last executing test programs:

10.725270723s ago: executing program 0 (id=1234):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
syz_genetlink_get_family_id$tipc(&(0x7f0000001780), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x102}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/147, 0x93}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000780)=""/197, 0xc5}], 0x3}, 0x3}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000540)}, 0x80000000}], 0x4, 0xa062, 0x0)

10.29354447s ago: executing program 0 (id=1235):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = openat$pfkey(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="e40b5fa0bf0069ec4901000000000000000000010000001c000180060005004e2300000600010202000000f1ff0200ac1414aa"], 0x30}}, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x64, r3, 0x10, 0x70bd2b, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x1}, @MPTCP_PM_ATTR_ADDR={0x40, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x37}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x40000010)
r4 = socket$tipc(0x1e, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_io_uring_setup(0x239, &(0x7f0000001080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x3c})
io_uring_enter(r5, 0x2def, 0x0, 0x0, 0x0, 0x0)
unshare(0x22020600)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
capset(&(0x7f0000000180)={0x20080522}, &(0x7f0000000240))
setsockopt$sock_int(r8, 0x1, 0xc, &(0x7f0000000200)=0xfffffffc, 0x4)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
r10 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r10, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r10, 0x84, 0x16, &(0x7f00000000c0)={0x2, [0x1, 0x3]}, 0x8)
getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r10, 0x84, 0x16, &(0x7f0000000140)={0x2, [0x0, 0x0]}, &(0x7f0000000180)=0x8)
setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b4, 0xe4, 0x168, 0x9, 0xe4, 0xb, 0x1ec, 0x250, 0x250, 0x1ec, 0x250, 0x3, 0x0, {[{{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @rand_addr=' \x01\x00', [], [], 'ip6tnl0\x00', 'sit0\x00', {}, {}, 0x6c, 0x0, 0x2}, 0x6000000, 0xa4, 0xe4, 0x0, {0x0, 0x28e}}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "48c01c5140d722edd3fb24545886bbd1be494201b400"}}}, {{@uncond, 0x0, 0xc8, 0x108, 0x0, {}, [@common=@inet=@set2={{0x24}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x80, 0x4, {0x4}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x310)
bind$tipc(r4, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0xfffffffd}}, 0x10)
bind$tipc(r0, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10)
faccessat(r1, &(0x7f0000000280)='./file0\x00', 0x1a0)
sendmsg$tipc(r0, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0}, 0x0)
bind$tipc(r4, 0x0, 0x0)

9.431755279s ago: executing program 4 (id=1241):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000180)="69a0b1", 0x3) (async)
write$binfmt_script(r1, 0x0, 0xb)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

9.302764709s ago: executing program 4 (id=1243):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsmount(r0, 0x0, 0x0)
fsmount(r0, 0x1, 0x88)

9.301983334s ago: executing program 1 (id=1244):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r3)
r4 = socket$inet6(0xa, 0x80002, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000", 0x1c}], 0x1)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xffffffff}, 0x1c)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00')
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000080)=r6, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), r7)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0}, 0x1, 0x0, 0x0, 0xc800}, 0x40)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
r8 = socket$inet6(0xa, 0xa, 0x1)
sendmmsg$sock(r8, 0x0, 0x0, 0x4008000)

9.118745154s ago: executing program 4 (id=1245):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
syz_genetlink_get_family_id$tipc(&(0x7f0000001780), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x102}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/147, 0x93}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000780)=""/197, 0xc5}], 0x3}, 0x3}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000540)}, 0x80000000}], 0x4, 0xa062, 0x0)

9.000016273s ago: executing program 0 (id=1247):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x78d, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
r4 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'})
sendto$packet(r4, &(0x7f0000000040)="bb53a94584285101010000853e60", 0xe, 0x14, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}, 0xb45}], 0x1, 0x2040, 0x0)
openat$vimc0(0xffffff9c, &(0x7f0000000100), 0x2, 0x0)

8.775181702s ago: executing program 4 (id=1249):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xce, 0x4a, 0xe6, 0x10, 0x93a, 0x262a, 0x2e17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x62, 0x2, 0x0, 0x9e, 0x38, 0xb4}}]}}]}}, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'})
r1 = socket(0xa, 0x3, 0x4)
ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001400)=@newqdisc={0x18c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_STAB={0x154, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xff, 0xa00, 0x8001, 0x1, 0x4b4, 0xa}}, {0x4}}, {{0x1c, 0x1, {0xe, 0x4, 0x2f, 0x9, 0x0, 0x0, 0xc, 0x4}}, {0xc, 0x2, [0x3, 0x80, 0x1, 0xc]}}, {{0x1c, 0x1, {0x3, 0x5, 0x4, 0x1ff, 0x2, 0x8001, 0x3, 0x9}}, {0x16, 0x2, [0x3, 0xff, 0xcc9d, 0xbe59, 0x2, 0x3, 0xc, 0x4, 0x200]}}, {{0x1c, 0x1, {0x2b, 0xeb, 0x1000, 0x8, 0x0, 0x9, 0x7, 0x5}}, {0xe, 0x2, [0x101, 0xfe01, 0x2f45, 0x6, 0xa2]}}, {{0x1c, 0x1, {0x4, 0x8, 0x2, 0x9, 0x3, 0xe5, 0x200}}, {0x4}}, {{0x1c, 0x1, {0xe9, 0x8, 0x90a, 0x9, 0x0, 0x0, 0x100, 0x5}}, {0xe, 0x2, [0x1000, 0x7, 0x9, 0x7e6d, 0xf5]}}, {{0x1c, 0x1, {0x7, 0x2, 0x8001, 0x7, 0x2, 0x1, 0x8, 0x7}}, {0x12}}, {{0x1c, 0x1, {0x81, 0x1, 0x0, 0x0, 0x1, 0x8, 0x9, 0x5}}, {0x4, 0x2, [0x9, 0x1, 0x1, 0x800, 0xa]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x18c}}, 0x40010)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sync_file_range(0xffffffffffffffff, 0xf5, 0x8001, 0x6)
r4 = openat$bsg(0xffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000080)={0x0, @tick=0x58, 0xe, {0x8, 0x9}, 0x9, 0x0, 0x9})
ioctl$TUNSETLINK(r4, 0x400454cd, 0x334)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
io_setup(0x3c, &(0x7f0000000180))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="2503000000000000000016001800140001800d0001000180ef12587ac5b185"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
fcntl$setstatus(r4, 0x4, 0x8400)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="200000001300034700bb65e1c3e4ffff01000000010000005600000025000000", 0x20}], 0x1)
setsockopt$inet_mreqsrc(r5, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)

7.734525726s ago: executing program 3 (id=1254):
openat$userio(0xffffff9c, &(0x7f0000000000), 0x80002, 0x0)
syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, 0x0, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendmmsg$inet(r0, &(0x7f0000000480)=[{{&(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000080)="9c", 0x1}], 0x1, &(0x7f0000000600)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x1000)
io_uring_setup(0x6b6, &(0x7f0000000000)={0x0, 0xf324, 0x800, 0x4002, 0x2dd})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r1, &(0x7f00000004c0)='W', 0x1, 0x4, &(0x7f0000000100)={0xa, 0x0, 0x3, @loopback, 0x8}, 0x1c)
setsockopt$inet6_int(r1, 0x29, 0x12, &(0x7f0000000ac0)=0x10003, 0x4)
r2 = open$dir(&(0x7f00000001c0)='./cgroup\x00', 0x40000, 0x2)
openat(r2, &(0x7f0000000200)='./cgroup\x00', 0x40000, 0x41)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r1}, 0x8)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000a8f3d2207205200385010102030109021b0001000000000904"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001100))
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x208400, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)=ANY=[@ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r3], 0x20)

6.999994724s ago: executing program 1 (id=1255):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r4 = openat(r3, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x20)
write$cgroup_int(r4, &(0x7f0000000040)=0x3, 0x12)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000340)=0x1, r6, 0x0, 0x1, 0x4}}, 0x20)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f00000003c0)={0x7, 0x8, 0xfa9d, {r6, 0x6}}, 0x10)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000000)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x7fffffff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, {0xa, 0x4e22, 0x76, @empty, 0x6}, r6, 0x3}}, 0x48)
socket$netlink(0x10, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="01002dbd7000fbdbdf254f00000008000300", @ANYRES32=r7, @ANYBLOB="e698d65d1c83854762edf2c35cf5d1b2b19b1e9b82882a6bcf9a1d30637a6708d8efe75ab70ca18c06420dbf387e8b60857240efe175f0d92fe58b11210815c73d76662a17015357d5179d568b450eb5161ccd257c594b969a48d43052d8599913ecf2e48c114a86bd81bfe88dce5cabe08aebaaa382bbb1c2865062e319719d41a42e979e9e293913da489384d9094d090bc357f223b407fb9e453292adc91d5308f91281447a73449d4d0c8e1055bd04205048b647d91bb970660067499e7223af77a0590466d72324ebf13288246f924c"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x80)

6.657418331s ago: executing program 1 (id=1256):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0xa0000, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000240))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_LINKAT={0x27, 0x26, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(0xffffffffffffffff, 0x3516, 0x0, 0x4, 0x0, 0x0)

6.297444397s ago: executing program 0 (id=1258):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
clock_adjtime(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x1})
ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0x19)
ioctl$TUNSETLINK(r1, 0x400454cc, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r4)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @random="e5db029ea53c"})
write$cgroup_devices(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="1e000300008c71ef28ff4b"], 0xffdd)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000002580)=@newtfilter={0x98, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x64, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x2}, @TCA_MATCHALL_ACT={0x58, 0x2, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x6, 0x1, {{0x6, 0x0, 0x5, 0x5, 0x1}, @broadcast, @broadcast, 0xffffff00, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x10}, 0x0)
openat$qrtrtun(0xffffff9c, &(0x7f0000000180), 0x141843)
link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
r9 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r9, 0x84, 0x80, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007)
setsockopt$MRT_DEL_MFC(r6, 0x0, 0xcd, &(0x7f0000001040)={@broadcast, @multicast2, 0xffffffffffffffff, "08193c91d3c098507ee299560845358adadb3ef966fae620502606ffa807c8af", 0x9, 0x3, 0x8, 0xd83}, 0x3c)
ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x7a)

