? __might_fault+0xb0/0x130
[  606.668643][T11524]  should_fail_ex+0x414/0x560
[  606.668669][T11524]  _copy_from_iter+0x1de/0x1790
[  606.668699][T11524]  ? rcu_is_watching+0x15/0xb0
[  606.668726][T11524]  ? kmalloc_reserve+0xbd/0x290
[  606.668745][T11524]  ? __pfx__copy_from_iter+0x10/0x10
[  606.668770][T11524]  ? __build_skb_around+0x262/0x3f0
[  606.668791][T11524]  ? netlink_sendmsg+0x642/0xb30
[  606.668806][T11524]  ? skb_put+0x11b/0x210
[  606.668827][T11524]  netlink_sendmsg+0x6b2/0xb30
[  606.668856][T11524]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.668877][T11524]  ? aa_sock_msg_perm+0xf1/0x1d0
[  606.668900][T11524]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  606.668917][T11524]  ? __pfx_netlink_sendmsg+0x10/0x10
[  606.668935][T11524]  __sock_sendmsg+0x21c/0x270
[  606.668961][T11524]  ____sys_sendmsg+0x505/0x830
[  606.668986][T11524]  ? __pfx_____sys_sendmsg+0x10/0x10
[  606.669016][T11524]  ? import_iovec+0x74/0xa0
[  606.669036][T11524]  ___sys_sendmsg+0x21f/0x2a0
[  606.669059][T11524]  ? __pfx____sys_sendmsg+0x10/0x10
[  606.669114][T11524]  ? __fget_files+0x2a/0x420
[  606.669130][T11524]  ? __fget_files+0x3a0/0x420
[  606.669157][T11524]  __x64_sys_sendmsg+0x19b/0x260
[  606.669180][T11524]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  606.669210][T11524]  ? __pfx_ksys_write+0x10/0x10
[  606.669236][T11524]  ? do_syscall_64+0xbe/0xfa0
[  606.669260][T11524]  do_syscall_64+0xfa/0xfa0
[  606.669277][T11524]  ? lockdep_hardirqs_on+0x9c/0x150
[  606.669296][T11524]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.669312][T11524]  ? clear_bhb_loop+0x60/0xb0
[  606.669332][T11524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  606.669348][T11524] RIP: 0033:0x7f75e2b8eec9
[  606.669370][T11524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  606.669383][T11524] RSP: 002b:00007f75e0df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  606.669400][T11524] RAX: ffffffffffffffda RBX: 00007f75e2de5fa0 RCX: 00007f75e2b8eec9
[  606.669411][T11524] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  606.669420][T11524] RBP: 00007f75e0df6090 R08: 0000000000000000 R09: 0000000000000000
[  606.669429][T11524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  606.669438][T11524] R13: 00007f75e2de6038 R14: 00007f75e2de5fa0 R15: 00007ffef442a5c8
[  606.669467][T11524]  </TASK>
[  607.565867][T11518] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  607.572691][T11518] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  607.583203][T11518] vhci_hcd vhci_hcd.0: Device attached
[  608.207771][ T5996] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  608.288163][T11534] vhci_hcd: connection reset by peer
[  608.306353][ T3968] vhci_hcd: stop threads
[  608.328034][ T3968] vhci_hcd: release socket
[  608.337252][ T3968] vhci_hcd: disconnect device
[  608.520308][T11551] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  608.535661][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  608.542526][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  609.156716][ T5994] libceph: connect (1)[c::]:6789 error -101
[  609.215345][T11552] ceph: No mds server is up or the cluster is laggy
[  609.237313][ T5994] libceph: mon0 (1)[c::]:6789 connect error
[  609.817222][T11563] ieee802154 phy0 wpan0: encryption failed: -22
[  610.003439][T11569] syzkaller1: tun_chr_ioctl cmd 1074025677
[  610.009816][T11569] syzkaller1: linktype set to 778
[  610.148826][T11573] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  611.079032][T11580] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1568'.
[  612.497383][T11597] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  613.152191][ T5996] vhci_hcd: vhci_device speed not set
[  614.031377][T11618] FAULT_INJECTION: forcing a failure.
[  614.031377][T11618] name failslab, interval 1, probability 0, space 0, times 0
[  614.055092][T11618] CPU: 0 UID: 0 PID: 11618 Comm: syz.4.1580 Not tainted syzkaller #0 PREEMPT(full) 
[  614.055120][T11618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  614.055131][T11618] Call Trace:
[  614.055139][T11618]  <TASK>
[  614.055148][T11618]  dump_stack_lvl+0x189/0x250
[  614.055174][T11618]  ? __pfx____ratelimit+0x10/0x10
[  614.055193][T11618]  ? __pfx_dump_stack_lvl+0x10/0x10
[  614.055213][T11618]  ? __pfx__printk+0x10/0x10
[  614.055238][T11618]  ? __pfx___might_resched+0x10/0x10
[  614.055262][T11618]  ? fs_reclaim_acquire+0x7d/0x100
[  614.055288][T11618]  should_fail_ex+0x414/0x560
[  614.055312][T11618]  should_failslab+0xa8/0x100
[  614.055329][T11618]  __kmalloc_cache_noprof+0x6f/0x6f0
[  614.055349][T11618]  ? __pfx___nla_validate_parse+0x10/0x10
[  614.055372][T11618]  ? hash_netnet_create+0x6d5/0x1440
[  614.055395][T11618]  hash_netnet_create+0x6d5/0x1440
[  614.055411][T11618]  ? __lock_acquire+0xab9/0xd20
[  614.055448][T11618]  ? __pfx_hash_netnet_create+0x10/0x10
[  614.055469][T11618]  ? __nla_parse+0x40/0x60
[  614.055491][T11618]  ? __pfx_hash_netnet_create+0x10/0x10
[  614.055509][T11618]  ip_set_create+0xa97/0x1940
[  614.055533][T11618]  ? ip_set_create+0x4a2/0x1940
[  614.055564][T11618]  ? __pfx_ip_set_create+0x10/0x10
[  614.055635][T11618]  nfnetlink_rcv_msg+0xb4d/0x1130
[  614.055661][T11618]  ? nfnetlink_rcv_msg+0x20d/0x1130
[  614.055705][T11618]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  614.055761][T11618]  ? is_bpf_text_address+0x292/0x2b0
[  614.055800][T11618]  netlink_rcv_skb+0x208/0x470
[  614.055819][T11618]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  614.055844][T11618]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  614.055874][T11618]  ? bpf_lsm_capable+0x9/0x20
[  614.055894][T11618]  ? security_capable+0x7e/0x2e0
[  614.055922][T11618]  nfnetlink_rcv+0x26a/0x2520
[  614.055945][T11618]  ? is_bpf_text_address+0x26/0x2b0
[  614.055971][T11618]  ? kernel_text_address+0xa5/0xe0
[  614.055992][T11618]  ? __kernel_text_address+0xd/0x40
[  614.056011][T11618]  ? unwind_get_return_address+0x4d/0x90
[  614.056027][T11618]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  614.056045][T11618]  ? arch_stack_walk+0xfc/0x150
[  614.056078][T11618]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  614.056101][T11618]  ? stack_depot_save_flags+0x40/0x860
[  614.056129][T11618]  ? __lock_acquire+0xab9/0xd20
[  614.056177][T11618]  ? __lock_acquire+0xab9/0xd20
[  614.056210][T11618]  ? netlink_deliver_tap+0x2e/0x1b0
[  614.056235][T11618]  ? netlink_deliver_tap+0x2e/0x1b0
[  614.056261][T11618]  netlink_unicast+0x82f/0x9e0
[  614.056295][T11618]  ? __pfx_netlink_unicast+0x10/0x10
[  614.056321][T11618]  ? netlink_sendmsg+0x642/0xb30
[  614.056336][T11618]  ? skb_put+0x11b/0x210
[  614.056358][T11618]  netlink_sendmsg+0x805/0xb30
[  614.056387][T11618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  614.056409][T11618]  ? aa_sock_msg_perm+0xf1/0x1d0
[  614.056433][T11618]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  614.056449][T11618]  ? __pfx_netlink_sendmsg+0x10/0x10
[  614.056469][T11618]  __sock_sendmsg+0x21c/0x270
[  614.056497][T11618]  ____sys_sendmsg+0x505/0x830
[  614.056523][T11618]  ? __pfx_____sys_sendmsg+0x10/0x10
[  614.056552][T11618]  ? import_iovec+0x74/0xa0
[  614.056576][T11618]  ___sys_sendmsg+0x21f/0x2a0
[  614.056606][T11618]  ? __pfx____sys_sendmsg+0x10/0x10
[  614.056665][T11618]  ? __fget_files+0x2a/0x420
[  614.056682][T11618]  ? __fget_files+0x3a0/0x420
[  614.056710][T11618]  __x64_sys_sendmsg+0x19b/0x260
[  614.056732][T11618]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  614.056762][T11618]  ? __pfx_ksys_write+0x10/0x10
[  614.056790][T11618]  ? do_syscall_64+0xbe/0xfa0
[  614.056814][T11618]  do_syscall_64+0xfa/0xfa0
[  614.056831][T11618]  ? lockdep_hardirqs_on+0x9c/0x150
[  614.056849][T11618]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.056866][T11618]  ? clear_bhb_loop+0x60/0xb0
[  614.056886][T11618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.056903][T11618] RIP: 0033:0x7f0768f8eec9
[  614.056919][T11618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.056933][T11618] RSP: 002b:00007f0769e99038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  614.056953][T11618] RAX: ffffffffffffffda RBX: 00007f07691e5fa0 RCX: 00007f0768f8eec9
[  614.056965][T11618] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  614.056975][T11618] RBP: 00007f0769e99090 R08: 0000000000000000 R09: 0000000000000000
[  614.056986][T11618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  614.056995][T11618] R13: 00007f07691e6038 R14: 00007f07691e5fa0 R15: 00007ffc166154b8
[  614.057027][T11618]  </TASK>
[  615.384607][ T5233] udevd[5233]: worker [8335] /devices/virtual/block/nbd0 timeout; kill it
[  615.409533][ T5233] udevd[5233]: seq 14205 '/devices/virtual/block/nbd0' killed
[  615.683252][T11635] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  616.516948][ T5875] Bluetooth: hci3: unexpected event for opcode 0x0803
[  616.796680][T11641] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1588'.
[  617.424497][T11647] EXT4-fs: Ignoring removed mblk_io_submit option
[  617.451876][T11647] I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  617.470826][T11647] EXT4-fs (loop2): unable to read superblock
[  617.621706][ T5875] Bluetooth: hci0: ACL packet for unknown connection handle 201
[  618.891439][T11660] random: crng reseeded on system resumption
[  619.817891][  T983] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  619.826471][ T5994] usb 1-1: new low-speed USB device number 58 using dummy_hcd
[  620.626561][  T983] usb 2-1: Using ep0 maxpacket: 32
[  620.666608][  T983] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  620.674727][  T983] usb 2-1: config 0 has no interface number 0
[  620.680953][ T5994] usb 1-1: unable to get BOS descriptor or descriptor too short
[  620.690857][ T5994] usb 1-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1023, setting to 8
[  620.704267][ T5994] usb 1-1: config 1 interface 0 has no altsetting 0
[  620.733265][  T983] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  620.762033][  T983] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.771347][  T983] usb 2-1: Product: syz
[  620.775574][  T983] usb 2-1: Manufacturer: syz
[  620.780710][ T5994] usb 1-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice= 0.40
[  620.790193][ T5994] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.808368][  T983] usb 2-1: SerialNumber: syz
[  620.814031][ T5994] usb 1-1: Product: Т
[  620.818788][ T5994] usb 1-1: Manufacturer: ࠧ
[  620.823412][ T5994] usb 1-1: SerialNumber: 뚧ྍዳ駶跰趐쮕⧐끠镳a冋찟璗魐횡礖靬뤽ႍ閅쏍ⓜ冇ᖧﰀ䥹ᴘ㿚還㘧﮵喎ꎼ竚䞀柾纙涒ꇄ렛ꌟ⬫绁⡲福꿬鍜ぴ꟡➭ݬ푳䯍薀툄ㅲꄍ늺닳ῳ剰凋埤唧뀍ꗂ寎轘竭ₜひ貢泍ᰐ憘胿凡
[  620.886263][  T983] usb 2-1: config 0 descriptor??
[  620.918522][  T983] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  620.940096][T11666] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  621.456686][  T983] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  621.498261][ T5994] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input49
[  621.582484][ T5218] bcm5974 1-1:1.0: could not read from device
[  621.583743][  T983] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  621.632841][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  621.667096][ T5218] bcm5974 1-1:1.0: could not read from device
[  621.707770][ T5994] usb 1-1: USB disconnect, device number 58
[  621.733410][  T983] usb 2-1: USB disconnect, device number 30
[  621.795803][  T983] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  621.860793][  T983] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  621.905901][  T983] quatech2 2-1:0.51: device disconnected
[  622.018510][T11685] PKCS7: Unknown OID: [4] 0.38.107.217331280.32(bad)
[  622.025872][T11685] PKCS7: Only support pkcs7_signedData type
[  622.038939][T11685] delete_channel: no stack
[  622.972001][T11679] delete_channel: no stack
[  623.421064][ T5985] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  623.476040][ T5875] Bluetooth: hci2: unexpected event for opcode 0x0803
[  624.109755][ T5985] usb 5-1: Using ep0 maxpacket: 16
[  624.248270][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  624.260118][ T5985] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  624.270786][ T5985] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  624.347799][T11701] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  625.247622][ T5985] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  625.256859][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.322770][ T5985] usb 5-1: config 0 descriptor??
