last executing test programs:

9.47064282s ago: executing program 0 (id=4920):
ioctl$UFFDIO_COPY(0xffffffffffffffff, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000582000/0x2000)=nil, 0x800000})
r0 = socket(0x15, 0x5, 0x0)
connect$unix(r0, &(0x7f0000000080)=@file={0x0, './file0\x00'}, 0x6e)
r1 = openat$vcsu(0xffffff9c, &(0x7f0000000000), 0xc80000, 0x0)
clock_gettime(0x0, &(0x7f00000001c0)={<r2=>0x0, <r3=>0x0})
write$input_event(r1, &(0x7f0000000200)={{r2, r3/1000+10000}, 0x5, 0xe029, 0x6}, 0x10)
r4 = fsopen(&(0x7f0000000080)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x3, &(0x7f0000000400)='roo4c\xbe\xb1\x8f/hi\"9\xf2\xe7\xe0\xa7/\x17\'?\xae)\x18\xb2r\xfc%(\xe4\x9c\f\xbf\xb5\x83\x18\xb6^X\xa0\xf6\xdd\x0f\x1d\xd0\x03\x14\xe3\x96\x0f\xc4\xd1\xdb\xfb\x8dU\x15\xcb\xf3f\xf2\xd0y3\vz/\\\xe9\xf5*\xa5\xdf\xdf\xbeP%4\xe0\xcc!\xff\x140\x8b\xdeX\xc4\xfe\x85\x80X\b\x1d\xe9T\x95K\xad\xaf@\x9b\xbb\xf4\x96c\v\xe0\x8dG\xe0~\xde\x86=\xc0\xd0 \xbf\xf8\x0f\xd7\x99\xb8\t\x8amhG\xb5_\\\x14$d\xf3\\]*>\xcf\x18\xcb!\xe9i\x01\xcd\x1e\xc6\x9d$d\x9f*@|\a\xe8\x17\xe8M2Z;\xd4\x03\xfe\x8a_G\xfd\xf8\xf2\xc1\x11\x9f\xfc)\xd5\xeaP\xe6\xaf|4ad\xd6\xca%0\xe0\xfcf[7m\xba\x1f\xff\x9e\xa3\xcd\x1e\xaaj\xd2Pp8\x19\vJl!K\xfd\xe7\x9f\x1d\'\xc6\xd2\xe2\xf2[+\x83+\x8b\x8c\xf7\xb4C\xac\x02\xc4\xbf\x89\x93l\x9b\xd6s', &(0x7f0000000300), 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x3c, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_KEY_END={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc0}}, 0x40088)
getsockname$packet(r0, 0x0, &(0x7f0000000240))

9.449928386s ago: executing program 0 (id=4921):
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x3)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22042, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x4}, 0x8)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x200000e, 0x10, 0xffffffffffffffff, 0x34cf5000)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = dup(r2)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x8004}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x7, 0x1, 0xb, 0x8}, {0x5, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r5, 0x0, 0x0}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x1, 0xffffffff, 0x2, {0x0, 0x0, 0x0, r9, 0x18f40, 0x4200}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x3}]}}}]}, 0x40}}, 0x0)
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x77, 0xfffff038}, {0x28}, {0x6, 0x0, 0x0, 0x2}]}, 0x8)
sendmmsg(r6, &(0x7f0000001c00), 0x400000000000159, 0x40840)
sendfile(r3, r3, 0x0, 0xffffffff)

7.436374597s ago: executing program 0 (id=4928):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r2, &(0x7f0000000200)="a3", 0x1)
r3 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0xc4bc, 0x10100, 0x0, 0xbe}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r3, 0x48eb, 0x1158, 0x2, 0x0, 0x0)
r4 = syz_io_uring_setup(0x1ba8, &(0x7f0000000300)={0x0, 0xa5e9, 0x100, 0x3, 0xfffffffe}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@ipv6_delroute={0x34, 0x19, 0x1, 0x70bd2d, 0x5dfdbfc, {0xa, 0x0, 0x14, 0x0, 0x0, 0x4, 0x1, 0x4, 0x1100}, [@RTA_PRIORITY={0x8, 0x1e, 0x6}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @SEG6_LOCAL_SRH={0xc, 0x2, {0x89, 0x0, 0x4, 0x0, 0x2, 0x8, 0x8}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008851}, 0x44000)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0x4}], 0x1c)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x50a32, 0x823}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20002805}, 0x40000)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x4c8}})
io_uring_enter(r4, 0x7ffa, 0xba1c, 0x40, 0x0, 0x39)
syz_usb_connect(0x0, 0x821, &(0x7f0000001480)={{0x12, 0x1, 0x300, 0x55, 0xe9, 0x50, 0x40, 0x5ac, 0x243, 0x485d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x80f, 0x3, 0xa9, 0x38, 0x0, 0x6, [{{0x9, 0x4, 0x9d, 0x2, 0x2, 0x3, 0x34, 0x2, 0x8, [@generic={0xcb, 0x30, "643d0b1ace7b3257b00089c625c0eb4e58bbc8ce4ad61584ac6b416ce71828ed9344648fb11680a8f2d85f819d585704bb6339bcb8a12c53e7266a283b4f0a34872d520e045521dec2511b8f6c7cc5df71be338947c8a5776105e47622236d957605983b82fe22bea98fdba218ac6d9d9afc2b96a394cd97872e51e95178682f7b3f10bc824bceb55cfa68ccdaa628bf4195da1ff2f1173b1a5dbd8d164b5161fce7cb6e5bff26b9c3ac0f06a4f11f5eb832cbfc334b0657e7c266ce3b7df21fa9b277e4072361aee5"}, @generic={0xe5, 0xb, "3f414763a21798f5d6d051dd140bf459077d33e9c56eb82989cb829646d74f984fd8963188a81a417f24f8dfd4d9264c1cf9c3f3a191506d1b6767305ab58d0a102f9f7f08c5da5cffaf95d65ad10f2c765d440568c999cf335d2e4822af9436b4196ad38bc381cb8f0b6aad8965c1668c2c91bcdf4d6314f38c3a44a719c07562738e8324e5d2d8ed017e46db3d427107052206c48b8c7e2bb670f81e663c3f6061a5e6edf9b84ef418377ce3cff2ade5943889cc274459b6ebd1634d3ac2e570cfe2a7370409b8d6a0676b8aba9807ae6c5fd4d569e4e1d27f24df3e00cd8a768fb4"}], [{{0x9, 0x5, 0x5, 0x10, 0x400, 0xe, 0xe, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x6}]}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0xd, 0x0, 0xdb, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc, 0x8001}, @generic={0x57, 0x22, "d9c3a17a98d650f43df166f6712eb307f895c428379ad8556ef0a4d844a635d1057ac1000a42c3a5534a66c4338e037bf358388269855edcfa03f5343bb082827dfe807d420ab57c95d262b3263e312a96fd3ad54f"}]}}]}}, {{0x9, 0x4, 0x7c, 0x8, 0xc, 0xa4, 0x59, 0xae, 0x7, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "ad75b68fd4"}, {0x5, 0x24, 0x0, 0x101}, {0xd, 0x24, 0xf, 0x1, 0x7}, [@mbim={0xc, 0x24, 0x1b, 0x69, 0x3, 0x2, 0x4, 0xfff}, @dmm={0x7, 0x24, 0x14, 0x81, 0x3}, @mdlm={0x15, 0x24, 0x12, 0x7}]}, @cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, "b28bfd"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x6, 0x7fff, 0x5}, {0x6, 0x24, 0x1a, 0x0, 0xc}, [@obex={0x5, 0x24, 0x15, 0x2}, @dmm={0x7, 0x24, 0x14, 0x9, 0xd}, @mdlm_detail={0x69, 0x24, 0x13, 0x2f, "6bb92b7931533ef4d41805e8dd3aeee9e914c1b7d3853aa7600012f811fc09917ef7bb276e8a7d846a5453583292eadee6d26f5ea3076829c71052fc760a17ae49156b5c649565108d8e2e20fc4acf90d99582f78a801041560c5b7edab8c2b5186c55efe0"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0xf, 0xc6, 0x2}, @mdlm_detail={0x29, 0x24, 0x13, 0x4, "ce3a2ff62463c501f81d9beeb45c52ace82274db325b5d3f78b407cbf6a13541c0ae8913d7"}]}], [{{0x9, 0x5, 0xc, 0x4, 0x200, 0x3, 0x3, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x2}]}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x6, 0x5, 0x8, [@generic={0x8, 0x4, "88a7589aadcb"}]}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0x5, 0x80, 0x8, [@generic={0x8a, 0x23, "9089d9e114ca3f626148d1925f217dea90ae12ed72157531d9c8b28b34647eb483818e85dd52227fbb904a043f574cb2e6b23ed32e08c6f74d3f0d813f8cf4253d8808d61a349318b30d30a5bd44999515913d3103afa4518644d233c840cfa627bbe8ee869aebffbc08201d2a3632ada650b82e77a1a5d0b775b36d50678391de12b8711508ab56"}]}}, {{0x9, 0x5, 0xc, 0x8, 0x20, 0x8, 0x8, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x3}]}}, {{0x9, 0x5, 0x17, 0x0, 0x3ff, 0x2, 0x6, 0x15, [@uac_iso={0x7, 0x25, 0x1, 0xc1, 0x1, 0x5}]}}, {{0x9, 0x5, 0x3, 0x10, 0x3ff, 0x9, 0xb, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x5}]}}, {{0x9, 0x5, 0xa, 0x10, 0x400, 0xf, 0x1, 0xc, [@generic={0xf0, 0x2, "469022448b2761e5b224139afb92855be1363c652ba5a227e4d70e5183f8408210f6166b513688869bc813b6de475c989ef09f474e49f047f203a11f68c5cd94e3641811da58547c70fef51a0e56a5c68ae703e7f714ba7121a3fafb8ff1b3ccc1441693865cf7662ccb2e992fd3a0e02de2700459b04f35998f222c9e0c50810652e762eec5b433d901cd7844ab7b93c0271939d134d71f26a2b426188d1f257e1f336e97f359805fc4ef177b37ac79f7e721e35380790d5cd71ef81c5f437baffc4b8086696c6583968725570075a00cb78587d7d61888a9df23e9410a61e600b13cab84b1dfed8fcc584ba904"}, @generic={0xf6, 0x5, "b1a90edb90539f477d862bde9e9514463e1302f00339c6fdd32975a8d8f4d7eb49dfcf42d225886da7fb8dbbffeef05f0921db67599dd6604a6202cb87606f918dd439827a518a0c50228fec2fadc98ed5e56d308ca9f683f960ad967249b7989cee11868f324b11054918112bd61abf548a17485ee2e9158b9ecb7e4c37b0b0922914d21be7c7a77545b0e5572372a918d2c677a1da9db415fbd86214d3617b55f2f13dcd7683fd72c317bfbcb1582b323b258be38e576bf03715f8708d6efffc5574c9fd9e54956396cc60521ed7366c200d149bf8ec40261dae0a1f1a938300ad8472c75a6c22289d0db8dc31b2816b61edf4"}]}}, {{0x9, 0x5, 0x0, 0x8, 0x10, 0x0, 0x7, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x40, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0xba, 0x5}]}}, {{0x9, 0x5, 0x4, 0x10, 0x8, 0x80, 0xb4, 0x4, [@generic={0x64, 0x31, "d00b85355fcd1575b2df9640f1cfdbfd70187d4f1325208ac4d16de7805476567cbde638612699e1da2a989c95e1e99e6d39372ef22789fa2e24401435502ca66d62f10bd668970a9f6b49f860f174ef2cb6f7c6f1e657dccc29c3fdaa1ba7b3c513"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x10, 0x40, 0x3, 0x89, [@generic={0x57, 0xd, "6f956c0de048b7daae52eb0c05e7b6e9c426f2ae658aa19103a11aa47e5d75436e01473bfa88b374b0de71e01a8e82535520c021d7a2ebe70736612cc0b48bc5a01904b321d008ab0ec6dbf68d0e4d417c1beeea05"}]}}, {{0x9, 0x5, 0xa, 0xc, 0x3ff, 0xe, 0xa, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x4}]}}, {{0x9, 0x5, 0x5, 0x4, 0x3ff, 0x2, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x47, 0xc}]}}]}}, {{0x9, 0x4, 0xc8, 0x6, 0x1, 0xff, 0xff, 0x0, 0x4, [@uac_control={{0xa, 0x24, 0x1, 0x0, 0x6}, [@mixer_unit={0x6, 0x24, 0x4, 0x3, 0x3, '/'}, @mixer_unit={0x6, 0x24, 0x4, 0x3, 0x81, "d1"}, @selector_unit={0xa, 0x24, 0x5, 0x2, 0x8, "908369cd89"}, @extension_unit={0xc, 0x24, 0x8, 0x1, 0xff81, 0x2, "0f6e958a3c"}, @processing_unit={0xa, 0x24, 0x7, 0x2, 0xd8fa10c629aa12ae, 0x9, "c3f8fb"}, @mixer_unit={0xa, 0x24, 0x4, 0x3, 0x6, "d5204718b5"}]}], [{{0x9, 0x5, 0x2, 0x10, 0x20, 0x7, 0x0, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0xb}, @generic={0x95, 0x2, "9f89a74a9f73fbf8fe2e1bf407e8e4434a53de1dab9834646df665c10b998bb9c9a0780d0602e2a0a6f77911829b0e6d217729b66a4622bcce01b978a72c51d8c46d24dabdc66ad0ab440518b82f6d0bdc745bb9f330842c6e7f5a52fedb361edc9a21a73ee41868d176dfab81a18536b84f15fc6f77a277cd3945f3d09b155ca9493813998c0472968380fc2c8e6f599598cd"}]}}]}}]}}]}}, &(0x7f0000001040)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x1, 0xa, 0x10, 0x8, 0xb}, 0x8, &(0x7f0000000cc0)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x6, [{0x8d, &(0x7f0000000d00)=@string={0x8d, 0x3, "2de009e1262fce9f6f81ec08b32a0d02b792ea4aa11f59711c6106411d02fd20a6490b4c82921fb2a5616660057d2fac4b97232f27a398236ad1d7f69c40e372942618bb7dadd7e9c7bb61e6fe5131f60e3a6d78aba9e4c47fc6e24bfa7773a5c98fbb20bcabe3427fddb448d9bb3fd10487190bb6476178cb2c515a5bdc21419f0a332d4b497630c2868a"}}, {0x99, &(0x7f0000000dc0)=@string={0x99, 0x3, "52ab9e7a16034840555c7373ebe2f55e1cf3b9a0a6600127bc0f5b267098cc844f5cee1a993d3896e5fcd47598ac1080a42e33ada2ea43152fa26bc630fb5f288a49ada61247670ba9832bdb13a7b7fb2c88e1e714e2b925494fda19047ef5a91b1a3b53ceafd6f413846feaeea8f6b7f6c8c63219cc50c4cba5c43908564c1b9614aaa979ea9dda9c49f05837e24bf0d4209ec15b5a10"}}, {0x4, &(0x7f0000000e80)=@lang_id={0x4, 0x3, 0x81a}}, {0x7a, &(0x7f0000000ec0)=@string={0x7a, 0x3, "245f54c6d1c200b76e654da0feb84a4128a8edc7729c0e74d1f229066f2dbebf71906a4660d4335932e3210802526f0622c5b45d2f5cd958448385e95b95a56edf3e35f6bfbd1bfb24e8bf0c8f8d9effa19306ed08181511194b0ea7c1342163807f64fad2b7f39416a3be7f894bd45a443b90e1c469e166"}}, {0xc0, &(0x7f0000000f40)=@string={0xc0, 0x3, "e0e247b66ab57e726a47d90f2dbff1fccc6811de06ea6a5b3b1066ee012b1f91439a668927d1800b71100f1dd2f50c3c71740078e0b9b6b88386a221ffd908574a920209fa07be00c4af0361642d6842ea7a5da02bbca0710c1dc4d2648a27e7b827eeea8791dd23dc6304635d57a937cf8bd648482583033e11b71230869a25f5945a3794bac4f770d8a130c59a75d26ad51e34dfee012fb48caf0f55f87ea1aebc7c94b550e4cafcfdcd23b5a12ef61c501cbbec51994c6d8fa3d3c9b3"}}, {0x4, &(0x7f0000001000)=@lang_id={0x4, 0x3, 0x140c}}]})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r7, 0x84009422, &(0x7f0000000480)={0x0, 0x0, {}, {}, {0x0, @struct}})
ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0)

6.888393892s ago: executing program 1 (id=4930):
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r2 = syz_clone(0x10008080, 0x0, 0x0, 0x0, 0x0, 0x0)
process_vm_writev(r2, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0x0)
syz_open_dev$video(0x0, 0x3, 0x1)
read(0xffffffffffffffff, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ffd000/0x3000)=nil)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000100)={0x1, 0x1, 0xa, 0x20, 0x1cb, &(0x7f0000000480)})
gettid()
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(r4, 0x0, 0x0)
r5 = socket(0xa, 0x3, 0x3a)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000003c0)={'bridge0\x00', <r7=>0x0})
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000240)={0x4, 0x0, 0x0, r7}, 0xc)
setsockopt$MRT6_ADD_MIF(r5, 0x29, 0xca, &(0x7f0000000080)={0x0, 0x1, 0xfc, r7}, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
memfd_create(0x0, 0x3)
socket$nl_xfrm(0x10, 0x3, 0x6)

6.312536065s ago: executing program 4 (id=4933):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$l2tp6(0xa, 0x2, 0x73)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x44, 0x0, 0x8, 0x801, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x6}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @sctp=[@CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT={0x8, 0x7, 0x1, 0x0, 0xc}, @CTA_TIMEOUT_SCTP_SHUTDOWN_RECD={0xa9d3aadc22d8e346, 0x6, 0x1, 0x0, 0x2}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x6, 0x8, 0x0, 0x3}, 0x0)
sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
socket$inet6_sctp(0xa, 0x801, 0x84)
recvmmsg(r0, &(0x7f0000007900), 0x847, 0x10162, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7, 0x0, 0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x4}, @NFTA_SET_DATA_LEN={0x8, 0x7, 0x1, 0x0, 0x27}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x24}, @NFTA_SET_EXPR={0xc, 0x11, 0x0, 0x1, @rt={{0x7}, @void}}]}, @NFT_MSG_NEWSETELEM={0x45c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x430, 0x3, 0x0, 0x1, [{0x420, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0x41c, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0xa6, 0x1, "63df1b376bd24aebe563508f14842b91e62cdfde6254a5539de651aa4b8a765cd7b1dc7b993854ab40d5287d1d0d0808ec76e0cc1989a9a12f76c467bf2571c6396e4160205b6530e0923d48c52f0c59e56559f709163d4a4a2a38d5e3d8af0071345be100fb22f35fabe170b5792ca5c2055c09ccf1c22e770d7164390dde5b1e5a5d6b8ecfc0ec0ffd7ab422bb7b7bf826c10691e5d0ad8ee143f55d76687b0c11"}, @NFTA_DATA_VALUE={0x4a, 0x1, "f28ecd7743fcfee5f59e215edf3711dda427f2df9c1da834d9fa269f83c77427d3189bbade5d2b28988a1c9c01d817cc1ef31dd1ed793bd23438356a34089033449a5185169a"}, @NFTA_DATA_VALUE={0xb7, 0x1, "c072a46eeea832e7b64815cc71f11828efa251b17e3e0b5cb58d7e84f78075569873df4303c53b7d6755d41fcece3884f5b85326d0201198be885743ffd74475fe10d971d193804eb39820ae1c73e1c63610801f3cd54e21298a8f4f9c11c680823d5b6d0c520a08ace7e865a7700a38e04fb8502881a2e9e7ed1be8985374df1b06d15edbd31f83240329f10ed8d2c6e6995656723e1d10fb41a9ad0b86ff773e9e64d59661ee1908456af1764f2099231f53"}, @NFTA_DATA_VERDICT={0x30, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}]}, @NFTA_DATA_VALUE={0xc2, 0x1, "a8a8e7c9e65445dafff88dfd83d900b176c93f17a454d7fe0e479d12dce5e40ed6ddbd238ab018751bd1149e67a7cd406b1b3aeb63424512d34307e11f8e8a7c1c9338bec7e43cce6402c9252384f36e3b981c3242078ce4e3a96ebb938febc9a18ff60650aff6d4f3073506ffc6be6c3d92e731fbb76f8675d5cb6578192ed3898a29d14ed96b93b14d165f290f302faaa688269289a1fe4e17ceae25e119a4ec74eb37b8d3dd36c16e4d542ae4bcab76e60b8ab2543e1932efa0548e7b"}, @NFTA_DATA_VALUE={0x6e, 0x1, "32a02ee0db37bc7863db882e787e3dae29fe995ee2ed652738d82c30522fb9341712c9cab081e671cd48a38997496f787b23b64b0e6af2db7a55ce32681f338af9086fd2014f93f77b734377e938cbb0eacb927cabed2f1d061d3a52fe561032a572cc1bfb0d2d92b0fe"}, @NFTA_DATA_VALUE={0x65, 0x1, "4a7c90b593c305ee998d465108e0420d03fefd2470ff6c9f6c3c2b8b54346057b1e5b62a47a0d5fe5d58ee2777cccb61cd938da27e4517c8e77f5cac3c46fde5ae8297ac1d09d4a7f717efae0f8e44667007142413f459c2e5ed70c74769cd2d96"}, @NFTA_DATA_VALUE={0x70, 0x1, "e52e629425e8fdcc5947a4226087a65bce856a5617b4c5e6bcca382291cee11c6ac70cabf2bcf6054860007668a3c23f3c6655fcbeb7ff516dbc3ca9dbc8c49c64e86d13687d30cf652fcce7814bfed6fe7aacb74836248d94083796edceda73f549a00f8923eea0e2b79934"}]}]}, {0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x4e8}}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4)
mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000)
mbind(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x3, &(0x7f0000000080)=0x5, 0x6, 0x1)
r4 = userfaultfd(0x80801)
ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x5, 0x4, 0x4, 0x9}, 0x48)
socket$nl_generic(0x10, 0x3, 0x10)