5.955676042s ago: executing program 4 (id=1259):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
syz_genetlink_get_family_id$tipc(&(0x7f0000001780), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x102}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/147, 0x93}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000780)=""/197, 0xc5}], 0x3}, 0x3}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000540)}, 0x80000000}], 0x4, 0xa062, 0x0)

5.594820929s ago: executing program 3 (id=1260):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYRES32=r1], 0x68}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6}, 0x0)

4.592314555s ago: executing program 1 (id=1262):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000c40)={0x2000000b})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x4, 0xb}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8100}, @TCA_FLOWER_KEY_VLAN_ID={0x6, 0x17, 0xe09}, @TCA_FLOWER_KEY_VLAN_ETH_TYPE={0x6, 0x19, 0x88a8}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20000800)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)
syz_80211_join_ibss(&(0x7f0000000280)='wlan0\x00', &(0x7f00000002c0)=@default_ap_ssid, 0x6, 0x0)

4.514764071s ago: executing program 2 (id=1263):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

4.362339445s ago: executing program 2 (id=1264):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
r1 = fsopen(&(0x7f0000000340)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000006c0)='\xcfD\xbc\xbf\x95@\xd6j\'$\x1d\x14\xb7!\x8b\x84=r \xe34\xdb\x84\x00\x00>\xf9\x9c\x83s1n@\x1e\x99\xcah\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x83\xe9]\xf4\x96\xbc\x9e\xfcG\xb5\x1b', &(0x7f0000000000)='t+\xdb\xaaU\x8e\xd6\x9b\xaar\xa1\xf7\xf1\xfa\xed\r\f:\xef\xff\xa7x kT\x14\xaf\xe9\xf2G\x85h\x8a\x05\xd9\xa9\xf8\xb1O0\x05\xee\xc5\x81\xfd\xa5\x99\xfe\x81\xf2\xde>\xcdF8\xd2x\xb4\x05\xf8\x0e\xc2\x85\xfe\xd8b=\xf8q\xa96{\xf49\x88\xb1\xcb\x81n\n.\xd0;7\xd6\xc5', 0x0)
fstat(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0, 0x0, <r3=>0x0}, &(0x7f00000001c0)=0xc)
r4 = getegid()
r5 = getegid()
getresgid(&(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)=<r6=>0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r0, {0xee00, <r7=>0xffffffffffffffff}}, './file0\x00'})
getgroups(0x5, &(0x7f0000000300)=[<r8=>0xee00, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff])
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r9}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r9, &(0x7f00000083c0)={0x2020, 0x0, <r10=>0x0, <r11=>0x0, <r12=>0x0}, 0x2020)
write$FUSE_INIT(r9, &(0x7f0000004200)={0x50, 0x0, r10, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(r9, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003c58b3bd0000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x2, {0x0, 0x1e}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r9, &(0x7f00000021c0)="7b1713b4c6f02da7493fb6859f0143c68a58166f472c5078104b859bc37f9a49a8f85c9101df3b2736ff9bebcb1a3c2f570b28279b8ff7afdef7451b3d10b4578c2e81784b6e4f410800d997f0689546cee0852e9e9c64c1f95df7b136243cf7aee1b8e7a4e1d6e6fc01337370f0dfc098d975e9a6f90a08f5b845054d1e1fc81adadbf2836ff758bade0484377855b05b3556a91827599638458ad30baea03240b302638b88423ecaba6da1e40f6f1b24d60dde1652f2d5f818af43d49dd55c4eadea945e9b6aa744dca07ec2e00320bef5b045414836941469129670c4cdb953ed61efeeae2ced1b7cb3e7fa4c93cce5623a9e33c69d068b801fd1369aba759e2829c67c705853262fef6669aab956f0f733619dd361be5e1414c7e7ff6218e330156d609fa9f3244a0a4fb678a58e70b86f6dabc3331f755b786c42b4198149941a7a58c83f1f2811209025269c5ffcbe0c34ac98cc091cec2c993bca0aa8400ff9e39cc9fba8dda886f95357957bbad8bb850ab92f7aa9bebcdb0ef188749a1742e5597d199f3ccdc2d807bf757da45acc93e3e9645a1036cb041b3c38dafef367b8dae802bbbc03bacb905d40e1da78591687b416ee380103a670aa8f722c76e13f7f0e3effbb37f15a821b8315fe541e3ffc09289d96db1dfa8861e5da41c812b54ee20ca8b3180f2f46db56954791465cb572de0cce16d789d6fff216ca46977ed724dc0cc8cef7b295ebb2998a5c4662e32ae1001e59f3bfefcd72543bfe1aa6688d65c547089ec0fe1f1d9610095a5a4008b14f46775c368417376ee143856031947db71c455dc40eeeda210fbf258452781ce46e51f6df683a7918770f73d324d9401648d271cb9a7e919401567e400fec420cf363444a78eea03e73176abd6546e1657945aa88f64a21e07fc23edd74512cf89781e8ffe9bb1601ab25d31801332a6c5be9cebb6cb08207bb832106553ea9fc19b4b4f1f0cd55efc2925ffef75e9b12f06b5a7496506a274ca25f88398a1734b7013c3f78a2e49ef0d946a1aff362e37c9b5f5473de11401097722adda87944ee3eeb1bdde60e97484af4d2e5f8b0a9c63bb8bb99461b16edd824add1caf9d5247811cc4f6b48004774f1a4fe4dd125ddbfd8b69ff3ee314aeb445bee9f217a2f5a9e0e84ccd8718471f949086df6cdcbf95e568317e31dd01be1b826cf9a09373b16935fc864794a3886a2f4aacc42135db85f8921916a10aa7111a686979e2a5c9959cafc9774c416c4dfe0b9e06657feb2fbc31e7c11f6e2841680986557c1f2b1ec3c0fcc6a749a3c97a5b370550ab7110e25851b13c0b75a7fb0cd3c4659878209867659c216b467bdcf51e786a59fad084886490fc77e186ab827d844d0ac4682651fc4043f8e87b905532a53017ada44feee1f89f9bc6d2a8b144e721a479f7b90acb91033774f4c12df633548a9097c791ec7e80fa2607c86fce6e9abcae1296528b8488ccf18a4bb0fc9b50c15d294e8d380465465b4eeae26eb6800faba611785cd2ff95ca1923dfa47d5923f89e4eadb612002caceaebbe779c4e3a3833455752eae63689ab8dc03db63d82feeab7f1162eed5909b69ccd5abeb9c071da82cfc76cc692a51d99e0c4bdfa6c81c9878e893a77e1e7105e7910827ddb3353612fa8d5e547b43b5abfe50829c1eb7bfda1731db2a9a1e8f0fc298dfa7009679489f9d9323338b7e59f1e48419ca531d88170a5a1995f576aa125edae9e9ea26f6e9c4bc26323b7db0998c528a7b343ccd87ff44c77e6cfc0a324cc1d4ea79c30015f0caaeccd46e5db580aa5ce8030c2b13b37494557da58abbdc7ce9fc9afa49ce0e8a7a6fa058db210ed654203e7879cf5004ebec57522ed34481b749554b36cd7171209b0763e1100d6704604f2d3f28c5ddc66c877e3ab63f36137d5a67cbf872aa6af79cb3a66c9040009b5e1c7b718c1b8788156b82d6d800dbe9fc3d16c812a963c73599b79efb89aa74bdbd9b1a2dc0b8ad853f79c0867a3a45d7a1645059171877687a72dd5ed4213c0ab84ef6185e7935346a84450887bdb2b216883e907b13b03c133adc04ab3c5f60209bd90aad3d94443105f08f0ee1b2231e1a1f8cce71de74d5308b78b5d99ce4ad4573faba9fab48bc1615f14d453c67714b99f274de041512b07b885679e6f89f481c28b082084b853c9afcda31def2898284d6ca28fb124df67142821c9705e28093ded60992d9587fb466df839aa2a4973dd48f9372a55da6592646fc918e533955566a2d8dc59277308223aea4dbe0daf839f95516b8995e9eec87df1df9d38693e0824dca7423b08d553b0ae1c5c44533b918eaa02dd17b4c8ce515ae7de410970f670e17b5e3c0a207fb8464d5d442694a271d593fc23ac19619bac32ac17cc6705ce2e6262361eba24277a471602e7ca57cc614ee116e60a9e0b6ac5e3228ea2c650baf1a09e9e5c7a1b25a078d1d11a673d88f6ee33e50d036d7fe4b9c06adc70aede2e35c6738b255690ed3f7a8d2d14e36e360f3bb66978d6cfcfc41887c751c0efc9325d4485a2f561060413fe6af4ce40d87a476201f15a584fc7ba18ddfef5f1d729d5f544c2c6b06befccb444f0408451089f20b06f05ab7d6702b97819b0eff6fb090f21afb3076558e692920053702fc2348f8dade0cb2b007f38d6dcd4ed3bb42553b1bd684791743a1941e5bf2ed234f44be64a95b485a3e949538a40542f25ca4bfce44e291037ab282082f02157a96f4ca0a0c5cd39215fd07461093a4d87a7979f7aa97142bf5b9ef71db537f9acc90f22ca2ded5c1ecd1ba972d05db7f71e8466085c9b3e975fa3a948f2c4049d1a8e46f71157017a3a74ad25e215dcfe7a4c5cb0a7baea0b0ec60c5df82555c553ac60dd39174c721edc0304b836a4de539c3ee55401e13848018f889cc4a0fcd01d9f4978eb730fb1b4a94ede0283f8c95062f01c8c8a3169b2d5c50cdd4f3a248d80a26c950b4036fc6ffefaf5101269fe3594c2cc128220a1d0b5f9f23121f2b184894e129159eaa92d9a30e878839be44d20cbdff3c338cc95795c86121b2b498bd376e895c98d67f6a27eecb46a203aa9de744feedf27b6825cc17aaa098b5ca05cad6bdbe320908ed36bdc8a8f2c777eeb9b037b36c0e36019c264b3e36196501d6ccb0e7b1899a72bea5c8a24a5ae62e3684a39a06208bd382cd32acfabd742c76334797fa0c09a2a2a7e1240974afe0f3d6eb44590cf171efb7602009a93bde85cea6701c765dbca7c6a879be41dd08847802d4f59e933df65f727cbb45e3a4a5019f503b6fad7e0338e653f8b2c87aa7f196444e0dc1be6d7c4f0c7ddd663d06ff1365a9c362384a33b0315adbfb2d73359c485cd5410d36d21044bd8d3771c5492803b19f7f3a1a5c3248e66786479fa4416a55855adebeb09528ff5add597790b97bddc16bb9b7b33a1f800701c4293e2c8428dc2684726cfe5539ae0a9bf89e1b6f1989fd0433cc865b308bd0c636402b4b285c290e2439b9ecf0eba156fb6b613ea7f97b04506fe28e9471343c854fdfd48945a7f564acc817e609be8f8a7fdee12e9b592fd8c5c08f51ba8cb95be12cfa497d1539a4b8217818d47ebb3cc669014261530205948fdb9983a0e5759afa9b290ce838102661750ab06d7fe65a39efa6af36c042d2dee36402a6686d58eb144b76033cab4482b8fbdd213a90170939ec98df1fdfca4b37b143a971b9b59fc351098942bba090056c20e8cfbfe8fcbe361d068c98a020f67e807b8db2e45cad83c9970907646c0049c05c1ed657d53d859f1a47bfe6f022be0689de224034d0160b1dbc878ba6dd685911288d7af22ff5eedc1634c36e25f51d0757c7b9c73d7937955da356dea68749d464a75f41c9f6ba36cc1ca8c2f3aa34beae14fba894ca705111cdb19094432c2f6caa0eac78ab09b0cee330f36b1b91a6a5d4896cd15d96c12547826559441cbf578f189f5f04526a4cf76d60144090c2386b747ad50f7962ef2950d2c6f4ff8477ad0681ab24c47ea7ded8c9accff0dfa30489f43f0f3182b88e757fd9a1d82e1c9bb4efe5215518a6e48c688b2dabbd15107c5c6245de0acfd740ea54e0ec212f405f25bc3aafc63009631a4e4749296d47c2bcf25cc95afceb0a1ddb3c6124208f5134981c30489b42eeb864b3123b03106c9b234a465d87c30ef36e00244390de36a5dd93794467ef37bd01b86387855d2ac24e05370212e845082bb22c8fcda0f0bc78ddf971b0b9d69fc50e0d907408e9c9ac4e5099f47db2d0c14d888e363ece768555362a08c408d0119c45f158aad695d455d28e223be2862c19262c9f43eff8855b5a9af4f2cede95e415e2f597bb64c8bb2d608f86b15950ffe2e6bea3cdb221cf8b7eb35e0bdf6638283b09c68cda0bf1ccb9e353a7f0afb58d806923e36b22db68615a7e4e04d0932d928afdc8af3963378ebd5e05058160ac67fadb7a7d9ec498e00f63671b84d880d196c93afb4fc823e7d6576ad824ffb4c90fc780b163a292899ccfcaed81dee2c992787a66800e206df3dfc4a6b441d54ccb1a19a587402a663d510e45a5b1aa96fc467efaf7e71cbbff087f3d2922a133466d5ae9f86b0bc39bb3093b87ac2db941b1fd9e40427402781425d6e8856a2c66cbdd274f4c689758db6dd58ec7d766b177739e8c9173f2b1946be5396aad6d7ed29d058ac231e8c2e6a9077b4a217df4580a2d72bcf0b73e4bd07465deb8798a55ee855b82f1fa7d3748a40485bd90fab94b617d92219c4b65efa022936895e51873058615a19b9d1347120c405c3254f290b4c8b99c8ea9dde3a749ec538421a29d27b48ccd83852abe1a461123e4d36e56508d1827880960362d10835df77f9d4be51f1447cac5ae2017a814de58cd99bcc0c194254b17114ea48f5a0cfe6547686088d527c65180474fd460ffea5d48767ceb65c6fa3d7d3c632591d2d9d65c6c3a35a6ae4dc56322cd84734b0e7a092a4c46c1c607afa6d0e477e8d04e4993e595ba708a0f4466cd8a89fbc06d3cd366007296a9f05b66cfdcd5b30b6745e71d513205d5dbe1e8516d9e9cf133caa994ec0ac2c543d107efd4b9a7d9ee1ee415830a6c2ea17114ea9683726f2c82741f9ad4ac1be6772f0809f18c13f4cfc82fd1b7b3bd29615336003c6784c03fbcae475a58a3c4d68099732c326dfb7643eb150f2354918077bb798b5ecf491cdd0765e3e1ed5d0a37840f1a28f7e188a021781f1896dae7153f9d6639bf66be0c7857d7eccd2a1e6c9fd0cc3594477bb005df9b29f680c966161e37bcec97fc2ef7a2c3bf64e4df5785c9b080c7f9c6d7c515408445d55da499c03ba66369a31157bb03588e84a5303c46cd393c5bd6fbbb8deed94b62d67a9351c259b263c6c4fa65a4dbdd7eee080d82cc5e478c885678edbc9cfce74169ab748d7f4a08aec3e114394fc1d5e361267b8f3fcf38a024928d58158560f7da427680e7611a9f1b8255c67e6ea6b597ebd31bed9fd6f85f9b6ee63d4374c1e50597d1c9f3c56b4266bc632ba66ebecc396f6bead40392dcc138098b4166ab7f8714bd4db0615480705dd200da92dc51ec215844d7599e0a6262e8d5dc6a9452db8994d8b8f19ad4029e0b41b5e13fd6b56230cecea57f3111ff6c78876b3e657fab112968e83a0b64ce9837b89f5dad0d5f0b8b410e3a9a56ab2e9143e90fe371a944989ee206eef777cf4a235333c647e45aab910af492bc7c2213246374251e23accf5818aa2f24823bcba12efe3658e1e2cb49a5d4ffd26453829739647eccd106605921641afe16bbe79c8739062eabeeda4d4a42cb70d84e1e1d3506c7bfba5f5135aaae85b03dc6518eb30d832175cedc5bdca95e600e04902d9eda90c1da4bdd3138ac889398c239068857103ad70b5d1d9fac27c8ccfbcfcf126d9a5441bc963bce4669047ac901a14ca7c7e76f94c77159cdbda5360e04bb539a9d5ccd16a8cc88bacaa5b952c86b163575d7f1cab58f0d612d796b570f3c5debd7d9abde7e24de2c252173f1edc93817192699bddad45eeb41ff398c1bee4d2194f38bf4d2b4ed3a8895476bc441f464753139e204ff5dee7f45ce639d7541c0d396141aeff30cbbfa7157a61993eec98a4356df98665546a1d1e8429fb0c78684000862aac50f7d9a1413e89958f4defd3f087769cafc32bcd6016e496b41b7754cfbe42b352346fd585fb19a80f4af9a19811311b5fc6ea8eb5519a3cf7dbc1a06eed41668e332224c1daa01776e0886044f5a95e5dffc8d9ccce7840eeae97e8cc916db95bdc33fb420e28030c6edb011d5281db1dbeac9bfcaf938a757e3939b025d339e69b9692c8c7352787d399f342e96096e37ca208609e5f93629e36ee442db9fb822ea236683f79875e7dc73ec97f98fe0795f9d83f473cc80a589043a7edd953473684ea4e80f698683a0fc1d8863adc44fc13c27a08921a681ca1ad76207b1a97f8fff7db247ea09b3a6407ea83d82d82d171fc80a8f5fb9f19cd7e94fe121a6a0ef9c4cff7a8689c0abf750dadcc7442c2ca5ed437af5e88e89b0a783a1164cd1eb2a33a64c919d9f08fe5aa7a775352ab6027a7b73d6fef51acebec5516c2a5f2b932b2621bbd2cdb415fce9ba1dbc3de205869fa0423adcedd5570ab0b4b64afafaa458b3840b48f018297aa46426d7893418033f00b5378eac6a70275ec860609b07851b88ecb5da05086adfb80f47c71a77301ca0f1520dfb7a800bc8421abf5eb94942ec818e3a1d45f09ff93e6549b3ef6152c6abe38231b4a82e355e27e363184df51418286d7073cf464eee02310e84b3eccabd2120fcca333130357e1967f67a69f437dcf6a20ca21797230aad086bd4c28348f58b80ec5d27626004533993b9f85897d00bc271a62ab67f92e2eed6d900000000549e8344ad90b47fb5c1ed5908bce94d03bbe98a87a1733b5031f89644c2d35d729e1375969a82f0252859219407c5c87f5d249d5eb8c17001fc7c6dc5d1825851b41e5e937f2c39d7f7196f38f83619da2cddce747bb0e906d0fc13a11fc6c2be3d140ea6da886cd5e194ca9dbff565d2a82e7e82dc5a36084bf02029ea05a9cfe1f3dc80489b426a14372232940ffad8124bd515f0a73fa85c2aa0cd51d76a0cc6e75ccc35b702a4fed4d2e2828d98939406ddc6df1048f0a22611859d6bfcbb0873d102e4b8a86b5d9af8056447f6c1552a603d9f67009fa070db73a01e1b4adbe4e841d0b9a92d148b626c386b25687817e5ec07dbbfa1d62d078578fe21d546414e3c5e29e8e086d7e542a2eb74a67127e7f171e076bbdd62767aae3db467db1df13b3121023bcee33f814d767a9ef14651f76ec89910ed33e9804df8619f69ad06bf0559b00d4efbf6f44e922d50a18ffa25d8ac58dec53a93642186c0ca81b07fe5c14c9c13397649a53ebfcec118e5bb84db053e6e505d07a09bb50f33906e7febac3c85ca337111dbfcb7b9becccaaefa3d857d48f0b3d8646d70fdcf2f1dfb89cc3ba1394cb5de24d999c88235418bc0f20d4036bd0113d298b91c44fe042d3b8e4070e3f828499972524601c4725389122c7fc3e38eb799f7b755f23bd5362880b9275e58eab2c8f42e583890cb84e17f35025d1d76dd28171bee561d21451b4b2ebf23b923221c9ea06b924815889d2b605af66539c3b0ffc30c7170a5581727f0faddb257cb6ab28b3456737d3588fa3bce0ba6a2a5c3c94301fa8a4e6db358731bd3a4a62b42181e04241010d7bc3e973b9fe428175ec8f8e6cbd4e53c8bd957621acb1e42504e6f8a7bb30c382058fc9dcd0cd0ba0b789c316cd58d7b5606cc2a66c872f10e6663346d572ecc37ad1c3d8146a137e35e54096ddc2a5e2d26765d75615fecd09b864b29adfe92763ab54272365f56feeb9b57059744e765485ee322cb879fd3c8fd8bc4727d860995c548bcd41852349f1b2227f5a1f39b24549693fb05c04ba8f190673d11eb27d0bf628489f9b8049f5f3a1e1fed97ba9881da0031ef5960b6b0af825cfae8252b931f6151cba9bf889a5c74051a176c56d3cbb8915d3f28f8f684629bd1e3f87f27909b4e8eca6b88cdd60f3b5bbe0641a469e396080fdd2feeac7a11703b758f1815f100ab2ca4403af34a655f4c35e62778c276c96bb94a3d9f58f3bbd7ae6c4f133f7c4199f18d02d66598a54769415b376bb04b520881f23b22b32685ea1ea0dc179ab2f33f07c7039d1a5eedd1905d2a8c7d3c9686758ba5aafdd74f36da7f5522aff5c40e565b50cdd92ce353c3d6c97ce87f0495bdb95d70ea52c8c26b87cd337fd2283b88d7301c32f26833451b8f7c2ee5f44eec58d9eef2a39b3021a29c8747d36a2dbca6c0c085399bb720000000000000009d67e17060abad89c7d8b8970244c2f11ad2f4ae878a3676659b77178a9b651b12cf9c21e658a32999d596af4648f636df4de8c037d1fa63b1a685e8850156bf99e00666dbc03d3e3b44018659743127f91d44c99b578b86a44f3bcf1523c8cb45accc3c5fedfd7796411eddfc3a7a6b7c57ae10fd4bd3fe9f662dc59747ac4b7cc2584ae3ce2e42a41066dd0d560f1b4c83edc57121dade5e397380bec5f40b5d0beb14aef21b2c68ccfd0eb4959b5e7f5b5779903963298e3c9a2141f145137de1d604d9124c3c4f60a4d54da38a7c32ef2632fe66a8ce8e95ee95a570e18e9fbd44884afe291550839dd61e65c952a3f5c6b61850d1c2a77e18fde734a305b407cf6dbf17afd66da6e42f0e8f66092df46c79b44711f6e8aafa831fa1188beea696672b0e94cc3cae584b30dccf053634f792c2d9f4c87e306991b407949f2870b525d123f9ca23142a0ee13d05f51ed4ff2653727ad5bf16453276b2d5e7d7a8a0a1c4847cb61ac4b08d9abee25165a120d156775a534a62f9af3a3b62726101b94ae1e14352262f017c5361b3341952d194a6a2d470e60df3fde61d343e0af8fdff36ad976af6732b732ceb69344550555174fa280153e08f74d81f4ee69c1eb44a3468e8cf78bf7c1663dae3d31553466faa207b8e9887cb54209fac0b6f6d12d9588351c76e6bad884799afe856a25b5fe737d0ba737a0f1a12b4eb3ede48a0c38e6787ab42fca1c7f2ab43fa6104d5a99aa36b73ac3622ccae12252457cb7d0a7c7eb5de795647dca0621fc2c9599441dae7cc2a8631252abb5e0f22e9355e0a156a1ab7b1641e345045e8303b5f6dda5c3c1cc2637700cea25c004460d101fc42ad78ae477739a4efbacc57272cfafae15292dc3b2800d9f42002c2062af9a1f329e11140f8317242c04ac1f11cdb45f5f9ab18877daa214c151fb9ac54e3e010b5e7944d7217442d5c4fc29956c1333cb932424096f5b6afe1128db53f7171be4372be8bae538bcb3e4a2eb29608678735a667135e0f2660956e9e2a3ed862209efe65d9ab2fbbf88e5d3384fb3362af00e1ec6b4d3ca40df442b70951026438877189c4b0ae136a9a35c131fdf19115e8dc1ee2b938bfbfdb3808aebbe7dfbbd3510c7070388f5813e8bc63be744b99116c4b84ea37d57c5da7a80