[  625.326226][T11700] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1606'.
[  625.387329][T11702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1606'.
[  625.995447][ T5985] usbhid 5-1:0.0: can't add hid device: -71
[  626.005548][ T5985] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  626.050234][ T5985] usb 5-1: USB disconnect, device number 42
[  626.779184][T11728] FAULT_INJECTION: forcing a failure.
[  626.779184][T11728] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  626.817860][T11728] CPU: 0 UID: 0 PID: 11728 Comm: syz.3.1614 Not tainted syzkaller #0 PREEMPT(full) 
[  626.817884][T11728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  626.817894][T11728] Call Trace:
[  626.817910][T11728]  <TASK>
[  626.817919][T11728]  dump_stack_lvl+0x189/0x250
[  626.817944][T11728]  ? __pfx____ratelimit+0x10/0x10
[  626.817962][T11728]  ? __pfx_dump_stack_lvl+0x10/0x10
[  626.817981][T11728]  ? __pfx__printk+0x10/0x10
[  626.818003][T11728]  ? __might_fault+0xb0/0x130
[  626.818038][T11728]  should_fail_ex+0x414/0x560
[  626.818065][T11728]  _copy_from_user+0x2d/0xb0
[  626.818085][T11728]  __sys_bpf+0x1ed/0x870
[  626.818108][T11728]  ? __pfx___sys_bpf+0x10/0x10
[  626.818141][T11728]  ? ksys_write+0x22a/0x250
[  626.818166][T11728]  ? __pfx_ksys_write+0x10/0x10
[  626.818195][T11728]  __x64_sys_bpf+0x7c/0x90
[  626.818214][T11728]  do_syscall_64+0xfa/0xfa0
[  626.818233][T11728]  ? lockdep_hardirqs_on+0x9c/0x150
[  626.818249][T11728]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.818263][T11728]  ? clear_bhb_loop+0x60/0xb0
[  626.818281][T11728]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  626.818295][T11728] RIP: 0033:0x7fd734d8eec9
[  626.818309][T11728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  626.818323][T11728] RSP: 002b:00007fd732ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  626.818345][T11728] RAX: ffffffffffffffda RBX: 00007fd734fe5fa0 RCX: 00007fd734d8eec9
[  626.818358][T11728] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011
[  626.818369][T11728] RBP: 00007fd732ff6090 R08: 0000000000000000 R09: 0000000000000000
[  626.818379][T11728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  626.818389][T11728] R13: 00007fd734fe6038 R14: 00007fd734fe5fa0 R15: 00007ffed7853b38
[  626.818428][T11728]  </TASK>
[  627.228505][ T5994] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  627.399949][ T5994] usb 2-1: Using ep0 maxpacket: 32
[  627.411147][ T5994] usb 2-1: config 0 has an invalid interface number: 84 but max is 1
[  627.428610][ T5994] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  627.510415][ T5994] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  627.677174][ T5994] usb 2-1: config 0 has no interface number 0
[  627.685917][T11732] ieee802154 phy0 wpan0: encryption failed: -22
[  627.723291][ T5994] usb 2-1: config 0 interface 84 altsetting 127 endpoint 0x2 has invalid wMaxPacketSize 0
[  627.735934][ T5994] usb 2-1: config 0 interface 84 altsetting 127 has 2 endpoint descriptors, different from the interface descriptor's value: 15
[  627.764926][ T5994] usb 2-1: config 0 interface 84 has no altsetting 0
[  627.851321][ T5994] usb 2-1: New USB device found, idVendor=05ac, idProduct=030b, bcdDevice=db.55
[  627.885133][ T5994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.895100][ T5994] usb 2-1: Product: syz
[  627.917488][ T5994] usb 2-1: Manufacturer: syz
[  627.942581][ T5985] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  627.943715][ T5994] usb 2-1: SerialNumber: syz
[  628.131462][ T5875] Bluetooth: hci1: unexpected event for opcode 0x0803
[  628.149849][ T5994] usb 2-1: config 0 descriptor??
[  628.218756][ T5985] usb 4-1: Using ep0 maxpacket: 32
[  628.260968][ T5985] usb 4-1: config 0 has an invalid interface number: 84 but max is 1
[  628.285453][ T5985] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  628.437616][ T5985] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2
[  628.607748][ T5985] usb 4-1: config 0 has no interface number 0
[  628.614611][ T5985] usb 4-1: config 0 interface 84 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 15
[  628.628311][ T5985] usb 4-1: config 0 interface 84 has no altsetting 0
[  628.641368][ T5985] usb 4-1: New USB device found, idVendor=05ac, idProduct=030b, bcdDevice=db.55
[  628.651192][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.659593][ T5985] usb 4-1: Product: syz
[  628.663811][ T5985] usb 4-1: Manufacturer: syz
[  629.361837][ T5985] usb 4-1: SerialNumber: syz
[  629.375395][ T5985] usb 4-1: config 0 descriptor??
[  629.870896][T11750] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  630.470723][ T5994] appletouch 2-1:0.84: Could not find int-in endpoint
[  630.533830][ T5994] appletouch 2-1:0.84: probe with driver appletouch failed with error -5
[  630.553666][ T5994] usbhid 2-1:0.84: couldn't find an input interrupt endpoint
[  630.584416][ T5994] usb 2-1: USB disconnect, device number 31
[  632.387118][ T5994] usb 4-1: USB disconnect, device number 42
[  633.534969][ T9217] block nbd0: Possible stuck request ffff888025995080: control (read@0,1024B). Runtime 210 seconds
[  633.546067][ T9217] block nbd0: Possible stuck request ffff888025995240: control (read@1024,1024B). Runtime 210 seconds
[  633.560900][T11774] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1626'.
[  633.590334][ T9217] block nbd0: Possible stuck request ffff888025995400: control (read@2048,1024B). Runtime 210 seconds
[  633.636180][ T9217] block nbd0: Possible stuck request ffff8880259955c0: control (read@3072,1024B). Runtime 210 seconds
[  635.602118][T11797] program syz.1.1634 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  636.343019][ T5985] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  636.400905][ T5994] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  636.516266][ T5985] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  636.534035][ T5985] usb 5-1: config 0 has no interfaces?
[  636.539976][ T5985] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  636.549580][ T5985] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  636.586697][ T5985] usb 5-1: config 0 descriptor??
[  636.611359][ T5994] usb 2-1: Using ep0 maxpacket: 8
[  636.704028][ T5994] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  636.722792][ T5994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.731693][ T5994] usb 2-1: Product: syz
[  636.736357][ T5994] usb 2-1: Manufacturer: syz
[  636.741043][ T5994] usb 2-1: SerialNumber: syz
[  636.751155][ T5994] usb 2-1: config 0 descriptor??
[  636.950116][ T5994] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  637.895164][T11804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  637.922941][T11804] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  638.021881][T11804] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1635'.
[  638.061711][ T5994] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  638.099629][ T5994] usb 2-1: USB disconnect, device number 32
[  638.190904][ T5985] usb 1-1: new full-speed USB device number 59 using dummy_hcd
[  638.964425][ T5985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  638.995370][ T5985] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  639.010056][ T5985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.107475][ T5985] usb 1-1: config 0 descriptor??
[  639.145475][T11830] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  640.470974][ T5985] elan 0003:04F3:0755.0006: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  640.882208][ T5985] usb 1-1: USB disconnect, device number 59
[  640.983824][T11856] fido_id[11856]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  641.372048][T11867] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  641.381571][T11867] MINIX-fs: unable to read superblock
[  641.699543][ T5985] usb 5-1: USB disconnect, device number 43
[  643.940139][T11899] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  644.222104][T11902] netlink: 'syz.2.1660': attribute type 21 has an invalid length.
[  644.360527][T11908] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.360912][T11908] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.591765][ T5985] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  644.622120][ T5994] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  644.884300][ T5994] usb 2-1: Using ep0 maxpacket: 8
[  644.889489][ T5985] usb 1-1: Using ep0 maxpacket: 8
[  645.402498][  T983] usb 5-1: new full-speed USB device number 44 using dummy_hcd
[  645.456581][ T5985] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  645.475895][ T5994] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  645.477809][ T5985] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  645.568001][ T5985] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.576351][ T5985] usb 1-1: Product: syz
[  645.580682][ T5985] usb 1-1: Manufacturer: syz
[  645.587347][ T5985] usb 1-1: SerialNumber: syz
[  645.593919][ T5994] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  645.605653][ T5994] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.606630][ T5985] usb 1-1: config 0 descriptor??
[  645.627552][ T5994] usb 2-1: Product: syz
[  645.683026][ T5985] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  645.691727][ T5985] usb 1-1: setting power ON
[  645.696402][ T5985] dvb-usb: bulk message failed: -22 (2/0)
[  645.703424][  T983] usb 5-1: not running at top speed; connect to a high speed hub
[  645.839353][ T5985] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  645.857841][ T5985] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  645.863638][ T5994] usb 2-1: Manufacturer: syz
[  645.871739][ T5985] usb 1-1: media controller created
[  645.877525][ T5994] usb 2-1: SerialNumber: syz
[  645.883511][  T983] usb 5-1: config 2 has an invalid interface number: 223 but max is 0
[  645.893778][  T983] usb 5-1: config 2 has no interface number 0
[  645.901499][  T983] usb 5-1: config 2 interface 223 has no altsetting 0
[  645.909777][ T5994] usb 2-1: config 0 descriptor??
[  645.930132][ T5994] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  645.939485][ T5994] usb 2-1: setting power ON
[  645.944598][ T5994] dvb-usb: bulk message failed: -22 (2/0)
[  645.951848][  T983] usb 5-1: New USB device found, idVendor=041e, idProduct=401d, bcdDevice=c5.bf
[  645.957512][ T5985] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  645.963600][  T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  645.978993][ T5994] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  645.992431][  T983] usb 5-1: Product: syz
[  645.997042][  T983] usb 5-1: Manufacturer: syz
[  646.011230][  T983] usb 5-1: SerialNumber: syz
[  646.048788][ T5985] usb 1-1: selecting invalid altsetting 6
[  646.049545][ T5994] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  646.054658][ T5985] usb 1-1: digital interface selection failed (-22)
[  646.065681][ T5994] usb 2-1: media controller created
[  646.105634][ T5985] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  646.119222][T11909] dvb-usb: bulk message failed: -22 (4/0)
[  646.121111][ T5994] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  646.144002][T11909] cxusb: i2c read failed
[  646.163701][ T5985] usb 1-1: setting power OFF
[  646.169210][ T5985] dvb-usb: bulk message failed: -22 (2/0)
[  646.188058][ T5985] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  646.206840][ T5985] (NULL device *): no alternate interface
[  646.215782][ T5994] usb 2-1: selecting invalid altsetting 6
[  646.243727][ T5994] usb 2-1: digital interface selection failed (-22)
[  646.258490][ T5994] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  646.278014][ T5994] usb 2-1: setting power OFF
[  646.282693][ T5994] dvb-usb: bulk message failed: -22 (2/0)
[  646.313592][ T5994] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  646.344263][ T5985] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  646.358536][ T5985] usb 1-1: USB disconnect, device number 60
[  646.447244][  T983] gspca_main: spca505-2.14.0 probing 041e:401d
[  646.467908][  T983] gspca_spca505: reg write: error -71
[  646.473422][  T983] spca505 5-1:2.223: probe with driver spca505 failed with error -5
[  647.025922][ T5994] (NULL device *): no alternate interface
[  647.044037][  T983] usb 5-1: USB disconnect, device number 44
[  647.221308][ T5994] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  647.297975][ T5994] usb 2-1: USB disconnect, device number 33
[  647.590637][T11942] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  647.808753][T11945] FAULT_INJECTION: forcing a failure.