5.79395254s ago: executing program 1 (id=4935):
socket$can_bcm(0x1d, 0x2, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="020500020e0000000000000007000000050800000000000000004e04fffffffdfc010000000000000000000000000000988540000000000002000100000004d5058100000000000005000500000000000a004e22fffff800fe1e54bf3497965f871e93ca800000000000000000000000000026060000000000000068581fc1d3d05ad49569887b1c9a7322b8270c30aaa17a86b51fa9bd8d37542412d1e4176ff7ff809cbe2698733ee14b45fa0c01a8cf52aeac973e2442a3e925adba5c6c31ecbb41ae9ceca4b524fe70efd1a742e30b5b89f4c11d64fb02759016b59267ce1a387011d4d35e68137958b067cac6dae38b6881903f94a72ec4290f42837db9738e08a57298c9b2756b594b4f573025b130035c4721308927f0e2f017295abf95259bc115a0c16363db16"], 0x70}, 0x1, 0x400000000000000}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0xe8e80)
r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100, 0x3}, &(0x7f0000002000)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
syz_emit_ethernet(0x28e, &(0x7f0000000940)=ANY=[@ANYBLOB="9b4307000001aaaaaaaaaa000800451f028000660000002f9078ac1414bb640101000c20880b009a00013685a5b19c02b67de841c4ac8fbdb7148593dcaabae7225dc739ef69b791b00c785a988a6332a51cec29d713611cf7cfa21b0d16a2127c2ddc5a296c014a98855011a4bc586b86648f1d97859e3152e52a1363a7930cb688b14384ab29bb20d286e8cc6458348c6a346ac80388ec9b4a39a09115978289842eec72b629cd0aa8a33e93e9882e0551236dbd12146f828b61b4af6225050008000caa035b8a01350f14abcb58b17b0ce6962610010a80a10c8b359aaecbe5c81dca27836c45ecd526e91a6cc4cdb42cc82301b4fed85fb937fc548e01d03ae55a19ba87b29cd156fc9946275d2d603ee99e07cdd2a790f85f33cc6405c0a21f8d4ef17950cb431716dbdea446a0c80022db50fd891f5abaeeeb77bdaddb871030aba4acdbebd5506bd705f170852f91a55ac18e720cb2ef042bd115cc2adca7ce9eabd8a02a4cf8fe5926a064ca6d9cab07a8c05a6f558c3576ed66be3d83fc295d3b06e80b2e08fbbf402847ef39689fe4940b58479068754d6b918ac00d0086dd319f725464a8247539014911a640951e50e22d2bb3252eea40ee3bfa8a3aec688ce0694916e69bf9cd3e5bbeb2715fd178d4f45f5f220962df2bf3e9b51832d65deebd872bf9b65e1286ddd7cc4fdecc688d1f38fb28acccb31548cbb22ee1f5b43feb47a34877c71000f9d7b53d977f493f9bda51a3cd68090000000088be000000031ee70b010100000000000b5d080022eb0000000328057e0d02000000000000050007840208006558000000002262f1577f780ccc0946b8d2c2ccc541480b03ffb29bf29343757ba62ff503eff04987eb2298535f2363f2ce44d20eaff60b65670000000000"], 0x0)
io_uring_enter(r4, 0x48e9, 0x0, 0x2, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000480)={0xa, 0xfffe, 0x3, @mcast1, 0x5}, 0x1c)
io_uring_register$IORING_REGISTER_MEM_REGION(r4, 0x22, &(0x7f0000000400)={&(0x7f0000000140)={&(0x7f00000004c0)="cb3e1758fc9579a2022bc8610e4616bf271d8bbee07702d2af15fd54ec8ba4b6d159777b5691ff2c0c7ca37ab542e4dd932d1145d150154a855a350ee1f63ac5f4c88e07039de30721bb943acabe6bc174aafd7f72333fb5681a015e0a0ec9160f7080824111b2cee3a7af021e72369b16cd25cee36f9a80ec40e2ee42d88434658d4525", 0x84, 0x0, 0x7, 0x6}, 0x1}, 0x1)
syz_open_dev$vivid(&(0x7f0000000080), 0x1, 0x2)
r7 = dup2(r2, r2)
r8 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000a80)=ANY=[@ANYBLOB="1201000700000020580415500000000000010928f89f86fe5145a8033702240001000000010904000101030001000921001006012203"], 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)
syz_usb_control_io$hid(r8, &(0x7f0000000240)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0422031b0000924936"], 0x0}, &(0x7f0000000480)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0})
r9 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f0000000180)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x8000000, 0x0, 0x3, 0x1}, 0x20)
clock_gettime(0x0, &(0x7f0000000300)={<r10=>0x0, <r11=>0x0})
futex(&(0x7f00000000c0)=0x1, 0x8, 0x100002, &(0x7f0000000440)={r10, r11+60000000}, &(0x7f00000003c0), 0x1)
sendmmsg$unix(r7, &(0x7f0000008380), 0x400000000000174, 0x4008890)
syz_usb_connect(0x0, 0x1a2, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000b6a57e4086805b0bc5e10102030109029001020000000009040000020e0100000a2401002200020102092100000001220000090500000000000000a7008d566539461c701919d99a91c3af134dfaf61ea66b8f08810855d90c55c91f11c4a6d847caf7b449c6c760e60f6b890d99ed23074bf2538ca7bba727dfe7c00b90d0bc7f2da56768ed5ce8df38c07183564831596fd52da49a92adafa6277df5a120c898fc51ca04089f110dfbe1b258e9b9a83bf95fb0a4a24ca6acae78e1c291f671fcdca77c7128d319f7a4b51bbc2ed4bab8aac95498fb6033f760602c1a8b1eac2150072501000000000905000000000000000725010000000007250100000000090400000eb03748000a2401000000020102052405f3f9d3edf81b39d78a58d0ffc55c9608158c26b7fed07e4b9e5f1316dcc3106596140f6cd6e51a88a54f"], 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x80000, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01"])
syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)

5.353212845s ago: executing program 4 (id=4936):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x0, 0xb83, 0x3}, 0x1c)
setsockopt$packet_int(r0, 0x107, 0xe, &(0x7f0000000000)=0x482, 0x4)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000640)=@abs={0x0, 0x0, 0x1}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0xe39b}, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
r3 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000001c0)=@generic={&(0x7f0000000140)='./cgroup\x00', r3}, 0x14)
r4 = syz_usb_connect(0x2, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[], 0x7c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x1a4, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x178, 0x4, 0x0, 0x1, [{0x160, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x150, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_NAME={0xb, 0x1, 'policy\x00'}, @NFTA_MATCH_INFO={0x138, 0x3, "ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af546f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f5000000"}]}}}, {0x14, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x20}}, 0x1cc}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000060a0b0400000000000000000200000018000480140001800b0001006e756d67656e00000400028009f9010073797a3200000000140000001100010000317d0ed700b6a3a1d54fc6"], 0x60}}, 0x0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io(r4, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'ip6tnl0\x00', 0x3}, 0x18)
connect$pppl2tp(0xffffffffffffffff, 0x0, 0x0)

5.013992558s ago: executing program 2 (id=4939):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001980)={0x9, 0x0, [{0x5, 0x1000, &(0x7f0000000980)=""/4096}, {0x5000, 0x33, &(0x7f0000000000)=""/51}, {0xdddd1000, 0xe1, &(0x7f0000000580)=""/225}, {0x7801, 0xbc, &(0x7f0000000380)=""/188}, {0x80a0000, 0x19, &(0x7f0000000300)=""/25}, {0x10000, 0x9f, &(0x7f0000000480)=""/159}, {0x0, 0x78, &(0x7f0000000680)=""/120}, {0x3000, 0xdf, &(0x7f0000001b00)=""/223}, {0x2000, 0x5b, &(0x7f0000000840)=""/91}]})
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000002c0)={0x0, r1})
ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0)

4.82878583s ago: executing program 3 (id=4940):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000009c0)=ANY=[@ANYBLOB="300000002100210100000000fddbdf250a0000000000000000000700140011"], 0x30}}, 0x0)

4.81509411s ago: executing program 2 (id=4941):
r0 = socket(0x2, 0x80805, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='smaps_rollup\x00')
madvise(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x15)
read$FUSE(r1, &(0x7f0000002080)={0x2020}, 0x2020)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$packet(0x11, 0x2, 0x300)
sendmmsg$inet(r2, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000003000)=[{&(0x7f0000002fc0)="a6", 0x5dc}], 0x1}}], 0x5, 0x4040000)
getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000001080)=""/4102, &(0x7f0000000000)=0x1006)
setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080)=0x2, 0x4)
openat$vnet(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)

4.630533734s ago: executing program 2 (id=4942):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
write$FUSE_ENTRY(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000f8ffffff00000000000000209500040000000000"], &(0x7f00000003c0)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e80)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd364158a4591c559f76c0130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce74c4dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f00c484d339c480f70006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08ef74c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d3287a7b01ab84d336f3c0f45a0642d6f2c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe91ff799a11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d253e8778e6e8ffe4ea50b076446f35efffc806b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd3153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be15579518540000bc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e99948a9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676080000007229e0237c1e34641848531712ff09e89fb062a3e66f4f3c9d7a7fc9aab1ced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a690bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b270a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b380380020000"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9}, 0x48)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
close(r4)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000140)={0x1, [<r6=>0x0]}, &(0x7f0000000240)=0x8)
sendmsg$inet_sctp(r4, &(0x7f0000000400)={0x0, 0xe000, &(0x7f0000000200)=[{&(0x7f00000002c0)="85", 0x1}], 0x20, &(0x7f00000000c0)=[@sndinfo={0x1c, 0x84, 0x2, {0x6, 0x4, 0x29, 0x200000e, r6}}], 0x1c, 0x2400e044}, 0x6)

4.602903303s ago: executing program 3 (id=4943):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r1, &(0x7f00000001c0)={0x1d, r2, 0x0, {0x1, 0xf0}}, 0x18)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000001440)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$uinput_user_dev(r6, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5d, 0x3, 0x6, 0x5, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x0, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x9, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0x5, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x9, 0x4, 0x2, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x8, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x8, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x9, 0x6, 0x4, 0x5, 0xa3, 0x3, 0x2, 0x0, 0x3, 0x1, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x2, 0xfff, 0x6, 0x100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x6, 0x7, 0x7, 0x0, 0x11, 0x3, 0xffd, 0x7, 0x7, 0x8000, 0x12, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x6, 0x71d], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x40, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x40, 0x9, 0x6, 0xc41f, 0x80000001, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0x8, 0x7, 0x9a33247, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c)
setsockopt$CAN_RAW_ERR_FILTER(r6, 0x65, 0x2, &(0x7f0000000000)=0xfffffffe, 0x4)
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)="871125000200e7a500000000", 0xc}], 0x1}, 0x8041)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x74, r2, {0xfff3, 0x10}, {0xc, 0xffff}, {0x2, 0x4}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x24008095}, 0x20000050)

4.472148508s ago: executing program 0 (id=4944):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f0000000040)={&(0x7f0000000100)=@caif=@rfm={0x25, 0x5, "cdfa3b723c11f06149f068dedd3e14bd"}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000880)="27050200340f14000600002fb96dbcf706e10500000086ddffff1144ee1611d4b8bf4a31accbe1ba0777cfbf6ae77256da82f6184b8a34f9015cc99e57000b102821880b000000000000005743ce554b6df654cb0173677c4e2eaa2eb5035d135958831197684b763f499a2fafc724413afe7af5b53e61532895bae8d3f0f02cc4e729883f078a2552275a1486218834476323059f91a91c500e035c5c70afee9d16b5acd7cd4b94e3600c9c69aeb79e259488e089b1c59bc6fca826d38a7b3229ccd5b1bde01e63f1edd3c0f933e5c02936de55f2a4ee254bbe8aed1d2260c97783b615850d488b7f0c4a80715bed3cf1adb2dafbb7672328e2300fa2623704da7b9889a57e231be318f5eb6d294a302e753e75b741b63e898748f228e6752d15bf99e02c3d366fa091326029d899c493df701ad6c37c55598f3a19e748f58475398fda5f6153cb11a4ffde399dc21f96bed56d31fd6bfa0a75d0df449393", 0x15f}, {&(0x7f0000000240)="92c8308f50bba2da5ee082c3b8dfae49dd913523b57daa0c3360c48ac2dfb3c6966fcbe70c4b01053f175c14d0139d4521b8458fcc5c4950702163dabc8596fafcbf867a70f93838c529160935b2e8d215daa857d8d8af704772858ca50a7a49e610c807b96eae4617639b498aec97ad75", 0x71}, {&(0x7f0000002500)="e186be08d00fb17b96e5cb70e40da393eddd445ae4605c9b0fafbf5626528d70f0ab5998911d4ad946a18c0e45be0de497ee1617f2d5330d721ab03f9924097344cbf0ff4fb5ba1bb5c81364594645e14b4f8e39441c6bb10e497d9eb271b3312b7565ca7c915c629da5edb7dd41e9b35c535aa0d9c45a107fa4f6142af06c838c59d217283b5f0a83eabf723766bea696be47ff031d9b55ddc4d923c5713b15eb8c8143eb65d83ad9160082cf14eaa66df4e202d285d0b874d28f4f675d0aa916c74c65522e916fd1c9f07b4aa53e9cbd035786b8d0da2255d9d649221339ad8d75b016f5832651c6997342d73c82cea8555bacbe8ca018720ea81c895d4f99620bdb902c61bd100053e319b6f7267e686a9ea58cfd0730d2072023d24d5d17b6539efce62c36d1fbcb07ea0939cc196ec3a218c617d3651ccebe768f632349d1e9e6590526c1e5fb04f2ef84cd676d09f5daee766c54bc5ed88140aeaeb5214c847a4534597df21167f67498ffc04efd118930fdee7fb9338307ad8539a0895b04359f0933c9e0c9aeb4b07d57126e8eec18441f1d8dad2775949065c724430dcd8e83d97fcf2d1e0d542ade674c99f56e4f3a2399afb5cc0e3ab5ff7a201e06327ea4e2864b46283fb99b9b694e49c172db1d78f074b2271659bdd893f6afbd21de140c4fcbd6e1dc5446425b4cfed6a47fe6c8dd553b2b6ef14c1a87acca402ee101b639d6ea26db0759bb06ce4317dc3849bfc9d0a320c85b9c88653e3de103b4299124ab7d4f3c9a6fe1ee33216daab5e4c8486458a6a3d0b64bcb3ce569e0633b2f448c27c34d5a31e09b7af25013a81308062dc033a12b96060a8c6f3d19a755d2830fe8aa3b1cdc250f0b5130fc44d06b86e6eee2bdc08f05b6495a15b891793e95c7c65bc0924c6b931d3877711b28753c413cfa79ee4ed587cb563a7eeb68fad93942753adbeed6aba870929c07d29f4531de779bab079c9299770e5b38cbcb7ffc4d5bb9c617f6e92d7d7161d257693c97cbeb1e53e38c07edeea3938a0458d8faf79ce689912496398c6d0521e132a8a4a89bba0019b87e70378a58e86a4ca0182e512bf0c161052d1abe2330b38686f14abdb52b6eb6c5b4e40b64418b785138a16d1144a541c701fc41398a6dfa6b4601572585bc831b9cc1961ec0aa67ee9a2af119e5a7f3ce99e53ac48c21c8cf5cfe356c69e38f2f35ddfd2ba4d575c5162d1417bbe2c4f788f4dadcbf3453d9b4e1efcb5fef298227c1a4cef82bfda158e1b9eaa7cac8d1cfb71eb8d1589012fbe494193621af8fdcee215ecb204e36223d41ed69721b3cf4d44c146d62d54e95971bf77a889c8cccf5f50de13c2c1d3742456e0f44075ce19789988c35ba4b392fd062664c5097728981a700dc8b331c607a9fcfd13a9f757bdabcd8a921e585226d3177ef5849d9475afc88fa6101d6c3b5f0e5de81041866a5da930b04fb56e43d8be1f03c8123344c3dc8123ad1cd1a897651c6d7180e7557e781ba7cec0360b8c6ce1d383776bf1e1f4e97bcc54127ddab6bc817d019736516058888bd2ac599e365002fa098da131bc5425a9fba82da3cc524ee5d734db93675639f466937f66fb3434703356af88e055058ff57031d893b41dd5da4946b59b3c07461fafe858aa1f29505b7389781f4009c1c3abe31ef4b16bd2a812c01ca72d3277cf655de6cba3a7ca8ab32eef46a3fe5e53640d338d3a098a8ddfdf139dd4cc2120b1a0006fd15fa51b7f6501b11cbcb821294f062afd2df6dd0eafb9dcf7619cc6f16da68eea45806f6b0fac624d3825a28fb5c471f4d9a01b96ce361cf274093df4e5e61f781711b7c26c1dea65e8b0049b19d03a2d8d969ff94951f95324ed19db839dd5adecec407b109e1ebd99277e49f464257f2b372c4e4c43f01803f616ddde2dec524468707a4cb4d805128a1eb7bf089a4c7055cba57fe44cf4bc94ce9773806aa7be9a2417eb1fac2edb4d8e8d6483a14f50a490077a483fbffbc9e00ae29a346be5c7a1f3bb32c031aae0e8cec176b3194c12febf1fc24a2bdd0f91b6f2a9bd2da46f3077f58a59fe8993daa0b6d9a4e7f32059d860ead28be199ac7260b3327fd23bf6981cbe964daee1bf4c405a7d1c6e7c908d5af2173a1ddc666a7ad26835e61bc5cf248c7be1eac3b09b00443da0ae14cda42c46728fa2118f243f2d7cfbcda66f6ae79c49dfb4478d625bc6ea5ffde52b206be4e1360aac4301913044ff3704b5c0c0c80e6bc11cc91a2d3f3803c96fb20656b32175808ae957d4340e16de28a0cbf179951d1bd31b03b8db91fe14c3a6381162423cdc7bc47295eeead7e5e58854d7e852907d27ae04829900794c6560a1d966673ed8acc8293f818986532b43fdab838a09d17574d2d81091f96f21ab7c4fec5de5a956b5d8e76ed8551b8b48cd7d9d325cf7d6b6135590afe0dc266fd5c8a7bf5acefc0c137b940c0b6cd093f2e0275a07a21dd96836770951513fe81bd709de5af4674045bc754d5db7ea9d93ce819794fa69a67cb9e01a057a3220fbe17859896f93c4089e3e85dbdba9ae59aa390e81dbe7d57b28d7ec9372fa70edf5858c67bc6776864b764e7e85711600e5093d62cb9839f5096490221d019dfe2bc59207cc2d62f614035ee1e0b0c14edd5820c7f46ad079b73f33aa892b50c67e812f698f00bcbb1f5fa9c81b0747bf661648385c5492e62a685b08b25bde385962f232caaaa534a48be252629f8a5dcbb4fa05148689a469baa227a500c46b7be587ee2f4090bbff266cd5f98725a1932dba7bc20b9b2e5961ab9d2d20add2dc355c4af744471bdefb00842dd0e30494501b4fb576aaa637937f1bb79bbbe1716d8bedb8f16e8e083df14181013ba1fbe1fc788f605d07f7a020801de9958e7c8d430e4813b5b96b68ffec4fa60f209d987af3469d38333906341035da2332345aefe826b3eaf5c4f138d775fedc0a8a67e63f9a2c39a27ce392fd04d32007b0215987dfd7f6b69596bf8249571f7a649640746002138ebbd337eb5dc2ab94ff786864f5a508e5476b6b8a2d18cd7255a2c05cd68ade532a7a373611eacb9f3cc8721f22ac4278115ac44fe9f8668a8b6b043287c9d1b9f3ec9fabc22495e100ed2a8a8ffdee5de877d1804045dcc5e5010293c14a545997911471a99fcf4713d56a86f7967e311d44399172b57575cb3ec5c9729558d9a4ef745ce99e72bc6b0b9ef3ec8d9fea27c129d246fb995764fb775d533dc446ae9a2760633c8d8b8e59c7a5cf45394476cff54c1b66b7131baeea4ae50e270b4a0b59dc02bf7bc7d84ce339ff42a0b3c7450190e0d9cd13598e5291f6002c117cce428a075e0ab31468b2eaa6ea71e627ca314ae79266ee9947b643e17644b096afac29c46a52f0f2ce2fa008341aa1bd41bf03850c1c55ce1dfa344cdb1031bd340ede749df6c2f7d21a8cb44d0129d968e8ccb737fba0986a3b3da75ca15bdca17ce141744808379ff00000000005bd52ce706c8363733921a52ef56077958d2c125abba11c5b57146a81947df563a931692f88f15f356d5c1db6db8a8ca899784cfbed50fdced8cd61906417d9fd559741e6ec73ec3e716510a38a66220994c9e8cee31b67054cece996adf3f9c36d0b7010e798ee10a938c599a16a6392a6125d226cb949835867f9d18f2c19f6065a9f87ace5b41027e39ca8b099e8e8474660c93c9cbb3e70e56c1b83649e245f6e1fd39b42f0069510d1424af3f27996484a5f348d20d37bec560e57973fb029968bfbcfd39ae0896db1663d406753b7b151f4ddb84e40a0bde620f827d0d522e60b74dd50a8813aee11b4b8edff8e1d7c65ed9fd73fbbc1e1e20b15ae0346e29c33c63860e25b288081e2d273797bc8f53e2c33081862eba186aac40e45bf00f8a63f638913620e1761310c72d12fdde0677b1a44808c0ddf6b30632df29df36db826e443db8939ecffe96a45d1cde9e533040b8254fd1b9befa0a168c41a71765a3914bfe15c064f70aad0f24d8154717d29b0b6dff1f613cfbd301f9b80d6efa3dfe7d22f04b22e316c76d805ced57ab779162fa22f2bb6e77926408410a97128b7c4c5f42029e832cf4947ab3cce86ce731018ce8e506cb69087844869399b8455c5eba03c8256273b0c7ea289cb83629ebb4bab633d7ca7a0b8edf43e98c98242ce9acba7df035fec3114494da3757012c2e803bce9edc8c89f3ad417585ec75d8006c5c9038835d3816a6ea9e68ec608309b61d51958309a16fd2536bd77f8c3385f5de660e5d5d375e43002e30fc72add6a4c1b441894158e1dacba98c6bd1ea315f528f6391d128d1479df3f705f09aedad62b96acbd6fd42a4b8f10b8559f877ef59e1ec0bad501190e413693c105da211b386070c11528d665f6b2bda0f61b1fec4d5e03daab37bcc824f923eb9120e59107c223cea58450d55b56175193fd026e13943c6a61ef585a28da92300bc32bcb311d038ee0b3330b18383ea7b61c0e3967c725f6580afb26ee7b96cde11f0f7ef8a47c37b6671674a8e45b0b1f846f5bd356ca15584aa1c64b850982ceef89d94c8d3b1ed340cf4898bbb3590b55c2ee98cdcb3013cc81a47a6f92adfbeaa0da31a569868d7ac11a8830727a95ebcb7bfb42dace7dda8e40dd281f7cd67b76affea45706de0b46c952e8fe74947b75eb76f965cd4d038dabba270eb44cf5e2d1c71ae84422c0905b5c6b7336976a81360ebc288f8fd35da604845ed498a7afd1e13fa56b8ed356c80f49ecd3348efd93194fc895052a2eda9a5dcea8c8312b85427e774ddd5507797581df295cfe9ad3e5103fafd898cfd01a958f3d3b9ca66e97f834c79b2281615bcdddbf23ab5571773edfb4c075dbf4cc598d9edfea45dc86eda06", 0xd92}], 0x3}, 0x4810)

4.274245348s ago: executing program 0 (id=4945):
userfaultfd(0x801)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
socket(0x28, 0x2, 0x6)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000040)={0x9, 0x100, 0x0, {0xffffffff, 0xbde, 0xb, 0x10000}})
r3 = openat$vimc2(0xffffff9c, &(0x7f0000005cc0), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc0f8565c, &(0x7f0000005e00)={0x5, 0x7, 0x78ba96cc09fd2886, {0xc, @pix_mp={0x3, 0x1, 0x30324c4a, 0x3, 0x4, [{0xfffffffd, 0x5}, {0x2, 0x7fffffff}, {0x400081, 0x1}, {0x1, 0x2}, {0x6, 0x4}, {0x1, 0x1}, {0x3, 0xe90f}, {0x3ad7, 0x5}], 0x0, 0xf, 0x6, 0x1, 0x4}}, 0x80000001})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000180)='blkio.throttle.io_service_bytes\x00', 0x0, 0x0)
preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1, 0x7000, 0x0, 0x3)
syz_open_procfs(0x0, &(0x7f0000000040)='syscall\x00')
syz_emit_ethernet(0x10b, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800494100fd0065000008029078ac1414bbe000000204440c9f93ac1414aa00000002000000227f90787f000001393416de860432ce7bc329ab7ef37cc09d89387dc2ccf9feb0902b941f136a54d5b5c05ed397b9d94419ffb93e61690bf4592b08db81388570be59b77d8502d17bf1fc8eb595e7d7dec6a851e061646f6cc58e5c8c758b0f440648c1d9b558da96e50a35b8b56b465659b947e1f5a393c4ed43918b6e309f66ca3fd77a4a368fb197ceb5738194a6cafbd6e7f6a02074b3aca0b2e823168cac13548cf0a93c6828a3cdc0ed622d8b3a3912f3307537b23a3d6c4e57a0c540449396ff0aaa07ead60b5c94e0596c1224c42f8b7a8aa0f6c2ba6b52e0ec5309e177c73232735100f7d70ca168f5e3d9eefa84bee489c45497808b6789c3f62e77514ac57665fdaec782a1ceca1ee6854de4e6b72306f9969bb432e5ae9c2545c6b9da914b90b937cc7cb9c890301ae443e7055b2faf86941c48f11d8d3c6a06c85ad91a76aa402b8f5eab96a3305ba78e21cb87d10f205b810714c1ffc6097b9e2decdfaba164e750d6a94dc1360758eb0a6cc96c70075b99e9b18bffdcc00f686db1d35aba63"], 0x0)
io_uring_setup(0x598, &(0x7f0000000300)={0x0, 0x77ae, 0x400, 0x8000002, 0x3d7})
r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r6, 0xc100565c, &(0x7f00000013c0)={0x200, 0x2, 0x2, {0x5, @vbi={0xb5, 0x0, 0x3, 0x20363159, [0x0, 0x8000000], [0x8200, 0x1]}}, 0x4})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x20000824}, 0x20004000)
ioctl$VIDIOC_QBUF(r6, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x1, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "230700dd"}, 0x0, 0x2, {}, 0x58603})
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc4910710007e570966f4366ec9d4"], 0x1c}, 0x1, 0x3000000, 0x0, 0x4004}, 0x0)

4.117023886s ago: executing program 3 (id=4946):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x20, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x48}}, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x18, 0x318, 0x1, 0x24}, 0x9c)
socket$nl_route(0x10, 0x3, 0x0)
bind$inet(r0, 0x0, 0x0)
setsockopt$sock_int(r0, 0x1, 0x2f, &(0x7f0000000000)=0x102, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