cc883aa915d84a249ebfa78ceb124c63b3a0720b19483189ee50824e8581556f0520e434803204cd0f3dd09fc97c979f9a7e3f8e5eca8fccde98fc4939551338235c0c6378faade0d18f7050f29189485e01ec120239373c5478cd19ab27570921415a6680924baf9c5829f3f2115460d1fceb8a026fa1a0a0047fe1cd6fcf1861dd3784e006abfddfe79461c5001e4e32d99c5bc203c21f8c711c5ecccf8941093d95a8db73722bb7511443fb2670244cc1249492e92fc4bf7e06ec6f08c5c6931929d58232b551957b771ea5e4a932b037904b81916e662e3fe95af894e80f699e5c00ab664f381bd9c0bd4132290b3cf367577429fa52c0f1c44ffc626c215e7103cba05bff4931d9a202c1eb9068f44983d1e0c6d9fb5fed738561651e854a3c1b362ae354a0b4a270386ed2dbef093bd82f07f25edfae31901cb86fd214576b25f769bcb215214c63026b2581a8d17779aae03ba310f3243b3631f4b01c9e3eb342c3bdb44d8e47cdc1683e3b1cfffef72e385cc8831f99425fc406575170e1c106618d5429144a436b9e92d241d8118b5cbe0dca5e8ddd86e671e13080eddcf8dee9e317d192a3a5386378de9b1ecd8cf5439cfbe9f65965e5a5f6c145627ac23fe30c2e06e623b0eca15b225b32b65ce568b656cec0e0d6752fdebffd39c7538472ad7a195b56fcad3fab80016ff006df6b01d785191e4fca143b14ce68b32571476a779515ccb14d35cf9aabd4849c03c9bf12a42cfc2a7146ed6c25892a9d1c48f95314f641142d38cd882e54534d69b3fcc18044309e6debef6dc79d7737956418b955d33737115b44360e0bac14b71e2e64f0c8aea428dce5b65e210c108f832a6041c0aab116488e5863cd1039dc8af537908be3541352bdad303de43387503d19d7c0f0390bdc5b95f1dfb0701fd0e14a22c210837cc0a1cb059de474f4476bfe9bddfe3e7977fb299e82d9eefb18111f7c4a5fbd406fca720fec69340d978f4c9832204d67f6fa5793325e04d4af84acde0b56158e4c606394286a4b3cfc04a426a665529b753e1ce2d6c613159844bd069a67b5b96cb8ec993f05a8e252ed3d8ed63d524af0845f519f9d47b85a773f37031cb91055fb963db50e6a1e368f10a82fa40ac055e0201c6d29661eadb76f8154ef9c1cc210ccf1ccb063e8c00324ed6a14fdefa0167a9abb04debbbf5e7b8a57a7772373c765947f0f67b5130d77a6ca6ab166147d4eba97b4ddf1465d25b02f4430227b5713a29fd84664bfdfa5fc450e48f5263eaca67c16033b79bf1cb819511cf16bae6ffd5d05a7d9cc93067b6f2512fea2424a9c7d178f653ffa7ce1c00924707e3817c7cd461cb2a8cc5eadc408a1258eaad7720ee3976c5a60025c317480016e5e5bd884f3646651f3bdc1185ec1a4112eb24ba5b3b6f94ac66322042d4bc48cb5befabfcf950cf8a0165fba3fa019324b53fb56bbfaec7f4ec733e84c22f841c1c9c1dc51dd3ac4887e155ac4095a6b8846c8f401f3c2d48d4de18906193a9f05ed59e3b0add8bc27c0bad8418ccbb842123ce1d39fdeeaa7984dfba9ef121ab4d4d35de076262636f3815708e4bcf31e634a290b13317425b1a4a2e4ebf8537092c7e524c126faa9622bf1337168e003857805dd420a51816fea3cd37c34e483f64a2da3ab67442314ffff40727835a1bc7b9971ccb5f83183cf1a135defd468907b988d97028f904c4d9c712f7d0ed6abe4d80712a7b7e06efcbe6a5b83e32beb1556326af7a97437c35c6a706c6cf4403b98f5134547ac167fd1abcb9245ec3450202ab80e553952412032a6c3cfa64441d4aecabd1e182c50bf67801fd3b44b40648ac9926bbbd7095425a429f2a9550c2fd1267cbf6156897b705255cadf1c7f233f4effd788b3f446dba19e68bbf8b42ff6caf984a4eb51328ab5e2bc28366e8b4df4df967a16d470a00", 0x2000, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="50010000000000000000000000000000060000000000000002000000000000000600000000000000060000000000000005000000ffffffff090000000000000003000000000000000e010000000000000400000000000000000000000000000008000000000000000001000003000000040000000020000005000000", @ANYRES32=r11, @ANYRES32=r12, @ANYBLOB="0300000007000000000000000400000000000000000003000000000008"], 0x0, 0x0, 0x0})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r1, {0x0, <r13=>0x0}}, './file0\x00'})
setgroups(0xa, &(0x7f00000003c0)=[0xee00, r2, r3, r4, r5, r6, r7, r8, r12, r13])
readv(r1, &(0x7f0000000480)=[{&(0x7f0000002800)=""/4094, 0xffe}], 0x1)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r14=>0xffffffffffffffff, <r15=>0xffffffffffffffff})
r16 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r17 = ioctl$KVM_CREATE_VM(r16, 0xae01, 0x0)
r18 = ioctl$KVM_CREATE_VCPU(r17, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r18, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000000000083000040"])
getpeername$packet(r15, &(0x7f0000000000)={0x11, 0x0, <r19=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$NFQNL_MSG_VERDICT(r14, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000e00)={0x514, 0x1, 0x3, 0x301, 0x0, 0x0, {0x1, 0x0, 0x4}, [@NFQA_CT={0x58, 0xb, 0x0, 0x1, [@CTA_SYNPROXY={0x4c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x2}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0xd16d}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x8}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x9}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x200}, @CTA_SYNPROXY_ITS={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_SYNPROXY_TSOFF={0x8, 0x3, 0x1, 0x0, 0x3}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x8001}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}]}, @NFQA_CT={0x188, 0xb, 0x0, 0x1, [@CTA_PROTOINFO={0x64, 0x4, 0x0, 0x1, @CTA_PROTOINFO_DCCP={0x60, 0x2, 0x0, 0x1, [@CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x8}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x10}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x1}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x2}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x5}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc}, @CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ={0xc, 0x3, 0x1, 0x0, 0x4}, @CTA_PROTOINFO_DCCP_STATE={0x5, 0x1, 0x5}]}}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x10}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x32}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x90c}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_PROTOINFO={0x48, 0x4, 0x0, 0x1, @CTA_PROTOINFO_TCP={0x44, 0x1, 0x0, 0x1, [@CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0xe}, @CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5, 0x2, 0x6}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0x1}, @CTA_PROTOINFO_TCP_FLAGS_ORIGINAL={0x6, 0x4, {0x7, 0xb}}, @CTA_PROTOINFO_TCP_FLAGS_ORIGINAL={0x6, 0x4, {0xd3, 0x1}}, @CTA_PROTOINFO_TCP_WSCALE_REPLY={0x5, 0x3, 0x1c}, @CTA_PROTOINFO_TCP_STATE={0x5, 0x1, 0xb}, @CTA_PROTOINFO_TCP_WSCALE_ORIGINAL={0x5, 0x2, 0xff}]}}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x3}, @CTA_NAT_DST={0x58, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @local}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}]}]}, @CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8}]}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x6}, @NFQA_EXP={0x1a8, 0xf, 0x0, 0x1, [@CTA_EXPECT_MASTER={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, '\x00', 0x44}}, {0x14, 0x4, @private0}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_ZONE={0x6, 0x7, 0x1, 0x0, 0x2}, @CTA_EXPECT_MASTER={0x70, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @loopback}}}]}, @CTA_EXPECT_TUPLE={0xe0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @private=0xa010102}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @private1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_ID={0x8, 0x5, 0x1, 0x0, 0x7}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0x8}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xc}, @NFQA_CT={0x15c, 0xb, 0x0, 0x1, [@CTA_SEQ_ADJ_ORIG={0x54, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x349}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0xcf}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x10}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x80}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x7}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}, @CTA_LABELS_MASK={0x20, 0x17, [0x400, 0x5, 0x7, 0x0, 0x8e, 0x100, 0x7]}, @CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7}, @CTA_TUPLE_MASTER={0x5c, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @local}}}]}, @CTA_SEQ_ADJ_REPLY={0xc, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}]}, @CTA_PROTOINFO={0x20, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_ORIGINAL={0x8, 0x2, 0x1, 0x0, 0x1}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x5}, @CTA_PROTOINFO_SCTP_STATE={0x5, 0x1, 0x2}]}}, @CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x2}]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x404}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'netbios-ns\x00'}}]}]}, 0x514}, 0x1, 0x0, 0x0, 0x404c814}, 0xc0)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r19}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