[  647.808753][T11945] name failslab, interval 1, probability 0, space 0, times 0
[  647.821941][T11945] CPU: 1 UID: 0 PID: 11945 Comm: syz.4.1676 Not tainted syzkaller #0 PREEMPT(full) 
[  647.821965][T11945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  647.821982][T11945] Call Trace:
[  647.821990][T11945]  <TASK>
[  647.821998][T11945]  dump_stack_lvl+0x189/0x250
[  647.822023][T11945]  ? __pfx____ratelimit+0x10/0x10
[  647.822043][T11945]  ? __pfx_dump_stack_lvl+0x10/0x10
[  647.822064][T11945]  ? __pfx__printk+0x10/0x10
[  647.822092][T11945]  ? __pfx___might_resched+0x10/0x10
[  647.822120][T11945]  should_fail_ex+0x414/0x560
[  647.822148][T11945]  should_failslab+0xa8/0x100
[  647.822168][T11945]  __kmalloc_noprof+0xcb/0x7f0
[  647.822190][T11945]  ? kfree+0x4d/0x6d0
[  647.822208][T11945]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  647.822237][T11945]  tomoyo_realpath_from_path+0xe3/0x5d0
[  647.822259][T11945]  ? tomoyo_domain+0xd9/0x130
[  647.822285][T11945]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  647.822304][T11945]  tomoyo_path_number_perm+0x1e8/0x5a0
[  647.822324][T11945]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  647.822389][T11945]  ? __fget_files+0x2a/0x420
[  647.822411][T11945]  ? __fget_files+0x3a0/0x420
[  647.822426][T11945]  ? __fget_files+0x2a/0x420
[  647.822448][T11945]  security_file_ioctl+0xcb/0x2d0
[  647.822469][T11945]  __se_sys_ioctl+0x47/0x170
[  647.822494][T11945]  do_syscall_64+0xfa/0xfa0
[  647.822512][T11945]  ? lockdep_hardirqs_on+0x9c/0x150
[  647.822531][T11945]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.822548][T11945]  ? clear_bhb_loop+0x60/0xb0
[  647.822574][T11945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.822591][T11945] RIP: 0033:0x7f0768f8eec9
[  647.822606][T11945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.822620][T11945] RSP: 002b:00007f0769e99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  647.822639][T11945] RAX: ffffffffffffffda RBX: 00007f07691e5fa0 RCX: 00007f0768f8eec9
[  647.822652][T11945] RDX: 0000200000000380 RSI: 00000000c0d05605 RDI: 0000000000000003
[  647.822663][T11945] RBP: 00007f0769e99090 R08: 0000000000000000 R09: 0000000000000000
[  647.822673][T11945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.822683][T11945] R13: 00007f07691e6038 R14: 00007f07691e5fa0 R15: 00007ffc166154b8
[  647.822714][T11945]  </TASK>
[  647.822742][T11945] ERROR: Out of memory at tomoyo_realpath_from_path.
[  651.135459][ T5994] usb 1-1: new low-speed USB device number 61 using dummy_hcd
[  651.926068][ T5994] usb 1-1: Invalid ep0 maxpacket: 32
[  651.926119][ T3549] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0
[  651.951301][ T3549] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0
[  651.965788][ T3549] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0
[  651.983523][ T3549] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0
[  652.169303][T12002] FAULT_INJECTION: forcing a failure.
[  652.169303][T12002] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  652.183168][T12002] CPU: 1 UID: 0 PID: 12002 Comm: syz.4.1690 Not tainted syzkaller #0 PREEMPT(full) 
[  652.183193][T12002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  652.183204][T12002] Call Trace:
[  652.183211][T12002]  <TASK>
[  652.183218][T12002]  dump_stack_lvl+0x189/0x250
[  652.183243][T12002]  ? __pfx____ratelimit+0x10/0x10
[  652.183263][T12002]  ? __pfx_dump_stack_lvl+0x10/0x10
[  652.183283][T12002]  ? __pfx__printk+0x10/0x10
[  652.183305][T12002]  ? __might_fault+0xb0/0x130
[  652.183339][T12002]  should_fail_ex+0x414/0x560
[  652.183367][T12002]  copy_fpstate_to_sigframe+0xa8d/0xce0
[  652.183391][T12002]  ? copy_fpstate_to_sigframe+0x181/0xce0
[  652.183416][T12002]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[  652.183444][T12002]  ? ktime_get_with_offset+0x8c/0x2a0
[  652.183462][T12002]  ? ktime_get_with_offset+0x8c/0x2a0
[  652.183483][T12002]  ? __lock_acquire+0xab9/0xd20
[  652.183510][T12002]  ? fpu__alloc_mathframe+0xad/0x130
[  652.183533][T12002]  get_sigframe+0x58d/0x7d0
[  652.183559][T12002]  ? __pfx_get_sigframe+0x10/0x10
[  652.183584][T12002]  ? posixtimer_deliver_signal+0x305/0x410
[  652.183609][T12002]  x64_setup_rt_frame+0x15b/0xd40
[  652.183637][T12002]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.183662][T12002]  ? _raw_spin_unlock_irq+0x2e/0x50
[  652.183679][T12002]  ? get_signal+0x1150/0x1340
[  652.183708][T12002]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  652.183733][T12002]  ? arch_do_signal_or_restart+0x385/0x790
[  652.183758][T12002]  arch_do_signal_or_restart+0x3f1/0x790
[  652.183781][T12002]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  652.183823][T12002]  ? exit_to_user_mode_loop+0x40/0x130
[  652.183849][T12002]  exit_to_user_mode_loop+0x72/0x130
[  652.183870][T12002]  do_syscall_64+0x2bd/0xfa0
[  652.183888][T12002]  ? lockdep_hardirqs_on+0x9c/0x150
[  652.183906][T12002]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.183922][T12002]  ? clear_bhb_loop+0x60/0xb0
[  652.183942][T12002]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.183957][T12002] RIP: 0033:0x7f0768f8eec7
[  652.183982][T12002] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[  652.183996][T12002] RSP: 002b:00007f0769e99038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[  652.184014][T12002] RAX: 0000000000000013 RBX: 00007f07691e5fa0 RCX: 00007f0768f8eec9
[  652.184026][T12002] RDX: 0000000000000001 RSI: 0000200000001140 RDI: 0000000000000003
[  652.184037][T12002] RBP: 00007f0769e99090 R08: 0000000000000000 R09: 0000000000000000
[  652.184047][T12002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  652.184057][T12002] R13: 00007f07691e6038 R14: 00007f07691e5fa0 R15: 00007ffc166154b8
[  652.184087][T12002]  </TASK>
[  652.193646][ T5994] usb 1-1: new low-speed USB device number 62 using dummy_hcd
[  652.728532][ T5994] usb 1-1: Invalid ep0 maxpacket: 32
[  652.734895][ T5994] usb usb1-port1: attempt power cycle
[  653.190787][ T5994] usb 1-1: new low-speed USB device number 63 using dummy_hcd
[  653.805066][ T5994] usb 1-1: device not accepting address 63, error -71
[  655.033549][ T5985] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  655.299454][ T5985] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  655.542361][T12039] tmpfs: Unknown parameter 'overlay'
[  655.561971][ T5985] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  655.590187][ T5985] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  655.614615][ T5985] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  655.635658][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.656766][T12016] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  656.476862][T12048] openvswitch: netlink: Missing valid actions attribute.
[  656.484578][T12048] openvswitch: netlink: Actions may not be safe on all matching packets
[  656.667511][T12016] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.698436][T12016] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  658.384125][ T5994] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  658.557307][ T5985] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  658.741544][ T5985] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input50
[  658.994203][T12052] Bluetooth: hci4: command 0x0406 tx timeout
[  659.441839][ T5985] usb 2-1: USB disconnect, device number 34
[  659.447911][    C1] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  659.889377][ T5994] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  659.898514][ T5994] usb 5-1: config 0 has no interface number 0
[  659.918525][ T5994] usb 5-1: config 0 interface 41 has no altsetting 0
[  660.017412][ T5994] usb 5-1: string descriptor 0 read error: -71
[  660.039649][ T5994] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  660.126908][T12087] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  661.346391][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.399326][ T5994] usb 5-1: config 0 descriptor??
[  661.421869][ T5994] usb 5-1: can't set config #0, error -71
[  661.446877][ T5994] usb 5-1: USB disconnect, device number 45
[  661.490532][   T30] audit: type=1804 audit(1758562603.642:4): pid=12096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1716" name="/newroot/343/file0" dev="tmpfs" ino=1848 res=1 errno=0
[  662.174839][   T56] block nbd0: Possible stuck request ffff888025995080: control (read@0,1024B). Runtime 240 seconds
[  662.185982][   T56] block nbd0: Possible stuck request ffff888025995240: control (read@1024,1024B). Runtime 240 seconds
[  662.214652][   T56] block nbd0: Possible stuck request ffff888025995400: control (read@2048,1024B). Runtime 240 seconds
[  662.259904][   T56] block nbd0: Possible stuck request ffff8880259955c0: control (read@3072,1024B). Runtime 240 seconds
[  662.321582][T12126] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  662.335609][T12126] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  666.265804][T12157] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  666.298934][ T5985] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  666.847797][ T5985] usb 1-1: Using ep0 maxpacket: 32
[  667.058812][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  667.065957][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  667.162180][ T5985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  667.191547][ T5985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  667.205872][ T5985] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  667.215539][ T5985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  667.256568][ T5985] usb 1-1: config 0 descriptor??
[  667.871236][ T5985] ft260 0003:0403:6030.0007: unknown main item tag 0x7
[  668.311454][ T5985] ft260 0003:0403:6030.0007: chip code: 6424 8183
[  668.514707][ T5985] ft260 0003:0403:6030.0007: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.0-1/input0
[  668.724495][T12194] FAULT_INJECTION: forcing a failure.
[  668.724495][T12194] name failslab, interval 1, probability 0, space 0, times 0
[  668.738333][T12194] CPU: 0 UID: 0 PID: 12194 Comm: syz.4.1737 Not tainted syzkaller #0 PREEMPT(full) 
[  668.738357][T12194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  668.738369][T12194] Call Trace:
[  668.738376][T12194]  <TASK>
[  668.738385][T12194]  dump_stack_lvl+0x189/0x250
[  668.738411][T12194]  ? __pfx____ratelimit+0x10/0x10
[  668.738431][T12194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  668.738452][T12194]  ? __pfx__printk+0x10/0x10
[  668.738480][T12194]  ? __pfx___might_resched+0x10/0x10
[  668.738503][T12194]  ? fs_reclaim_acquire+0x7d/0x100
[  668.738525][T12194]  should_fail_ex+0x414/0x560
[  668.738553][T12194]  should_failslab+0xa8/0x100
[  668.738582][T12194]  __kvmalloc_node_noprof+0x158/0x910
[  668.738600][T12194]  ? alloc_netdev_mqs+0xa8/0x1200
[  668.738630][T12194]  alloc_netdev_mqs+0xa8/0x1200
[  668.738650][T12194]  ? __pfx_veth_setup+0x10/0x10
[  668.738675][T12194]  rtnl_create_link+0x31f/0xd10
[  668.738705][T12194]  rtnl_newlink_create+0x25c/0xb00
[  668.738732][T12194]  ? __lock_acquire+0xab9/0xd20
[  668.738759][T12194]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  668.738782][T12194]  ? __pfx___mutex_lock+0x10/0x10
[  668.738813][T12194]  ? ns_capable+0x8a/0xf0
[  668.738842][T12194]  rtnl_newlink+0x16d6/0x1c70
[  668.738881][T12194]  ? __pfx_rtnl_newlink+0x10/0x10
[  668.738900][T12194]  ? is_bpf_text_address+0x26/0x2b0
[  668.738928][T12194]  ? is_bpf_text_address+0x292/0x2b0
[  668.738949][T12194]  ? is_bpf_text_address+0x26/0x2b0
[  668.739039][T12194]  ? __lock_acquire+0xab9/0xd20
[  668.739088][T12194]  ? __pfx_rtnl_newlink+0x10/0x10
[  668.739106][T12194]  rtnetlink_rcv_msg+0x7cf/0xb70
[  668.739122][T12194]  ? __lock_acquire+0xab9/0xd20
[  668.739145][T12194]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  668.739161][T12194]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  668.739197][T12194]  netlink_rcv_skb+0x208/0x470
[  668.739214][T12194]  ? __lock_acquire+0xab9/0xd20
[  668.739235][T12194]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  668.739254][T12194]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  668.739283][T12194]  ? netlink_deliver_tap+0x2e/0x1b0
[  668.739310][T12194]  netlink_unicast+0x82f/0x9e0
[  668.739344][T12194]  ? __pfx_netlink_unicast+0x10/0x10
[  668.739370][T12194]  ? netlink_sendmsg+0x642/0xb30
[  668.739386][T12194]  ? skb_put+0x11b/0x210
[  668.739409][T12194]  netlink_sendmsg+0x805/0xb30
[  668.739438][T12194]  ? __pfx_netlink_sendmsg+0x10/0x10
[  668.739459][T12194]  ? aa_sock_msg_perm+0xf1/0x1d0
[  668.739484][T12194]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  668.739501][T12194]  ? __pfx_netlink_sendmsg+0x10/0x10
[  668.739521][T12194]  __sock_sendmsg+0x21c/0x270
[  668.739549][T12194]  ____sys_sendmsg+0x505/0x830
[  668.739582][T12194]  ? __pfx_____sys_sendmsg+0x10/0x10
[  668.739612][T12194]  ? import_iovec+0x74/0xa0
[  668.739635][T12194]  ___sys_sendmsg+0x21f/0x2a0
[  668.739658][T12194]  ? __pfx____sys_sendmsg+0x10/0x10
[  668.739719][T12194]  ? __fget_files+0x2a/0x420
[  668.739736][T12194]  ? __fget_files+0x3a0/0x420
[  668.739763][T12194]  __x64_sys_sendmsg+0x19b/0x260
[  668.739787][T12194]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  668.739818][T12194]  ? __pfx_ksys_write+0x10/0x10
[  668.739846][T12194]  ? do_syscall_64+0xbe/0xfa0
[  668.739870][T12194]  do_syscall_64+0xfa/0xfa0
[  668.739887][T12194]  ? lockdep_hardirqs_on+0x9c/0x150
[  668.739906][T12194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.739922][T12194]  ? clear_bhb_loop+0x60/0xb0
[  668.739943][T12194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.739960][T12194] RIP: 0033:0x7f0768f8eec9
[  668.739975][T12194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  668.739990][T12194] RSP: 002b:00007f0769e99038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  668.740009][T12194] RAX: ffffffffffffffda RBX: 00007f07691e5fa0 RCX: 00007f0768f8eec9
[  668.740021][T12194] RDX: 0000000020040044 RSI: 0000200000000080 RDI: 0000000000000003
[  668.740032][T12194] RBP: 00007f0769e99090 R08: 0000000000000000 R09: 0000000000000000
[  668.740043][T12194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  668.740053][T12194] R13: 00007f07691e6038 R14: 00007f07691e5fa0 R15: 00007ffc166154b8
[  668.740085][T12194]  </TASK>
[  669.201879][T12195] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  669.211733][T12195] MINIX-fs: unable to read superblock
[  670.465257][T12206] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  671.710625][ T5985] ft260 0003:0403:6030.0007: failed to retrieve status: -71
[  671.733096][ T5985] ft260 0003:0403:6030.0007: failed to reset I2C controller: -71
[  671.891293][ T5985] usb 1-1: USB disconnect, device number 65
[  673.509473][T12237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1752'.