2.885133345s ago: executing program 0 (id=4947):
r0 = socket$alg(0x26, 0x5, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0)
execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x480c4, &(0x7f0000000000)={0xa, 0x4e23, 0x100, @loopback, 0xffffffff}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xd7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201010200000010f3044d074000"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000380)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x8, @mcast1, @local, 0x7, 0x7, 0x202, 0x8}})
r4 = syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000180), 0xfffffffffffffffe, 0x100)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r4, 0xc0884123, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2c000000400007012bbd700000000000047c00000400a7800c00018006000600843b0000080002800400"], 0x2c}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r6 = accept4$alg(r0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f)
sendmmsg(r6, &(0x7f0000004540)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="6c1fabce2d774851", 0x8}], 0x1}}], 0x1, 0x20000040)
io_submit(0x0, 0x1, &(0x7f0000000580)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r6, &(0x7f0000000080)='=', 0x1, 0x0, 0x0, 0x2}])

2.545464953s ago: executing program 3 (id=4948):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000017c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0)
syz_open_dev$video(0x0, 0xa2007c, 0x125240)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000c00)=@filter={'filter\x00', 0x42, 0x4, 0xb5c, 0xffffffff, 0x9e4, 0x9e4, 0xec, 0xffffffff, 0xffffffff, 0xac8, 0xac8, 0xac8, 0xffffffff, 0x5, 0x0, {[{{@ip={@empty=0x8800, @dev, 0x0, 0x0, 'bridge_slave_1\x00', 'nr0\x00'}, 0x3127, 0xc8, 0xec, 0x1ba, {0x46010000}, [@common=@addrtype={{0x2c}}, @common=@addrtype={{0x2c}}]}, @REJECT={0x24}}, {{@uncond, 0x287, 0x898, 0x8f8, 0x0, {0x0, 0x4}, [@common=@unspec=@u32={{0x7e0}, {[{[{}, {0x1000000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}, {[{}, {}, {0x0, 0x2}], [{}, {0x0, 0x8}]}, {}, {}, {[{}, {}, {}, {}, {}, {0xfffffffe}], [{0x6}, {0x0, 0x3}], 0xfe}, {[{}, {}, {}, {}, {}, {}, {0x0, 0x2}], [{}, {}, {}, {}, {}, {}, {}, {0x0, 0xfe40}]}, {[{0x0, 0x3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}]}, {[{}, {}, {}, {}, {}, {}, {}, {}, {0x3}]}, {}, {[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}, {[], [{}, {0x4}]}], 0x5}}, @common=@unspec=@ipvs={{0x48}, {@ipv4=@private=0xa010102, [0xff000000, 0xff, 0xff0000ff], 0x4e24, 0xc, 0x2, 0x4e24, 0x1, 0x8}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x1], 0x1, 0x1}, {0x0, [0x4, 0x0, 0x5, 0x1, 0x5, 0x4], 0x4, 0x3}}}}, {{@ip={@multicast1, @broadcast, 0x0, 0x0, 'lo\x00', 'veth0_virt_wifi\x00'}, 0x0, 0xc0, 0xe4, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x1, 0x1, 0x1}}]}, @REJECT={0x24}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0xbb8)
socket$netlink(0x10, 0x3, 0x4)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r4, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000000041}, 0xc)
r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ipv6_route\x00')
preadv(r5, &(0x7f0000000140), 0x0, 0x96, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@mcast2, @in=@private=0xa010100, 0x0, 0x0, 0x4e21, 0x0, 0x2}, {0x0, 0x0, 0x4, 0x0, 0x0, 0x8000000000000, 0x9c0, 0x3}, {0xffffbffffffffffc, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@empty, 0x4d3, 0x3c}, 0xa, @in=@multicast2, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x4000000, 0x1}}, 0xe4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c)
socket$nl_xfrm(0x10, 0x3, 0x6)
epoll_create1(0x0)
io_setup(0x5, &(0x7f0000001180)=<r6=>0x0)
io_submit(r6, 0x0, &(0x7f0000000240))
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r2)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4c, 0x0, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
lseek(r7, 0x289e0cb5, 0x0)

2.43473721s ago: executing program 1 (id=4949):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@private=0xa010100, @in6=@ipv4={'\x00', '\xff\xff', @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0xa0}, {@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x33}, @in6=@empty, {0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffff1, 0x3}, {0x0, 0x0, 0x2, 0xfffffffffffffffe}, {0x0, 0x0, 0x796}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe55286f1921f74be}, 0x0, 0x1a0b1}}, 0xf8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000010000e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)

2.293268868s ago: executing program 1 (id=4950):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
preadv(r1, &(0x7f0000000180)=[{&(0x7f00000001c0)=""/36, 0x24}], 0x1, 0x4, 0x2)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x10, 0x11, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFT_MSG_NEWSETELEM={0x50, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x24, 0x3, 0x0, 0x1, [{0x20, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPR={0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x3, 0x84}}}, 0xe4}, 0x1, 0x0, 0x0, 0xc800}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0xa}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r4, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x200, 0x10001, 0xffffffffffffffff, 0x8, 0x2, 0x200, 0x4, 0x2c, 0x80000005, 0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregs(0xd, r6, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
r7 = syz_open_dev$dri(&(0x7f0000000300), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x7fff, 0xb, 0xa, 0xfffffff6, {0x403, 0x1, 0x3, 0x8, 0x20, 0x7, 0x5, 0x6, 0x22, 0x5, 0x7f, 0x9c14, 0x20000a, 0x8d12074f, "0010b45adb3bdf6bbf43f7e7bdcf42a72e6ca213e20b354ba4e274f7720904f6"}})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r4, 0xc0984124, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_GET_COALESCE(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0)
getsockname$packet(r9, &(0x7f0000000200)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r10, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r11], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0xf0ffffffffffff, 0x0, 0x4040940}, 0x0)
kcmp$KCMP_EPOLL_TFD(r6, r2, 0x7, r5, &(0x7f0000000000)={r1, r8, 0x8})

2.032939366s ago: executing program 4 (id=4951):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, 0x2890}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x2, 0x0, 0xcc844}, 0x0) (fail_nth: 9)

1.810116875s ago: executing program 1 (id=4952):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = dup(r0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r2, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000001980)={0x9, 0x0, [{0x5, 0x1000, &(0x7f0000000980)=""/4096}, {0x5000, 0x33, &(0x7f0000000000)=""/51}, {0xdddd1000, 0xe1, &(0x7f0000000580)=""/225}, {0x7801, 0xbc, &(0x7f0000000380)=""/188}, {0x80a0000, 0x19, &(0x7f0000000300)=""/25}, {0x10000, 0x9f, &(0x7f0000000480)=""/159}, {0x0, 0x78, &(0x7f0000000680)=""/120}, {0x3000, 0xdf, &(0x7f0000001b00)=""/223}, {0x2000, 0x5b, &(0x7f0000000840)=""/91}]})
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000002c0)={0x0, r1})
ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0)

1.42267553s ago: executing program 4 (id=4953):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000000c0)={0x4c, r1, 0x91b, 0xff00, 0x0, {{}, {@val={0x8, 0x1, 0x40}, @val={0x8, 0x3, r2}, @val={0xc, 0x99, {0x100, 0x79}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x240048d0)

1.167749448s ago: executing program 1 (id=4954):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r2, &(0x7f0000000200)="a3", 0x1)
r3 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0xc4bc, 0x10100, 0x0, 0xbe}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r3, 0x48eb, 0x1158, 0x2, 0x0, 0x0)
r4 = syz_io_uring_setup(0x1ba8, &(0x7f0000000300)={0x0, 0xa5e9, 0x100, 0x3, 0xfffffffe}, &(0x7f00000000c0)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@ipv6_delroute={0x34, 0x19, 0x1, 0x70bd2d, 0x5dfdbfc, {0xa, 0x0, 0x14, 0x0, 0x0, 0x4, 0x1, 0x4, 0x1100}, [@RTA_PRIORITY={0x8, 0x1e, 0x6}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @SEG6_LOCAL_SRH={0xc, 0x2, {0x89, 0x0, 0x4, 0x0, 0x2, 0x8, 0x8}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008851}, 0x44000)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0x4}], 0x1c)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x50a32, 0x823}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20002805}, 0x40000)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x4, 0x0, @fd=r2, 0x0, 0x0, 0x0, {0x4c8}})
io_uring_enter(r4, 0x7ffa, 0xba1c, 0x40, 0x0, 0x39)
syz_usb_connect(0x0, 0x821, &(0x7f0000001480)={{0x12, 0x1, 0x300, 0x55, 0xe9, 0x50, 0x40, 0x5ac, 0x243, 0x485d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x80f, 0x3, 0xa9, 0x38, 0x0, 0x6, [{{0x9, 0x4, 0x9d, 0x2, 0x2, 0x3, 0x34, 0x2, 0x8, [@generic={0xcb, 0x30, "643d0b1ace7b3257b00089c625c0eb4e58bbc8ce4ad61584ac6b416ce71828ed9344648fb11680a8f2d85f819d585704bb6339bcb8a12c53e7266a283b4f0a34872d520e045521dec2511b8f6c7cc5df71be338947c8a5776105e47622236d957605983b82fe22bea98fdba218ac6d9d9afc2b96a394cd97872e51e95178682f7b3f10bc824bceb55cfa68ccdaa628bf4195da1ff2f1173b1a5dbd8d164b5161fce7cb6e5bff26b9c3ac0f06a4f11f5eb832cbfc334b0657e7c266ce3b7df21fa9b277e4072361aee5"}, @generic={0xe5, 0xb, "3f414763a21798f5d6d051dd140bf459077d33e9c56eb82989cb829646d74f984fd8963188a81a417f24f8dfd4d9264c1cf9c3f3a191506d1b6767305ab58d0a102f9f7f08c5da5cffaf95d65ad10f2c765d440568c999cf335d2e4822af9436b4196ad38bc381cb8f0b6aad8965c1668c2c91bcdf4d6314f38c3a44a719c07562738e8324e5d2d8ed017e46db3d427107052206c48b8c7e2bb670f81e663c3f6061a5e6edf9b84ef418377ce3cff2ade5943889cc274459b6ebd1634d3ac2e570cfe2a7370409b8d6a0676b8aba9807ae6c5fd4d569e4e1d27f24df3e00cd8a768fb4"}], [{{0x9, 0x5, 0x5, 0x10, 0x400, 0xe, 0xe, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x6}]}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0xd, 0x0, 0xdb, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xc, 0x8001}, @generic={0x57, 0x22, "d9c3a17a98d650f43df166f6712eb307f895c428379ad8556ef0a4d844a635d1057ac1000a42c3a5534a66c4338e037bf358388269855edcfa03f5343bb082827dfe807d420ab57c95d262b3263e312a96fd3ad54f"}]}}]}}, {{0x9, 0x4, 0x7c, 0x8, 0xc, 0xa4, 0x59, 0xae, 0x7, [@cdc_ecm={{0xa, 0x24, 0x6, 0x0, 0x0, "ad75b68fd4"}, {0x5, 0x24, 0x0, 0x101}, {0xd, 0x24, 0xf, 0x1, 0x7}, [@mbim={0xc, 0x24, 0x1b, 0x69, 0x3, 0x2, 0x4, 0xfff}, @dmm={0x7, 0x24, 0x14, 0x81, 0x3}, @mdlm={0x15, 0x24, 0x12, 0x7}]}, @cdc_ncm={{0x8, 0x24, 0x6, 0x0, 0x1, "b28bfd"}, {0x5, 0x24, 0x0, 0x3}, {0xd, 0x24, 0xf, 0x1, 0x9, 0x6, 0x7fff, 0x5}, {0x6, 0x24, 0x1a, 0x0, 0xc}, [@obex={0x5, 0x24, 0x15, 0x2}, @dmm={0x7, 0x24, 0x14, 0x9, 0xd}, @mdlm_detail={0x69, 0x24, 0x13, 0x2f, "6bb92b7931533ef4d41805e8dd3aeee9e914c1b7d3853aa7600012f811fc09917ef7bb276e8a7d846a5453583292eadee6d26f5ea3076829c71052fc760a17ae49156b5c649565108d8e2e20fc4acf90d99582f78a801041560c5b7edab8c2b5186c55efe0"}, @network_terminal={0x7, 0x24, 0xa, 0x4, 0xf, 0xc6, 0x2}, @mdlm_detail={0x29, 0x24, 0x13, 0x4, "ce3a2ff62463c501f81d9beeb45c52ace82274db325b5d3f78b407cbf6a13541c0ae8913d7"}]}], [{{0x9, 0x5, 0xc, 0x4, 0x200, 0x3, 0x3, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x2}]}}, {{0x9, 0x5, 0x8, 0x10, 0x8, 0x6, 0x5, 0x8, [@generic={0x8, 0x4, "88a7589aadcb"}]}}, {{0x9, 0x5, 0x80, 0x10, 0x20, 0x5, 0x80, 0x8, [@generic={0x8a, 0x23, "9089d9e114ca3f626148d1925f217dea90ae12ed72157531d9c8b28b34647eb483818e85dd52227fbb904a043f574cb2e6b23ed32e08c6f74d3f0d813f8cf4253d8808d61a349318b30d30a5bd44999515913d3103afa4518644d233c840cfa627bbe8ee869aebffbc08201d2a3632ada650b82e77a1a5d0b775b36d50678391de12b8711508ab56"}]}}, {{0x9, 0x5, 0xc, 0x8, 0x20, 0x8, 0x8, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x8, 0x3}]}}, {{0x9, 0x5, 0x17, 0x0, 0x3ff, 0x2, 0x6, 0x15, [@uac_iso={0x7, 0x25, 0x1, 0xc1, 0x1, 0x5}]}}, {{0x9, 0x5, 0x3, 0x10, 0x3ff, 0x9, 0xb, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x5}]}}, {{0x9, 0x5, 0xa, 0x10, 0x400, 0xf, 0x1, 0xc, [@generic={0xf0, 0x2, "469022448b2761e5b224139afb92855be1363c652ba5a227e4d70e5183f8408210f6166b513688869bc813b6de475c989ef09f474e49f047f203a11f68c5cd94e3641811da58547c70fef51a0e56a5c68ae703e7f714ba7121a3fafb8ff1b3ccc1441693865cf7662ccb2e992fd3a0e02de2700459b04f35998f222c9e0c50810652e762eec5b433d901cd7844ab7b93c0271939d134d71f26a2b426188d1f257e1f336e97f359805fc4ef177b37ac79f7e721e35380790d5cd71ef81c5f437baffc4b8086696c6583968725570075a00cb78587d7d61888a9df23e9410a61e600b13cab84b1dfed8fcc584ba904"}, @generic={0xf6, 0x5, "b1a90edb90539f477d862bde9e9514463e1302f00339c6fdd32975a8d8f4d7eb49dfcf42d225886da7fb8dbbffeef05f0921db67599dd6604a6202cb87606f918dd439827a518a0c50228fec2fadc98ed5e56d308ca9f683f960ad967249b7989cee11868f324b11054918112bd61abf548a17485ee2e9158b9ecb7e4c37b0b0922914d21be7c7a77545b0e5572372a918d2c677a1da9db415fbd86214d3617b55f2f13dcd7683fd72c317bfbcb1582b323b258be38e576bf03715f8708d6efffc5574c9fd9e54956396cc60521ed7366c200d149bf8ec40261dae0a1f1a938300ad8472c75a6c22289d0db8dc31b2816b61edf4"}]}}, {{0x9, 0x5, 0x0, 0x8, 0x10, 0x0, 0x7, 0x81, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x40, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0xba, 0x5}]}}, {{0x9, 0x5, 0x4, 0x10, 0x8, 0x80, 0xb4, 0x4, [@generic={0x64, 0x31, "d00b85355fcd1575b2df9640f1cfdbfd70187d4f1325208ac4d16de7805476567cbde638612699e1da2a989c95e1e99e6d39372ef22789fa2e24401435502ca66d62f10bd668970a9f6b49f860f174ef2cb6f7c6f1e657dccc29c3fdaa1ba7b3c513"}]}}, {{0x9, 0x5, 0xd, 0x0, 0x10, 0x40, 0x3, 0x89, [@generic={0x57, 0xd, "6f956c0de048b7daae52eb0c05e7b6e9c426f2ae658aa19103a11aa47e5d75436e01473bfa88b374b0de71e01a8e82535520c021d7a2ebe70736612cc0b48bc5a01904b321d008ab0ec6dbf68d0e4d417c1beeea05"}]}}, {{0x9, 0x5, 0xa, 0xc, 0x3ff, 0xe, 0xa, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x4}]}}, {{0x9, 0x5, 0x5, 0x4, 0x3ff, 0x2, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x47, 0xc}]}}]}}, {{0x9, 0x4, 0xc8, 0x6, 0x1, 0xff, 0xff, 0x0, 0x4, [@uac_control={{0xa, 0x24, 0x1, 0x0, 0x6}, [@mixer_unit={0x6, 0x24, 0x4, 0x3, 0x3, '/'}, @mixer_unit={0x6, 0x24, 0x4, 0x3, 0x81, "d1"}, @selector_unit={0xa, 0x24, 0x5, 0x2, 0x8, "908369cd89"}, @extension_unit={0xc, 0x24, 0x8, 0x1, 0xff81, 0x2, "0f6e958a3c"}, @processing_unit={0xa, 0x24, 0x7, 0x2, 0xd8fa10c629aa12ae, 0x9, "c3f8fb"}, @mixer_unit={0xa, 0x24, 0x4, 0x3, 0x6, "d5204718b5"}]}], [{{0x9, 0x5, 0x2, 0x10, 0x20, 0x7, 0x0, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9, 0xb}, @generic={0x95, 0x2, "9f89a74a9f73fbf8fe2e1bf407e8e4434a53de1dab9834646df665c10b998bb9c9a0780d0602e2a0a6f77911829b0e6d217729b66a4622bcce01b978a72c51d8c46d24dabdc66ad0ab440518b82f6d0bdc745bb9f330842c6e7f5a52fedb361edc9a21a73ee41868d176dfab81a18536b84f15fc6f77a277cd3945f3d09b155ca9493813998c0472968380fc2c8e6f599598cd"}]}}]}}]}}]}}, &(0x7f0000001040)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x1, 0xa, 0x10, 0x8, 0xb}, 0x8, &(0x7f0000000cc0)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x6, [{0x8d, &(0x7f0000000d00)=@string={0x8d, 0x3, "2de009e1262fce9f6f81ec08b32a0d02b792ea4aa11f59711c6106411d02fd20a6490b4c82921fb2a5616660057d2fac4b97232f27a398236ad1d7f69c40e372942618bb7dadd7e9c7bb61e6fe5131f60e3a6d78aba9e4c47fc6e24bfa7773a5c98fbb20bcabe3427fddb448d9bb3fd10487190bb6476178cb2c515a5bdc21419f0a332d4b497630c2868a"}}, {0x99, &(0x7f0000000dc0)=@string={0x99, 0x3, "52ab9e7a16034840555c7373ebe2f55e1cf3b9a0a6600127bc0f5b267098cc844f5cee1a993d3896e5fcd47598ac1080a42e33ada2ea43152fa26bc630fb5f288a49ada61247670ba9832bdb13a7b7fb2c88e1e714e2b925494fda19047ef5a91b1a3b53ceafd6f413846feaeea8f6b7f6c8c63219cc50c4cba5c43908564c1b9614aaa979ea9dda9c49f05837e24bf0d4209ec15b5a10"}}, {0x4, &(0x7f0000000e80)=@lang_id={0x4, 0x3, 0x81a}}, {0x7a, &(0x7f0000000ec0)=@string={0x7a, 0x3, "245f54c6d1c200b76e654da0feb84a4128a8edc7729c0e74d1f229066f2dbebf71906a4660d4335932e3210802526f0622c5b45d2f5cd958448385e95b95a56edf3e35f6bfbd1bfb24e8bf0c8f8d9effa19306ed08181511194b0ea7c1342163807f64fad2b7f39416a3be7f894bd45a443b90e1c469e166"}}, {0xc0, &(0x7f0000000f40)=@string={0xc0, 0x3, "e0e247b66ab57e726a47d90f2dbff1fccc6811de06ea6a5b3b1066ee012b1f91439a668927d1800b71100f1dd2f50c3c71740078e0b9b6b88386a221ffd908574a920209fa07be00c4af0361642d6842ea7a5da02bbca0710c1dc4d2648a27e7b827eeea8791dd23dc6304635d57a937cf8bd648482583033e11b71230869a25f5945a3794bac4f770d8a130c59a75d26ad51e34dfee012fb48caf0f55f87ea1aebc7c94b550e4cafcfdcd23b5a12ef61c501cbbec51994c6d8fa3d3c9b3"}}, {0x4, &(0x7f0000001000)=@lang_id={0x4, 0x3, 0x140c}}]})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r7, 0x84009422, &(0x7f0000000480)={0x0, 0x0, {}, {}, {0x0, @struct}})
ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0)

1.130947099s ago: executing program 4 (id=4955):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000000), 0x0) (fail_nth: 18)

946.716816ms ago: executing program 2 (id=4956):
r0 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x9)
sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000300)={0xa, 0x5e3f, 0x0, @mcast1}, 0x1c)

566.991653ms ago: executing program 3 (id=4957):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@ipv6_newnexthop={0x74, 0x68, 0x1, 0x0, 0x0, {}, [@NHA_GROUP={0x3c, 0x2, [{0x0, 0x7}, {0x1, 0x1}, {0x1, 0x1d}, {0x0, 0x3}, {0x1, 0x4}, {0x1, 0x5}, {0x1, 0x3}]}, @NHA_RES_GROUP={0x1c, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0xffff}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0x2}, @NHA_RES_GROUP_UNBALANCED_TIMER={0x8, 0x3, 0xffff7fff}]}, @NHA_FDB={0x4}]}, 0x74}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xa)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00'})
r2 = openat$nullb(0xffffff9c, &(0x7f0000000080), 0x515040, 0x0)
ioctl$IOC_PR_CLEAR(r2, 0x401070cd, &(0x7f0000000100)={0x2})
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r3, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, r4, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, 0x32)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="9028000000000000140012800900010067656e657665000004000280"], 0x34}, 0x1, 0x2, 0x0, 0xcc844}, 0x0)

525.616815ms ago: executing program 4 (id=4958):
socket(0x10, 0x3, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x0, 0x272}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r0, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
io_uring_enter(r3, 0x627, 0x4c1, 0x43, 0x0, 0x0)
r6 = semget$private(0x0, 0x4000000009, 0x0)
semctl$IPC_RMID(r6, 0x0, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000240)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x5c, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x0, 0x0, 0x0, 0x8, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_addr={0x44, 0x3c, 0x0, 0x1, 0x0, [{@empty}, {@broadcast}, {@loopback}, {@private}, {@local}, {@multicast1}, {@dev}]}, @lsrr={0x83, 0x3, 0x10}]}}}}}}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = creat(&(0x7f0000000240)='./file0\x00', 0x40)
close(r8)
r9 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x3000)=nil, 0x930, 0x6000002, 0x4018831, r8, 0x0)
r10 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r10, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r10, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbc1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc00", 0x0, 0x48)
read$char_usb(r8, &(0x7f0000000380)=""/190, 0xbe)
ioctl$UFFDIO_UNREGISTER(r8, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000})
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x4}, [@NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7, 0x0, 0x1}}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x703, 0x0, 0x0, {0x7}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x64, 0xc, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x28, 0xb, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xd4}}, 0x0)

382.64678ms ago: executing program 3 (id=4959):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFNETMASK(r1, 0x891c, &(0x7f0000001540)={'tunl0\x00', {0x2, 0x4e23, @local}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900038073797a3200000000140000001100014707a082b178795ad1fcc02173fc70f8d69cdbd9d470f56c7ae4218d32c5d7fe44d5f0272890f24383fe450fb26ea7dcefadfa5e48e3bcf5"], 0x7c}, 0x1, 0x0, 0x0, 0x25}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty, 0x1000000}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x2f, 0x0, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, 0x0, 0x0)

351.290083ms ago: executing program 2 (id=4960):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
mkdirat$cgroup_root(0xffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff)
write$UHID_DESTROY(r0, &(0x7f0000000200), 0x4)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f00000000c0)=0x2, 0x4)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x500, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="6c00000010001fff010000000000000000060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYRES32], 0x6c}}, 0x40)

0s ago: executing program 2 (id=4961):
socket$nl_route(0x10, 0x3, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_TX(r2, 0x11a, 0x1, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x38, 0x0, &(0x7f0000000040))
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xa, 0x8000, 0x0, 0x9, 0x1, 0xfffffdffffffffff, 0xfa0f, 0xffffffff}, 0x0)
mremap(&(0x7f00007f1000/0x4000)=nil, 0x4000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r1, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000002c0)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x40001}, 0x8000)
syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0xa0502, 0x49)
io_setup(0x1, 0x0)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x20000023896)
r4 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x41341)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect={0x0, 0x5517, 0x502})
ioctl$USBDEVFS_DISCSIGNAL(r4, 0x8010550e, &(0x7f0000000140)={0x0, 0x0})

kernel console output (not intermixed with test programs):