4.133690003s ago: executing program 2 (id=1265):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r3)
r4 = socket$inet6(0xa, 0x80002, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000", 0x1c}], 0x1)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xffffffff}, 0x1c)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00')
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000080)=r6, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), r7)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0}, 0x1, 0x0, 0x0, 0xc800}, 0x40)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
r8 = socket$inet6(0xa, 0xa, 0x1)
sendmmsg$sock(r8, 0x0, 0x0, 0x4008000)

2.560639797s ago: executing program 2 (id=1266):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
close(0xffffffffffffffff)
unshare(0x22020600)
r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522)
ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, &(0x7f0000000200)={0x1, 0x1})
ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0xc0603d0f, &(0x7f0000000040))
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000540)={0xffffffffffffffff, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x20, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xd, 0x4a}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40000c5}, 0x8050)
r2 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r2, r3, r3}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-generic\x00'}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0xa02, 0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000006, 0x810, r4, 0x1e90000)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r5 = socket$inet(0x2, 0x1, 0x0)
r6 = io_uring_setup(0x5c1f, &(0x7f0000000200)={0x0, 0xa88f, 0x2, 0x2, 0x1ee, 0x0, r5})
r7 = syz_io_uring_setup(0xbdc, &(0x7f0000000140)={0x0, 0xa83d, 0x10, 0x2, 0x0, 0x0, r6}, &(0x7f0000000340)=<r8=>0x0, &(0x7f00000000c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r5, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)

2.278697485s ago: executing program 4 (id=1267):
syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00')
preadv(r1, &(0x7f00000001c0)=[{&(0x7f00000006c0)=""/198, 0xc6}], 0x1, 0x14a, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000280)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa2788a8451f8100260008004580003c0064000000019078ac1e0001ac1e0101040090780000000040147000006500066221000564010102ac1414aa44001253e000200280007fffac1e010100007fffac14142a000000401724a9ba58"], 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r2=>0x0, <r3=>0x0})
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4d9, 0xa055, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xc4, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x1000, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xd, 0x0, 0x40}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002207000000ab"], 0x0}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
llistxattr(0x0, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@bridge_delneigh={0x1c, 0x1e, 0x1, 0x0, 0x25dfdbfb, {0x1c, 0x0, 0x700, 0x0, 0x0, 0x88}}, 0x1c}}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x20008004)
close(r2)
r6 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r7 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
r8 = getpid()
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r7, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, r8, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r7, 0xc1105518, &(0x7f0000000c40)={{0x1000000, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000, 0xfffffffc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x7]})
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB])
statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x100, 0x800, 0x0)
read$FUSE(r6, &(0x7f0000006380)={0x2020, 0x0, <r9=>0x0, <r10=>0x0, <r11=>0x0}, 0x2020)
syz_fuse_handle_req(r6, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064daa2bac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042663c65e059d368e4e2c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c272074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e1024a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b6732ced59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c371a4483729338f1305cbb32fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b4dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca36507002b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b3", 0x2000, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a00)={0x130, 0x0, 0x403, {0x1, 0x5, 0x0, '\x00', {0x1, 0xad4, 0x4, 0x8, r10, r11, 0xa000, '\x00', 0x1, 0x4, 0x9, 0x6, {0x6, 0x6}, {0x4}, {0x100000000, 0x9}, {0x8, 0xa04}, 0x4, 0x800007, 0x4, 0x3}}}})
write$FUSE_INIT(r6, &(0x7f0000001200)={0x50, 0x0, r9}, 0x50)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b})

2.277911709s ago: executing program 3 (id=1277):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4820)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0)
syz_genetlink_get_family_id$tipc(&(0x7f0000001780), r0)
recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x102}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/147, 0x93}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000000780)=""/197, 0xc5}], 0x3}, 0x3}, {{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000005c80)=""/4085, 0xff5}, {&(0x7f0000000440)=""/160, 0xa0}, {&(0x7f0000000680)=""/232, 0xe8}, {&(0x7f0000000100)=""/114, 0x72}, {&(0x7f0000003c40)=""/4092, 0xffc}, {&(0x7f0000000380)=""/100, 0x64}, {&(0x7f0000000240)=""/169, 0xa9}, {&(0x7f0000004c40)=""/4101, 0x1005}], 0x8}, 0x80000000}], 0x4, 0xa062, 0x0)

2.169140396s ago: executing program 1 (id=1268):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256-generic\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
recvmmsg$unix(r3, &(0x7f0000003700)=[{{0x0, 0x78d, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0)
r4 = socket(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'})
sendto$packet(r4, &(0x7f0000000040)="bb53a94584285101010000853e60", 0xe, 0x14, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000003a80)=[{{0x0, 0x0, 0x0}, 0xb45}], 0x1, 0x2040, 0x0)
openat$vimc0(0xffffff9c, &(0x7f0000000100), 0x2, 0x0)