[  673.520815][T12237] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1752'.
[  673.531441][T12237] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1752'.
[  673.541078][T12237] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1752'.
[  673.958082][T12252] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  675.317350][T12256] kvm: kvm [12255]: vcpu128, guest rIP: 0xfff0 Unhandled RDMSR(0x40000076)
[  675.373606][T12261] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  677.597673][T12284] ALSA: mixer_oss: invalid OSS volume ''
[  678.035614][T12292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1766'.
[  678.375002][ T5985] usb 5-1: new low-speed USB device number 46 using dummy_hcd
[  678.530155][ T5985] usb 5-1: unable to get BOS descriptor or descriptor too short
[  678.540687][ T5985] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1023, setting to 8
[  678.552657][ T5985] usb 5-1: config 1 interface 0 has no altsetting 0
[  678.582111][ T5985] usb 5-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice= 0.40
[  678.592069][ T5985] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.600821][ T5985] usb 5-1: Manufacturer: ࠧ
[  678.677726][T12295] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  678.894304][ T5985] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input51
[  678.923560][ T5218] bcm5974 5-1:1.0: could not read from device
[  678.936699][ T5218] bcm5974 5-1:1.0: could not read from device
[  679.079604][ T5985] usb 5-1: USB disconnect, device number 46
[  679.092999][ T5218] bcm5974 5-1:1.0: could not read from device
[  679.100498][ T5218] bcm5974 5-1:1.0: could not read from device
[  679.835912][T12314] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  680.469951][T12326] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1774'.
[  681.813174][ T5875] Bluetooth: hci4: unexpected event for opcode 0x0803
[  684.511739][T12357] syz_tun: entered allmulticast mode
[  684.727567][T12355] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1784'.
[  684.741954][T12354] syz_tun: left allmulticast mode
[  685.612715][T12370] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  687.230050][T12369] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1786'.
[  687.241392][T12375] FAULT_INJECTION: forcing a failure.
[  687.241392][T12375] name failslab, interval 1, probability 0, space 0, times 0
[  687.268704][T12375] CPU: 0 UID: 0 PID: 12375 Comm: syz.1.1788 Not tainted syzkaller #0 PREEMPT(full) 
[  687.268727][T12375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  687.268737][T12375] Call Trace:
[  687.268744][T12375]  <TASK>
[  687.268751][T12375]  dump_stack_lvl+0x189/0x250
[  687.268774][T12375]  ? __pfx____ratelimit+0x10/0x10
[  687.268799][T12375]  ? __pfx_dump_stack_lvl+0x10/0x10
[  687.268817][T12375]  ? __pfx__printk+0x10/0x10
[  687.268838][T12375]  ? __pfx___might_resched+0x10/0x10
[  687.268859][T12375]  ? fs_reclaim_acquire+0x7d/0x100
[  687.268879][T12375]  should_fail_ex+0x414/0x560
[  687.268904][T12375]  should_failslab+0xa8/0x100
[  687.268921][T12375]  __kmalloc_cache_noprof+0x6f/0x6f0
[  687.268944][T12375]  ? ipv6_add_addr+0x530/0x1090
[  687.268971][T12375]  ipv6_add_addr+0x530/0x1090
[  687.268995][T12375]  ? __pfx_ipv6_add_addr+0x10/0x10
[  687.269028][T12375]  inet6_addr_add+0x387/0xc00
[  687.269058][T12375]  ? __pfx_inet6_addr_add+0x10/0x10
[  687.269082][T12375]  ? ipv6_get_ifaddr+0x1ea/0x790
[  687.269105][T12375]  ? ipv6_get_ifaddr+0x69c/0x790
[  687.269124][T12375]  ? ipv6_get_ifaddr+0x1ea/0x790
[  687.269142][T12375]  ? __pfx_ipv6_get_ifaddr+0x10/0x10
[  687.269164][T12375]  ? lockdep_rtnl_is_held+0x26/0x40
[  687.269187][T12375]  inet6_rtm_newaddr+0x93d/0xd20
[  687.269216][T12375]  ? __pfx_inet6_rtm_newaddr+0x10/0x10
[  687.269264][T12375]  ? __pfx_inet6_rtm_newaddr+0x10/0x10
[  687.269283][T12375]  rtnetlink_rcv_msg+0x7cf/0xb70
[  687.269299][T12375]  ? __lock_acquire+0xab9/0xd20
[  687.269322][T12375]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  687.269337][T12375]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  687.269372][T12375]  netlink_rcv_skb+0x208/0x470
[  687.269390][T12375]  ? __lock_acquire+0xab9/0xd20
[  687.269410][T12375]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  687.269428][T12375]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  687.269453][T12375]  ? netlink_deliver_tap+0x2e/0x1b0
[  687.269477][T12375]  netlink_unicast+0x82f/0x9e0
[  687.269507][T12375]  ? __pfx_netlink_unicast+0x10/0x10
[  687.269532][T12375]  ? netlink_sendmsg+0x642/0xb30
[  687.269547][T12375]  ? skb_put+0x11b/0x210
[  687.269569][T12375]  netlink_sendmsg+0x805/0xb30
[  687.269596][T12375]  ? __pfx_netlink_sendmsg+0x10/0x10
[  687.269618][T12375]  ? aa_sock_msg_perm+0xf1/0x1d0
[  687.269646][T12375]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  687.269663][T12375]  ? __pfx_netlink_sendmsg+0x10/0x10
[  687.269681][T12375]  __sock_sendmsg+0x21c/0x270
[  687.269709][T12375]  ____sys_sendmsg+0x505/0x830
[  687.269735][T12375]  ? __pfx_____sys_sendmsg+0x10/0x10
[  687.269766][T12375]  ? import_iovec+0x74/0xa0
[  687.269788][T12375]  ___sys_sendmsg+0x21f/0x2a0
[  687.269817][T12375]  ? __pfx____sys_sendmsg+0x10/0x10
[  687.269875][T12375]  ? __fget_files+0x2a/0x420
[  687.269891][T12375]  ? __fget_files+0x3a0/0x420
[  687.269919][T12375]  __x64_sys_sendmsg+0x19b/0x260
[  687.269942][T12375]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  687.269973][T12375]  ? __pfx_ksys_write+0x10/0x10
[  687.270000][T12375]  ? do_syscall_64+0xbe/0xfa0
[  687.270025][T12375]  do_syscall_64+0xfa/0xfa0
[  687.270043][T12375]  ? lockdep_hardirqs_on+0x9c/0x150
[  687.270061][T12375]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.270078][T12375]  ? clear_bhb_loop+0x60/0xb0
[  687.270098][T12375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.270113][T12375] RIP: 0033:0x7f75e2b8eec9
[  687.270129][T12375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  687.270144][T12375] RSP: 002b:00007f75e0df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  687.270161][T12375] RAX: ffffffffffffffda RBX: 00007f75e2de5fa0 RCX: 00007f75e2b8eec9
[  687.270174][T12375] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  687.270183][T12375] RBP: 00007f75e0df6090 R08: 0000000000000000 R09: 0000000000000000
[  687.270194][T12375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  687.270204][T12375] R13: 00007f75e2de6038 R14: 00007f75e2de5fa0 R15: 00007ffef442a5c8
[  687.270236][T12375]  </TASK>
[  688.077685][T12389] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1787'.
[  688.207205][ T5985] usb 2-1: new low-speed USB device number 35 using dummy_hcd
[  689.098134][T12397] FAULT_INJECTION: forcing a failure.
[  689.098134][T12397] name failslab, interval 1, probability 0, space 0, times 0
[  689.123328][T12397] CPU: 0 UID: 0 PID: 12397 Comm: syz.3.1794 Not tainted syzkaller #0 PREEMPT(full) 
[  689.123351][T12397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  689.123361][T12397] Call Trace:
[  689.123368][T12397]  <TASK>
[  689.123375][T12397]  dump_stack_lvl+0x189/0x250
[  689.123398][T12397]  ? __pfx____ratelimit+0x10/0x10
[  689.123417][T12397]  ? __pfx_dump_stack_lvl+0x10/0x10
[  689.123436][T12397]  ? __pfx__printk+0x10/0x10
[  689.123462][T12397]  ? rcu_is_watching+0x15/0xb0
[  689.123489][T12397]  should_fail_ex+0x414/0x560
[  689.123515][T12397]  should_failslab+0xa8/0x100
[  689.123534][T12397]  kmem_cache_alloc_node_noprof+0x77/0x710
[  689.123568][T12397]  ? __alloc_skb+0x112/0x2d0
[  689.123583][T12397]  ? hci_sock_sendmsg+0x549/0xef0
[  689.123608][T12397]  __alloc_skb+0x112/0x2d0
[  689.123629][T12397]  hci_mgmt_cmd+0x1ca/0xef0
[  689.123650][T12397]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  689.123690][T12397]  hci_sock_sendmsg+0x6ca/0xef0
[  689.123716][T12397]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  689.123736][T12397]  ? aa_sock_msg_perm+0xf1/0x1d0
[  689.123757][T12397]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  689.123771][T12397]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  689.123788][T12397]  __sock_sendmsg+0x21c/0x270
[  689.123805][T12397]  sock_write_iter+0x279/0x360
[  689.123820][T12397]  ? __pfx_sock_write_iter+0x10/0x10
[  689.123840][T12397]  ? bpf_lsm_file_permission+0x9/0x20
[  689.123850][T12397]  ? security_file_permission+0x75/0x290
[  689.123871][T12397]  vfs_write+0x5c9/0xb30
[  689.123898][T12397]  ? __pfx_sock_write_iter+0x10/0x10
[  689.123920][T12397]  ? __pfx_vfs_write+0x10/0x10
[  689.123943][T12397]  ? __fget_files+0x2a/0x420
[  689.123958][T12397]  ksys_write+0x145/0x250
[  689.123973][T12397]  ? __pfx_ksys_write+0x10/0x10
[  689.123989][T12397]  ? do_syscall_64+0xbe/0xfa0
[  689.124004][T12397]  do_syscall_64+0xfa/0xfa0
[  689.124014][T12397]  ? lockdep_hardirqs_on+0x9c/0x150
[  689.124025][T12397]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.124034][T12397]  ? clear_bhb_loop+0x60/0xb0
[  689.124045][T12397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.124055][T12397] RIP: 0033:0x7fd734d8eec9
[  689.124064][T12397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.124073][T12397] RSP: 002b:00007fd732ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  689.124084][T12397] RAX: ffffffffffffffda RBX: 00007fd734fe5fa0 RCX: 00007fd734d8eec9
[  689.124091][T12397] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000005
[  689.124097][T12397] RBP: 00007fd732ff6090 R08: 0000000000000000 R09: 0000000000000000
[  689.124103][T12397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  689.124109][T12397] R13: 00007fd734fe6038 R14: 00007fd734fe5fa0 R15: 00007ffed7853b38
[  689.124127][T12397]  </TASK>
[  689.415552][ T5985] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  689.425946][ T5985] usb 2-1: config 0 has no interface number 0
[  689.434029][ T5985] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  689.458142][ T5985] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 8224, setting to 8
[  690.012786][ T5985] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  690.034554][ T5985] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  690.046076][ T5985] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  690.067156][ T5985] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  690.080575][ T5985] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  690.091092][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.262455][ T5985] usb 2-1: config 0 descriptor??
[  690.493858][T12383] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  690.519584][T12383] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  690.571267][ T5985] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  690.678409][T12411] FAULT_INJECTION: forcing a failure.