[ 1125.868152][T22247] FAULT_INJECTION: forcing a failure.
[ 1125.868152][T22247] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1125.873828][T22249] CPU: 1 UID: 0 PID: 22249 Comm: syz.0.4514 Not tainted syzkaller #0 PREEMPT(full) 
[ 1125.873852][T22249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1125.873872][T22249] Call Trace:
[ 1125.873878][T22249]  <TASK>
[ 1125.873886][T22249]  dump_stack_lvl+0x189/0x250
[ 1125.873914][T22249]  ? __pfx____ratelimit+0x10/0x10
[ 1125.873936][T22249]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1125.873957][T22249]  ? __pfx__printk+0x10/0x10
[ 1125.873975][T22249]  ? __might_fault+0xb0/0x130
[ 1125.874008][T22249]  should_fail_ex+0x414/0x560
[ 1125.874036][T22249]  _copy_from_user+0x2d/0xb0
[ 1125.874057][T22249]  __se_sys_add_key+0x294/0x410
[ 1125.874079][T22249]  ? __pfx___se_sys_add_key+0x10/0x10
[ 1125.874103][T22249]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1125.874129][T22249]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1125.874148][T22249]  ? __ia32_sys_add_key+0x20/0xc0
[ 1125.874168][T22249]  __do_fast_syscall_32+0xb6/0x2b0
[ 1125.874184][T22249]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1125.874209][T22249]  do_fast_syscall_32+0x34/0x80
[ 1125.874225][T22249]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1125.874244][T22249] RIP: 0023:0xf70dd539
[ 1125.874259][T22249] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1125.874273][T22249] RSP: 002b:00000000f54cd55c EFLAGS: 00000206 ORIG_RAX: 000000000000011e
[ 1125.874291][T22249] RAX: ffffffffffffffda RBX: 0000000080000440 RCX: 0000000000000000
[ 1125.874304][T22249] RDX: 0000000080000180 RSI: 0000000000000002 RDI: 000000001aff2fc9
[ 1125.874315][T22249] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1125.874325][T22249] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1125.874335][T22249] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1125.874361][T22249]  </TASK>
[ 1126.079828][T22247] CPU: 1 UID: 0 PID: 22247 Comm: syz.3.4512 Not tainted syzkaller #0 PREEMPT(full) 
[ 1126.079855][T22247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1126.079866][T22247] Call Trace:
[ 1126.079874][T22247]  <TASK>
[ 1126.079884][T22247]  dump_stack_lvl+0x189/0x250
[ 1126.079911][T22247]  ? __pfx____ratelimit+0x10/0x10
[ 1126.079933][T22247]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1126.079954][T22247]  ? __pfx__printk+0x10/0x10
[ 1126.079971][T22247]  ? __might_fault+0xb0/0x130
[ 1126.080007][T22247]  should_fail_ex+0x414/0x560
[ 1126.080037][T22247]  _copy_from_user+0x2d/0xb0
[ 1126.080059][T22247]  ? __pfx_do_get_msr+0x10/0x10
[ 1126.080077][T22247]  msr_io+0xa2/0x8d0
[ 1126.080101][T22247]  ? kvm_arch_vcpu_ioctl+0x11b1/0x2b20
[ 1126.080121][T22247]  ? __pfx_msr_io+0x10/0x10
[ 1126.080150][T22247]  kvm_arch_vcpu_ioctl+0x11ee/0x2b20
[ 1126.080169][T22247]  ? __lock_acquire+0xab9/0xd20
[ 1126.080186][T22247]  ? kvm_arch_vcpu_ioctl+0x11b1/0x2b20
[ 1126.080208][T22247]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1126.080233][T22247]  ? __lock_acquire+0xab9/0xd20
[ 1126.080263][T22247]  ? __lock_acquire+0xab9/0xd20
[ 1126.080301][T22247]  ? is_bpf_text_address+0x26/0x2b0
[ 1126.080326][T22247]  ? is_bpf_text_address+0x292/0x2b0
[ 1126.080347][T22247]  ? is_bpf_text_address+0x26/0x2b0
[ 1126.080369][T22247]  ? kernel_text_address+0xa5/0xe0
[ 1126.080394][T22247]  ? __kernel_text_address+0xd/0x40
[ 1126.080417][T22247]  ? unwind_get_return_address+0x4d/0x90
[ 1126.080437][T22247]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1126.080460][T22247]  ? arch_stack_walk+0xfc/0x150
[ 1126.080500][T22247]  ? __lock_acquire+0xab9/0xd20
[ 1126.080524][T22247]  ? __mutex_trylock_common+0x153/0x260
[ 1126.080548][T22247]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1126.080568][T22247]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1126.080607][T22247]  ? rcu_is_watching+0x15/0xb0
[ 1126.080627][T22247]  ? trace_contention_end+0x39/0x120
[ 1126.080654][T22247]  ? __mutex_lock+0x335/0x1350
[ 1126.080691][T22247]  ? kvm_vcpu_ioctl+0x22e/0xe90
[ 1126.080718][T22247]  ? __pfx___mutex_lock+0x10/0x10
[ 1126.080751][T22247]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1126.080784][T22247]  kvm_vcpu_ioctl+0x74d/0xe90
[ 1126.080814][T22247]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1126.080835][T22247]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1126.080860][T22247]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1126.080896][T22247]  ? __lock_acquire+0xab9/0xd20
[ 1126.080932][T22247]  kvm_vcpu_compat_ioctl+0x203/0x390
[ 1126.080960][T22247]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[ 1126.080984][T22247]  ? __fget_files+0x3a0/0x420
[ 1126.081000][T22247]  ? __fget_files+0x2a/0x420
[ 1126.081020][T22247]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1126.081044][T22247]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1126.081069][T22247]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1126.081091][T22247]  ? __fget_files+0x3a0/0x420
[ 1126.081115][T22247]  ? fput+0xa0/0xd0
[ 1126.081136][T22247]  ? ksys_write+0x22a/0x250
[ 1126.081158][T22247]  ? exc_page_fault+0x82/0x100
[ 1126.081182][T22247]  ? __pfx_ksys_write+0x10/0x10
[ 1126.081208][T22247]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1126.081234][T22247]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1126.081261][T22247]  __do_fast_syscall_32+0xb6/0x2b0
[ 1126.081278][T22247]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1126.081306][T22247]  do_fast_syscall_32+0x34/0x80
[ 1126.081323][T22247]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1126.081343][T22247] RIP: 0023:0xf6ffd539
[ 1126.081359][T22247] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1126.081375][T22247] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1126.081394][T22247] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c008ae88
[ 1126.081407][T22247] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000
[ 1126.081419][T22247] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1126.081430][T22247] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1126.081440][T22247] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1126.081470][T22247]  </TASK>
[ 1127.267417][T14230] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[ 1127.477612][T14230] usb 3-1: Using ep0 maxpacket: 16
[ 1127.537445][T14244] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1127.596143][T22263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4516'.
[ 1127.605745][T22263] openvswitch: netlink: EtherType 0 is less than min 600
[ 1127.757417][T14244] usb 4-1: Using ep0 maxpacket: 16
[ 1127.942127][T22271] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1128.616782][T22284] syzkaller1: entered promiscuous mode
[ 1128.623466][T22284] syzkaller1: entered allmulticast mode
[ 1129.536044][T22291] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1129.593554][T22291] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1130.297450][T14240] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[ 1130.461383][T14240] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[ 1130.470521][T14240] usb 5-1: config 0 has no interface number 0
[ 1130.477144][T14240] usb 5-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0x9F, changing to 0x8F
[ 1130.501975][T14240] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1130.513484][T14240] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1130.526019][T14240] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1130.535568][T14240] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1130.543777][T14240] usb 5-1: Product: syz
[ 1130.548375][T14240] usb 5-1: SerialNumber: syz
[ 1130.556089][T14240] usb 5-1: config 0 descriptor??
[ 1130.565258][T14240] cm109 5-1:0.8: invalid payload size 0, expected 4
[ 1130.576298][T14240] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input108
[ 1130.680217][T14230] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1130.702824][T14230] usb 3-1: no configurations
[ 1130.709233][T14230] usb 3-1: can't read configurations, error -22
[ 1130.820864][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1130.821338][T14227] usb 5-1: USB disconnect, device number 35
[ 1130.827854][    C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1130.853411][T14227] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1130.921899][T14244] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1130.929779][T14244] usb 4-1: no configurations
[ 1130.934404][T14244] usb 4-1: can't read configurations, error -22
[ 1130.974413][T22299] fuse: Unknown parameter 'group_i00000000000000000000'
[ 1131.277469][T14244] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[ 1131.407454][T14244] usb 4-1: device descriptor read/64, error -71
[ 1131.529846][T14244] usb usb4-port1: attempt power cycle
[ 1131.637667][T14227] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1131.667827][T22319] netlink: 'syz.0.4536': attribute type 10 has an invalid length.
[ 1131.805662][T14227] usb 5-1: config 1 has an invalid interface number: 7 but max is 0
[ 1131.817224][T14227] usb 5-1: config 1 has no interface number 0
[ 1131.825150][T14227] usb 5-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[ 1131.836762][T14227] usb 5-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1131.846652][T14227] usb 5-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1131.864352][T14227] usb 5-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1131.874940][T14227] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1131.883791][T14227] usb 5-1: Product: syz
[ 1131.888043][T14227] usb 5-1: Manufacturer: syz
[ 1131.892654][T14227] usb 5-1: SerialNumber: syz
[ 1131.899685][T14244] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[ 1131.914893][T22308] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1131.948280][T14244] usb 4-1: device descriptor read/8, error -71
[ 1132.143957][T22308] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1132.207431][T14244] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[ 1132.258191][T14244] usb 4-1: device descriptor read/8, error -71
[ 1132.378099][T14244] usb usb4-port1: unable to enumerate USB device
[ 1132.392893][T14227] sierra_net 5-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.4-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[ 1132.647455][T14230] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[ 1132.773438][T22308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1132.812160][T22308] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1132.824269][T14227] sierra_net 5-1:1.7 wwan0: Submit SYNC failed -71
[ 1132.841529][T14227] sierra_net 5-1:1.7 wwan0: Send SYNC failed, status -71
[ 1132.872031][T14227] usb 5-1: USB disconnect, device number 36
[ 1132.879828][T14227] sierra_net 5-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.4-1, Sierra Wireless USB-to-WWAN Modem
[ 1132.891278][T14230] usb 3-1: Using ep0 maxpacket: 16
[ 1132.968140][T14227] sierra_net 5-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[ 1132.982573][T22333] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1133.730918][T22355] FAULT_INJECTION: forcing a failure.
[ 1133.730918][T22355] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1133.744384][T22355] CPU: 0 UID: 0 PID: 22355 Comm: syz.1.4545 Not tainted syzkaller #0 PREEMPT(full) 
[ 1133.744401][T22355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1133.744408][T22355] Call Trace:
[ 1133.744412][T22355]  <TASK>
[ 1133.744417][T22355]  dump_stack_lvl+0x189/0x250
[ 1133.744436][T22355]  ? __pfx____ratelimit+0x10/0x10
[ 1133.744450][T22355]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1133.744462][T22355]  ? __pfx__printk+0x10/0x10
[ 1133.744473][T22355]  ? __might_fault+0xb0/0x130
[ 1133.744495][T22355]  should_fail_ex+0x414/0x560
[ 1133.744512][T22355]  _copy_from_user+0x2d/0xb0
[ 1133.744525][T22355]  memdup_user+0x5e/0xd0
[ 1133.744536][T22355]  strndup_user+0x68/0xd0
[ 1133.744547][T22355]  __se_sys_request_key+0x12b/0x340
[ 1133.744558][T22355]  ? ksys_write+0x22a/0x250
[ 1133.744571][T22355]  ? __pfx___se_sys_request_key+0x10/0x10
[ 1133.744585][T22355]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1133.744600][T22355]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1133.744615][T22355]  __do_fast_syscall_32+0xb6/0x2b0
[ 1133.744624][T22355]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1133.744639][T22355]  do_fast_syscall_32+0x34/0x80
[ 1133.744648][T22355]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1133.744660][T22355] RIP: 0023:0xf707d539
[ 1133.744671][T22355] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1133.744685][T22355] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 000000000000011f
[ 1133.744704][T22355] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000080000040
[ 1133.744716][T22355] RDX: 0000000000000000 RSI: 00000000008d8c30 RDI: 0000000000000000
[ 1133.744726][T22355] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1133.744736][T22355] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1133.744746][T22355] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1133.744771][T22355]  </TASK>
[ 1133.938167][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1134.219042][T22367] blkio.reset_stats is deprecated
[ 1134.270307][T22366] FAULT_INJECTION: forcing a failure.
[ 1134.270307][T22366] name failslab, interval 1, probability 0, space 0, times 0
[ 1134.284165][T22366] CPU: 0 UID: 0 PID: 22366 Comm: syz.1.4549 Not tainted syzkaller #0 PREEMPT(full) 
[ 1134.284194][T22366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1134.284206][T22366] Call Trace:
[ 1134.284214][T22366]  <TASK>
[ 1134.284221][T22366]  dump_stack_lvl+0x189/0x250
[ 1134.284242][T22366]  ? __pfx____ratelimit+0x10/0x10
[ 1134.284256][T22366]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1134.284268][T22366]  ? __pfx__printk+0x10/0x10
[ 1134.284282][T22366]  ? __pfx___might_resched+0x10/0x10
[ 1134.284292][T22366]  ? fs_reclaim_acquire+0x7d/0x100
[ 1134.284310][T22366]  should_fail_ex+0x414/0x560
[ 1134.284328][T22366]  should_failslab+0xa8/0x100
[ 1134.284339][T22366]  kmem_cache_alloc_lru_noprof+0x79/0x6d0
[ 1134.284353][T22366]  ? __d_alloc+0x36/0x7a0
[ 1134.284367][T22366]  __d_alloc+0x36/0x7a0
[ 1134.284380][T22366]  d_alloc+0x4b/0x190
[ 1134.284389][T22366]  ? lookup_one_qstr_excl+0xc8/0x360
[ 1134.284402][T22366]  lookup_one_qstr_excl+0xdc/0x360
[ 1134.284415][T22366]  filename_create+0x224/0x3c0
[ 1134.284431][T22366]  ? __pfx_filename_create+0x10/0x10
[ 1134.284449][T22366]  do_mkdirat+0xa0/0x590
[ 1134.284462][T22366]  ? __pfx_do_mkdirat+0x10/0x10
[ 1134.284473][T22366]  ? strncpy_from_user+0x150/0x290
[ 1134.284489][T22366]  ? getname_flags+0x1e5/0x540
[ 1134.284498][T22366]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1134.284514][T22366]  __ia32_sys_mkdir+0x6c/0x80
[ 1134.284527][T22366]  __do_fast_syscall_32+0xb6/0x2b0
[ 1134.284537][T22366]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1134.284552][T22366]  do_fast_syscall_32+0x34/0x80
[ 1134.284561][T22366]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1134.284573][T22366] RIP: 0023:0xf707d539
[ 1134.284583][T22366] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1134.284592][T22366] RSP: 002b:00000000f544c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000027
[ 1134.284603][T22366] RAX: ffffffffffffffda RBX: 0000000080000180 RCX: 0000000000000000
[ 1134.284610][T22366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1134.284616][T22366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1134.284622][T22366] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1134.284628][T22366] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1134.284643][T22366]  </TASK>
[ 1134.516804][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1135.430342][T14230] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1135.460525][T14230] usb 3-1: no configurations
[ 1135.481279][T14230] usb 3-1: can't read configurations, error -22
[ 1135.627516][T14244] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[ 1135.929621][T14244] usb 4-1: Using ep0 maxpacket: 32
[ 1135.941384][T14244] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1135.959618][T14244] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1135.972608][T14244] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[ 1135.984098][T14244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1136.003139][T14244] usb 4-1: config 0 descriptor??
[ 1136.024536][T22397] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1136.307589][T14227] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[ 1136.450460][T14227] usb 5-1: device descriptor read/64, error -71
[ 1136.455970][T14244] ft260 0003:0403:6030.0017: item fetching failed at offset 0/2
[ 1136.475153][T14244] ft260 0003:0403:6030.0017: failed to parse HID
[ 1136.490221][T14244] ft260 0003:0403:6030.0017: probe with driver ft260 failed with error -22
[ 1136.562762][T22407] bond2: option lp_interval: invalid value (0)
[ 1136.571450][T22407] bond2: option lp_interval: allowed values 1 - 2147483647
[ 1136.585685][T22407] bond2 (unregistering): Released all slaves
[ 1136.756625][T22413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1136.767474][T14227] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[ 1136.775901][T22413] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1136.927460][T14227] usb 5-1: device descriptor read/64, error -71
[ 1137.047834][T14227] usb usb5-port1: attempt power cycle
[ 1137.387582][T14227] usb 5-1: new full-speed USB device number 39 using dummy_hcd
[ 1137.428979][T14227] usb 5-1: device descriptor read/8, error -71
[ 1137.548995][T22423] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1137.575919][T22423] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1137.597439][T22423] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1137.697570][T14227] usb 5-1: new full-speed USB device number 40 using dummy_hcd
[ 1137.719134][T14227] usb 5-1: device descriptor read/8, error -71
[ 1137.837688][T14227] usb usb5-port1: unable to enumerate USB device
[ 1138.186205][T22427] FAULT_INJECTION: forcing a failure.
[ 1138.186205][T22427] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1138.203352][T22427] CPU: 1 UID: 0 PID: 22427 Comm: syz.2.4566 Not tainted syzkaller #0 PREEMPT(full) 
[ 1138.203377][T22427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1138.203388][T22427] Call Trace:
[ 1138.203395][T22427]  <TASK>
[ 1138.203404][T22427]  dump_stack_lvl+0x189/0x250
[ 1138.203440][T22427]  ? __pfx____ratelimit+0x10/0x10
[ 1138.203463][T22427]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1138.203485][T22427]  ? __pfx__printk+0x10/0x10
[ 1138.203504][T22427]  ? __might_fault+0xb0/0x130
[ 1138.203538][T22427]  should_fail_ex+0x414/0x560
[ 1138.203568][T22427]  _copy_from_user+0x2d/0xb0
[ 1138.203591][T22427]  futex_parse_waitv+0xf4/0x410
[ 1138.203619][T22427]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1138.203638][T22427]  ? __pfx_futex_parse_waitv+0x10/0x10
[ 1138.203663][T22427]  ? trace_kmalloc+0x1f/0xd0
[ 1138.203684][T22427]  ? __kmalloc_noprof+0x432/0x7f0
[ 1138.203713][T22427]  __se_sys_futex_waitv+0x19f/0x280
[ 1138.203740][T22427]  ? __pfx___se_sys_futex_waitv+0x10/0x10
[ 1138.203766][T22427]  ? __pfx_hrtimer_wakeup+0x10/0x10
[ 1138.203788][T22427]  ? __pfx_ksys_write+0x10/0x10
[ 1138.203814][T22427]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1138.203840][T22427]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1138.203861][T22427]  ? __ia32_sys_futex_waitv+0x20/0xc0
[ 1138.203886][T22427]  __do_fast_syscall_32+0xb6/0x2b0
[ 1138.203902][T22427]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1138.203929][T22427]  do_fast_syscall_32+0x34/0x80
[ 1138.203946][T22427]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1138.203966][T22427] RIP: 0023:0xf7f44539
[ 1138.203976][T22427] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1138.203985][T22427] RSP: 002b:00000000f541555c EFLAGS: 00000206 ORIG_RAX: 00000000000001c1
[ 1138.203998][T22427] RAX: ffffffffffffffda RBX: 0000000080001080 RCX: 0000000000000001
[ 1138.204005][T22427] RDX: 0000000000000000 RSI: 0000000080001100 RDI: 0000000000000001
[ 1138.204011][T22427] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1138.204016][T22427] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1138.204022][T22427] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1138.204037][T22427]  </TASK>
[ 1138.441103][T14244] usb 4-1: USB disconnect, device number 36
[ 1138.689764][T22433] FAULT_INJECTION: forcing a failure.
[ 1138.689764][T22433] name failslab, interval 1, probability 0, space 0, times 0
[ 1138.704654][T22433] CPU: 0 UID: 0 PID: 22433 Comm: syz.0.4568 Not tainted syzkaller #0 PREEMPT(full) 
[ 1138.704678][T22433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1138.704690][T22433] Call Trace:
[ 1138.704697][T22433]  <TASK>
[ 1138.704704][T22433]  dump_stack_lvl+0x189/0x250
[ 1138.704733][T22433]  ? __pfx____ratelimit+0x10/0x10
[ 1138.704755][T22433]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1138.704777][T22433]  ? __pfx__printk+0x10/0x10
[ 1138.704800][T22433]  ? __pfx___might_resched+0x10/0x10
[ 1138.704817][T22433]  ? fs_reclaim_acquire+0x7d/0x100
[ 1138.704834][T22433]  should_fail_ex+0x414/0x560
[ 1138.704852][T22433]  should_failslab+0xa8/0x100
[ 1138.704863][T22433]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1138.704877][T22433]  ? getname_flags+0xb8/0x540
[ 1138.704890][T22433]  getname_flags+0xb8/0x540
[ 1138.704902][T22433]  do_sys_openat2+0xbc/0x1c0
[ 1138.704914][T22433]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1138.704932][T22433]  __se_sys_openat2+0x226/0x2c0
[ 1138.704944][T22433]  ? __pfx___se_sys_openat2+0x10/0x10
[ 1138.704958][T22433]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1138.704974][T22433]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1138.704988][T22433]  __do_fast_syscall_32+0xb6/0x2b0
[ 1138.704998][T22433]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1138.705013][T22433]  do_fast_syscall_32+0x34/0x80
[ 1138.705022][T22433]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1138.705040][T22433] RIP: 0023:0xf70dd539
[ 1138.705056][T22433] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1138.705070][T22433] RSP: 002b:00000000f54cd55c EFLAGS: 00000206 ORIG_RAX: 00000000000001b5
[ 1138.705084][T22433] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000140
[ 1138.705091][T22433] RDX: 0000000080000300 RSI: 0000000000000018 RDI: 0000000000000000
[ 1138.705098][T22433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1138.705104][T22433] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1138.705110][T22433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1138.705125][T22433]  </TASK>
[ 1138.817448][T14244] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[ 1139.069936][T14244] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1139.081965][T14244] usb 4-1: config 0 has no interface number 0
[ 1139.098753][T14244] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1139.111666][T14244] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1139.123032][T14244] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1139.135547][T14244] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04
[ 1139.145009][T14244] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1139.160067][T14244] usb 4-1: Product: syz
[ 1139.164430][T14244] usb 4-1: SerialNumber: syz
[ 1139.183924][T14244] usb 4-1: config 0 descriptor??
[ 1139.214717][T14244] cm109 4-1:0.8: invalid payload size 0, expected 4
[ 1139.231658][T14244] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input109
[ 1139.589060][T14244] usb 3-1: new low-speed USB device number 17 using dummy_hcd
[ 1139.759791][T14244] usb 3-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1139.770392][T14244] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[ 1139.778761][T14244] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1139.788148][T14244] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1139.804186][T14244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt
[ 1139.816216][T14244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1139.827250][T14244] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1139.844163][T14244] usb 3-1: string descriptor 0 read error: -22
[ 1139.850833][T14244] usb 3-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1139.860130][T14244] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1139.875021][T14244] usb 3-1: config 0 descriptor??
[ 1139.890019][T14244] hub 3-1:0.0: bad descriptor, ignoring hub
[ 1139.902157][T14244] hub 3-1:0.0: probe with driver hub failed with error -5
[ 1139.922511][T14244] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input110
[ 1139.965595][T14244] input: failed to attach handler mousedev to device input110, error: -5
[ 1140.089624][T14227] usb 3-1: USB disconnect, device number 17
[ 1140.622272][T22473] fuse: Unknown parameter 'group_id00000000000000000000'
[ 1140.679154][T22473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1140.690950][T22473] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1141.049104][T22484] netlink: 392 bytes leftover after parsing attributes in process `syz.4.4583'.
[ 1141.504646][T22494] nvme_fabrics: missing parameter 'transport=%s'
[ 1141.511631][T22494] nvme_fabrics: missing parameter 'nqn=%s'
[ 1141.869830][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.877029][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.884474][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.893353][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.900584][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.907747][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.914873][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.922011][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.929101][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.936133][T14244] usb 4-1: USB disconnect, device number 37