2.092805097s ago: executing program 0 (id=1269):
r0 = socket(0x10, 0x803, 0x0)
openat$audio1(0xffffff9c, &(0x7f0000000000), 0xee1d110cd9beaf77, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00')
read$FUSE(r2, &(0x7f0000004c80)={0x2020}, 0x2020)
ioctl$SOUND_PCM_READ_CHANNELS(r2, 0x80045006, &(0x7f0000000180))
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x0, 0x0, @buffer={0x2, 0x0, 0x0}, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_SIOCETHTOOL(r3, 0x89f1, &(0x7f00000002c0)={'ip6_vti0\x00', &(0x7f0000000300)=@ethtool_rxnfc={0x2d, 0x2, 0x6, {0xc, @tcp_ip4_spec={@empty, @dev={0xac, 0x14, 0x14, 0x14}, 0x4e24, 0x4e20, 0x7}, {0x0, @remote, 0xe, 0x5, [0x7, 0x6]}, @ah_ip4_spec={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x3, 0x5}, {0x0, @broadcast, 0x8, 0x9, [0xf, 0x9]}, 0xff, 0x3}}})
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2, 0x0, 0x1}}], {0x14}}, 0x3c}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7814, 0x3, 0x0, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r4, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/27, 0x1b}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0)
recvmmsg$unix(r4, &(0x7f0000002bc0)=[{{0x0, 0x0, &(0x7f0000000280)=[{0x0}, {&(0x7f0000000600)=""/252, 0xfc}], 0x2}}], 0x1, 0x10000, 0x0)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r2, 0x0, 0x801)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="180000d4168c32b40092f763d904000000000000a5440a2e000a002400"], 0x18}, 0x1, 0x0, 0x0, 0x5}, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xffffff6d)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r6, @ANYBLOB="14000200ff0200000000000000000000080002070000000000000000"], 0x34}}, 0x0)
r7 = socket(0x10, 0x803, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000240)={<r10=>0x0, @broadcast, @dev}, &(0x7f0000000440)=0xc)
sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@mpls_delroute={0xe4, 0x19, 0x200, 0x70bd29, 0x25dfdbfb, {0x1c, 0x20, 0x80, 0x3, 0xff, 0x0, 0x0, 0x7, 0x2000}, [@RTA_OIF={0x8, 0x4, r10}, @RTA_VIA={0x14, 0x12, {0x26, "cb246366bfdcb202c5dc0bfd2321"}}, @RTA_OIF={0x8, 0x4, r9}, @RTA_DST={0x8, 0x1, {0xcafe, 0x0, 0x1}}, @RTA_NEWDST={0x84, 0x13, [{0xc}, {0x3, 0x0, 0x1}, {0x9}, {0x8, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x5}, {0x3, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x5}, {0x7}, {0x6}, {0x1, 0x0, 0x1}, {0xc}, {0xffffb, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0xff}, {0xffff9, 0x0, 0x1}, {0x5}, {0x34, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x2}, {0x4}, {0x4, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x9}, {0x2}, {0x1}, {0x101}, {0x101, 0x0, 0x1}, {0xe1}, {0xa, 0x0, 0x1}]}, @RTA_DST={0x8, 0x1, {0x5}}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0xfe}, @RTA_DST={0x8, 0x1, {0xac34}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2.092535592s ago: executing program 3 (id=1270):
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xce, 0x4a, 0xe6, 0x10, 0x93a, 0x262a, 0x2e17, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x62, 0x2, 0x0, 0x9e, 0x38, 0xb4}}]}}]}}, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'})
r1 = socket(0xa, 0x3, 0x4)
ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000000)='bridge0\x00')
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001400)=@newqdisc={0x18c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_STAB={0x154, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xff, 0xa00, 0x8001, 0x1, 0x4b4, 0xa}}, {0x4}}, {{0x1c, 0x1, {0xe, 0x4, 0x2f, 0x9, 0x0, 0x0, 0xc, 0x4}}, {0xc, 0x2, [0x3, 0x80, 0x1, 0xc]}}, {{0x1c, 0x1, {0x3, 0x5, 0x4, 0x1ff, 0x2, 0x8001, 0x3, 0x9}}, {0x16, 0x2, [0x3, 0xff, 0xcc9d, 0xbe59, 0x2, 0x3, 0xc, 0x4, 0x200]}}, {{0x1c, 0x1, {0x2b, 0xeb, 0x1000, 0x8, 0x0, 0x9, 0x7, 0x5}}, {0xe, 0x2, [0x101, 0xfe01, 0x2f45, 0x6, 0xa2]}}, {{0x1c, 0x1, {0x4, 0x8, 0x2, 0x9, 0x3, 0xe5, 0x200}}, {0x4}}, {{0x1c, 0x1, {0xe9, 0x8, 0x90a, 0x9, 0x0, 0x0, 0x100, 0x5}}, {0xe, 0x2, [0x1000, 0x7, 0x9, 0x7e6d, 0xf5]}}, {{0x1c, 0x1, {0x7, 0x2, 0x8001, 0x7, 0x2, 0x1, 0x8, 0x7}}, {0x12}}, {{0x1c, 0x1, {0x81, 0x1, 0x0, 0x0, 0x1, 0x8, 0x9, 0x5}}, {0x4, 0x2, [0x9, 0x1, 0x1, 0x800, 0xa]}}]}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x8}]}, 0x18c}}, 0x40010)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
sync_file_range(0xffffffffffffffff, 0xf5, 0x8001, 0x6)
r4 = openat$bsg(0xffffff9c, &(0x7f0000000000), 0x4000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000080)={0x0, @tick=0x58, 0xe, {0x8, 0x9}, 0x9, 0x0, 0x9})
ioctl$TUNSETLINK(r4, 0x400454cd, 0x334)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
io_setup(0x3c, &(0x7f0000000180))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet(0x2, 0x2, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="2503000000000000000016001800140001800d0001000180ef12587ac5b185"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
fcntl$setstatus(r4, 0x4, 0x8400)
setsockopt$inet_mreqn(r5, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="200000001300034700bb65e1c3e4ffff01000000010000005600000025000000", 0x20}], 0x1)
setsockopt$inet_mreqsrc(r5, 0x0, 0x28, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
openat$vga_arbiter(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)

1.461372447s ago: executing program 0 (id=1271):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000005e00679a3601ffc491c6170000501d0000be7ba9bd"], 0x1c}}, 0x0)
recvmmsg$unix(r1, &(0x7f0000003340)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000000340)=""/205, 0xcd}, {&(0x7f0000000440)=""/177, 0xb1}, {&(0x7f0000000240)=""/22, 0x16}, {&(0x7f0000000500)=""/203, 0xcb}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f0000001600)=""/121, 0x79}], 0x6}}], 0x1, 0x40000080, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000980)=ANY=[])
socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$netlink(0x10, 0x3, 0x10)
epoll_create1(0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket(0x400000000010, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x4)
socket$unix(0x1, 0x1, 0x0)
getpid()
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x15, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x4)
socket(0x10, 0x3, 0x9)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r2], 0x20)

288.167986ms ago: executing program 1 (id=1272):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(aes))\x00'}, 0x58)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
close(0xffffffffffffffff)
unshare(0x22020600)
r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_ALLOW_SUSPEND(r1, 0x5522)
ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, &(0x7f0000000200)={0x1, 0x1})
ioctl$PTP_EXTTS_REQUEST2(0xffffffffffffffff, 0xc0603d0f, &(0x7f0000000040))
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_LEAVE_OCB(0xffffffffffffffff, &(0x7f0000000540)={0xffffffffffffffff, 0x0, &(0x7f0000000500)={&(0x7f0000000440)={0x20, 0x0, 0x20, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xd, 0x4a}}}}}, 0x20}, 0x1, 0x0, 0x0, 0x40000c5}, 0x8050)
r2 = add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
r3 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000080)={r2, r3, r3}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={'sha1-generic\x00'}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_submit(0x0, 0x0, &(0x7f0000000640))
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000006, 0x810, 0xffffffffffffffff, 0x1e90000)
syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r4 = socket$inet(0x2, 0x1, 0x0)
r5 = io_uring_setup(0x5c1f, &(0x7f0000000200)={0x0, 0xa88f, 0x2, 0x2, 0x1ee, 0x0, r4})
r6 = syz_io_uring_setup(0xbdc, &(0x7f0000000140)={0x0, 0xa83d, 0x10, 0x2, 0x0, 0x0, r5}, &(0x7f0000000340)=<r7=>0x0, &(0x7f00000000c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r4, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)

287.551613ms ago: executing program 2 (id=1273):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fe00}], 0x1, 0x0, 0x0, 0x2b)
syz_emit_ethernet(0x72, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x3c, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}, [], "17c17f008400000000880000"}}}}}}}, 0x0)

131.712348ms ago: executing program 3 (id=1274):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

46.599981ms ago: executing program 2 (id=1275):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = io_uring_setup(0x1bc3, &(0x7f0000000080)={0x0, 0xb3e5, 0x8000, 0x1, 0x315})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000200)={0xf1, 0x0, &(0x7f0000000300)=[{&(0x7f000001b000)=""/4096, 0x1000}], 0x0, 0x1}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000180)={0x4, 0x0, &(0x7f0000000240), 0x0}, 0x20)
syz_emit_ethernet(0x42, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa000800460000340000000000019078ac1414aaac1e000144040004009078000000d62926e821fda5bdd4690ebec666dd00450000000000000000000000ac1414bb"], 0x0)
r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x200000, 0x0)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000040)={@my=0x1, 0x40000000})
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000100)="58000000140019234083feff040d8c560a06580200ff0000000000000020ffff00000000000064009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100070c100000000200ffffffff", 0x58}], 0x1)
close_range(r5, 0xffffffffffffffff, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'blake2s-160-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1aa83d170c417925bc575a9e0c0f26c420cf07ef1800322de53ae3", 0x20)
close(0x3)

0s ago: executing program 3 (id=1276):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$inet(r2, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0)
close(r3)
r4 = socket$inet6(0xa, 0x80002, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000000)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000", 0x1c}], 0x1)
connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x4e23, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xffffffff}, 0x1c)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
r6 = syz_open_procfs(0x0, &(0x7f0000000040)='net/tcp\x00')
setsockopt$sock_attach_bpf(r4, 0x1, 0x32, &(0x7f0000000080)=r6, 0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000600), r7)
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r7, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0}, 0x1, 0x0, 0x0, 0xc800}, 0x40)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
r8 = socket$inet6(0xa, 0xa, 0x1)
sendmmsg$sock(r8, &(0x7f0000001a40), 0x0, 0x4008000)

kernel console output (not intermixed with test programs):