[  690.678409][T12411] name failslab, interval 1, probability 0, space 0, times 0
[  690.691662][T12411] CPU: 1 UID: 0 PID: 12411 Comm: syz.0.1798 Not tainted syzkaller #0 PREEMPT(full) 
[  690.691686][T12411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  690.691697][T12411] Call Trace:
[  690.691704][T12411]  <TASK>
[  690.691712][T12411]  dump_stack_lvl+0x189/0x250
[  690.691737][T12411]  ? __pfx____ratelimit+0x10/0x10
[  690.691756][T12411]  ? __pfx_dump_stack_lvl+0x10/0x10
[  690.691776][T12411]  ? __pfx__printk+0x10/0x10
[  690.691797][T12411]  ? __pfx___might_resched+0x10/0x10
[  690.691818][T12411]  ? fs_reclaim_acquire+0x7d/0x100
[  690.691839][T12411]  should_fail_ex+0x414/0x560
[  690.691862][T12411]  should_failslab+0xa8/0x100
[  690.691880][T12411]  __kmalloc_cache_noprof+0x6f/0x6f0
[  690.691903][T12411]  ? dev_ethtool+0x126/0x19c0
[  690.691928][T12411]  dev_ethtool+0x126/0x19c0
[  690.691949][T12411]  ? __lock_acquire+0xab9/0xd20
[  690.691981][T12411]  ? __pfx_dev_ethtool+0x10/0x10
[  690.692012][T12411]  ? dev_load+0x21/0x1f0
[  690.692031][T12411]  ? dev_load+0x21/0x1f0
[  690.692047][T12411]  dev_ioctl+0x392/0x1150
[  690.692063][T12411]  sock_do_ioctl+0x22c/0x300
[  690.692089][T12411]  ? __pfx_sock_do_ioctl+0x10/0x10
[  690.692125][T12411]  sock_ioctl+0x576/0x790
[  690.692147][T12411]  ? __pfx_sock_ioctl+0x10/0x10
[  690.692171][T12411]  ? __fget_files+0x3a0/0x420
[  690.692188][T12411]  ? __fget_files+0x2a/0x420
[  690.692205][T12411]  ? bpf_lsm_file_ioctl+0x9/0x20
[  690.692234][T12411]  ? __pfx_sock_ioctl+0x10/0x10
[  690.692252][T12411]  __se_sys_ioctl+0xfc/0x170
[  690.692274][T12411]  do_syscall_64+0xfa/0xfa0
[  690.692291][T12411]  ? lockdep_hardirqs_on+0x9c/0x150
[  690.692308][T12411]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.692323][T12411]  ? clear_bhb_loop+0x60/0xb0
[  690.692342][T12411]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  690.692356][T12411] RIP: 0033:0x7ff5dd58eec9
[  690.692372][T12411] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  690.692385][T12411] RSP: 002b:00007ff5de446038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  690.692401][T12411] RAX: ffffffffffffffda RBX: 00007ff5dd7e5fa0 RCX: 00007ff5dd58eec9
[  690.692413][T12411] RDX: 00002000000002c0 RSI: 0000000000008946 RDI: 0000000000000003
[  690.692425][T12411] RBP: 00007ff5de446090 R08: 0000000000000000 R09: 0000000000000000
[  690.692435][T12411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.692444][T12411] R13: 00007ff5dd7e6038 R14: 00007ff5dd7e5fa0 R15: 00007ffe71af1528
[  690.692471][T12411]  </TASK>
[  690.947321][   T56] block nbd0: Possible stuck request ffff888025995080: control (read@0,1024B). Runtime 270 seconds
[  690.958690][   T56] block nbd0: Possible stuck request ffff888025995240: control (read@1024,1024B). Runtime 270 seconds
[  690.970105][   T56] block nbd0: Possible stuck request ffff888025995400: control (read@2048,1024B). Runtime 270 seconds
[  690.981830][   T56] block nbd0: Possible stuck request ffff8880259955c0: control (read@3072,1024B). Runtime 270 seconds
[  691.017196][  T983] usb 2-1: USB disconnect, device number 35
[  691.139948][  T983] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  691.330164][T12420] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  691.821601][T12419] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1801'.
[  692.379197][T12419] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  693.922311][T12439] dvmrp1: tun_chr_ioctl cmd 1074025677
[  693.928054][T12439] dvmrp1: linktype set to 6
[  694.205587][ T5994] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  694.733531][ T5994] usb 1-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice= e.32
[  694.824773][ T5994] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.889620][ T5994] usb 1-1: Product: syz
[  694.924193][ T5994] usb 1-1: Manufacturer: syz
[  694.954713][ T5994] usb 1-1: SerialNumber: syz
[  695.009587][ T5994] usb 1-1: config 0 descriptor??
[  695.040266][ T5994] pwc: Logitech/Cisco VT Camera webcam detected.
[  695.236531][T12434] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  695.301564][ T5994] pwc: Failed to set LED on/off time (-71)
[  695.984239][T12466] digital: digital_start_poll: Unknown protocol
[  695.989681][ T5994] pwc: send_video_command error -71
[  696.002272][T12466] openvswitch: netlink: nsh attr 4 is out of range max 3
[  696.012277][ T5994] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  696.020755][T12466] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  696.055371][T12466] hfs: Bad value for 'file_umask'
[  696.060722][ T5994] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  696.145991][ T5994] usb 1-1: USB disconnect, device number 66
[  698.455159][T12491] FAULT_INJECTION: forcing a failure.
[  698.455159][T12491] name failslab, interval 1, probability 0, space 0, times 0
[  698.490504][T12491] CPU: 1 UID: 0 PID: 12491 Comm: syz.4.1820 Not tainted syzkaller #0 PREEMPT(full) 
[  698.490520][T12491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  698.490527][T12491] Call Trace:
[  698.490532][T12491]  <TASK>
[  698.490538][T12491]  dump_stack_lvl+0x189/0x250
[  698.490554][T12491]  ? __pfx____ratelimit+0x10/0x10
[  698.490567][T12491]  ? __pfx_dump_stack_lvl+0x10/0x10
[  698.490579][T12491]  ? __pfx__printk+0x10/0x10
[  698.490595][T12491]  ? __pfx___might_resched+0x10/0x10
[  698.490609][T12491]  ? fs_reclaim_acquire+0x7d/0x100
[  698.490622][T12491]  should_fail_ex+0x414/0x560
[  698.490644][T12491]  should_failslab+0xa8/0x100
[  698.490658][T12491]  __kmalloc_cache_noprof+0x6f/0x6f0
[  698.490673][T12491]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  698.490687][T12491]  ? genl_start+0x1c9/0x6c0
[  698.490703][T12491]  genl_start+0x1c9/0x6c0
[  698.490716][T12491]  ? netlink_lookup+0x30/0x200
[  698.490729][T12491]  __netlink_dump_start+0x469/0x7e0
[  698.490745][T12491]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  698.490761][T12491]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  698.490773][T12491]  ? genl_get_cmd+0x67f/0x910
[  698.490789][T12491]  ? __pfx_genl_start+0x10/0x10
[  698.490801][T12491]  ? __pfx_genl_dumpit+0x10/0x10
[  698.490812][T12491]  ? __pfx_genl_done+0x10/0x10
[  698.490832][T12491]  ? stack_trace_save+0x9c/0xe0
[  698.490846][T12491]  genl_rcv_msg+0x5da/0x790
[  698.490863][T12491]  ? __pfx_genl_rcv_msg+0x10/0x10
[  698.490875][T12491]  ? __pfx_ethnl_default_start+0x10/0x10
[  698.490887][T12491]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  698.490897][T12491]  ? __pfx_ethnl_default_done+0x10/0x10
[  698.490916][T12491]  netlink_rcv_skb+0x208/0x470
[  698.490926][T12491]  ? __lock_acquire+0xab9/0xd20
[  698.490940][T12491]  ? __pfx_genl_rcv_msg+0x10/0x10
[  698.490954][T12491]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  698.490975][T12491]  ? down_read+0x1ad/0x2e0
[  698.490990][T12491]  genl_rcv+0x28/0x40
[  698.491002][T12491]  netlink_unicast+0x82f/0x9e0
[  698.491023][T12491]  ? __pfx_netlink_unicast+0x10/0x10
[  698.491039][T12491]  ? netlink_sendmsg+0x642/0xb30
[  698.491048][T12491]  ? skb_put+0x11b/0x210
[  698.491062][T12491]  netlink_sendmsg+0x805/0xb30
[  698.491078][T12491]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.491091][T12491]  ? aa_sock_msg_perm+0xf1/0x1d0
[  698.491106][T12491]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  698.491117][T12491]  ? __pfx_netlink_sendmsg+0x10/0x10
[  698.491128][T12491]  __sock_sendmsg+0x21c/0x270
[  698.491145][T12491]  ____sys_sendmsg+0x505/0x830
[  698.491161][T12491]  ? __pfx_____sys_sendmsg+0x10/0x10
[  698.491178][T12491]  ? import_iovec+0x74/0xa0
[  698.491192][T12491]  ___sys_sendmsg+0x21f/0x2a0
[  698.491205][T12491]  ? __pfx____sys_sendmsg+0x10/0x10
[  698.491238][T12491]  ? __fget_files+0x2a/0x420
[  698.491248][T12491]  ? __fget_files+0x3a0/0x420
[  698.491272][T12491]  __x64_sys_sendmsg+0x19b/0x260
[  698.491292][T12491]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  698.491318][T12491]  ? __pfx_ksys_write+0x10/0x10
[  698.491347][T12491]  ? do_syscall_64+0xbe/0xfa0
[  698.491372][T12491]  do_syscall_64+0xfa/0xfa0
[  698.491390][T12491]  ? lockdep_hardirqs_on+0x9c/0x150
[  698.491417][T12491]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.491435][T12491]  ? clear_bhb_loop+0x60/0xb0
[  698.491457][T12491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.491474][T12491] RIP: 0033:0x7f0768f8eec9
[  698.491491][T12491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  698.491506][T12491] RSP: 002b:00007f0769e99038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  698.491525][T12491] RAX: ffffffffffffffda RBX: 00007f07691e5fa0 RCX: 00007f0768f8eec9
[  698.491539][T12491] RDX: 0000000020040000 RSI: 00002000000001c0 RDI: 0000000000000005
[  698.491551][T12491] RBP: 00007f0769e99090 R08: 0000000000000000 R09: 0000000000000000
[  698.491562][T12491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  698.491573][T12491] R13: 00007f07691e6038 R14: 00007f07691e5fa0 R15: 00007ffc166154b8
[  698.491606][T12491]  </TASK>
[  698.883114][    C1] vkms_vblank_simulate: vblank timer overrun
[  699.662718][ T5985] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  699.945489][ T5985] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  699.984736][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.013366][ T5985] usb 4-1: Product: syz
[  700.202939][T12496] binder: 12493:12496 ioctl c0306201 0 returned -14
[  700.323892][ T5985] usb 4-1: Manufacturer: syz
[  700.527954][ T5985] usb 4-1: SerialNumber: syz
[  700.686973][ T5985] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  700.709295][   T24] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  701.279242][ T5985] usb 4-1: USB disconnect, device number 43
[  702.021354][   T24] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  702.028546][   T24] ath9k_htc: Failed to initialize the device
[  702.035704][ T5985] usb 4-1: ath9k_htc: USB layer deinitialized
[  702.081185][T12521] syzkaller1: tun_chr_ioctl cmd 1074025677
[  702.087712][T12521] syzkaller1: linktype set to 778
[  704.800713][T12558] smc: net device bond0 applied user defined pnetid SYZ0
[  705.028419][T12565] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1837'.
[  705.037450][T12565] bridge_slave_1: left allmulticast mode
[  705.043147][T12565] bridge_slave_1: left promiscuous mode
[  705.049201][T12565] bridge0: port 2(bridge_slave_1) entered disabled state
[  705.074910][T12565] bridge_slave_0: left allmulticast mode
[  705.081168][T12565] bridge_slave_0: left promiscuous mode
[  705.087277][T12565] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.454472][ T5994] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  705.684810][ T5994] usb 1-1: config 0 has too many interfaces: 204, using maximum allowed: 32
[  705.864126][ T5994] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 204
[  706.438501][ T5994] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  706.568725][ T5994] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  706.579384][ T5994] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  706.593039][ T5994] usb 1-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[  706.654070][ T5994] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  707.085102][ T5994] usb 1-1: config 0 descriptor??
[  708.203693][ T5994] input: HID 28bd:0909 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:28BD:0909.0008/input/input52
[  708.604666][ T5994] uclogic 0003:28BD:0909.0008: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0909] on usb-dummy_hcd.0-1/input0
[  708.751805][ T5994] usb 1-1: USB disconnect, device number 67
[  711.520699][T12634] binder: 12631:12634 ioctl c0306201 0 returned -14
[  712.020598][T12628] gtp0: entered promiscuous mode
[  712.298497][T12648] netlink: 'syz.3.1862': attribute type 2 has an invalid length.
[  712.417218][T12648] : entered promiscuous mode
[  712.754417][T12658] syzkaller1: tun_chr_ioctl cmd 1074025677
[  712.761395][T12658] syzkaller1: linktype set to 778
[  714.216257][ T5985] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  714.965447][ T5994] usb 5-1: new full-speed USB device number 47 using dummy_hcd
[  715.054275][ T5985] usb 2-1: Using ep0 maxpacket: 32
[  715.065126][ T5985] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  715.092637][ T5985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.127995][ T5985] usb 2-1: config 0 descriptor??