[ 1141.942169][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1141.942185][    C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1141.979573][T14244] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1142.367509][T22509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1142.379713][T22509] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1142.927444][T14244] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[ 1143.079614][T14244] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1143.097169][T14244] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1143.106510][T14244] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[ 1143.131351][T14244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1143.144735][T14244] usb 4-1: config 0 descriptor??
[ 1143.157480][T14227] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[ 1143.351176][T14227] usb 1-1: config 0 has an invalid interface number: 197 but max is 0
[ 1143.397520][T14227] usb 1-1: config 0 has no interface number 0
[ 1143.411677][T14227] usb 1-1: config 0 interface 197 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8
[ 1143.446913][T14227] usb 1-1: config 0 interface 197 altsetting 0 endpoint 0xC has invalid maxpacket 1023, setting to 64
[ 1143.462824][T14227] usb 1-1: config 0 interface 197 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024
[ 1143.483837][T14227] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42
[ 1143.494428][T14227] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1143.504235][T14227] usb 1-1: Product: syz
[ 1143.508732][T14227] usb 1-1: Manufacturer: syz
[ 1143.514380][T14227] usb 1-1: SerialNumber: syz
[ 1143.530844][T14227] usb 1-1: config 0 descriptor??
[ 1143.542075][T22516] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1143.550354][T22516] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1143.726003][T22535] FAULT_INJECTION: forcing a failure.
[ 1143.726003][T22535] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1143.767632][T22535] CPU: 1 UID: 0 PID: 22535 Comm: syz.3.4591 Not tainted syzkaller #0 PREEMPT(full) 
[ 1143.767657][T22535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1143.767668][T22535] Call Trace:
[ 1143.767680][T22535]  <TASK>
[ 1143.767688][T22535]  dump_stack_lvl+0x189/0x250
[ 1143.767719][T22535]  ? __pfx____ratelimit+0x10/0x10
[ 1143.767742][T22535]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1143.767761][T22535]  ? __pfx__printk+0x10/0x10
[ 1143.767779][T22535]  ? __might_fault+0xb0/0x130
[ 1143.767811][T22535]  should_fail_ex+0x414/0x560
[ 1143.767847][T22535]  _copy_from_user+0x2d/0xb0
[ 1143.767878][T22535]  sock_do_ioctl+0x1dc/0x300
[ 1143.767912][T22535]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1143.767949][T22535]  compat_sock_ioctl+0xb8d/0xc80
[ 1143.767989][T22535]  ? __pfx_compat_sock_ioctl+0x10/0x10
[ 1143.768022][T22535]  ? __fget_files+0x3a0/0x420
[ 1143.768042][T22535]  ? __fget_files+0x2a/0x420
[ 1143.768060][T22535]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1143.768094][T22535]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1143.768122][T22535]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1143.768141][T22535]  ? __fget_files+0x3a0/0x420
[ 1143.768169][T22535]  ? fput+0xa0/0xd0
[ 1143.768186][T22535]  ? ksys_write+0x22a/0x250
[ 1143.768205][T22535]  ? exc_page_fault+0x82/0x100
[ 1143.768238][T22535]  ? __pfx_ksys_write+0x10/0x10
[ 1143.768264][T22535]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1143.768301][T22535]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1143.768336][T22535]  __do_fast_syscall_32+0xb6/0x2b0
[ 1143.768369][T22535]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1143.768400][T22535]  do_fast_syscall_32+0x34/0x80
[ 1143.768414][T22535]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1143.768433][T22535] RIP: 0023:0xf6ffd539
[ 1143.768448][T22535] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1143.768466][T22535] RSP: 002b:00000000f53cc55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1143.768493][T22535] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000000008914
[ 1143.768513][T22535] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[ 1143.768534][T22535] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1143.768545][T22535] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1143.768565][T22535] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1143.768599][T22535]  </TASK>
[ 1144.012814][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1144.049680][T22516] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1144.057072][T22516] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[ 1144.146969][T14227] qmi_wwan 1-1:0.197: probe with driver qmi_wwan failed with error -22
[ 1144.384487][T22516] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4592'.
[ 1144.408935][T22516] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4592'.
[ 1144.434037][T14244] usb 1-1: USB disconnect, device number 41
[ 1145.539915][T22568] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1145.547945][T14244] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[ 1145.561409][T22568] mac80211_hwsim hwsim23 syzkaller0: entered promiscuous mode
[ 1145.571031][T22568] mac80211_hwsim hwsim23 syzkaller0: entered allmulticast mode
[ 1145.580636][T22568] tipc: Resetting bearer <eth:syzkaller0>
[ 1145.699131][T22568] binder: BINDER_SET_CONTEXT_MGR already set
[ 1145.709710][T14240] usb 4-1: USB disconnect, device number 38
[ 1145.722935][T22568] binder: 22567:22568 ioctl 4018620d 80000100 returned -16
[ 1145.736863][T22568] binder: BINDER_SET_CONTEXT_MGR already set
[ 1145.743686][T22568] binder: 22567:22568 ioctl 4018620d 80004a80 returned -16
[ 1145.757442][T14244] usb 1-1: Using ep0 maxpacket: 16
[ 1146.064085][T22580] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1146.232613][T22586] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4612'.
[ 1146.613299][   T44] tipc: Resetting bearer <eth:syzkaller0>
[ 1147.999042][T22613] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4618'.
[ 1148.376405][T14244] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1148.392590][T22616] loop6: detected capacity change from 0 to 7
[ 1148.407910][T14244] usb 1-1: no configurations
[ 1148.417608][T22616] Dev loop6: unable to read RDB block 7
[ 1148.423244][T14244] usb 1-1: can't read configurations, error -22
[ 1148.440105][T22616]  loop6: AHDI p1 p2 p4
[ 1148.449856][T22616] loop6: partition table partially beyond EOD, truncated
[ 1148.468758][T22616] loop6: p1 start 926365495 is beyond EOD, truncated
[ 1148.799934][T22643] netlink: 'syz.1.4626': attribute type 3 has an invalid length.
[ 1149.627620][T14244] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[ 1149.988929][T14244] usb 5-1: config 0 has an invalid interface number: 156 but max is 1
[ 1150.045290][T14244] usb 5-1: config 0 has no interface number 1
[ 1150.085759][T14244] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[ 1150.172826][T22660] netlink: 'syz.1.4631': attribute type 15 has an invalid length.
[ 1150.187372][T14244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.235802][T22660] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4631'.
[ 1150.286474][T14244] usb 5-1: config 0 descriptor??
[ 1150.363768][T14244] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1150.387523][T14244] usb 5-1: MIDIStreaming interface descriptor not found
[ 1150.539862][T14244] gspca_main: spca561-2.14.0 probing abcd:cdee
[ 1150.571813][T22676] FAULT_INJECTION: forcing a failure.
[ 1150.571813][T22676] name failslab, interval 1, probability 0, space 0, times 0
[ 1150.587870][T14244] spca561 5-1:0.0: probe with driver spca561 failed with error -22
[ 1150.619040][T14244] usb 5-1: USB disconnect, device number 41
[ 1150.625044][T22676] CPU: 1 UID: 0 PID: 22676 Comm: syz.1.4636 Not tainted syzkaller #0 PREEMPT(full) 
[ 1150.625059][T22676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1150.625066][T22676] Call Trace:
[ 1150.625071][T22676]  <TASK>
[ 1150.625076][T22676]  dump_stack_lvl+0x189/0x250
[ 1150.625095][T22676]  ? __pfx____ratelimit+0x10/0x10
[ 1150.625109][T22676]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1150.625122][T22676]  ? __pfx__printk+0x10/0x10
[ 1150.625135][T22676]  ? __pfx___might_resched+0x10/0x10
[ 1150.625146][T22676]  ? fs_reclaim_acquire+0x7d/0x100
[ 1150.625163][T22676]  should_fail_ex+0x414/0x560
[ 1150.625180][T22676]  should_failslab+0xa8/0x100
[ 1150.625192][T22676]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1150.625206][T22676]  ? __alloc_skb+0x112/0x2d0
[ 1150.625221][T22676]  ? __build_skb_around+0x262/0x3f0
[ 1150.625232][T22676]  __alloc_skb+0x112/0x2d0
[ 1150.625243][T22676]  tipc_buf_acquire+0x2b/0xe0
[ 1150.625258][T22676]  tipc_msg_build+0x785/0xcf0
[ 1150.625276][T22676]  ? __pfx_tipc_msg_build+0x10/0x10
[ 1150.625292][T22676]  ? net_generic+0x1e/0x240
[ 1150.625304][T22676]  ? net_generic+0x1e/0x240
[ 1150.625317][T22676]  ? tipc_group_bc_cong+0x15f/0x210
[ 1150.625330][T22676]  tipc_send_group_bcast+0x76c/0xa70
[ 1150.625353][T22676]  ? __pfx_tipc_send_group_bcast+0x10/0x10
[ 1150.625371][T22676]  ? arch_stack_walk+0xfc/0x150
[ 1150.625383][T22676]  ? __pfx_woken_wake_function+0x10/0x10
[ 1150.625404][T22676]  __tipc_sendmsg+0x2d7/0x2960
[ 1150.625427][T22676]  ? __pfx___tipc_sendmsg+0x10/0x10
[ 1150.625441][T22676]  ? aa_label_sk_perm+0x4cd/0x630
[ 1150.625459][T22676]  ? __pfx_aa_label_sk_perm+0x10/0x10
[ 1150.625482][T22676]  ? post_alloc_hook+0x253/0x2a0
[ 1150.625498][T22676]  ? __lock_acquire+0xab9/0xd20
[ 1150.625515][T22676]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1150.625526][T22676]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1150.625540][T22676]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1150.625550][T22676]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1150.625565][T22676]  tipc_sendmsg+0x55/0x70
[ 1150.625578][T22676]  ? __pfx_tipc_sendmsg+0x10/0x10
[ 1150.625590][T22676]  __sock_sendmsg+0x21c/0x270
[ 1150.625605][T22676]  ____sys_sendmsg+0x52d/0x830
[ 1150.625619][T22676]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1150.625638][T22676]  ___sys_sendmsg+0x21f/0x2a0
[ 1150.625649][T22676]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1150.625660][T22676]  ? __lock_acquire+0xab9/0xd20
[ 1150.625686][T22676]  ? __fget_files+0x2a/0x420
[ 1150.625695][T22676]  ? __fget_files+0x3a0/0x420
[ 1150.625709][T22676]  __sys_sendmmsg+0x28e/0x430
[ 1150.625723][T22676]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1150.625732][T22676]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 1150.625759][T22676]  ? ksys_write+0x22a/0x250
[ 1150.625771][T22676]  ? exc_page_fault+0x82/0x100
[ 1150.625783][T22676]  ? __pfx_ksys_write+0x10/0x10
[ 1150.625799][T22676]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1150.625812][T22676]  __do_fast_syscall_32+0xb6/0x2b0
[ 1150.625822][T22676]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1150.625837][T22676]  do_fast_syscall_32+0x34/0x80
[ 1150.625845][T22676]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1150.625857][T22676] RIP: 0023:0xf707d539
[ 1150.625867][T22676] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1150.625875][T22676] RSP: 002b:00000000f544c55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 1150.625887][T22676] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800030c0
[ 1150.625894][T22676] RDX: 0000000000000181 RSI: 0000000000000000 RDI: 0000000000000000
[ 1150.625901][T22676] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1150.625906][T22676] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1150.625912][T22676] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1150.625927][T22676]  </TASK>
[ 1150.992274][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1151.001192][T14240] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1151.197429][T14240] usb 4-1: Using ep0 maxpacket: 16
[ 1151.210588][T22671] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1151.616645][T22685] FAULT_INJECTION: forcing a failure.
[ 1151.616645][T22685] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1151.634204][T22685] CPU: 0 UID: 0 PID: 22685 Comm: syz.1.4639 Not tainted syzkaller #0 PREEMPT(full) 
[ 1151.634230][T22685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1151.634241][T22685] Call Trace:
[ 1151.634248][T22685]  <TASK>
[ 1151.634255][T22685]  dump_stack_lvl+0x189/0x250
[ 1151.634281][T22685]  ? __pfx____ratelimit+0x10/0x10
[ 1151.634302][T22685]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1151.634321][T22685]  ? __pfx__printk+0x10/0x10
[ 1151.634351][T22685]  should_fail_ex+0x414/0x560
[ 1151.634382][T22685]  copy_folio_from_iter_atomic+0x57d/0x1910
[ 1151.634405][T22685]  ? irqentry_exit+0x74/0x90
[ 1151.634450][T22685]  ? __pfx_copy_folio_from_iter_atomic+0x10/0x10
[ 1151.634480][T22685]  ? shmem_write_begin+0x15f/0x2b0
[ 1151.634509][T22685]  generic_perform_write+0x5df/0x900
[ 1151.634543][T22685]  ? __pfx_generic_perform_write+0x10/0x10
[ 1151.634561][T22685]  ? down_write+0x162/0x1f0
[ 1151.634586][T22685]  ? file_update_time+0x2da/0x490
[ 1151.634621][T22685]  shmem_file_write_iter+0xf8/0x120
[ 1151.634648][T22685]  do_iter_readv_writev+0x623/0x8c0
[ 1151.634681][T22685]  ? __pfx_do_iter_readv_writev+0x10/0x10
[ 1151.634703][T22685]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1151.634742][T22685]  vfs_writev+0x31a/0x960
[ 1151.634760][T22685]  ? vfs_write+0x956/0xb30
[ 1151.634790][T22685]  ? __pfx_vfs_writev+0x10/0x10
[ 1151.634806][T22685]  ? vfs_write+0x956/0xb30
[ 1151.634850][T22685]  ? count_memcg_event_mm+0x21/0x260
[ 1151.634884][T22685]  __ia32_compat_sys_pwritev2+0x227/0x320
[ 1151.634906][T22685]  ? __pfx___ia32_compat_sys_pwritev2+0x10/0x10
[ 1151.634929][T22685]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1151.634954][T22685]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.634979][T22685]  __do_fast_syscall_32+0xb6/0x2b0
[ 1151.634996][T22685]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1151.635027][T22685]  do_fast_syscall_32+0x34/0x80
[ 1151.635043][T22685]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1151.635064][T22685] RIP: 0023:0xf707d539
[ 1151.635080][T22685] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1151.635103][T22685] RSP: 002b:00000000f546d55c EFLAGS: 00000206 ORIG_RAX: 000000000000017b
[ 1151.635123][T22685] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000240
[ 1151.635136][T22685] RDX: 0000000000000014 RSI: 0000000000007000 RDI: 0000000000000000
[ 1151.635148][T22685] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[ 1151.635159][T22685] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1151.635169][T22685] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1151.635196][T22685]  </TASK>
[ 1152.487612][T14244] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[ 1152.529166][T22695] openvswitch: netlink: Port -1 exceeds max allowable 65535
[ 1152.657839][T14244] usb 3-1: Using ep0 maxpacket: 16
[ 1152.673050][T14244] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[ 1152.684377][T14244] usb 3-1: config 0 has no interface number 0
[ 1152.697650][T14244] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7
[ 1152.713464][T14244] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[ 1152.750779][T14244] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1152.775229][T14244] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1152.851566][T14244] usb 3-1: Product: syz
[ 1152.862619][T14244] usb 3-1: SerialNumber: syz
[ 1152.898972][T14244] usb 3-1: config 0 descriptor??
[ 1152.926298][T14244] cm109 3-1:0.8: invalid payload size 0, expected 4
[ 1152.978755][T14244] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input111
[ 1153.134666][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.141898][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.149334][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.156889][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.165854][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.173328][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.181499][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.189613][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.196958][T14244] usb 3-1: USB disconnect, device number 18
[ 1153.202993][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1153.203010][    C1] cm109 3-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1153.307526][T14230] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[ 1153.557424][T14230] usb 5-1: Using ep0 maxpacket: 16
[ 1153.661675][T14244] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1154.051990][T22722] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1154.375750][T22729] netlink: 392 bytes leftover after parsing attributes in process `syz.2.4651'.
[ 1154.470008][T14240] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1154.499527][T14240] usb 4-1: no configurations
[ 1154.516037][T14240] usb 4-1: can't read configurations, error -22
[ 1155.777417][T14244] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[ 1155.857425][T14240] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1155.961708][T14244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1156.068811][T14244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1156.087412][T14240] usb 4-1: Using ep0 maxpacket: 32
[ 1156.116038][T14240] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1156.137178][T14244] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1156.174149][T22759] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.4663'.
[ 1156.243620][T14230] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1156.251750][T14230] usb 5-1: no configurations
[ 1156.256328][T14230] usb 5-1: can't read configurations, error -22
[ 1156.281427][T14240] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.294548][T14244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1156.325745][T14240] usb 4-1: config 0 descriptor??
[ 1156.339829][T14244] usb 1-1: config 0 descriptor??
[ 1156.592277][T14240] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[ 1156.629554][T14240] usb 4-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[ 1156.731701][T14240] usb 4-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[ 1156.878140][T14244] cp2112 0003:10C4:EA90.0018: unknown main item tag 0x0
[ 1156.947670][T14230] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[ 1157.107996][T14230] usb 5-1: Using ep0 maxpacket: 16
[ 1157.162827][T14244] cp2112 0003:10C4:EA90.0018: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[ 1157.165080][T22765] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1157.287845][T14244] cp2112 0003:10C4:EA90.0018: error requesting version
[ 1157.296756][T14244] cp2112 0003:10C4:EA90.0018: probe with driver cp2112 failed with error -5
[ 1157.592977][T22755] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1158.277245][T22781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1158.295725][T22781] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1158.856681][T14227] usb 1-1: USB disconnect, device number 44
[ 1159.098326][T22797] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4674'.
[ 1159.175424][T22799] FAULT_INJECTION: forcing a failure.
[ 1159.175424][T22799] name failslab, interval 1, probability 0, space 0, times 0
[ 1159.188643][T22799] CPU: 0 UID: 0 PID: 22799 Comm: syz.3.4675 Not tainted syzkaller #0 PREEMPT(full) 
[ 1159.188668][T22799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1159.188675][T22799] Call Trace:
[ 1159.188680][T22799]  <TASK>
[ 1159.188685][T22799]  dump_stack_lvl+0x189/0x250
[ 1159.188706][T22799]  ? __pfx____ratelimit+0x10/0x10
[ 1159.188731][T22799]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1159.188751][T22799]  ? __pfx__printk+0x10/0x10
[ 1159.188772][T22799]  ? __pfx___might_resched+0x10/0x10
[ 1159.188796][T22799]  should_fail_ex+0x414/0x560
[ 1159.188824][T22799]  should_failslab+0xa8/0x100
[ 1159.188843][T22799]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1159.188867][T22799]  ? __alloc_skb+0x112/0x2d0
[ 1159.188882][T22799]  ? __pfx_nf_tables_abort+0x10/0x10
[ 1159.188908][T22799]  __alloc_skb+0x112/0x2d0
[ 1159.188929][T22799]  netlink_ack+0x146/0xa50
[ 1159.188953][T22799]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[ 1159.188984][T22799]  nfnetlink_rcv+0x2309/0x2590
[ 1159.189042][T22799]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1159.189110][T22799]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[ 1159.189135][T22799]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1159.189169][T22799]  netlink_unicast+0x82f/0x9e0
[ 1159.189202][T22799]  ? __pfx_netlink_unicast+0x10/0x10
[ 1159.189228][T22799]  ? netlink_sendmsg+0x642/0xb30
[ 1159.189244][T22799]  ? skb_put+0x11b/0x210
[ 1159.189264][T22799]  netlink_sendmsg+0x805/0xb30
[ 1159.189292][T22799]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1159.189313][T22799]  ? __import_iovec+0x5d4/0x7f0
[ 1159.189331][T22799]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1159.189356][T22799]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1159.189372][T22799]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1159.189389][T22799]  __sock_sendmsg+0x21c/0x270
[ 1159.189414][T22799]  ____sys_sendmsg+0x505/0x830
[ 1159.189438][T22799]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1159.189473][T22799]  ___sys_sendmsg+0x21f/0x2a0
[ 1159.189495][T22799]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1159.189549][T22799]  ? __fget_files+0x2a/0x420
[ 1159.189564][T22799]  ? __fget_files+0x3a0/0x420
[ 1159.189590][T22799]  __sys_sendmsg+0x164/0x220
[ 1159.189612][T22799]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1159.189645][T22799]  ? __pfx_ksys_write+0x10/0x10
[ 1159.189672][T22799]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1159.189699][T22799]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1159.189725][T22799]  __do_fast_syscall_32+0xb6/0x2b0
[ 1159.189741][T22799]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1159.189768][T22799]  do_fast_syscall_32+0x34/0x80
[ 1159.189785][T22799]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1159.189806][T22799] RIP: 0023:0xf6ffd539
[ 1159.189822][T22799] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1159.189837][T22799] RSP: 002b:00000000f53ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1159.189857][T22799] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080009b40
[ 1159.189870][T22799] RDX: 0000000020008040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1159.189882][T22799] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1159.189893][T22799] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1159.189904][T22799] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1159.189932][T22799]  </TASK>
[ 1159.617621][T14227] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[ 1159.767439][T14227] usb 1-1: Using ep0 maxpacket: 32
[ 1159.774300][T14227] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1159.785771][T14227] usb 1-1: config 0 has no interfaces?
[ 1159.791620][T14227] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[ 1159.800986][T14227] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1159.845668][T14227] usb 1-1: config 0 descriptor??
[ 1159.968861][T14230] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1160.029155][T14230] usb 5-1: no configurations
[ 1160.136069][T14230] usb 5-1: can't read configurations, error -22
[ 1160.174558][T14230] usb usb5-port1: attempt power cycle
[ 1160.288264][T22823] netlink: 200 bytes leftover after parsing attributes in process `syz.4.4683'.
[ 1161.156132][T22841] fuse: Bad value for 'fd'
[ 1161.532129][T22851] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4673'.
[ 1161.704073][T22856] FAULT_INJECTION: forcing a failure.
[ 1161.704073][T22856] name failslab, interval 1, probability 0, space 0, times 0
[ 1161.773050][T22856] CPU: 1 UID: 0 PID: 22856 Comm: syz.4.4690 Not tainted syzkaller #0 PREEMPT(full) 
[ 1161.773068][T22856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1161.773074][T22856] Call Trace:
[ 1161.773079][T22856]  <TASK>
[ 1161.773084][T22856]  dump_stack_lvl+0x189/0x250
[ 1161.773103][T22856]  ? __pfx____ratelimit+0x10/0x10
[ 1161.773117][T22856]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1161.773129][T22856]  ? __pfx__printk+0x10/0x10
[ 1161.773142][T22856]  ? __pfx___might_resched+0x10/0x10
[ 1161.773156][T22856]  should_fail_ex+0x414/0x560
[ 1161.773174][T22856]  should_failslab+0xa8/0x100
[ 1161.773185][T22856]  __kmalloc_node_track_caller_noprof+0xcd/0x800
[ 1161.773202][T22856]  ? kasprintf+0xd4/0x120
[ 1161.773219][T22856]  kvasprintf+0xdc/0x190
[ 1161.773229][T22856]  ? nf_tables_newset+0x136f/0x2540
[ 1161.773241][T22856]  ? nfnetlink_rcv+0x11d9/0x2590
[ 1161.773253][T22856]  ? netlink_unicast+0x82f/0x9e0
[ 1161.773267][T22856]  ? __pfx_kvasprintf+0x10/0x10
[ 1161.773277][T22856]  ? __sys_sendmsg+0x164/0x220
[ 1161.773298][T22856]  kasprintf+0xd4/0x120
[ 1161.773313][T22856]  ? __pfx_kasprintf+0x10/0x10
[ 1161.773332][T22856]  nf_tables_set_alloc_name+0x109/0x720
[ 1161.773349][T22856]  ? rcu_is_watching+0x15/0xb0
[ 1161.773367][T22856]  ? trace_kmalloc+0x1f/0xd0
[ 1161.773379][T22856]  ? __pfx_nf_tables_set_alloc_name+0x10/0x10
[ 1161.773392][T22856]  ? nla_strdup+0xb8/0x140
[ 1161.773408][T22856]  nf_tables_newset+0x1390/0x2540
[ 1161.773426][T22856]  ? __pfx_nf_tables_newset+0x10/0x10
[ 1161.773448][T22856]  ? __nla_parse+0x40/0x60
[ 1161.773460][T22856]  nfnetlink_rcv+0x11d9/0x2590
[ 1161.773491][T22856]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1161.773530][T22856]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1161.773549][T22856]  netlink_unicast+0x82f/0x9e0
[ 1161.773567][T22856]  ? __pfx_netlink_unicast+0x10/0x10
[ 1161.773583][T22856]  ? netlink_sendmsg+0x642/0xb30
[ 1161.773592][T22856]  ? skb_put+0x11b/0x210