 from the descriptor's value: 66
[  338.181904][ T5878] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  338.195150][ T5878] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  338.212791][ T5878] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  338.222147][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  338.230466][ T5878] usb 2-1: Product: syz
[  338.234789][ T5878] usb 2-1: Manufacturer: syz
[  338.246243][ T5878] cdc_wdm 2-1:1.0: skipping garbage
[  338.253353][ T5878] cdc_wdm 2-1:1.0: skipping garbage
[  338.261828][ T5878] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  338.267991][ T5878] cdc_wdm 2-1:1.0: Unknown control protocol
[  338.289580][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  338.301593][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  338.313034][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  338.324443][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  338.337533][ T5881] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  338.346815][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.360001][ T5881] usb 4-1: config 0 descriptor??
[  338.818486][ T8823] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  339.004215][ T8816] xt_TCPMSS: Only works on TCP SYN packets
[  339.039058][ T5917] usb 2-1: USB disconnect, device number 43
[  339.054274][ T8816] netlink: 'syz.3.844': attribute type 1 has an invalid length.
[  339.720144][ T8838] loop8: detected capacity change from 0 to 1
[  339.781157][ T5881] usbhid 4-1:0.0: can't add hid device: -71
[  339.787256][ T5881] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  339.813835][ T8838] Dev loop8: unable to read RDB block 1
[  339.867846][ T8838]  loop8: unable to read partition table
[  339.887796][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  339.935601][ T8838] loop8: partition table beyond EOD, truncated
[  339.943887][ T8838] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  339.990952][ T5881] usb 4-1: USB disconnect, device number 35
[  340.327733][ T5917] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  340.501398][ T5917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  340.517077][ T5917] usb 1-1: config 0 has no interfaces?
[  340.522682][ T5917] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  340.569698][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.641144][ T5917] usb 1-1: config 0 descriptor??
[  340.687569][ T8850] netlink: 72 bytes leftover after parsing attributes in process `syz.4.852'.
[  341.106285][ T8858] netlink: 44 bytes leftover after parsing attributes in process `syz.3.854'.
[  341.875363][ T8864] binder: 8861:8864 ioctl 40505412 80000180 returned -22
[  341.899201][ T8864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.857'.
[  341.916977][ T8864] netlink: 8 bytes leftover after parsing attributes in process `syz.4.857'.
[  341.941459][ T8864] vlan2: entered promiscuous mode
[  341.947567][ T8864] gretap0: entered promiscuous mode
[  342.332728][ T5881] usb 1-1: USB disconnect, device number 43
[  342.340494][ T5917] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  342.499983][ T5917] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  342.519532][ T5917] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  342.540779][ T5917] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  342.563726][ T5917] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  342.581856][ T5917] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  342.601148][ T5917] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  342.618452][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  342.627230][ T5917] usb 4-1: Product: syz
[  342.633458][ T5917] usb 4-1: Manufacturer: syz
[  342.643566][ T5917] cdc_wdm 4-1:1.0: skipping garbage
[  342.648110][    T9] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  342.650324][ T5917] cdc_wdm 4-1:1.0: skipping garbage
[  342.714693][ T5917] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  342.729240][ T5917] cdc_wdm 4-1:1.0: Unknown control protocol
[  342.830131][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  342.841052][    T9] usb 3-1: config 0 has no interface number 0
[  342.860431][    T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  342.888365][    T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  342.898886][    T9] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  342.908532][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  342.919882][    T9] usb 3-1: config 0 descriptor??
[  343.252155][ T8900] netlink: 16 bytes leftover after parsing attributes in process `syz.4.866'.
[  343.279240][ T8900] netlink: 'syz.4.866': attribute type 10 has an invalid length.
[  343.299275][ T8900] macvlan0: entered promiscuous mode
[  343.323665][ T8900] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  343.344380][    T9] uclogic 0003:28BD:0071.000A: failed retrieving string descriptor #100: -71
[  343.376500][    T9] uclogic 0003:28BD:0071.000A: failed retrieving pen parameters: -71
[  343.396178][    T9] uclogic 0003:28BD:0071.000A: pen probing failed: -71
[  343.406279][    T9] uclogic 0003:28BD:0071.000A: failed probing parameters: -71
[  343.423550][    T9] uclogic 0003:28BD:0071.000A: probe with driver uclogic failed with error -71
[  343.453029][    T9] usb 3-1: USB disconnect, device number 34
[  343.523166][ T5917] usb 4-1: USB disconnect, device number 36
[  343.893564][ T8908] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  344.757775][ T5917] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  344.918410][ T5917] usb 4-1: Using ep0 maxpacket: 32
[  344.927731][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  344.984332][ T5917] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64
[  344.996561][ T5917] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  345.010397][ T5917] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  345.020866][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  345.029239][ T5917] usb 4-1: Product: syz
[  345.035793][ T5917] usb 4-1: Manufacturer:  
[  345.040909][ T5917] usb 4-1: SerialNumber: syz
[  345.066842][ T8923] FAULT_INJECTION: forcing a failure.
[  345.066842][ T8923] name failslab, interval 1, probability 0, space 0, times 0
[  345.079918][ T8923] CPU: 1 UID: 0 PID: 8923 Comm: syz.1.873 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  345.079944][ T8923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  345.079961][ T8923] Call Trace:
[  345.079973][ T8923]  <TASK>
[  345.079982][ T8923]  dump_stack_lvl+0x189/0x250
[  345.080023][ T8923]  ? __pfx_dump_stack_lvl+0x10/0x10
[  345.080052][ T8923]  ? __pfx__printk+0x10/0x10
[  345.080078][ T8923]  ? __pfx___might_resched+0x10/0x10
[  345.080096][ T8923]  ? fs_reclaim_acquire+0x7d/0x100
[  345.080131][ T8923]  should_fail_ex+0x414/0x560
[  345.080168][ T8923]  should_failslab+0xa8/0x100
[  345.080195][ T8923]  kmem_cache_alloc_noprof+0x73/0x3c0
[  345.080219][ T8923]  ? __kernfs_new_node+0xd7/0x7f0
[  345.080253][ T8923]  __kernfs_new_node+0xd7/0x7f0
[  345.080279][ T8923]  ? __lock_acquire+0xaac/0xd20
[  345.080314][ T8923]  ? __pfx___kernfs_new_node+0x10/0x10
[  345.080342][ T8923]  ? kernfs_root+0x1c/0x230
[  345.080375][ T8923]  ? kernfs_root+0x1c/0x230
[  345.080400][ T8923]  ? kernfs_root+0x1c/0x230
[  345.080444][ T8923]  kernfs_new_node+0x102/0x210
[  345.080476][ T8923]  kernfs_create_link+0xa7/0x200
[  345.080519][ T8923]  sysfs_do_create_link_sd+0x83/0x110
[  345.080548][ T8923]  device_add_class_symlinks+0x1cf/0x240
[  345.080584][ T8923]  device_add+0x475/0xb50
[  345.080605][ T8923]  ? device_initialize+0x24b/0x440
[  345.080629][ T8923]  netdev_register_kobject+0x156/0x2f0
[  345.080662][ T8923]  register_netdevice+0x126c/0x1af0
[  345.080707][ T8923]  ? __pfx_register_netdevice+0x10/0x10
[  345.080732][ T8923]  ? __sock_sendmsg+0x219/0x270
[  345.080759][ T8923]  ? ____sys_sendmsg+0x505/0x830
[  345.080782][ T8923]  ? ___sys_sendmsg+0x21f/0x2a0
[  345.080804][ T8923]  ? __sys_sendmsg+0x164/0x220
[  345.080826][ T8923]  ? __do_fast_syscall_32+0xb4/0x110
[  345.080849][ T8923]  ? do_fast_syscall_32+0x34/0x80
[  345.080887][ T8923]  macsec_newlink+0x6be/0x11b0
[  345.080935][ T8923]  ? __pfx_macsec_newlink+0x10/0x10
[  345.080964][ T8923]  ? alloc_netdev_mqs+0xc9e/0x11e0
[  345.080991][ T8923]  ? rcu_is_watching+0x15/0xb0
[  345.081020][ T8923]  ? alloc_netdev_mqs+0xc9e/0x11e0
[  345.081046][ T8923]  ? trace_kmalloc+0x1f/0xd0
[  345.081067][ T8923]  ? __kvmalloc_node_noprof+0x338/0x5e0
[  345.081092][ T8923]  ? alloc_netdev_mqs+0xc9e/0x11e0
[  345.081126][ T8923]  ? validate_linkmsg+0x765/0x950
[  345.081167][ T8923]  ? __pfx_macsec_newlink+0x10/0x10
[  345.081196][ T8923]  rtnl_newlink_create+0x305/0xaf0
[  345.081227][ T8923]  ? __pfx_aa_get_newest_label+0x10/0x10
[  345.081252][ T8923]  ? __pfx_rtnl_newlink_create+0x10/0x10
[  345.081274][ T8923]  ? rtnl_newlink+0x8db/0x1c70
[  345.081297][ T8923]  ? __pfx___mutex_lock+0x10/0x10
[  345.081333][ T8923]  ? ns_capable+0x8a/0xf0
[  345.081355][ T8923]  rtnl_newlink+0x16d6/0x1c70
[  345.081394][ T8923]  ? __pfx_rtnl_newlink+0x10/0x10
[  345.081418][ T8923]  ? __lock_acquire+0xaac/0xd20
[  345.081456][ T8923]  ? __lock_acquire+0xaac/0xd20
[  345.081496][ T8923]  ? __lock_acquire+0xaac/0xd20
[  345.081543][ T8923]  ? is_bpf_text_address+0x26/0x2b0
[  345.081581][ T8923]  ? is_bpf_text_address+0x292/0x2b0
[  345.081607][ T8923]  ? is_bpf_text_address+0x26/0x2b0
[  345.081641][ T8923]  ? aa_get_newest_label+0xf7/0x5d0
[  345.081666][ T8923]  ? __lock_acquire+0xaac/0xd20
[  345.081719][ T8923]  ? __pfx_rtnl_newlink+0x10/0x10
[  345.081738][ T8923]  rtnetlink_rcv_msg+0x7cc/0xb70
[  345.081758][ T8923]  ? kasan_save_track+0x4f/0x80
[  345.081781][ T8923]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  345.081801][ T8923]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  345.081822][ T8923]  ? __lock_acquire+0xaac/0xd20
[  345.081863][ T8923]  netlink_rcv_skb+0x219/0x490
[  345.081886][ T8923]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  345.081909][ T8923]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  345.081951][ T8923]  ? netlink_deliver_tap+0x2e/0x1b0
[  345.081972][ T8923]  ? netlink_deliver_tap+0x2e/0x1b0
[  345.082000][ T8923]  netlink_unicast+0x758/0x8d0
[  345.082053][ T8923]  netlink_sendmsg+0x805/0xb30
[  345.082082][ T8923]  ? __pfx_netlink_sendmsg+0x10/0x10
[  345.082104][ T8923]  ? __import_iovec+0x5d4/0x7f0
[  345.082125][ T8923]  ? aa_sock_msg_perm+0x94/0x160
[  345.082147][ T8923]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  345.082168][ T8923]  ? __pfx_netlink_sendmsg+0x10/0x10
[  345.082190][ T8923]  __sock_sendmsg+0x219/0x270
[  345.082223][ T8923]  ____sys_sendmsg+0x505/0x830
[  345.082254][ T8923]  ? __pfx_____sys_sendmsg+0x10/0x10
[  345.082296][ T8923]  ___sys_sendmsg+0x21f/0x2a0
[  345.082324][ T8923]  ? __pfx____sys_sendmsg+0x10/0x10
[  345.082408][ T8923]  ? __fget_files+0x2a/0x420
[  345.082431][ T8923]  ? __fget_files+0x3a0/0x420
[  345.082469][ T8923]  __sys_sendmsg+0x164/0x220
[  345.082496][ T8923]  ? __pfx___sys_sendmsg+0x10/0x10
[  345.082539][ T8923]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  345.082569][ T8923]  ? lockdep_hardirqs_on+0x9c/0x150
[  345.082594][ T8923]  __do_fast_syscall_32+0xb4/0x110
[  345.082619][ T8923]  ? lockdep_hardirqs_on+0x9c/0x150
[  345.082645][ T8923]  do_fast_syscall_32+0x34/0x80
[  345.082670][ T8923]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  345.082693][ T8923] RIP: 0023:0xf70be539