[  715.142180][ T5985] gspca_main: nw80x-2.14.0 probing 055f:d001
[  715.163178][ T5994] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  715.195023][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  715.281694][ T5994] usb 5-1: Product: syz
[  715.315204][T12052] Bluetooth: hci2: unexpected event for opcode 0x0803
[  715.321636][ T5994] usb 5-1: Manufacturer: syz
[  715.391671][ T5994] usb 5-1: SerialNumber: syz
[  715.542237][ T5994] usb 5-1: config 0 descriptor??
[  716.123324][ T5994] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  716.781992][T12694] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  716.791557][T12694] MINIX-fs: unable to read superblock
[  717.919904][ T5985] usb 2-1: USB disconnect, device number 36
[  718.113989][ T5994] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110
[  718.724629][T12706] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  718.742572][T12706] MINIX-fs: unable to read superblock
[  718.939080][ T5875] Bluetooth: hci4: command 0x0406 tx timeout
[  719.030926][ T5994] usb 5-1: USB disconnect, device number 47
[  720.190400][T12426] block nbd0: Possible stuck request ffff888025995080: control (read@0,1024B). Runtime 300 seconds
[  720.201669][T12426] block nbd0: Possible stuck request ffff888025995240: control (read@1024,1024B). Runtime 300 seconds
[  720.213212][T12426] block nbd0: Possible stuck request ffff888025995400: control (read@2048,1024B). Runtime 300 seconds
[  720.276865][T12426] block nbd0: Possible stuck request ffff8880259955c0: control (read@3072,1024B). Runtime 300 seconds
[  721.906947][T12735] FAULT_INJECTION: forcing a failure.
[  721.906947][T12735] name failslab, interval 1, probability 0, space 0, times 0
[  721.937391][T12731] syzkaller1: tun_chr_ioctl cmd 1074025677
[  721.944225][T12731] syzkaller1: linktype set to 778
[  722.019305][T12735] CPU: 0 UID: 0 PID: 12735 Comm: syz.3.1885 Not tainted syzkaller #0 PREEMPT(full) 
[  722.019330][T12735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  722.019342][T12735] Call Trace:
[  722.019351][T12735]  <TASK>
[  722.019360][T12735]  dump_stack_lvl+0x189/0x250
[  722.019387][T12735]  ? __pfx____ratelimit+0x10/0x10
[  722.019407][T12735]  ? __pfx_dump_stack_lvl+0x10/0x10
[  722.019427][T12735]  ? __pfx__printk+0x10/0x10
[  722.019453][T12735]  ? __pfx___might_resched+0x10/0x10
[  722.019477][T12735]  ? fs_reclaim_acquire+0x7d/0x100
[  722.019501][T12735]  should_fail_ex+0x414/0x560
[  722.019530][T12735]  should_failslab+0xa8/0x100
[  722.019549][T12735]  __kmalloc_cache_noprof+0x6f/0x6f0
[  722.019568][T12735]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  722.019588][T12735]  ? genl_start+0x1c9/0x6c0
[  722.019617][T12735]  genl_start+0x1c9/0x6c0
[  722.019638][T12735]  ? netlink_lookup+0x30/0x200
[  722.019664][T12735]  __netlink_dump_start+0x469/0x7e0
[  722.019693][T12735]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[  722.019721][T12735]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  722.019743][T12735]  ? genl_get_cmd+0x67f/0x910
[  722.019767][T12735]  ? __pfx___mutex_lock+0x10/0x10
[  722.019790][T12735]  ? __pfx_genl_start+0x10/0x10
[  722.019810][T12735]  ? __pfx_genl_dumpit+0x10/0x10
[  722.019829][T12735]  ? __pfx_genl_done+0x10/0x10
[  722.019858][T12735]  ? stack_trace_save+0x9c/0xe0
[  722.019882][T12735]  genl_rcv_msg+0x5da/0x790
[  722.019909][T12735]  ? __pfx_genl_rcv_msg+0x10/0x10
[  722.019927][T12735]  ? __pfx_tipc_nl_node_dump_monitor_peer+0x10/0x10
[  722.019965][T12735]  netlink_rcv_skb+0x208/0x470
[  722.019980][T12735]  ? __lock_acquire+0xab9/0xd20
[  722.020001][T12735]  ? __pfx_genl_rcv_msg+0x10/0x10
[  722.020023][T12735]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  722.020061][T12735]  ? down_read+0x1ad/0x2e0
[  722.020086][T12735]  genl_rcv+0x28/0x40
[  722.020106][T12735]  netlink_unicast+0x82f/0x9e0
[  722.020140][T12735]  ? __pfx_netlink_unicast+0x10/0x10
[  722.020167][T12735]  ? netlink_sendmsg+0x642/0xb30
[  722.020190][T12735]  ? skb_put+0x11b/0x210
[  722.020212][T12735]  netlink_sendmsg+0x805/0xb30
[  722.020240][T12735]  ? __pfx_netlink_sendmsg+0x10/0x10
[  722.020261][T12735]  ? aa_sock_msg_perm+0xf1/0x1d0
[  722.020285][T12735]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  722.020302][T12735]  ? __pfx_netlink_sendmsg+0x10/0x10
[  722.020322][T12735]  __sock_sendmsg+0x21c/0x270
[  722.020351][T12735]  ____sys_sendmsg+0x505/0x830
[  722.020378][T12735]  ? __pfx_____sys_sendmsg+0x10/0x10
[  722.020410][T12735]  ? import_iovec+0x74/0xa0
[  722.020432][T12735]  ___sys_sendmsg+0x21f/0x2a0
[  722.020456][T12735]  ? __pfx____sys_sendmsg+0x10/0x10
[  722.020518][T12735]  ? __fget_files+0x2a/0x420
[  722.020535][T12735]  ? __fget_files+0x3a0/0x420
[  722.020565][T12735]  __x64_sys_sendmsg+0x19b/0x260
[  722.020590][T12735]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  722.020620][T12735]  ? __pfx_ksys_write+0x10/0x10
[  722.020649][T12735]  ? do_syscall_64+0xbe/0xfa0
[  722.020673][T12735]  do_syscall_64+0xfa/0xfa0
[  722.020691][T12735]  ? lockdep_hardirqs_on+0x9c/0x150
[  722.020711][T12735]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.020728][T12735]  ? clear_bhb_loop+0x60/0xb0
[  722.020748][T12735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.020765][T12735] RIP: 0033:0x7fd734d8eec9
[  722.020781][T12735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.020796][T12735] RSP: 002b:00007fd732ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  722.020814][T12735] RAX: ffffffffffffffda RBX: 00007fd734fe5fa0 RCX: 00007fd734d8eec9
[  722.020826][T12735] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000005
[  722.020836][T12735] RBP: 00007fd732ff6090 R08: 0000000000000000 R09: 0000000000000000
[  722.020845][T12735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  722.020855][T12735] R13: 00007fd734fe6038 R14: 00007fd734fe5fa0 R15: 00007ffed7853b38
[  722.020885][T12735]  </TASK>
[  723.254754][   T24] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  723.485600][   T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  723.507451][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 1088, setting to 1024
[  723.528824][   T24] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  723.615755][   T24] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  723.638096][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.694226][   T24] usb 2-1: Product: syz
[  723.722514][   T24] usb 2-1: Manufacturer: syz
[  723.727473][   T24] usb 2-1: SerialNumber: syz
[  723.840333][   T24] usb 2-1: config 0 descriptor??
[  723.855939][T12737] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  723.863346][T12737] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  723.946755][T12752] bridge0: entered allmulticast mode
[  723.955590][T12752] bridge_slave_1: left allmulticast mode
[  723.964489][T12752] bridge_slave_1: left promiscuous mode
[  723.973006][T12752] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.029012][T12752] 
: left allmulticast mode
[  724.034210][T12752] 
: left promiscuous mode
[  724.036217][T12755] digital: digital_start_poll: Unknown protocol
[  724.039402][T12752] bridge0: port 1(
) entered disabled state
[  724.065379][T12737] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  724.082982][T12737] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  724.155163][T12761] overlayfs: failed to clone upperpath
[  724.579344][T12767] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  725.167051][   T24] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  725.205283][   T24] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  725.268132][   T24] usb 2-1: USB disconnect, device number 37
[  725.435424][T12776] FAULT_INJECTION: forcing a failure.
[  725.435424][T12776] name failslab, interval 1, probability 0, space 0, times 0
[  725.450031][T12776] CPU: 0 UID: 0 PID: 12776 Comm: syz.4.1898 Not tainted syzkaller #0 PREEMPT(full) 
[  725.450056][T12776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  725.450067][T12776] Call Trace:
[  725.450077][T12776]  <TASK>
[  725.450087][T12776]  dump_stack_lvl+0x189/0x250
[  725.450112][T12776]  ? irqentry_exit+0x74/0x90
[  725.450135][T12776]  ? __pfx_dump_stack_lvl+0x10/0x10
[  725.450169][T12776]  ? dump_stack+0x9/0x20
[  725.450197][T12776]  should_fail_ex+0x414/0x560
[  725.450225][T12776]  should_failslab+0xa8/0x100
[  725.450245][T12776]  __kvmalloc_node_noprof+0x158/0x910
[  725.450265][T12776]  ? traverse+0xde/0x580
[  725.450297][T12776]  traverse+0xde/0x580
[  725.450324][T12776]  ? __fget_files+0x2a/0x420
[  725.450340][T12776]  ? __fget_files+0x3a0/0x420
[  725.450357][T12776]  ? __fget_files+0x2a/0x420
[  725.450377][T12776]  seq_lseek+0x134/0x260
[  725.450404][T12776]  __x64_sys_lseek+0x14f/0x1e0
[  725.450430][T12776]  do_syscall_64+0xfa/0xfa0
[  725.450452][T12776]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.450469][T12776]  ? asm_sysvec_call_function_single+0x1a/0x20
[  725.450486][T12776]  ? clear_bhb_loop+0x60/0xb0
[  725.450508][T12776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.450525][T12776] RIP: 0033:0x7f0768f8eec9
[  725.450542][T12776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  725.450561][T12776] RSP: 002b:00007f0769e78038 EFLAGS: 00000246 ORIG_RAX: 0000000000000008
[  725.450581][T12776] RAX: ffffffffffffffda RBX: 00007f07691e6090 RCX: 00007f0768f8eec9
[  725.450595][T12776] RDX: 0000000000000000 RSI: 0000000001000000 RDI: 0000000000000009
[  725.450606][T12776] RBP: 00007f0769e78090 R08: 0000000000000000 R09: 0000000000000000
[  725.450617][T12776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.450628][T12776] R13: 00007f07691e6128 R14: 00007f07691e6090 R15: 00007ffc166154b8
[  725.450662][T12776]  </TASK>
[  725.747165][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  725.754577][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  728.335746][T12812] netlink: 'syz.1.1907': attribute type 12 has an invalid length.
[  728.345276][T12812] netlink: 9472 bytes leftover after parsing attributes in process `syz.1.1907'.
[  729.090496][T12825] syzkaller1: tun_chr_ioctl cmd 1074025677
[  729.097642][T12825] syzkaller1: linktype set to 778
[  729.627388][T12826] netlink: 'syz.3.1910': attribute type 10 has an invalid length.
[  729.646145][T12826] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1910'.
[  729.661922][T12826] team0: entered promiscuous mode
[  729.700866][T12826] team_slave_0: entered promiscuous mode
[  729.743008][T12826] team_slave_1: entered promiscuous mode
[  729.748845][T12826] team0: entered allmulticast mode
[  729.767523][T12826] team_slave_0: entered allmulticast mode
[  729.774220][T12826] team_slave_1: entered allmulticast mode
[  729.799842][T12826] 8021q: adding VLAN 0 to HW filter on device team0
[  729.809253][T12826] bridge0: port 3(team0) entered blocking state
[  729.815878][T12826] bridge0: port 3(team0) entered disabled state
[  730.813104][T12849] 9pnet_fd: Insufficient options for proto=fd
[  731.436809][T12847] 8021q: adding VLAN 0 to HW filter on device bond0
[  731.501392][T12847] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  731.657578][T12052] Bluetooth: hci0: unexpected event for opcode 0x1405
[  731.705623][T12853] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1915'.
[  731.847100][   T36] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  731.983012][T12858] netlink: 'syz.2.1919': attribute type 10 has an invalid length.
[  732.058486][   T36] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  732.074790][ T5985] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  732.109382][   T36] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  732.152570][   T36] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  732.217672][ T5985] usb 1-1: device descriptor read/64, error -71
[  732.224698][T12860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1920'.
[  732.600648][ T5985] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  732.711836][T12872] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1925'.
[  732.723496][T12872] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1925'.
[  732.741883][ T5985] usb 1-1: device descriptor read/64, error -71
[  732.856115][ T5985] usb usb1-port1: attempt power cycle
[  732.929356][T12877] pimreg: entered allmulticast mode
[  732.936740][T12877] pimreg: left allmulticast mode
[  732.958097][T12878] fuse: Bad value for 'fd'
[  733.326428][T12882] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1928'.
[  733.338237][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1929'.
[  733.347818][T12885] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1929'.