[ 1161.773604][T22856]  netlink_sendmsg+0x805/0xb30
[ 1161.773618][T22856]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1161.773629][T22856]  ? __import_iovec+0x5d4/0x7f0
[ 1161.773640][T22856]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1161.773655][T22856]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1161.773665][T22856]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1161.773676][T22856]  __sock_sendmsg+0x21c/0x270
[ 1161.773690][T22856]  ____sys_sendmsg+0x505/0x830
[ 1161.773704][T22856]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1161.773723][T22856]  ___sys_sendmsg+0x21f/0x2a0
[ 1161.773734][T22856]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1161.773764][T22856]  ? __fget_files+0x2a/0x420
[ 1161.773773][T22856]  ? __fget_files+0x3a0/0x420
[ 1161.773787][T22856]  __sys_sendmsg+0x164/0x220
[ 1161.773798][T22856]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1161.773813][T22856]  ? __pfx_ksys_write+0x10/0x10
[ 1161.773828][T22856]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1161.773844][T22856]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1161.773858][T22856]  __do_fast_syscall_32+0xb6/0x2b0
[ 1161.773868][T22856]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1161.773882][T22856]  do_fast_syscall_32+0x34/0x80
[ 1161.773891][T22856]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1161.773903][T22856] RIP: 0023:0xf70fd539
[ 1161.773912][T22856] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1161.773921][T22856] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1161.773933][T22856] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1161.773940][T22856] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1161.773945][T22856] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1161.773951][T22856] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1161.773957][T22856] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1161.773972][T22856]  </TASK>
[ 1162.145380][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1162.578398][T22864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1162.590899][T22864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1162.678218][T14244] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[ 1162.878727][T14244] usb 5-1: Using ep0 maxpacket: 16
[ 1162.893325][T14244] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1162.910668][T22868] netlink: 'syz.1.4694': attribute type 6 has an invalid length.
[ 1162.918699][T14244] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1162.948112][T14244] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1162.972003][T14244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1162.997756][T14244] usb 5-1: Product: syz
[ 1163.012109][T14244] usb 5-1: Manufacturer: syz
[ 1163.025684][T14244] usb 5-1: SerialNumber: syz
[ 1163.250717][T14244] usb 5-1: 0:2 : does not exist
[ 1163.309529][T14244] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[ 1163.401047][T14244] usb 5-1: USB disconnect, device number 45
[ 1163.493527][ T6196] udevd[6196]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[ 1163.675315][T14230] usb 1-1: USB disconnect, device number 45
[ 1164.207529][T14243] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[ 1164.309359][T22917] netlink: 392 bytes leftover after parsing attributes in process `syz.1.4705'.
[ 1164.369516][T14244] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[ 1164.448417][T14243] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1164.457506][T14243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1164.496142][T14243] usb 5-1: config 0 descriptor??
[ 1164.518208][T14243] gspca_main: STV06xx-2.14.0 probing 046d:0870
[ 1164.557715][T14244] usb 3-1: device descriptor read/64, error -71
[ 1164.807488][T14244] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[ 1164.967577][T14244] usb 3-1: device descriptor read/64, error -71
[ 1165.077910][T14244] usb usb3-port1: attempt power cycle
[ 1165.155438][T14243] usb 5-1: USB disconnect, device number 46
[ 1165.374724][T22945] netlink: 'syz.4.4716': attribute type 5 has an invalid length.
[ 1165.450880][T22944] netlink: 'syz.1.4717': attribute type 18 has an invalid length.
[ 1165.459069][T14244] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[ 1165.476858][T22945] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4716'.
[ 1165.497905][T14244] usb 3-1: device descriptor read/8, error -71
[ 1165.747553][T14244] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[ 1165.777974][T14244] usb 3-1: device descriptor read/8, error -71
[ 1165.898368][T14244] usb usb3-port1: unable to enumerate USB device
[ 1166.361260][T22963] wireguard0: entered promiscuous mode
[ 1166.382348][T22963] wireguard0: entered allmulticast mode
[ 1166.416540][T22965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4723'.
[ 1166.443595][T22965] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4723'.
[ 1166.464956][T22965] netlink: 'syz.1.4723': attribute type 7 has an invalid length.
[ 1166.473899][T22965] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4723'.
[ 1166.511905][T22967] fuse: Unknown parameter 'n'
[ 1166.531926][   T36] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[ 1166.542422][   T36] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[ 1166.560233][   T36] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[ 1167.211723][T22985] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4730'.
[ 1167.250204][T22989] fuse: Bad value for 'fd'
[ 1167.480501][T22999] FAULT_INJECTION: forcing a failure.
[ 1167.480501][T22999] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1167.495087][T22999] CPU: 0 UID: 0 PID: 22999 Comm: syz.3.4736 Not tainted syzkaller #0 PREEMPT(full) 
[ 1167.495110][T22999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1167.495122][T22999] Call Trace:
[ 1167.495130][T22999]  <TASK>
[ 1167.495138][T22999]  dump_stack_lvl+0x189/0x250
[ 1167.495165][T22999]  ? __pfx____ratelimit+0x10/0x10
[ 1167.495189][T22999]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1167.495211][T22999]  ? __pfx__printk+0x10/0x10
[ 1167.495237][T22999]  should_fail_ex+0x414/0x560
[ 1167.495266][T22999]  _copy_to_user+0x31/0xb0
[ 1167.495289][T22999]  simple_read_from_buffer+0xe1/0x170
[ 1167.495319][T22999]  proc_fail_nth_read+0x1b3/0x220
[ 1167.495344][T22999]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1167.495368][T22999]  ? rw_verify_area+0x2a6/0x4d0
[ 1167.495390][T22999]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1167.495413][T22999]  vfs_read+0x200/0xa30
[ 1167.495443][T22999]  ? __pfx_vfs_read+0x10/0x10
[ 1167.495462][T22999]  ? __sys_bpf+0x537/0x860
[ 1167.495481][T22999]  ? __pfx___sys_bpf+0x10/0x10
[ 1167.495513][T22999]  ksys_read+0x145/0x250
[ 1167.495533][T22999]  ? exc_page_fault+0x82/0x100
[ 1167.495557][T22999]  ? __pfx_ksys_read+0x10/0x10
[ 1167.495582][T22999]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1167.495607][T22999]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1167.495632][T22999]  __do_fast_syscall_32+0xb6/0x2b0
[ 1167.495649][T22999]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1167.495676][T22999]  do_fast_syscall_32+0x34/0x80
[ 1167.495693][T22999]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1167.495714][T22999] RIP: 0023:0xf6ffd539
[ 1167.495729][T22999] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1167.495745][T22999] RSP: 002b:00000000f53ed590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1167.495764][T22999] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53ed620
[ 1167.495776][T22999] RDX: 000000000000000f RSI: 00000000f7396ff4 RDI: 0000000000000000
[ 1167.495787][T22999] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1167.495797][T22999] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1167.495808][T22999] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1167.495836][T22999]  </TASK>
[ 1167.716977][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1167.748197][T14244] usb 3-1: new full-speed USB device number 23 using dummy_hcd
[ 1167.800348][T23005] FAULT_INJECTION: forcing a failure.
[ 1167.800348][T23005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1167.813483][T23005] CPU: 0 UID: 0 PID: 23005 Comm: syz.4.4737 Not tainted syzkaller #0 PREEMPT(full) 
[ 1167.813498][T23005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1167.813505][T23005] Call Trace:
[ 1167.813511][T23005]  <TASK>
[ 1167.813516][T23005]  dump_stack_lvl+0x189/0x250
[ 1167.813534][T23005]  ? __pfx____ratelimit+0x10/0x10
[ 1167.813548][T23005]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1167.813561][T23005]  ? __pfx__printk+0x10/0x10
[ 1167.813577][T23005]  should_fail_ex+0x414/0x560
[ 1167.813594][T23005]  strncpy_from_user+0x36/0x290
[ 1167.813611][T23005]  getname_flags+0xf3/0x540
[ 1167.813623][T23005]  path_removexattrat+0x151/0x690
[ 1167.813638][T23005]  ? __pfx_path_removexattrat+0x10/0x10
[ 1167.813648][T23005]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 1167.813663][T23005]  ? __pfx_vfs_write+0x10/0x10
[ 1167.813688][T23005]  ? exc_page_fault+0x82/0x100
[ 1167.813701][T23005]  ? __pfx_ksys_write+0x10/0x10
[ 1167.813715][T23005]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1167.813731][T23005]  __ia32_sys_removexattr+0x61/0x70
[ 1167.813742][T23005]  __do_fast_syscall_32+0xb6/0x2b0
[ 1167.813752][T23005]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1167.813767][T23005]  do_fast_syscall_32+0x34/0x80
[ 1167.813776][T23005]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1167.813788][T23005] RIP: 0023:0xf70fd539
[ 1167.813797][T23005] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1167.813806][T23005] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 00000000000000eb
[ 1167.813817][T23005] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000080000600
[ 1167.813824][T23005] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1167.813830][T23005] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1167.813842][T23005] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1167.813848][T23005] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1167.813863][T23005]  </TASK>
[ 1167.877499][   T44] wlan0: Trigger new scan to find an IBSS to join
[ 1167.881370][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1167.969205][T14244] usb 3-1: device descriptor read/64, error -71
[ 1167.972332][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1168.008867][T23012] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4738'.
[ 1168.051233][T23002] =======================================================
[ 1168.051233][T23002] WARNING: The mand mount option has been deprecated and
[ 1168.051233][T23002]          and is ignored by this kernel. Remove the mand
[ 1168.051233][T23002]          option from the mount to silence this warning.
[ 1168.051233][T23002] =======================================================
[ 1168.086040][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1168.347674][T14244] usb 3-1: new full-speed USB device number 24 using dummy_hcd
[ 1168.487538][T14244] usb 3-1: device descriptor read/64, error -71
[ 1168.716854][T14244] usb usb3-port1: attempt power cycle
[ 1168.729232][T23027] ip6gretap0: entered promiscuous mode
[ 1168.762425][T23027] macsec1: entered promiscuous mode
[ 1168.805045][T23027] ip6gretap0: left promiscuous mode
[ 1168.852531][T23038] netlink: 52 bytes leftover after parsing attributes in process `syz.0.4747'.
[ 1168.885579][T23039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4748'.
[ 1168.910403][T23037] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4745'.
[ 1168.921127][T23039] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4748'.
[ 1168.941889][T23039] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1168.951287][T23039] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1169.010303][T23038] team0: Port device vlan3 added
[ 1169.058483][T14244] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[ 1169.128225][T14244] usb 3-1: device descriptor read/8, error -71
[ 1169.367519][T14244] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[ 1169.397894][T14244] usb 3-1: device descriptor read/8, error -71
[ 1169.523814][T14244] usb usb3-port1: unable to enumerate USB device
[ 1169.719250][T23074] fuse: Unknown parameter 'r��0x0000000000000006'
[ 1170.720253][T23102] __nla_validate_parse: 4 callbacks suppressed
[ 1170.720266][T23102] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4765'.
[ 1170.797452][T14244] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1170.967500][T14244] usb 3-1: Using ep0 maxpacket: 32
[ 1170.980395][T14244] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[ 1170.998585][T14244] usb 3-1: config 0 has no interface number 0
[ 1171.031203][T14244] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1171.049826][T14244] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1171.072441][T14244] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1171.101425][T14244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1171.128158][T14244] usb 3-1: config 0 descriptor??
[ 1171.267857][T23109] CUSE: unknown device info "�"
[ 1171.273097][T23109] CUSE: unknown device info "�"
[ 1171.278187][T23109] CUSE: unknown device info ""
[ 1171.285175][T23109] CUSE: unknown device info "�"
[ 1171.290587][T23109] CUSE: zero length info key specified
[ 1171.436536][T23113] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1171.910108][T23128] fuse: Bad value for 'fd'
[ 1171.959079][T23132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1171.973815][T23131] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4772'.
[ 1171.983281][T23132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1172.187449][T14243] usb 5-1: new full-speed USB device number 47 using dummy_hcd
[ 1172.327651][T14243] usb 5-1: device descriptor read/64, error -71
[ 1172.342858][T23119] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4773'.
[ 1172.589363][T14243] usb 5-1: new full-speed USB device number 48 using dummy_hcd
[ 1172.798614][T14243] usb 5-1: device descriptor read/64, error -71
[ 1172.908348][ T1333] wlan0: Trigger new scan to find an IBSS to join
[ 1172.948188][T14243] usb usb5-port1: attempt power cycle
[ 1173.174192][T23147] netlink: 392 bytes leftover after parsing attributes in process `syz.0.4779'.
[ 1173.293530][T14243] usb 5-1: new full-speed USB device number 49 using dummy_hcd
[ 1173.338141][T14243] usb 5-1: device descriptor read/8, error -71
[ 1173.441290][   T30] audit: type=1326 audit(1763234004.207:3059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23148 comm="syz.1.4780" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000
[ 1173.546514][   T30] audit: type=1326 audit(1763234004.207:3060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23148 comm="syz.1.4780" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000
[ 1173.600500][   T30] audit: type=1326 audit(1763234004.237:3061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23148 comm="syz.1.4780" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf707d539 code=0x7ffc0000
[ 1173.654658][   T30] audit: type=1326 audit(1763234004.237:3062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23148 comm="syz.1.4780" exe="/root/syz-executor" sig=0 arch=40000003 syscall=90 compat=1 ip=0x80000006 code=0x7ffc0000
[ 1173.686754][T14243] usb 5-1: new full-speed USB device number 50 using dummy_hcd
[ 1173.724833][T14244] usbhid 3-1:0.1: can't add hid device: -71
[ 1173.729804][   T30] audit: type=1326 audit(1763234004.237:3063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23148 comm="syz.1.4780" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000
[ 1173.757552][T14244] usbhid 3-1:0.1: probe with driver usbhid failed with error -71
[ 1173.808067][T14243] usb 5-1: device descriptor read/8, error -71
[ 1173.816953][T14244] usb 3-1: USB disconnect, device number 27
[ 1173.839090][T23156] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4781'.
[ 1173.877433][   T30] audit: type=1326 audit(1763234004.237:3064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23148 comm="syz.1.4780" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707d539 code=0x7ffc0000
[ 1173.911091][T23154] --map-set only usable from mangle table
[ 1173.918733][T14243] usb usb5-port1: unable to enumerate USB device
[ 1173.937254][   T30] audit: type=1800 audit(1763234004.647:3065): pid=23157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4781" name="bus" dev="tmpfs" ino=1906 res=0 errno=0
[ 1174.002663][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1174.842092][T23177] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4785'.
[ 1175.019445][T23184] netlink: 'syz.4.4788': attribute type 46 has an invalid length.
[ 1175.031598][T23184] netlink: 'syz.4.4788': attribute type 19 has an invalid length.
[ 1175.337544][T14230] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[ 1175.517157][T14230] usb 5-1: Using ep0 maxpacket: 32
[ 1175.522864][T23186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4789'.
[ 1175.534509][T14230] usb 5-1: config 0 has an invalid interface number: 195 but max is 0
[ 1175.548074][T14230] usb 5-1: config 0 has no interface number 0
[ 1175.554976][T14230] usb 5-1: config 0 interface 195 has no altsetting 0
[ 1175.578260][T14230] usb 5-1: New USB device found, idVendor=1b80, idProduct=e309, bcdDevice=5c.6b
[ 1175.589279][T14230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1175.599835][T14230] usb 5-1: Product: syz
[ 1175.600272][T23186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4789'.
[ 1175.604087][T14230] usb 5-1: Manufacturer: syz
[ 1175.624500][T14230] usb 5-1: SerialNumber: syz
[ 1175.645420][T14230] usb 5-1: config 0 descriptor??
[ 1175.673705][T14230] em28xx 5-1:0.195: New device syz syz @ 480 Mbps (1b80:e309, interface 195, class 195)
[ 1175.684486][T23186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1175.719071][T23186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1175.742529][T14230] em28xx 5-1:0.195: Video interface 195 found: bulk
[ 1175.761126][T23186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4789'.
[ 1175.872072][T23184] netlink: 'syz.4.4788': attribute type 46 has an invalid length.
[ 1175.892310][T23184] netlink: 'syz.4.4788': attribute type 19 has an invalid length.
[ 1175.997814][T14230] em28xx 5-1:0.195: unknown em28xx chip ID (0)
[ 1176.079365][T14230] em28xx 5-1:0.195: reading from i2c device at 0xa0 failed (error=-5)
[ 1176.097851][T14230] em28xx 5-1:0.195: board has no eeprom
[ 1176.167391][T14230] em28xx 5-1:0.195: Identified as Easy Cap Capture DC-60 (card=64)
[ 1176.203767][T14230] em28xx 5-1:0.195: analog set to bulk mode.
[ 1176.227657][T14227] em28xx 5-1:0.195: Registering V4L2 extension
[ 1176.258613][T14230] usb 5-1: USB disconnect, device number 51
[ 1176.276996][T14230] em28xx 5-1:0.195: Disconnecting em28xx
[ 1176.375169][T14231] hid (null): unknown global tag 0xe
[ 1176.401105][T14231] hid-generic 5335:0004:07FF.0019: ignoring exceeding usage max
[ 1176.418271][T14231] hid-generic 5335:0004:07FF.0019: unknown main item tag 0x0
[ 1176.444057][T14231] hid-generic 5335:0004:07FF.0019: reserved main item tag 0xe
[ 1176.460247][T14231] hid-generic 5335:0004:07FF.0019: unknown main item tag 0x4
[ 1176.482634][T14231] hid-generic 5335:0004:07FF.0019: unknown main item tag 0x0
[ 1176.494966][T14227] em28xx 5-1:0.195: Config register raw data: 0xffffffed
[ 1176.509384][T14231] hid-generic 5335:0004:07FF.0019: collection stack underflow
[ 1176.520551][T14227] em28xx 5-1:0.195: AC97 chip type couldn't be determined
[ 1176.547523][T14231] hid-generic 5335:0004:07FF.0019: item 0 2 0 12 parsing failed
[ 1176.555817][T14227] em28xx 5-1:0.195: No AC97 audio processor
[ 1176.573676][T14231] hid-generic 5335:0004:07FF.0019: probe with driver hid-generic failed with error -22
[ 1176.606013][T14227] usb 5-1: Decoder not found
[ 1176.616201][T23211] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4793'.
[ 1176.630939][T14227] em28xx 5-1:0.195: failed to create media graph
[ 1176.646434][T14227] em28xx 5-1:0.195: V4L2 device video103 deregistered
[ 1176.720957][T14227] em28xx 5-1:0.195: Remote control support is not available for this card.
[ 1176.741715][T14230] em28xx 5-1:0.195: Closing input extension
[ 1176.790184][T23214] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4797'.
[ 1176.845659][T14230] em28xx 5-1:0.195: Freeing device
[ 1176.993214][T23217] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4798'.
[ 1177.004310][T23217] netlink: 'syz.1.4798': attribute type 6 has an invalid length.
[ 1177.035444][T23217] netlink: 'syz.1.4798': attribute type 5 has an invalid length.
[ 1177.062497][T23217] netlink: 'syz.1.4798': attribute type 4 has an invalid length.
[ 1177.273436][T23226] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1177.283995][T23226] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1177.311779][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.318940][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.454001][T23232] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4804'.
[ 1177.455158][T23231] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4804'.
[ 1177.497447][T14230] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[ 1177.648295][T14230] usb 1-1: Using ep0 maxpacket: 32
[ 1177.666082][T14230] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1177.692143][T14230] usb 1-1: config 128 has an invalid interface number: 127 but max is 3
[ 1177.702823][T14230] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[ 1177.714778][T14230] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4
[ 1177.728297][T14230] usb 1-1: config 128 has no interface number 0
[ 1177.735303][T14230] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 55, changing to 9
[ 1177.747929][T14230] usb 1-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid maxpacket 8496, setting to 1024
[ 1177.761158][T14230] usb 1-1: config 128 interface 127 has no altsetting 0
[ 1177.774290][T14230] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[ 1177.784478][T14230] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1177.796530][T14230] usb 1-1: Product: syz
[ 1177.802538][T14230] usb 1-1: Manufacturer: syz
[ 1177.808749][T14230] usb 1-1: SerialNumber: syz
[ 1177.933682][T23244] tipc: Enabling of bearer <udp:s> rejected, already enabled
[ 1178.033481][T23224] fuse: Bad value for 'fd'
[ 1178.118683][T14230] usb 1-1: USB disconnect, device number 46
[ 1178.211936][ T6196] udevd[6196]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card4/controlC4/../uevent} for writing: No such file or directory
[ 1178.577431][T14243] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[ 1178.642649][T23255] FAULT_INJECTION: forcing a failure.
[ 1178.642649][T23255] name failslab, interval 1, probability 0, space 0, times 0
[ 1178.685243][T23255] CPU: 0 UID: 0 PID: 23255 Comm: syz.0.4810 Not tainted syzkaller #0 PREEMPT(full) 
[ 1178.685269][T23255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1178.685280][T23255] Call Trace:
[ 1178.685288][T23255]  <TASK>
[ 1178.685297][T23255]  dump_stack_lvl+0x189/0x250
[ 1178.685323][T23255]  ? __pfx____ratelimit+0x10/0x10
[ 1178.685338][T23255]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1178.685350][T23255]  ? __pfx__printk+0x10/0x10
[ 1178.685363][T23255]  ? __pfx___might_resched+0x10/0x10
[ 1178.685377][T23255]  should_fail_ex+0x414/0x560
[ 1178.685394][T23255]  should_failslab+0xa8/0x100
[ 1178.685406][T23255]  __kmalloc_noprof+0xcb/0x7f0
[ 1178.685419][T23255]  ? kfree+0x4d/0x6d0
[ 1178.685429][T23255]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1178.685447][T23255]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1178.685461][T23255]  ? tomoyo_domain+0xd9/0x130
[ 1178.685480][T23255]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1178.685492][T23255]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1178.685506][T23255]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1178.685527][T23255]  ? __lock_acquire+0xab9/0xd20
[ 1178.685547][T23255]  ? __fget_files+0x2a/0x420
[ 1178.685562][T23255]  ? __fget_files+0x3a0/0x420
[ 1178.685575][T23255]  ? __fget_files+0x2a/0x420
[ 1178.685595][T23255]  security_file_ioctl_compat+0xcb/0x2d0
[ 1178.685618][T23255]  __ia32_compat_sys_ioctl+0x128/0x840
[ 1178.685642][T23255]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1178.685654][T23255]  ? __fget_files+0x3a0/0x420
[ 1178.685667][T23255]  ? fput+0xa0/0xd0
[ 1178.685679][T23255]  ? ksys_write+0x22a/0x250
[ 1178.685691][T23255]  ? exc_page_fault+0x82/0x100
[ 1178.685705][T23255]  ? __pfx_ksys_write+0x10/0x10
[ 1178.685719][T23255]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1178.685736][T23255]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1178.685750][T23255]  __do_fast_syscall_32+0xb6/0x2b0
[ 1178.685760][T23255]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1178.685775][T23255]  do_fast_syscall_32+0x34/0x80
[ 1178.685784][T23255]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1178.685796][T23255] RIP: 0023:0xf70dd539
[ 1178.685806][T23255] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1178.685816][T23255] RSP: 002b:00000000f54cd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1178.685828][T23255] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0044dff
[ 1178.685835][T23255] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[ 1178.685841][T23255] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1178.685846][T23255] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1178.685852][T23255] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1178.685868][T23255]  </TASK>
[ 1178.686216][T23255] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1179.188075][T14243] usb 5-1: Using ep0 maxpacket: 16
[ 1179.350105][T23259] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4812'.
[ 1179.418066][T23259] netem: unknown loss type 13
[ 1179.442384][T23259] netem: change failed
[ 1179.450244][T23262] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1179.789272][T23270] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4816'.
[ 1180.089133][T23285] xt_NFQUEUE: number of total queues is 0
[ 1180.402785][T23294] fuse: Bad value for 'fd'
[ 1180.707488][T14244] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[ 1180.896079][T14244] usb 3-1: device descriptor read/64, error -71
[ 1181.167511][T14244] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[ 1181.307513][T14244] usb 3-1: device descriptor read/64, error -71
[ 1181.418217][T14244] usb usb3-port1: attempt power cycle
[ 1181.807646][T14244] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[ 1181.838231][T14244] usb 3-1: device descriptor read/8, error -71
[ 1182.087492][T14244] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[ 1182.119002][T14244] usb 3-1: device descriptor read/8, error -71
[ 1182.230072][T14244] usb usb3-port1: unable to enumerate USB device
[ 1182.310699][T23315] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4829'.
[ 1182.521193][T14243] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1182.555356][T14243] usb 5-1: no configurations
[ 1182.565139][T14243] usb 5-1: can't read configurations, error -22
[ 1182.854171][T23321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4832'.
[ 1183.127443][T14230] usb 1-1: new full-speed USB device number 47 using dummy_hcd
[ 1183.300620][T14230] usb 1-1: config 0 has an invalid interface number: 139 but max is 0
[ 1183.318942][T14230] usb 1-1: config 0 has no interface number 0
[ 1183.336415][T14230] usb 1-1: config 0 interface 139 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1183.347531][T14230] usb 1-1: config 0 interface 139 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D
[ 1183.359325][T14230] usb 1-1: config 0 interface 139 altsetting 0 endpoint 0x8D has invalid maxpacket 14158, setting to 64
[ 1183.370795][T14230] usb 1-1: config 0 interface 139 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[ 1183.393863][T14230] usb 1-1: New USB device found, idVendor=0711, idProduct=0210, bcdDevice=fd.d6
[ 1183.407472][T14243] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[ 1183.414730][T14230] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.434474][T14230] usb 1-1: Product: syz
[ 1183.458892][T23334] syz.1.4836 (23334): /proc/23329/oom_adj is deprecated, please use /proc/23329/oom_score_adj instead.
[ 1183.472645][T14230] usb 1-1: Manufacturer: syz
[ 1183.479702][T14230] usb 1-1: SerialNumber: syz
[ 1183.487097][T14230] usb 1-1: config 0 descriptor??
[ 1183.507071][T23321] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1183.525193][T23321] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1183.558071][T23337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1183.567041][T23337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1183.602032][T14243] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[ 1183.626477][T14243] usb 5-1: config 0 has no interface number 0
[ 1183.648483][T14243] usb 5-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[ 1183.674156][T14243] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1183.682599][T14243] usb 5-1: Product: syz
[ 1183.686860][T14243] usb 5-1: Manufacturer: syz
[ 1183.696953][T14243] usb 5-1: SerialNumber: syz
[ 1183.715139][T14243] usb 5-1: config 0 descriptor??
[ 1183.765941][T23321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4832'.
[ 1184.146021][T14230] mct_u232 1-1:0.139: MCT U232 converter detected
[ 1184.188603][T14230] usb 1-1: MCT U232 converter now attached to ttyUSB0
[ 1184.285036][T14230] usb 1-1: USB disconnect, device number 47
[ 1184.310115][T14230] mct_u232 ttyUSB0: MCT U232 converter now disconnected from ttyUSB0
[ 1184.338045][T14230] mct_u232 1-1:0.139: device disconnected
[ 1184.342838][T23343] netlink: 'syz.4.4834': attribute type 10 has an invalid length.
[ 1184.356004][T23343] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[ 1184.378688][T23344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1184.387302][T23344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1184.578027][T23347] netlink: 'syz.0.4838': attribute type 4 has an invalid length.
[ 1184.630453][T23348] netlink: 'syz.0.4838': attribute type 4 has an invalid length.
[ 1184.988927][T23343] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[ 1185.064948][T23343] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[ 1186.479395][T14243] uvcvideo 5-1:0.64: Found UVC 0.08 device syz (046d:0823)
[ 1186.501116][T14243] uvcvideo 5-1:0.64: No valid video chain found.
[ 1186.537923][T14243] usb 5-1: USB disconnect, device number 53
[ 1186.755072][T23380] fuse: Bad value for 'fd'
[ 1186.987495][T14244] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[ 1187.097789][T23387] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4848'.
[ 1187.208912][T14244] usb 1-1: Using ep0 maxpacket: 16
[ 1187.410734][T23382] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1188.067645][T14227] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1188.250397][T14227] usb 3-1: config 169 has an invalid interface number: 157 but max is 2
[ 1188.267997][T14227] usb 3-1: config 169 has an invalid interface number: 124 but max is 2
[ 1188.292915][T14227] usb 3-1: config 169 has an invalid interface descriptor of length 8, skipping
[ 1188.337420][T14227] usb 3-1: config 169 contains an unexpected descriptor of type 0x2, skipping
[ 1188.380524][T14227] usb 3-1: config 169 has an invalid interface number: 200 but max is 2
[ 1188.447557][T14227] usb 3-1: config 169 has an invalid interface number: 3 but max is 2
[ 1188.491484][T14227] usb 3-1: config 169 has an invalid descriptor of length 128, skipping remainder of the config
[ 1188.579075][T14227] usb 3-1: config 169 has 4 interfaces, different from the descriptor's value: 3
[ 1188.622004][T14227] usb 3-1: config 169 has no interface number 0
[ 1188.662286][T14227] usb 3-1: config 169 has no interface number 1
[ 1188.698076][T14227] usb 3-1: config 169 has no interface number 2
[ 1188.739540][T14227] usb 3-1: config 169 interface 157 altsetting 2 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[ 1188.844430][T14227] usb 3-1: config 169 interface 157 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1188.918096][T13598] wlan0: Trigger new scan to find an IBSS to join
[ 1188.930870][T14227] usb 3-1: config 169 interface 124 altsetting 8 endpoint 0xC has invalid maxpacket 512, setting to 64
[ 1188.951380][T14227] usb 3-1: config 169 interface 124 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[ 1189.045661][T14227] usb 3-1: config 169 interface 200 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1189.112700][T14227] usb 3-1: too many endpoints for config 169 interface 3 altsetting 3: 47, using maximum allowed: 30
[ 1189.203428][T14227] usb 3-1: config 169 interface 3 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 47
[ 1189.481572][T14227] usb 3-1: config 169 interface 157 has no altsetting 0
[ 1189.505596][T14227] usb 3-1: config 169 interface 124 has no altsetting 0
[ 1189.524259][T14227] usb 3-1: config 169 interface 200 has no altsetting 0
[ 1189.551742][T14227] usb 3-1: config 169 interface 3 has no altsetting 0
[ 1189.676096][T14227] usb 3-1: Dual-Role OTG device on HNP port
[ 1189.706168][T14227] usb 3-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice=48.5d
[ 1189.745858][T14227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.823601][T14227] usb 3-1: Product: ࠚ
[ 1189.856991][T14227] usb 3-1: Manufacturer: ꭒ窞̖䁈展獳廵ꂹ悦✁ྼ♛顰蓌屏᫮㶙阸ﳥ痔겘耐⺤괳ᕃꈯ왫אּ⡟䦊ꚭ䜒୧莩꜓﮷蠬▹佉᧚縄꧵ᨛ医꿎萓꣮럶죶㋆찙쑐ꗋ㧄嘈ᭌᒖꦪ䦜声⃔솞婛
[ 1189.886850][T14244] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1189.898915][T14244] usb 1-1: no configurations
[ 1189.903541][T14244] usb 1-1: can't read configurations, error -22
[ 1189.910136][T23419] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4858'.
[ 1189.936720][T14227] usb 3-1: SerialNumber: 弤왔싑뜀敮ꁍ룾䅊꠨쟭鱲琎ةⵯ뾾遱䙪푠夳ࠡ刂ٯ씢嶴尯壙荄镛溥㻟붿﬛ಿ趏ﾞ鎡᠈ᄕ䬙꜎㓁挡羀賓럒铳ꌖ羾䮉嫔㭄槄曡
[ 1190.178466][T23432] netlink: 'syz.1.4863': attribute type 6 has an invalid length.
[ 1190.227527][T14230] usb 5-1: new low-speed USB device number 54 using dummy_hcd
[ 1190.274378][T14227] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:169.157/input/input113
[ 1190.289457][T23436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1190.303216][ T5182] bcm5974 3-1:169.157: could not read from device
[ 1190.316356][ T5182] bcm5974 3-1:169.157: could not read from device
[ 1190.325676][ T5182] bcm5974 3-1:169.157: could not read from device
[ 1190.335313][ T5182] bcm5974 3-1:169.157: could not read from device
[ 1190.343105][T23436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1190.372536][T14227] usb 3-1: USB disconnect, device number 32
[ 1190.389130][T14230] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 8
[ 1190.407695][T14230] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt
[ 1190.418258][T14230] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt
[ 1190.474452][T23436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1190.487263][T23436] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1190.993169][T23439] tipc: Enabled bearer <eth:batadv0>, priority 10
[ 1191.122670][T23443] binder: 23441:23443 ioctl c0306201 80000040 returned -14
[ 1191.271121][T23449] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4868'.
[ 1191.432169][T23455] fuse: Bad value for 'fd'
[ 1192.277447][T14244] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[ 1192.479125][T14244] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1192.494982][T14244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1192.508239][T14244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1192.518690][T14244] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1192.532253][T14244] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1192.542120][T14244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.557455][T14244] usb 1-1: config 0 descriptor??
[ 1192.847432][T14230] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1192.897708][T14230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1192.920900][T14230] usb 5-1: Product: 봏㯷蝝赭漶瑢╅⹹౷뺶徵蟎⥄ꬁⒽꪎ驸毞튁ﭟᙍἘ闩缍끇낄豪⍸￮ʝ玅ﭯ攟㬃坝軈̈橴⍃㡝˛먘圲֛
[ 1192.963248][T14230] usb 5-1: can't set config #1, error -71
[ 1192.981242][T14230] usb 5-1: USB disconnect, device number 54
[ 1193.012227][   T30] audit: type=1326 audit(1763234023.777:3066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.042713][   T30] audit: type=1326 audit(1763234023.777:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.088492][   T30] audit: type=1326 audit(1763234023.837:3068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.111348][   T30] audit: type=1326 audit(1763234023.837:3069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.134387][   T30] audit: type=1326 audit(1763234023.837:3070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=47 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.158888][   T30] audit: type=1326 audit(1763234023.837:3071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.217480][   T30] audit: type=1326 audit(1763234023.837:3072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.240316][   T30] audit: type=1326 audit(1763234023.847:3073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.263459][   T30] audit: type=1326 audit(1763234023.847:3074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.287145][   T30] audit: type=1326 audit(1763234023.857:3075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23471 comm="syz.4.4875" exe="/root/syz-executor" sig=0 arch=40000003 syscall=397 compat=1 ip=0xf70fd539 code=0x7ffc0000
[ 1193.673386][T23478] netlink: 180 bytes leftover after parsing attributes in process `syz.2.4877'.
[ 1193.877928][   T13] wlan0: Trigger new scan to find an IBSS to join
[ 1193.934078][T23489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1193.943141][T23489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1194.559585][T23155] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[ 1194.632172][T23497] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4882'.
[ 1194.722429][T23497] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4882'.
[ 1194.764297][T23155] usb 5-1: config 169 has an invalid interface number: 157 but max is 2
[ 1194.784043][T23155] usb 5-1: config 169 has an invalid interface number: 124 but max is 2
[ 1194.800204][T13598] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1194.852223][T23155] usb 5-1: config 169 has an invalid interface descriptor of length 8, skipping
[ 1194.936442][T23155] usb 5-1: config 169 contains an unexpected descriptor of type 0x2, skipping
[ 1194.956658][T23155] usb 5-1: config 169 has an invalid interface number: 200 but max is 2
[ 1194.970616][T23155] usb 5-1: config 169 has an invalid interface number: 3 but max is 2
[ 1194.981133][T23155] usb 5-1: config 169 has an invalid descriptor of length 128, skipping remainder of the config
[ 1194.999598][T23155] usb 5-1: config 169 has 4 interfaces, different from the descriptor's value: 3
[ 1195.020346][T23155] usb 5-1: config 169 has no interface number 0
[ 1195.026782][T23155] usb 5-1: config 169 has no interface number 1
[ 1195.035724][T23155] usb 5-1: config 169 has no interface number 2
[ 1195.063515][T23155] usb 5-1: config 169 interface 157 altsetting 2 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[ 1195.081400][T23155] usb 5-1: config 169 interface 157 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1195.121908][T23155] usb 5-1: config 169 interface 124 altsetting 8 endpoint 0xC has invalid maxpacket 512, setting to 64
[ 1195.146012][T23155] usb 5-1: config 169 interface 124 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[ 1195.166982][T14244] usbhid 1-1:0.0: can't add hid device: -71
[ 1195.182837][T14244] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1195.194618][T23155] usb 5-1: config 169 interface 200 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1195.214729][T14244] usb 1-1: USB disconnect, device number 50
[ 1195.228016][T23155] usb 5-1: too many endpoints for config 169 interface 3 altsetting 3: 47, using maximum allowed: 30
[ 1195.247637][T23155] usb 5-1: config 169 interface 3 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 47
[ 1195.261171][T23155] usb 5-1: config 169 interface 157 has no altsetting 0
[ 1195.268638][T23155] usb 5-1: config 169 interface 124 has no altsetting 0
[ 1195.275873][T23155] usb 5-1: config 169 interface 200 has no altsetting 0
[ 1195.284109][T23155] usb 5-1: config 169 interface 3 has no altsetting 0
[ 1195.306059][T23155] usb 5-1: Dual-Role OTG device on HNP port
[ 1195.334645][T23155] usb 5-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice=48.5d
[ 1195.356765][T23512] FAULT_INJECTION: forcing a failure.
[ 1195.356765][T23512] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1195.372933][T23512] CPU: 0 UID: 0 PID: 23512 Comm: syz.0.4886 Not tainted syzkaller #0 PREEMPT(full) 
[ 1195.372942][T23155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1195.372957][T23512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1195.372969][T23512] Call Trace:
[ 1195.372976][T23512]  <TASK>
[ 1195.372984][T23512]  dump_stack_lvl+0x189/0x250
[ 1195.373011][T23512]  ? __pfx____ratelimit+0x10/0x10
[ 1195.373035][T23512]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1195.373057][T23512]  ? __pfx__printk+0x10/0x10
[ 1195.373086][T23512]  should_fail_ex+0x414/0x560
[ 1195.373114][T23512]  _copy_to_user+0x31/0xb0
[ 1195.373137][T23512]  simple_read_from_buffer+0xe1/0x170
[ 1195.373175][T23512]  proc_fail_nth_read+0x1b3/0x220
[ 1195.373198][T23512]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1195.373222][T23512]  ? rw_verify_area+0x2a6/0x4d0
[ 1195.373243][T23512]  ? __lock_acquire+0xab9/0xd20
[ 1195.373259][T23512]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1195.373280][T23512]  vfs_read+0x200/0xa30
[ 1195.373301][T23512]  ? fdget_pos+0x247/0x320
[ 1195.373320][T23512]  ? __pfx___mutex_lock+0x10/0x10
[ 1195.373345][T23512]  ? __pfx_vfs_read+0x10/0x10
[ 1195.373367][T23512]  ? __fget_files+0x2a/0x420
[ 1195.373388][T23512]  ? __fget_files+0x3a0/0x420
[ 1195.373402][T23512]  ? __fget_files+0x2a/0x420
[ 1195.373426][T23512]  ksys_read+0x145/0x250
[ 1195.373447][T23512]  ? exc_page_fault+0x82/0x100
[ 1195.373469][T23512]  ? __pfx_ksys_read+0x10/0x10
[ 1195.373493][T23512]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1195.373532][T23512]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.373557][T23512]  __do_fast_syscall_32+0xb6/0x2b0
[ 1195.373573][T23512]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1195.373599][T23512]  do_fast_syscall_32+0x34/0x80
[ 1195.373615][T23512]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1195.373635][T23512] RIP: 0023:0xf70dd539
[ 1195.373650][T23512] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1195.373665][T23512] RSP: 002b:00000000f54cd590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1195.373683][T23512] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54cd620
[ 1195.373696][T23512] RDX: 000000000000000f RSI: 00000000f7476ff4 RDI: 0000000000000000
[ 1195.373707][T23512] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1195.373717][T23512] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1195.373727][T23512] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1195.373754][T23512]  </TASK>
[ 1195.570110][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1195.707636][ T5878] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1195.758474][T23155] usb 5-1: Product: ࠚ
[ 1195.763309][T23155] usb 5-1: Manufacturer: ꭒ窞̖䁈展獳廵ꂹ悦✁ྼ♛顰蓌屏᫮㶙阸ﳥ痔겘耐⺤괳ᕃꈯ왫אּ⡟䦊ꚭ䜒୧莩꜓﮷蠬▹佉᧚縄꧵ᨛ医꿎萓꣮럶죶㋆찙쑐ꗋ㧄嘈ᭌᒖꦪ䦜声⃔솞婛
[ 1195.786616][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1195.914740][T23155] usb 5-1: SerialNumber: 弤왔싑뜀敮ꁍ룾䅊꠨쟭鱲琎ةⵯ뾾遱䙪푠夳ࠡ刂ٯ씢嶴尯壙荄镛溥㻟붿﬛ಿ趏ﾞ鎡᠈ᄕ䬙꜎㓁挡羀賓럒铳ꌖ羾䮉嫔㭄槄曡
[ 1195.934604][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1196.007967][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 233, changing to 11
[ 1196.080692][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 50440, setting to 1024
[ 1196.118247][ T5878] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00
[ 1196.157421][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1196.188518][ T5878] usb 3-1: config 0 descriptor??
[ 1196.196342][T23505] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1196.307625][T23523] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[ 1196.615037][    C1] raw-gadget.2 gadget.2: ignoring, device is not running
[ 1196.624736][    C1] raw-gadget.2 gadget.2: ignoring, device is not running
[ 1196.644336][ T5878] usbhid 3-1:0.0: can't add hid device: -32
[ 1196.726023][T23155] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:169.157/input/input114
[ 1196.763185][T23525] fuse: Invalid rootmode
[ 1196.820250][ T5878] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[ 1196.976845][ T5182] bcm5974 5-1:169.157: could not read from device
[ 1196.984627][ T5878] usb 3-1: USB disconnect, device number 33
[ 1197.014469][ T5182] bcm5974 5-1:169.157: could not read from device
[ 1197.021316][T23155] usb 5-1: USB disconnect, device number 55
[ 1197.822554][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1197.849278][T23543] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[ 1197.872144][T23538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4892'.
[ 1197.886703][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1197.907260][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1197.946902][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1197.997406][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1198.042596][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1198.047960][   T30] kauditd_printk_skb: 79 callbacks suppressed
[ 1198.047976][   T30] audit: type=1326 audit(1763234028.817:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.0.4896" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1198.067758][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1198.078136][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1198.202162][   T30] audit: type=1326 audit(1763234028.847:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.0.4896" exe="/root/syz-executor" sig=0 arch=40000003 syscall=431 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1198.217761][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1198.224280][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1198.262422][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1198.316940][T14230] hid-generic 0000:0000:0000.001A: unknown main item tag 0x0
[ 1198.346247][T14230] hid-generic 0000:0000:0000.001A: hidraw0: <UNKNOWN> HID v0.03 Device [syz1] on syz1
[ 1198.401216][   T30] audit: type=1326 audit(1763234028.857:3157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.0.4896" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1198.423311][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1198.620732][   T30] audit: type=1326 audit(1763234028.857:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23548 comm="syz.0.4896" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70dd539 code=0x7ffc0000
[ 1198.642837][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1198.830898][T23559] fido_id[23559]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1198.874651][T14230] usb 1-1: new full-speed USB device number 51 using dummy_hcd
[ 1199.067618][T14230] usb 1-1: device descriptor read/64, error -71
[ 1199.404148][T23577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1199.424541][T23577] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1199.437442][T14230] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[ 1199.488402][T23579] vivid-007: disconnect
[ 1199.521259][T23578] vivid-007: reconnect
[ 1199.657430][T14230] usb 1-1: device descriptor read/64, error -71
[ 1199.767680][T14230] usb usb1-port1: attempt power cycle
[ 1199.866527][T23588] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4908'.
[ 1199.877450][T14227] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1200.033086][T14227] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[ 1200.042064][T14227] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1200.061773][T14227] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[ 1200.071567][T14227] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[ 1200.080262][T14227] usb 3-1: Manufacturer: syz
[ 1200.088435][T23596] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4910'.
[ 1200.098513][T14227] usb 3-1: config 0 descriptor??
[ 1200.117478][T14230] usb 1-1: new full-speed USB device number 53 using dummy_hcd
[ 1200.148683][T14230] usb 1-1: device descriptor read/8, error -71
[ 1200.198130][T14227] rc_core: IR keymap rc-hauppauge not found
[ 1200.204208][T14227] Registered IR keymap rc-empty
[ 1200.214533][T14227] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1200.241118][T14227] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input115
[ 1200.305285][    C0] igorplugusb 3-1:0.0: Error: urb status = -32
[ 1200.395342][T14227] usb 3-1: USB disconnect, device number 34
[ 1200.401400][T14230] usb 1-1: new full-speed USB device number 54 using dummy_hcd
[ 1200.459306][T14230] usb 1-1: device descriptor read/8, error -71
[ 1200.587815][T14230] usb usb1-port1: unable to enumerate USB device
[ 1200.682875][T23611] netlink: 392 bytes leftover after parsing attributes in process `syz.4.4911'.
[ 1200.831996][T23613] netlink: 392 bytes leftover after parsing attributes in process `syz.2.4912'.
[ 1201.925316][T23618] syz.0.4913 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1203.241100][T23646] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4919'.
[ 1203.317419][T23155] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1203.535864][T23155] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1203.615823][T23155] usb 3-1: no configurations
[ 1203.625933][T23666] netlink: 392 bytes leftover after parsing attributes in process `syz.1.4924'.
[ 1203.647409][T23155] usb 3-1: can't read configurations, error -22
[ 1203.747462][T14244] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[ 1203.928896][T14244] usb 5-1: Using ep0 maxpacket: 8
[ 1203.960608][T14244] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1203.992779][T14244] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[ 1204.035856][T14244] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1204.080675][T14244] usb 5-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=f6.82
[ 1204.121652][T14244] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1204.157726][T14244] usb 5-1: Product: syz
[ 1204.167464][T23155] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1204.182509][T14244] usb 5-1: Manufacturer: syz
[ 1204.217499][T14244] usb 5-1: SerialNumber: syz
[ 1204.309291][T14244] usb 5-1: config 0 descriptor??
[ 1204.429376][T23155] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1204.438148][T23155] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[ 1204.449119][T23155] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1204.458769][T23155] usb 3-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1204.471581][T23155] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[ 1204.483369][T23155] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1204.497569][T23155] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1204.507050][T23155] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1204.516251][T23155] usb 3-1: Product: syz
[ 1204.521031][T23155] usb 3-1: Manufacturer: syz
[ 1204.529956][T23668] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1204.544500][T23155] cdc_wdm 3-1:1.0: skipping garbage
[ 1204.550340][T23155] cdc_wdm 3-1:1.0: skipping garbage
[ 1204.563126][T23155] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 1204.570242][T23155] cdc_wdm 3-1:1.0: Unknown control protocol
[ 1204.617140][T14244] usb 5-1: USB disconnect, device number 56