[  733.378263][ T5985] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  733.418638][ T5985] usb 1-1: device descriptor read/8, error -71
[  733.889865][ T5985] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  734.281292][ T5985] usb 1-1: device descriptor read/8, error -71
[  734.617270][ T5985] usb usb1-port1: unable to enumerate USB device
[  734.979306][T12924] kvm: pic: non byte write
[  735.198874][ T5875] Bluetooth: hci4: command 0x0406 tx timeout
[  736.285035][ T5994] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  736.436009][T12959] binder: BINDER_SET_CONTEXT_MGR already set
[  736.443497][T12959] binder: 12957:12959 ioctl 4018620d 200000004a80 returned -16
[  736.468105][T12959] binder: 12957:12959 ioctl c0306201 0 returned -14
[  736.563394][ T5994] usb 4-1: Using ep0 maxpacket: 16
[  736.762688][ T5994] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  736.787170][ T5994] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  736.826546][ T5994] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  736.854868][ T5994] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  736.864961][ T5994] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.018843][ T5994] usb 4-1: Product: syz
[  737.018867][ T5994] usb 4-1: Manufacturer: syz
[  737.018889][ T5994] usb 4-1: SerialNumber: syz
[  737.374100][ T5994] usb 4-1: 0:2 : does not exist
[  737.393656][ T5994] usb 4-1: USB disconnect, device number 44
[  737.433123][ T9377] udevd[9377]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  737.494201][  T983] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  737.647962][  T983] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  737.661343][  T983] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  737.775732][  T983] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  737.804068][  T983] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  737.909380][  T983] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.197560][T12965] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  738.400063][T12965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  738.412108][T12965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  738.596806][T12990] netlink: 'syz.2.1960': attribute type 1 has an invalid length.
[  738.654509][T12990] 8021q: adding VLAN 0 to HW filter on device bond1
[  738.698248][T12994] bond1: (slave geneve2): making interface the new active one
[  738.711534][T12994] bond1: (slave geneve2): Enslaving as an active interface with an up link
[  738.722453][ T3549] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  738.734673][ T3549] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  738.799333][ T3549] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  738.824796][ T3549] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  739.212794][  T983] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  739.257123][  T983] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input54
[  739.385718][  T983] usb 2-1: USB disconnect, device number 38
[  739.392119][    C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
[  739.666629][T13007] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  739.677127][T13007] MINIX-fs: unable to read superblock
[  741.821289][T13022] bfs: Unknown parameter '18446744073709551615'
[  742.713421][T13021] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  742.721741][T13021] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  742.730837][T13021] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  742.739009][T13021] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  742.809858][  T983] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  743.227942][  T983] usb 1-1: Using ep0 maxpacket: 32
[  743.245729][  T983] usb 1-1: config 0 has an invalid interface number: 84 but max is 1
[  743.259470][  T983] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  743.280120][  T983] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  743.327850][  T983] usb 1-1: config 0 has no interface number 0
[  743.342359][  T983] usb 1-1: config 0 interface 84 altsetting 127 has 2 endpoint descriptors, different from the interface descriptor's value: 15
[  743.390918][  T983] usb 1-1: config 0 interface 84 has no altsetting 0
[  743.405691][  T983] usb 1-1: New USB device found, idVendor=05ac, idProduct=030b, bcdDevice=db.55
[  743.441077][  T983] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.454070][T13032] journal_path: Lookup failure for './bus'
[  743.466813][  T983] usb 1-1: Product: syz
[  743.474356][  T983] usb 1-1: Manufacturer: syz
[  743.504234][  T983] usb 1-1: SerialNumber: syz
[  743.509072][T13032] EXT4-fs: error: could not find journal device path
[  743.518677][ T6146] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  743.519215][  T983] usb 1-1: config 0 descriptor??
[  743.706484][ T6146] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  743.715900][ T6146] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  744.219329][ T6146] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  744.342483][   T24] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  744.393300][T13038] overlayfs: failed to clone upperpath
[  744.422595][T13038] overlayfs: failed to clone lowerpath
[  744.445626][T13040] netlink: 'syz.4.1976': attribute type 10 has an invalid length.
[  744.514349][   T24] usb 2-1: Using ep0 maxpacket: 8
[  744.538552][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  744.546001][T13044] binder: 13041:13044 ioctl c0306201 0 returned -14
[  744.555060][   T24] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  744.860788][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.966621][   T24] usb 2-1: config 0 descriptor??
[  744.976653][T13040] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  745.188130][   T24] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  745.334380][T13053] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  746.058725][  T983] appletouch 1-1:0.84: Could not find int-in endpoint
[  746.109547][  T983] appletouch 1-1:0.84: probe with driver appletouch failed with error -5
[  749.654719][  T983] usbhid 1-1:0.84: couldn't find an input interrupt endpoint
[  749.668721][T12426] block nbd0: Possible stuck request ffff888025995080: control (read@0,1024B). Runtime 330 seconds
[  749.679859][T12426] block nbd0: Possible stuck request ffff888025995240: control (read@1024,1024B). Runtime 330 seconds
[  749.691577][T12426] block nbd0: Possible stuck request ffff888025995400: control (read@2048,1024B). Runtime 330 seconds
[  749.702853][T12426] block nbd0: Possible stuck request ffff8880259955c0: control (read@3072,1024B). Runtime 330 seconds
[  749.724027][ T5994] usb 2-1: USB disconnect, device number 39
[  749.737295][  T983] usb 1-1: USB disconnect, device number 72
[  750.285139][T13081] NILFS (loop3): device size too small
[  751.151194][ T5994] usb 4-1: new low-speed USB device number 45 using dummy_hcd
[  751.327373][ T5994] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  751.346149][ T5994] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.422499][ T5994] usb 4-1: config 0 descriptor??
[  752.035908][ T5994] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  752.048937][ T5994] asix 4-1:0.0: probe with driver asix failed with error -61
[  754.081731][   T24] usb 4-1: USB disconnect, device number 45
[  754.801296][T13142] lo speed is unknown, defaulting to 1000
[  754.810206][T13142] lo speed is unknown, defaulting to 1000
[  754.828969][T13142] lo speed is unknown, defaulting to 1000
[  754.884988][T13142] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  754.950141][T13143] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  754.960021][T13143] FAT-fs (loop3): unable to read boot sector
[  755.001704][T13142] lo speed is unknown, defaulting to 1000
[  755.019927][T13142] lo speed is unknown, defaulting to 1000
[  755.037792][T13142] lo speed is unknown, defaulting to 1000
[  755.053792][T13142] lo speed is unknown, defaulting to 1000
[  755.072059][T13142] lo speed is unknown, defaulting to 1000
[  755.368680][T13147] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  755.959365][   T24] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  756.286293][   T24] usb 4-1: Using ep0 maxpacket: 8
[  756.354064][   T24] usb 4-1: no configurations
[  756.380257][   T24] usb 4-1: can't read configurations, error -22
[  756.625366][T13158] sctp: [Deprecated]: syz.4.2008 (pid 13158) Use of struct sctp_assoc_value in delayed_ack socket option.
[  756.625366][T13158] Use struct sctp_sack_info instead
[  756.686780][   T24] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  756.857986][   T24] usb 4-1: Using ep0 maxpacket: 8
[  756.875120][   T24] usb 4-1: no configurations
[  756.883190][   T24] usb 4-1: can't read configurations, error -22
[  757.382725][   T24] usb usb4-port1: attempt power cycle
[  757.743834][   T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  757.772969][   T24] usb 4-1: Using ep0 maxpacket: 8
[  757.779352][   T24] usb 4-1: no configurations
[  757.785026][   T24] usb 4-1: can't read configurations, error -22
[  757.934319][   T24] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  757.973543][   T24] usb 4-1: Using ep0 maxpacket: 8
[  757.981030][   T24] usb 4-1: no configurations
[  757.990636][   T24] usb 4-1: can't read configurations, error -22
[  757.999608][   T24] usb usb4-port1: unable to enumerate USB device
[  759.012973][T13213] FAULT_INJECTION: forcing a failure.
[  759.012973][T13213] name failslab, interval 1, probability 0, space 0, times 0
[  759.026331][T13213] CPU: 0 UID: 0 PID: 13213 Comm: syz.3.2023 Not tainted syzkaller #0 PREEMPT(full) 
[  759.026356][T13213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  759.026367][T13213] Call Trace:
[  759.026374][T13213]  <TASK>
[  759.026382][T13213]  dump_stack_lvl+0x189/0x250
[  759.026408][T13213]  ? __pfx____ratelimit+0x10/0x10
[  759.026428][T13213]  ? __pfx_dump_stack_lvl+0x10/0x10
[  759.026447][T13213]  ? __pfx__printk+0x10/0x10
[  759.026474][T13213]  ? __pfx___might_resched+0x10/0x10
[  759.026502][T13213]  should_fail_ex+0x414/0x560
[  759.026538][T13213]  should_failslab+0xa8/0x100
[  759.026558][T13213]  kmem_cache_alloc_node_noprof+0x77/0x710
[  759.026581][T13213]  ? __alloc_skb+0x112/0x2d0
[  759.026606][T13213]  __alloc_skb+0x112/0x2d0
[  759.026629][T13213]  netlink_ack+0x146/0xa50
[  759.026645][T13213]  ? __pfx_genl_rcv_msg+0x10/0x10
[  759.026686][T13213]  netlink_rcv_skb+0x28c/0x470
[  759.026703][T13213]  ? __lock_acquire+0xab9/0xd20
[  759.026726][T13213]  ? __pfx_genl_rcv_msg+0x10/0x10
[  759.026750][T13213]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  759.026787][T13213]  ? down_read+0x1ad/0x2e0
[  759.026812][T13213]  genl_rcv+0x28/0x40
[  759.026832][T13213]  netlink_unicast+0x82f/0x9e0
[  759.026866][T13213]  ? __pfx_netlink_unicast+0x10/0x10
[  759.026892][T13213]  ? netlink_sendmsg+0x642/0xb30
[  759.026908][T13213]  ? skb_put+0x11b/0x210
[  759.026930][T13213]  netlink_sendmsg+0x805/0xb30
[  759.026959][T13213]  ? __pfx_netlink_sendmsg+0x10/0x10
[  759.026982][T13213]  ? aa_sock_msg_perm+0xf1/0x1d0
[  759.027006][T13213]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  759.027024][T13213]  ? __pfx_netlink_sendmsg+0x10/0x10
[  759.027044][T13213]  __sock_sendmsg+0x21c/0x270
[  759.027072][T13213]  ____sys_sendmsg+0x505/0x830
[  759.027099][T13213]  ? __pfx_____sys_sendmsg+0x10/0x10
[  759.027130][T13213]  ? import_iovec+0x74/0xa0
[  759.027153][T13213]  ___sys_sendmsg+0x21f/0x2a0
[  759.027176][T13213]  ? __pfx____sys_sendmsg+0x10/0x10
[  759.027236][T13213]  ? __fget_files+0x2a/0x420
[  759.027253][T13213]  ? __fget_files+0x3a0/0x420
[  759.027282][T13213]  __x64_sys_sendmsg+0x19b/0x260
[  759.027306][T13213]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  759.027342][T13213]  ? __pfx_ksys_write+0x10/0x10
[  759.027371][T13213]  ? do_syscall_64+0xbe/0xfa0
[  759.027395][T13213]  do_syscall_64+0xfa/0xfa0
[  759.027413][T13213]  ? lockdep_hardirqs_on+0x9c/0x150
[  759.027432][T13213]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  759.027449][T13213]  ? clear_bhb_loop+0x60/0xb0
[  759.027470][T13213]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  759.027487][T13213] RIP: 0033:0x7fd734d8eec9
[  759.027504][T13213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  759.027526][T13213] RSP: 002b:00007fd732ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  759.027547][T13213] RAX: ffffffffffffffda RBX: 00007fd734fe5fa0 RCX: 00007fd734d8eec9
[  759.027560][T13213] RDX: 0000000000000014 RSI: 0000200000000000 RDI: 0000000000000004
[  759.027571][T13213] RBP: 00007fd732ff6090 R08: 0000000000000000 R09: 0000000000000000
[  759.027582][T13213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  759.027593][T13213] R13: 00007fd734fe6038 R14: 00007fd734fe5fa0 R15: 00007ffed7853b38
[  759.027625][T13213]  </TASK>
[  759.474268][T13219] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  759.484450][T13219] MINIX-fs: unable to read superblock
[  759.759319][T13217] kAFS: No cell specified
[  759.857123][T13211] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  760.022708][T13232] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  760.064546][T13231] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2028'.
[  762.153941][  T983] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  762.297690][  T983] usb 5-1: Using ep0 maxpacket: 8
[  762.541339][  T983] usb 5-1: config index 0 descriptor too short (expected 30, got 18)
[  762.550533][  T983] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  762.567891][  T983] usb 5-1: config 0 has no interfaces?
[  762.579149][  T983] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  762.592121][  T983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.602841][T13252] FAULT_INJECTION: forcing a failure.