[ 1204.876646][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.883259][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.889560][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.896142][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.902357][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.908941][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.915202][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.921794][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.928101][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.934676][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.941422][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.948012][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.954430][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.961012][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.967254][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.973835][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.980111][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.986691][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1204.992956][    C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[ 1204.999534][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[ 1205.064104][T14227] usb 3-1: USB disconnect, device number 36
[ 1205.064171][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[ 1205.247652][T14230] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 1205.298138][T23668] xt_NFQUEUE: number of total queues is 0
[ 1205.416903][T14230] usb 1-1: config 169 has an invalid interface number: 157 but max is 2
[ 1205.462776][T14230] usb 1-1: config 169 has an invalid interface number: 124 but max is 2
[ 1205.512174][T14230] usb 1-1: config 169 has an invalid interface descriptor of length 8, skipping
[ 1205.536774][T14230] usb 1-1: config 169 contains an unexpected descriptor of type 0x2, skipping
[ 1205.588708][T14230] usb 1-1: config 169 has an invalid interface number: 200 but max is 2
[ 1205.597088][T14230] usb 1-1: config 169 has an invalid interface number: 3 but max is 2
[ 1205.651928][T14230] usb 1-1: config 169 has an invalid descriptor of length 128, skipping remainder of the config
[ 1205.721578][T14230] usb 1-1: config 169 has 4 interfaces, different from the descriptor's value: 3
[ 1205.761058][T14230] usb 1-1: config 169 has no interface number 0
[ 1205.791807][T14230] usb 1-1: config 169 has no interface number 1
[ 1205.850236][T23688] bridge0: entered allmulticast mode
[ 1205.855620][T14230] usb 1-1: config 169 has no interface number 2
[ 1205.879406][T14230] usb 1-1: config 169 interface 157 altsetting 2 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[ 1205.939896][T14230] usb 1-1: config 169 interface 157 altsetting 2 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[ 1205.978344][T14230] usb 1-1: config 169 interface 124 altsetting 8 endpoint 0xC has invalid maxpacket 512, setting to 64
[ 1205.989475][T14230] usb 1-1: config 169 interface 124 altsetting 8 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[ 1206.002961][T14230] usb 1-1: config 169 interface 200 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1206.027534][T14230] usb 1-1: too many endpoints for config 169 interface 3 altsetting 3: 47, using maximum allowed: 30
[ 1206.085620][T14230] usb 1-1: config 169 interface 3 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 47
[ 1206.121876][T14230] usb 1-1: config 169 interface 157 has no altsetting 0
[ 1206.129484][   T13] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1206.142595][T14230] usb 1-1: config 169 interface 124 has no altsetting 0
[ 1206.152369][T14230] usb 1-1: config 169 interface 200 has no altsetting 0
[ 1206.181580][T14230] usb 1-1: config 169 interface 3 has no altsetting 0
[ 1206.208157][T14230] usb 1-1: Dual-Role OTG device on HNP port
[ 1206.218603][T14230] usb 1-1: New USB device found, idVendor=05ac, idProduct=0243, bcdDevice=48.5d
[ 1206.230293][T14230] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1206.238839][T14230] usb 1-1: Product: ࠚ
[ 1206.243241][T14230] usb 1-1: Manufacturer: ꭒ窞̖䁈展獳廵ꂹ悦✁ྼ♛顰蓌屏᫮㶙阸ﳥ痔겘耐⺤괳ᕃꈯ왫אּ⡟䦊ꚭ䜒୧莩꜓﮷蠬▹佉᧚縄꧵ᨛ医꿎萓꣮럶죶㋆찙쑐ꗋ㧄嘈ᭌᒖꦪ䦜声⃔솞婛
[ 1206.331417][T14230] usb 1-1: SerialNumber: 弤왔싑뜀敮ꁍ룾䅊꠨쟭鱲琎ةⵯ뾾遱䙪푠夳ࠡ刂ٯ씢嶴尯壙荄镛溥㻟붿﬛ಿ趏ﾞ鎡᠈ᄕ䬙꜎㓁挡羀賓럒铳ꌖ羾䮉嫔㭄槄曡
[ 1206.560130][T23704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1206.572096][T23704] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1206.593290][T23704] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1206.605663][T23704] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1206.642080][T14230] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:169.157/input/input116
[ 1206.696131][ T5182] bcm5974 1-1:169.157: could not read from device
[ 1206.722099][ T5182] bcm5974 1-1:169.157: could not read from device
[ 1206.770572][T14230] usb 1-1: USB disconnect, device number 55
[ 1206.777050][ T5182] bcm5974 1-1:169.157: could not read from device
[ 1206.803254][ T5182] bcm5974 1-1:169.157: could not read from device
[ 1207.176139][T23714] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4938'.
[ 1207.313519][T23709] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4937'.
[ 1207.737145][T23727] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4943'.
[ 1207.786740][    C0] vcan0: j1939_session_tx_dat: 0xffff88805a656000: queue data error: -100
[ 1207.878715][T23155] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[ 1208.067408][T23155] usb 3-1: Using ep0 maxpacket: 32
[ 1208.075735][T23155] usb 3-1: config 0 has an invalid interface number: 132 but max is 0
[ 1208.093914][T23155] usb 3-1: config 0 has no interface number 0
[ 1208.135694][T23155] usb 3-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1208.221612][T23155] usb 3-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1208.234573][T23155] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1208.257996][T23155] usb 3-1: Product: syz
[ 1208.271794][T23155] usb 3-1: Manufacturer: syz
[ 1208.279860][T23155] usb 3-1: SerialNumber: syz
[ 1208.328948][T23155] usb 3-1: config 0 descriptor??
[ 1208.363475][T23155] em28xx 3-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1208.412488][T23155] em28xx 3-1:0.132: Video interface 132 found:
[ 1208.816920][T23155] em28xx 3-1:0.132: unknown em28xx chip ID (0)
[ 1209.860151][T23747] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4949'.
[ 1209.891907][T23747] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4949'.
[ 1209.937538][ T5878] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 1210.035662][T23155] em28xx 3-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1210.054961][T23155] em28xx 3-1:0.132: board has no eeprom
[ 1210.097888][ T5878] usb 1-1: Using ep0 maxpacket: 16
[ 1210.119278][T23725] em28xx 3-1:0.132: failed to trigger read from i2c address 0x0 (error=-5)
[ 1210.129258][T23155] em28xx 3-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1210.139491][T23155] em28xx 3-1:0.132: analog set to bulk mode.
[ 1210.166309][T14244] em28xx 3-1:0.132: Registering V4L2 extension
[ 1210.250257][T23744] openvswitch: netlink: Actions may not be safe on all matching packets
[ 1210.342271][T14244] em28xx 3-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[ 1210.359089][T23752] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4950'.
[ 1210.379816][T23758] geneve0: left allmulticast mode
[ 1210.395307][T23758] FAULT_INJECTION: forcing a failure.
[ 1210.395307][T23758] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1210.440557][T23758] CPU: 0 UID: 0 PID: 23758 Comm: syz.4.4951 Not tainted syzkaller #0 PREEMPT(full) 
[ 1210.440584][T23758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1210.440596][T23758] Call Trace:
[ 1210.440604][T23758]  <TASK>
[ 1210.440612][T23758]  dump_stack_lvl+0x189/0x250
[ 1210.440640][T23758]  ? __pfx____ratelimit+0x10/0x10
[ 1210.440659][T23758]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1210.440671][T23758]  ? __pfx__printk+0x10/0x10
[ 1210.440687][T23758]  should_fail_ex+0x414/0x560
[ 1210.440705][T23758]  _copy_to_user+0x31/0xb0
[ 1210.440727][T23758]  simple_read_from_buffer+0xe1/0x170
[ 1210.440762][T23758]  proc_fail_nth_read+0x1b3/0x220
[ 1210.440787][T23758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1210.440806][T23758]  ? rw_verify_area+0x2a6/0x4d0
[ 1210.440819][T23758]  ? __lock_acquire+0xab9/0xd20
[ 1210.440828][T23758]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1210.440840][T23758]  vfs_read+0x200/0xa30
[ 1210.440853][T23758]  ? fdget_pos+0x247/0x320
[ 1210.440870][T23758]  ? __pfx___mutex_lock+0x10/0x10
[ 1210.440896][T23758]  ? __pfx_vfs_read+0x10/0x10
[ 1210.440920][T23758]  ? __fget_files+0x2a/0x420
[ 1210.440942][T23758]  ? __fget_files+0x3a0/0x420
[ 1210.440953][T23758]  ? __fget_files+0x2a/0x420
[ 1210.440967][T23758]  ksys_read+0x145/0x250
[ 1210.440980][T23758]  ? __pfx_ksys_read+0x10/0x10
[ 1210.440994][T23758]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1210.441011][T23758]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1210.441037][T23758]  __do_fast_syscall_32+0xb6/0x2b0
[ 1210.441055][T23758]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1210.441081][T23758]  do_fast_syscall_32+0x34/0x80
[ 1210.441097][T23758]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1210.441110][T23758] RIP: 0023:0xf70fd539
[ 1210.441119][T23758] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1210.441128][T23758] RSP: 002b:00000000f54ed590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1210.441140][T23758] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54ed620
[ 1210.441146][T23758] RDX: 000000000000000f RSI: 00000000f7496ff4 RDI: 0000000000000000
[ 1210.441152][T23758] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1210.441161][T23758] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1210.441172][T23758] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1210.441200][T23758]  </TASK>
[ 1210.681916][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1210.787152][T14244] em28xx 3-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[ 1211.000933][T14244] em28xx 3-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[ 1211.026862][T14244] em28xx 3-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[ 1211.173413][T14244] em28xx 3-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[ 1211.231720][T14227] usb 3-1: USB disconnect, device number 37
[ 1211.239363][T14227] em28xx 3-1:0.132: Disconnecting em28xx
[ 1211.275242][T23770] FAULT_INJECTION: forcing a failure.
[ 1211.275242][T23770] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1211.333461][T14244] em28xx 3-1:0.132: Config register raw data: 0xffffffed
[ 1211.351438][T14244] em28xx 3-1:0.132: AC97 chip type couldn't be determined
[ 1211.397189][T23771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1211.409087][T23770] CPU: 0 UID: 0 PID: 23770 Comm: syz.4.4955 Not tainted syzkaller #0 PREEMPT(full) 
[ 1211.409117][T23770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1211.409129][T23770] Call Trace:
[ 1211.409137][T23770]  <TASK>
[ 1211.409146][T23770]  dump_stack_lvl+0x189/0x250
[ 1211.409174][T23770]  ? __pfx____ratelimit+0x10/0x10
[ 1211.409197][T23770]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1211.409211][T23770]  ? __pfx__printk+0x10/0x10
[ 1211.409228][T23770]  should_fail_ex+0x414/0x560
[ 1211.409255][T23770]  _copy_to_user+0x31/0xb0
[ 1211.409279][T23770]  io_query+0x2b8/0x5a0
[ 1211.409304][T23770]  ? __pfx_io_query+0x10/0x10
[ 1211.409325][T23770]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 1211.409343][T23770]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1211.409361][T23770]  __se_sys_io_uring_register+0x143/0x11f0
[ 1211.409373][T23770]  ? fput+0xa0/0xd0
[ 1211.409385][T23770]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[ 1211.409401][T23770]  ? ksys_write+0x22a/0x250
[ 1211.409423][T23770]  ? exc_page_fault+0x82/0x100
[ 1211.409447][T23770]  ? __pfx_ksys_write+0x10/0x10
[ 1211.409472][T23770]  ? syscall_enter_from_user_mode_prepare+0x8f/0x110
[ 1211.409488][T23770]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1211.409502][T23770]  __do_fast_syscall_32+0xb6/0x2b0
[ 1211.409511][T23770]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1211.409526][T23770]  do_fast_syscall_32+0x34/0x80
[ 1211.409544][T23770]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1211.409566][T23770] RIP: 0023:0xf70fd539
[ 1211.409582][T23770] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1211.409597][T23770] RSP: 002b:00000000f54ed55c EFLAGS: 00000206 ORIG_RAX: 00000000000001ab
[ 1211.409616][T23770] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 0000000000000023
[ 1211.409626][T23770] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1211.409632][T23770] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1211.409638][T23770] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1211.409644][T23770] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1211.409659][T23770]  </TASK>
[ 1211.416655][T14244] em28xx 3-1:0.132: No AC97 audio processor
[ 1211.684353][T23771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1211.952136][T23784] geneve2: entered promiscuous mode
[ 1211.958292][T23784] geneve2: entered allmulticast mode
[ 1212.162574][T23787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4959'.
[ 1212.483082][T23793] hub 9-0:1.0: USB hub found
[ 1212.493213][T23793] hub 9-0:1.0: 1 port detected
[ 1212.588351][T14244] usb 3-1: Decoder not found
[ 1212.677611][T14244] em28xx 3-1:0.132: failed to create media graph
[ 1212.727838][T14244] em28xx 3-1:0.132: V4L2 device video103 deregistered
[ 1212.763946][T14244] em28xx 3-1:0.132: Remote control support is not available for this card.
[ 1212.767054][T23795] ==================================================================
[ 1212.780650][T23795] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420
[ 1212.788020][T23795] Read of size 8 at addr ffff88807b1a8740 by task v4l_id/23795
[ 1212.795559][T23795] 
[ 1212.797882][T23795] CPU: 0 UID: 0 PID: 23795 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 1212.797897][T23795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1212.797905][T23795] Call Trace:
[ 1212.797910][T23795]  <TASK>
[ 1212.797916][T23795]  dump_stack_lvl+0x189/0x250
[ 1212.797932][T23795]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1212.797946][T23795]  ? rcu_is_watching+0x15/0xb0
[ 1212.797963][T23795]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1212.797984][T23795]  ? rcu_is_watching+0x15/0xb0
[ 1212.798003][T23795]  ? lock_release+0x4b/0x3e0
[ 1212.798018][T23795]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[ 1212.798040][T23795]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1212.798052][T23795]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1212.798063][T23795]  print_report+0xca/0x240
[ 1212.798075][T23795]  ? v4l2_fh_open+0xac/0x420
[ 1212.798084][T23795]  kasan_report+0x118/0x150
[ 1212.798094][T23795]  ? v4l2_fh_open+0xac/0x420
[ 1212.798109][T23795]  v4l2_fh_open+0xac/0x420
[ 1212.798126][T23795]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1212.798157][T23795]  em28xx_v4l2_open+0x157/0x9a0
[ 1212.798185][T23795]  v4l2_open+0x1bf/0x3a0
[ 1212.798204][T23795]  chrdev_open+0x4cc/0x5e0
[ 1212.798221][T23795]  ? __pfx_chrdev_open+0x10/0x10
[ 1212.798238][T23795]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 1212.798258][T23795]  ? __pfx_chrdev_open+0x10/0x10
[ 1212.798273][T23795]  do_dentry_open+0x953/0x13f0
[ 1212.798298][T23795]  vfs_open+0x3b/0x340
[ 1212.798314][T23795]  ? path_openat+0x2ecd/0x3830
[ 1212.798332][T23795]  path_openat+0x2ee5/0x3830
[ 1212.798350][T23795]  ? __pfx_path_openat+0x10/0x10
[ 1212.798364][T23795]  do_filp_open+0x1fa/0x410
[ 1212.798375][T23795]  ? __lock_acquire+0xab9/0xd20
[ 1212.798384][T23795]  ? __pfx_do_filp_open+0x10/0x10
[ 1212.798410][T23795]  ? _raw_spin_unlock+0x28/0x50
[ 1212.798429][T23795]  ? alloc_fd+0x64c/0x6c0
[ 1212.798456][T23795]  do_sys_openat2+0x121/0x1c0
[ 1212.798476][T23795]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1212.798489][T23795]  ? exc_page_fault+0x82/0x100
[ 1212.798503][T23795]  ? do_user_addr_fault+0xc85/0x1380
[ 1212.798513][T23795]  __x64_sys_openat+0x138/0x170
[ 1212.798524][T23795]  do_syscall_64+0xfa/0xfa0
[ 1212.798537][T23795]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1212.798556][T23795]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1212.798573][T23795]  ? clear_bhb_loop+0x60/0xb0
[ 1212.798592][T23795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1212.798609][T23795] RIP: 0033:0x7f2b67ea7407
[ 1212.798625][T23795] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1212.798635][T23795] RSP: 002b:00007ffce616d500 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1212.798647][T23795] RAX: ffffffffffffffda RBX: 00007f2b685b6880 RCX: 00007f2b67ea7407
[ 1212.798654][T23795] RDX: 0000000000000000 RSI: 00007ffce616ef1a RDI: ffffffffffffff9c
[ 1212.798661][T23795] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1212.798667][T23795] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1212.798673][T23795] R13: 00007ffce616d750 R14: 00007f2b6871d000 R15: 000055a30ac604d8
[ 1212.798684][T23795]  </TASK>
[ 1212.798689][T23795] 
[ 1213.100972][T23795] Allocated by task 14244:
[ 1213.105365][T23795]  kasan_save_track+0x3e/0x80
[ 1213.110036][T23795]  __kasan_kmalloc+0x93/0xb0
[ 1213.114615][T23795]  __kmalloc_cache_noprof+0x3d5/0x6f0
[ 1213.119971][T23795]  em28xx_v4l2_init+0x10b/0x2e70
[ 1213.124891][T23795]  em28xx_init_extension+0x120/0x1c0
[ 1213.130176][T23795]  process_scheduled_works+0xae1/0x17b0
[ 1213.135699][T23795]  worker_thread+0x8a0/0xda0
[ 1213.140288][T23795]  kthread+0x711/0x8a0
[ 1213.144359][T23795]  ret_from_fork+0x4bc/0x870
[ 1213.148947][T23795]  ret_from_fork_asm+0x1a/0x30
[ 1213.153707][T23795] 
[ 1213.156093][T23795] Freed by task 14244:
[ 1213.160158][T23795]  kasan_save_track+0x3e/0x80
[ 1213.164821][T23795]  __kasan_save_free_info+0x46/0x50
[ 1213.170026][T23795]  __kasan_slab_free+0x5c/0x80
[ 1213.174797][T23795]  kfree+0x19a/0x6d0
[ 1213.178692][T23795]  em28xx_v4l2_init+0x1683/0x2e70
[ 1213.183719][T23795]  em28xx_init_extension+0x120/0x1c0
[ 1213.188997][T23795]  process_scheduled_works+0xae1/0x17b0
[ 1213.194540][T23795]  worker_thread+0x8a0/0xda0
[ 1213.199105][T23795]  kthread+0x711/0x8a0
[ 1213.203162][T23795]  ret_from_fork+0x4bc/0x870
[ 1213.207733][T23795]  ret_from_fork_asm+0x1a/0x30
[ 1213.212474][T23795] 
[ 1213.214784][T23795] The buggy address belongs to the object at ffff88807b1a8000
[ 1213.214784][T23795]  which belongs to the cache kmalloc-8k of size 8192
[ 1213.228821][T23795] The buggy address is located 1856 bytes inside of
[ 1213.228821][T23795]  freed 8192-byte region [ffff88807b1a8000, ffff88807b1aa000)
[ 1213.242776][T23795] 
[ 1213.245094][T23795] The buggy address belongs to the physical page:
[ 1213.251504][T23795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7b1a8
[ 1213.260248][T23795] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1213.268726][T23795] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1213.276261][T23795] page_type: f5(slab)
[ 1213.280239][T23795] raw: 00fff00000000040 ffff88801a027280 ffffea0000cade00 dead000000000002
[ 1213.288813][T23795] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1213.297384][T23795] head: 00fff00000000040 ffff88801a027280 ffffea0000cade00 dead000000000002
[ 1213.306032][T23795] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[ 1213.314682][T23795] head: 00fff00000000003 ffffea0001ec6a01 00000000ffffffff 00000000ffffffff
[ 1213.323341][T23795] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1213.331999][T23795] page dumped because: kasan: bad access detected
[ 1213.338415][T23795] page_owner tracks the page as allocated
[ 1213.344122][T23795] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 14323, tgid 14322 (syz.3.2542), ts 596674922652, free_ts 596615567302
[ 1213.367046][T23795]  post_alloc_hook+0x240/0x2a0
[ 1213.371800][T23795]  get_page_from_freelist+0x2365/0x2440
[ 1213.377335][T23795]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1213.383138][T23795]  alloc_pages_mpol+0x232/0x4a0
[ 1213.387969][T23795]  allocate_slab+0x96/0x350
[ 1213.392455][T23795]  ___slab_alloc+0xf56/0x1990
[ 1213.397162][T23795]  __slab_alloc+0x65/0x100
[ 1213.401564][T23795]  __kmalloc_cache_noprof+0x411/0x6f0
[ 1213.406916][T23795]  audit_log_d_path+0xb8/0x1a0
[ 1213.411667][T23795]  audit_log_d_path_exe+0x42/0x70
[ 1213.416671][T23795]  audit_log_task+0x2b3/0x3c0
[ 1213.421345][T23795]  audit_seccomp+0x86/0x190
[ 1213.425835][T23795]  __seccomp_filter+0xce4/0x1e10
[ 1213.430766][T23795]  syscall_trace_enter+0xaa/0x160
[ 1213.435777][T23795]  __do_fast_syscall_32+0x99/0x2b0
[ 1213.440882][T23795]  do_fast_syscall_32+0x34/0x80
[ 1213.445726][T23795] page last free pid 5840 tgid 5840 stack trace:
[ 1213.452039][T23795]  __free_frozen_pages+0xbc4/0xd30
[ 1213.457173][T23795]  __put_partials+0x146/0x170
[ 1213.461842][T23795]  put_cpu_partial+0x1f2/0x2e0
[ 1213.466582][T23795]  __slab_free+0x2b9/0x390
[ 1213.470978][T23795]  qlist_free_all+0x97/0x140
[ 1213.475557][T23795]  kasan_quarantine_reduce+0x148/0x160
[ 1213.481001][T23795]  __kasan_slab_alloc+0x22/0x80
[ 1213.485844][T23795]  kmem_cache_alloc_noprof+0x367/0x6e0
[ 1213.491294][T23795]  getname_flags+0xb8/0x540
[ 1213.495785][T23795]  user_path_at+0x24/0x60
[ 1213.500093][T23795]  __ia32_sys_umount+0xee/0x160
[ 1213.504939][T23795]  __do_fast_syscall_32+0xb6/0x2b0
[ 1213.510041][T23795]  do_fast_syscall_32+0x34/0x80
[ 1213.514875][T23795]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1213.521183][T23795] 
[ 1213.523490][T23795] Memory state around the buggy address:
[ 1213.529098][T23795]  ffff88807b1a8600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1213.537148][T23795]  ffff88807b1a8680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1213.545196][T23795] >ffff88807b1a8700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1213.553241][T23795]                                            ^
[ 1213.559381][T23795]  ffff88807b1a8780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1213.567438][T23795]  ffff88807b1a8800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1213.575482][T23795] ==================================================================
[ 1213.583622][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1213.800807][T14227] em28xx 3-1:0.132: Closing input extension
[ 1213.838710][T23795] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1213.845934][T23795] CPU: 0 UID: 0 PID: 23795 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[ 1213.854938][T23795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1213.864999][T23795] Call Trace:
[ 1213.868281][T23795]  <TASK>
[ 1213.871213][T23795]  dump_stack_lvl+0x99/0x250
[ 1213.875808][T23795]  ? __asan_memcpy+0x40/0x70
[ 1213.880397][T23795]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1213.885587][T23795]  ? __pfx__printk+0x10/0x10
[ 1213.890194][T23795]  vpanic+0x237/0x6d0
[ 1213.894180][T23795]  ? __pfx_vpanic+0x10/0x10
[ 1213.898687][T23795]  ? preempt_schedule+0xae/0xc0
[ 1213.903545][T23795]  ? __pfx_preempt_schedule+0x10/0x10
[ 1213.908903][T23795]  panic+0xb9/0xc0
[ 1213.912612][T23795]  ? __pfx_panic+0x10/0x10
[ 1213.917014][T23795]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1213.922890][T23795]  ? is_module_address+0x17/0xf0
[ 1213.927812][T23795]  ? v4l2_fh_open+0xac/0x420
[ 1213.932398][T23795]  check_panic_on_warn+0x89/0xb0
[ 1213.937342][T23795]  ? v4l2_fh_open+0xac/0x420
[ 1213.941928][T23795]  end_report+0x78/0x160
[ 1213.946247][T23795]  kasan_report+0x129/0x150
[ 1213.950742][T23795]  ? v4l2_fh_open+0xac/0x420
[ 1213.955323][T23795]  v4l2_fh_open+0xac/0x420
[ 1213.959739][T23795]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1213.965718][T23795]  em28xx_v4l2_open+0x157/0x9a0
[ 1213.970575][T23795]  v4l2_open+0x1bf/0x3a0
[ 1213.974817][T23795]  chrdev_open+0x4cc/0x5e0
[ 1213.979239][T23795]  ? __pfx_chrdev_open+0x10/0x10
[ 1213.984161][T23795]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 1213.990468][T23795]  ? __pfx_chrdev_open+0x10/0x10
[ 1213.995382][T23795]  do_dentry_open+0x953/0x13f0
[ 1214.000141][T23795]  vfs_open+0x3b/0x340
[ 1214.004198][T23795]  ? path_openat+0x2ecd/0x3830
[ 1214.008948][T23795]  path_openat+0x2ee5/0x3830
[ 1214.013527][T23795]  ? __pfx_path_openat+0x10/0x10
[ 1214.018465][T23795]  do_filp_open+0x1fa/0x410
[ 1214.022949][T23795]  ? __lock_acquire+0xab9/0xd20
[ 1214.027795][T23795]  ? __pfx_do_filp_open+0x10/0x10
[ 1214.032825][T23795]  ? _raw_spin_unlock+0x28/0x50
[ 1214.037667][T23795]  ? alloc_fd+0x64c/0x6c0
[ 1214.041996][T23795]  do_sys_openat2+0x121/0x1c0
[ 1214.046674][T23795]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1214.051857][T23795]  ? exc_page_fault+0x82/0x100
[ 1214.056613][T23795]  ? do_user_addr_fault+0xc85/0x1380
[ 1214.061877][T23795]  __x64_sys_openat+0x138/0x170
[ 1214.066717][T23795]  do_syscall_64+0xfa/0xfa0
[ 1214.071219][T23795]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1214.076422][T23795]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1214.082472][T23795]  ? clear_bhb_loop+0x60/0xb0
[ 1214.087129][T23795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1214.093012][T23795] RIP: 0033:0x7f2b67ea7407
[ 1214.097421][T23795] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 1214.117044][T23795] RSP: 002b:00007ffce616d500 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1214.125471][T23795] RAX: ffffffffffffffda RBX: 00007f2b685b6880 RCX: 00007f2b67ea7407
[ 1214.133443][T23795] RDX: 0000000000000000 RSI: 00007ffce616ef1a RDI: ffffffffffffff9c
[ 1214.141404][T23795] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[ 1214.149356][T23795] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[ 1214.157311][T23795] R13: 00007ffce616d750 R14: 00007f2b6871d000 R15: 000055a30ac604d8
[ 1214.165292][T23795]  </TASK>
[ 1214.168569][T23795] Kernel Offset: disabled
[ 1214.172877][T23795] Rebooting in 86400 seconds..