[  762.602841][T13252] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  762.610022][  T983] usb 5-1: Product: syz
[  762.616861][T13252] CPU: 1 UID: 0 PID: 13252 Comm: syz.0.2037 Not tainted syzkaller #0 PREEMPT(full) 
[  762.616884][T13252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  762.616895][T13252] Call Trace:
[  762.616902][T13252]  <TASK>
[  762.616911][T13252]  dump_stack_lvl+0x189/0x250
[  762.616936][T13252]  ? __pfx____ratelimit+0x10/0x10
[  762.616955][T13252]  ? __pfx_dump_stack_lvl+0x10/0x10
[  762.616975][T13252]  ? __pfx__printk+0x10/0x10
[  762.617010][T13252]  should_fail_ex+0x414/0x560
[  762.617037][T13252]  _copy_to_user+0x31/0xb0
[  762.617057][T13252]  bpf_test_finish+0x56f/0x700
[  762.617085][T13252]  ? __pfx_bpf_test_finish+0x10/0x10
[  762.617106][T13252]  ? bpf_test_timer_leave+0x10b/0x150
[  762.617130][T13252]  bpf_prog_test_run_flow_dissector+0x44e/0x5c0
[  762.617185][T13252]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  762.617207][T13252]  ? __fget_files+0x2a/0x420
[  762.617231][T13252]  ? __fget_files+0x2a/0x420
[  762.617258][T13252]  ? __pfx_bpf_prog_test_run_flow_dissector+0x10/0x10
[  762.617278][T13252]  bpf_prog_test_run+0x2c7/0x340
[  762.617308][T13252]  __sys_bpf+0x581/0x870
[  762.617331][T13252]  ? __pfx___sys_bpf+0x10/0x10
[  762.617363][T13252]  ? ksys_write+0x22a/0x250
[  762.617389][T13252]  ? __pfx_ksys_write+0x10/0x10
[  762.617417][T13252]  __x64_sys_bpf+0x7c/0x90
[  762.617436][T13252]  do_syscall_64+0xfa/0xfa0
[  762.617454][T13252]  ? lockdep_hardirqs_on+0x9c/0x150
[  762.617473][T13252]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  762.617490][T13252]  ? clear_bhb_loop+0x60/0xb0
[  762.617510][T13252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  762.617525][T13252] RIP: 0033:0x7ff5dd58eec9
[  762.617541][T13252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  762.617556][T13252] RSP: 002b:00007ff5de446038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  762.617573][T13252] RAX: ffffffffffffffda RBX: 00007ff5dd7e5fa0 RCX: 00007ff5dd58eec9
[  762.617586][T13252] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[  762.617597][T13252] RBP: 00007ff5de446090 R08: 0000000000000000 R09: 0000000000000000
[  762.617607][T13252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  762.617618][T13252] R13: 00007ff5dd7e6038 R14: 00007ff5dd7e5fa0 R15: 00007ffe71af1528
[  762.617647][T13252]  </TASK>
[  763.049796][  T983] usb 5-1: Manufacturer: syz
[  763.056638][  T983] usb 5-1: SerialNumber: syz
[  763.235034][  T983] usb 5-1: config 0 descriptor??
[  763.365638][   T31] INFO: task udevd:8335 blocked for more than 143 seconds.
[  763.696734][   T31]       Not tainted syzkaller #0
[  763.706019][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  763.724622][   T31] task:udevd           state:D stack:21896 pid:8335  tgid:8335  ppid:5233   task_flags:0x400140 flags:0x00080003
[  763.736947][   T31] Call Trace:
[  763.740257][   T31]  <TASK>
[  763.743198][   T31]  __schedule+0x1798/0x4cc0
[  763.748692][   T31]  ? __pfx___schedule+0x10/0x10
[  763.753644][   T31]  ? schedule+0x91/0x360
[  763.758085][   T31]  schedule+0x165/0x360
[  763.762337][   T31]  io_schedule+0x80/0xd0
[  763.766805][   T31]  folio_wait_bit_common+0x6b0/0xb80
[  763.772302][   T31]  ? __pfx_folio_wait_bit_common+0x10/0x10
[  763.778341][   T31]  ? __pfx_wake_page_function+0x10/0x10
[  763.784073][   T31]  ? __filemap_get_folio+0x6d0/0xaf0
[  763.789441][   T31]  ? do_read_cache_folio+0x4e9/0x590
[  763.794839][   T31]  do_read_cache_folio+0x1aa/0x590
[  763.800142][   T31]  ? __pfx_blkdev_read_folio+0x10/0x10
[  763.805914][   T31]  read_part_sector+0xb6/0x2b0
[  763.810793][   T31]  adfspart_check_POWERTEC+0x8c/0xf30
[  763.816254][   T31]  ? __pfx_adfspart_check_ICS+0x10/0x10
[  763.822615][   T31]  ? __pfx_adfspart_check_POWERTEC+0x10/0x10
[  763.828705][   T31]  bdev_disk_changed+0x75f/0x14b0
[  763.834098][   T31]  ? __pfx_bdev_disk_changed+0x10/0x10
[  763.839692][   T31]  ? wait_on_inode+0xc0/0x230
[  763.844433][   T31]  blkdev_get_whole+0x380/0x510
[  763.849536][   T31]  bdev_open+0x31e/0xd30
[  763.853838][   T31]  blkdev_open+0x457/0x600
[  763.858843][   T31]  ? __pfx_blkdev_open+0x10/0x10
[  763.863842][   T31]  do_dentry_open+0x953/0x13f0
[  763.868736][   T31]  vfs_open+0x3b/0x340
[  763.872877][   T31]  ? path_openat+0x2ecd/0x3830
[  763.877817][   T31]  path_openat+0x2ee5/0x3830
[  763.882516][   T31]  ? __pfx_path_openat+0x10/0x10
[  763.887778][   T31]  do_filp_open+0x1fa/0x410
[  763.892374][   T31]  ? __lock_acquire+0xab9/0xd20
[  763.897397][   T31]  ? __pfx_do_filp_open+0x10/0x10
[  763.902495][   T31]  ? _raw_spin_unlock+0x28/0x50
[  763.907726][   T31]  ? alloc_fd+0x64c/0x6c0
[  763.909201][  T983] usb 5-1: USB disconnect, device number 48
[  763.912148][   T31]  do_sys_openat2+0x121/0x1c0
[  763.923048][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[  763.931810][   T31]  __x64_sys_openat+0x138/0x170
[  763.939736][   T31]  do_syscall_64+0xfa/0xfa0
[  763.944873][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  763.950224][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.956635][   T31]  ? clear_bhb_loop+0x60/0xb0
[  763.961383][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  763.967405][   T31] RIP: 0033:0x7f06ceca7407
[  763.971867][   T31] RSP: 002b:00007fff12181670 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  763.980537][   T31] RAX: ffffffffffffffda RBX: 00007f06cf358880 RCX: 00007f06ceca7407
[  763.988839][   T31] RDX: 00000000000a0800 RSI: 000055b12cbf4a20 RDI: ffffffffffffff9c
[  763.997064][   T31] RBP: 000055b12cbe1910 R08: 0000000000000000 R09: 0000000000000000
[  764.005148][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 000055b12cbf4e20
[  764.013607][   T31] R13: 000055b12cbef190 R14: 0000000000000000 R15: 000055b12cbf4e20
[  764.021798][   T31]  </TASK>
[  764.024905][   T31] 
[  764.024905][   T31] Showing all locks held in the system:
[  764.033018][   T31] 1 lock held by khungtaskd/31:
[  764.037988][   T31]  #0: ffffffff8e33d260 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  764.048219][   T31] 2 locks held by kworker/u8:2/36:
[  764.053591][   T31]  #0: ffff8881466ad148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  764.065716][   T31]  #1: ffffc90000ac7ba0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  764.097980][   T31] 3 locks held by kworker/0:2/983:
[  764.103434][   T31]  #0: ffff888020aa4548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  764.116379][   T31]  #1: ffffc90003b3fba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  764.128674][   T31]  #2: ffff888144bf0198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  764.138840][   T31] 2 locks held by getty/5619:
[  764.143551][   T31]  #0: ffff88803457e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  764.153957][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  764.164762][   T31] 1 lock held by syz-executor/5846:
[  764.170052][   T31]  #0: ffff8880b863a018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140
[  764.180353][   T31] 3 locks held by kworker/0:7/5994:
[  764.185983][   T31]  #0: ffff88813fe81948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  764.197404][   T31]  #1: ffffc9000b46fba0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  764.208653][   T31]  #2: ffffffff8e342cf8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  764.222054][   T31] 1 lock held by udevd/8335:
[  764.226707][   T31]  #0: ffff888142f7b358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  764.237002][   T31] 
[  764.239348][   T31] =============================================
[  764.239348][   T31] 
[  764.256912][   T31] NMI backtrace for cpu 0
[  764.256933][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  764.256950][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  764.256960][   T31] Call Trace:
[  764.256970][   T31]  <TASK>
[  764.256996][   T31]  dump_stack_lvl+0x189/0x250
[  764.257020][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  764.257032][   T31]  ? __pfx__printk+0x10/0x10
[  764.257060][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  764.257084][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  764.257103][   T31]  ? __pfx__printk+0x10/0x10
[  764.257118][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  764.257133][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  764.257149][   T31]  watchdog+0xf60/0xfa0
[  764.257165][   T31]  ? watchdog+0x1e2/0xfa0
[  764.257180][   T31]  kthread+0x711/0x8a0
[  764.257193][   T31]  ? __pfx_watchdog+0x10/0x10
[  764.257205][   T31]  ? __pfx_kthread+0x10/0x10
[  764.257216][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  764.257228][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  764.257238][   T31]  ? __pfx_kthread+0x10/0x10
[  764.257249][   T31]  ret_from_fork+0x4bc/0x870
[  764.257265][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  764.257282][   T31]  ? __switch_to_asm+0x39/0x70
[  764.257327][   T31]  ? __switch_to_asm+0x33/0x70
[  764.257339][   T31]  ? __pfx_kthread+0x10/0x10
[  764.257350][   T31]  ret_from_fork_asm+0x1a/0x30
[  764.257371][   T31]  </TASK>
[  764.257375][   T31] Sending NMI from CPU 0 to CPUs 1:
[  764.406600][    C1] NMI backtrace for cpu 1
[  764.406632][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 PREEMPT(full) 
[  764.406651][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  764.406662][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[  764.406688][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 4a 23 00 f3 0f 1e fa fb f4 <e9> c8 e6 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[  764.406703][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[  764.406718][    C1] RAX: 67df5abf6e0d0400 RBX: ffffffff8196a2b7 RCX: 67df5abf6e0d0400
[  764.406731][    C1] RDX: 0000000000000001 RSI: ffffffff8dba2d53 RDI: ffffffff8c03aa60
[  764.406743][    C1] RBP: ffffc90000197f10 R08: ffff8880b8732fdb R09: 1ffff110170e65fb
[  764.406756][    C1] R10: dffffc0000000000 R11: ffffed10170e65fc R12: ffffffff8fc39670
[  764.406769][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a52b58
[  764.406780][    C1] FS:  0000000000000000(0000) GS:ffff888125ae7000(0000) knlGS:0000000000000000
[  764.406794][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  764.406806][    C1] CR2: 0000555582e315c8 CR3: 0000000024cec000 CR4: 00000000003526f0
[  764.406821][    C1] Call Trace:
[  764.406831][    C1]  <TASK>
[  764.406838][    C1]  default_idle+0x13/0x20
[  764.406859][    C1]  default_idle_call+0x73/0xb0
[  764.406882][    C1]  do_idle+0x1e7/0x510
[  764.406908][    C1]  ? __pfx_do_idle+0x10/0x10
[  764.406938][    C1]  cpu_startup_entry+0x44/0x60
[  764.406959][    C1]  start_secondary+0x101/0x110
[  764.406979][    C1]  common_startup_64+0x13e/0x147
[  764.407006][    C1]  </TASK>
[  764.407841][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  764.575904][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  764.585010][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  764.595070][   T31] Call Trace:
[  764.598345][   T31]  <TASK>
[  764.601273][   T31]  dump_stack_lvl+0x99/0x250
[  764.605871][   T31]  ? __asan_memcpy+0x40/0x70
[  764.610461][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  764.615657][   T31]  ? __pfx__printk+0x10/0x10
[  764.620266][   T31]  vpanic+0x237/0x6d0
[  764.624241][   T31]  ? __pfx_vpanic+0x10/0x10
[  764.628738][   T31]  ? preempt_schedule_common+0x83/0xd0
[  764.634201][   T31]  panic+0xb9/0xc0
[  764.637918][   T31]  ? __pfx_panic+0x10/0x10
[  764.642327][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  764.647703][   T31]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  764.653950][   T31]  watchdog+0xf9f/0xfa0
[  764.658113][   T31]  ? watchdog+0x1e2/0xfa0
[  764.662440][   T31]  kthread+0x711/0x8a0
[  764.666593][   T31]  ? __pfx_watchdog+0x10/0x10
[  764.671266][   T31]  ? __pfx_kthread+0x10/0x10
[  764.675853][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  764.681045][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  764.686235][   T31]  ? __pfx_kthread+0x10/0x10
[  764.690821][   T31]  ret_from_fork+0x4bc/0x870
[  764.695421][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  764.700532][   T31]  ? __switch_to_asm+0x39/0x70
[  764.705325][   T31]  ? __switch_to_asm+0x33/0x70
[  764.710091][   T31]  ? __pfx_kthread+0x10/0x10
[  764.714679][   T31]  ret_from_fork_asm+0x1a/0x30
[  764.719454][   T31]  </TASK>
[  764.722603][   T31] Kernel Offset: disabled
[  764.726935][   T31] Rebooting in 86400 seconds..