[  345.082710][ T8923] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  345.082726][ T8923] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  345.082747][ T8923] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000280
[  345.082760][ T8923] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  345.082772][ T8923] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  345.082784][ T8923] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  345.082794][ T8923] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  345.082815][ T8923]  </TASK>
[  345.861733][ T5917] cdc_ncm 4-1:1.0: bind() failure
[  345.871721][ T5917] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  345.878608][ T5917] cdc_ncm 4-1:1.1: bind() failure
[  345.888695][ T5917] usb 4-1: USB disconnect, device number 37
[  346.232819][ T8933] netlink: 8 bytes leftover after parsing attributes in process `syz.2.878'.
[  346.251679][ T8934] usb usb1: usbfs: process 8934 (syz.1.877) did not claim interface 0 before use
[  346.267851][ T8933] netlink: 4 bytes leftover after parsing attributes in process `syz.2.878'.
[  346.387886][ T8937] netlink: 16 bytes leftover after parsing attributes in process `syz.2.878'.
[  346.658029][ T5917] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  346.768660][    T9] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  346.819949][ T5917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  346.833273][ T5917] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  346.847044][ T5917] usb 1-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[  346.867827][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.901024][ T5917] usb 1-1: config 0 descriptor??
[  346.927067][ T5917] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  346.936211][    T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  346.953056][    T9] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  346.966011][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  346.980551][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  346.994827][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  347.020815][    T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  347.063408][    T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  347.084198][    T9] usb 4-1: Product: syz
[  347.089376][    T9] usb 4-1: Manufacturer: syz
[  347.124164][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  347.144172][    T9] cdc_wdm 4-1:1.0: skipping garbage
[  347.163667][ T5881] usb 1-1: USB disconnect, device number 44
[  347.206234][    T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  347.239058][    T9] cdc_wdm 4-1:1.0: Unknown control protocol
[  347.421532][ T5917] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  347.980829][ T5882] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  348.024833][ T8966] vlan3: entered promiscuous mode
[  348.030018][ T8966] bond0: entered promiscuous mode
[  348.035188][ T8966] bond_slave_0: entered promiscuous mode
[  348.041503][ T8966] bond_slave_1: entered promiscuous mode
[  348.060478][ T5882] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -110
[  348.077860][ T5917] usb 2-1: Using ep0 maxpacket: 32
[  348.103955][ T5882] usb 5-1: USB disconnect, device number 34
[  348.123792][ T5917] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  348.176828][ T5917] usb 2-1: config 0 has no interface number 0
[  348.195426][ T5881] usb 4-1: USB disconnect, device number 38
[  348.257843][ T5917] usb 2-1: config 0 interface 184 has no altsetting 0
[  348.294855][ T5917] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  348.315304][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.330912][ T5917] usb 2-1: Product: syz
[  348.335511][ T5917] usb 2-1: Manufacturer: syz
[  348.340480][ T5917] usb 2-1: SerialNumber: syz
[  348.349501][ T8968] netlink: 20 bytes leftover after parsing attributes in process `syz.2.886'.
[  348.361168][ T8968] netlink: 20 bytes leftover after parsing attributes in process `syz.2.886'.
[  348.370673][ T8968] netlink: 204 bytes leftover after parsing attributes in process `syz.2.886'.
[  348.384181][ T5917] usb 2-1: config 0 descriptor??
[  348.395063][ T5917] smsc75xx v1.0.0
[  348.809355][ T5917] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  348.843344][ T5917] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32
[  348.875874][ T5917] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind
[  348.910945][ T5917] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32
[  348.999097][ T8979] netlink: 4 bytes leftover after parsing attributes in process `syz.4.889'.
[  349.340649][ T5882] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  349.407902][ T5917] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  349.498179][ T5882] usb 3-1: Using ep0 maxpacket: 16
[  349.504989][ T5882] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  349.518312][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  349.533197][ T5882] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  349.542395][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.550478][ T5882] usb 3-1: Product: syz
[  349.568296][ T5882] usb 3-1: Manufacturer: syz
[  349.572937][ T5882] usb 3-1: SerialNumber: syz
[  349.580112][ T5917] usb 5-1: config 0 has an invalid interface number: 42 but max is 0
[  349.591532][ T5882] usb 3-1: config 0 descriptor??
[  349.603483][ T5917] usb 5-1: config 0 has no interface number 0
[  349.609982][ T5917] usb 5-1: config 0 interface 42 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  349.612765][ T5882] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  349.620708][ T5917] usb 5-1: config 0 interface 42 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  349.644863][ T5917] usb 5-1: New USB device found, idVendor=1435, idProduct=0829, bcdDevice=ef.ce
[  349.655716][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.661396][ T5882] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[  349.675091][ T5917] usb 5-1: Product: syz
[  349.681780][ T5917] usb 5-1: Manufacturer: syz
[  349.686950][ T5917] usb 5-1: SerialNumber: syz
[  349.701340][ T5917] usb 5-1: config 0 descriptor??
[  349.708433][ T8983] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  349.717519][ T5917] usb 5-1: Could not find all expected endpoints
[  349.803103][ T8989] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  349.816894][ T8989] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  349.885318][ T5882] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  349.929997][ T5882] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[  349.960802][ T5882] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  350.115750][ T5882] em28xx 3-1:0.0: No AC97 audio processor
[  350.118981][   T30] kauditd_printk_skb: 32 callbacks suppressed
[  350.118998][   T30] audit: type=1326 audit(1746484394.260:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.149418][    C1] vkms_vblank_simulate: vblank timer overrun
[  350.168365][    T9] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  350.209083][ T5838] usb 5-1: USB disconnect, device number 35
[  350.239455][   T30] audit: type=1326 audit(1746484394.260:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.322768][ T5882] usb 3-1: USB disconnect, device number 35
[  350.352155][   T30] audit: type=1326 audit(1746484394.330:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.391068][ T5882] em28xx 3-1:0.0: Disconnecting em28xx
[  350.409838][ T5882] em28xx 3-1:0.0: Freeing device
[  350.433890][   T30] audit: type=1326 audit(1746484394.330:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.480888][ T5917] usb 2-1: USB disconnect, device number 44
[  350.503062][    T9] usb 4-1: config 129 has an invalid interface number: 114 but max is 1
[  350.568380][    T9] usb 4-1: config 129 has an invalid descriptor of length 212, skipping remainder of the config
[  350.607719][   T30] audit: type=1326 audit(1746484394.330:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=373 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.608381][    T9] usb 4-1: config 129 has 1 interface, different from the descriptor's value: 2
[  350.659196][    T9] usb 4-1: config 129 has no interface number 0
[  350.665811][    T9] usb 4-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  350.700156][    T9] usb 4-1: config 129 interface 114 altsetting 3 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  350.703852][   T30] audit: type=1326 audit(1746484394.330:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.733414][    C1] vkms_vblank_simulate: vblank timer overrun
[  350.734486][    T9] usb 4-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  350.840419][   T30] audit: type=1326 audit(1746484394.340:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.911131][    T9] usb 4-1: config 129 interface 114 altsetting 3 has 5 endpoint descriptors, different from the interface descriptor's value: 10
[  350.952399][   T30] audit: type=1326 audit(1746484394.340:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  350.986190][    T9] usb 4-1: config 129 interface 114 has no altsetting 0
[  351.042681][   T30] audit: type=1326 audit(1746484394.350:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.4.891" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  351.064538][    C1] vkms_vblank_simulate: vblank timer overrun
[  351.086896][    T9] usb 4-1: New USB device found, idVendor=19d2, idProduct=1566, bcdDevice=51.76
[  351.102280][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.127411][    T9] usb 4-1: Product: syz
[  351.132461][    T9] usb 4-1: Manufacturer: п
[  351.137481][    T9] usb 4-1: SerialNumber: syz
[  351.279486][ T5880] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  351.559631][ T5880] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  351.576589][ T5880] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  351.617270][ T5880] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  351.670896][ T5880] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  351.707989][ T5880] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  351.735318][ T9025] netlink: 4 bytes leftover after parsing attributes in process `syz.0.901'.
[  351.755058][ T5880] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  351.764566][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  351.807764][ T5880] usb 2-1: Product: syz
[  351.811999][ T5880] usb 2-1: Manufacturer: syz
[  351.839958][ T5880] cdc_wdm 2-1:1.0: skipping garbage
[  351.854411][ T5880] cdc_wdm 2-1:1.0: skipping garbage
[  351.887599][ T5880] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  351.925348][ T9027] vim2m vim2m.0: vidioc_s_fmt queue busy
[  351.998320][ T5880] cdc_wdm 2-1:1.0: Unknown control protocol
[  352.934652][ T5880] usb 2-1: USB disconnect, device number 45
[  353.234726][    T9] option 4-1:129.114: GSM modem (1-port) converter detected
[  353.279193][    T9] usb 4-1: USB disconnect, device number 39
[  353.329729][    T9] option 4-1:129.114: device disconnected
[  353.432085][ T9046] netlink: 4 bytes leftover after parsing attributes in process `syz.2.907'.
[  353.438361][ T9043] loop8: detected capacity change from 0 to 1
[  353.452381][ T9043] Dev loop8: unable to read RDB block 1
[  353.468863][ T9043]  loop8: unable to read partition table
[  353.475563][ T9043] loop8: partition table beyond EOD, truncated
[  353.482466][ T9043] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  354.098806][ T9064] FAULT_INJECTION: forcing a failure.
[  354.098806][ T9064] name failslab, interval 1, probability 0, space 0, times 0
[  354.140250][ T9062] netlink: 4 bytes leftover after parsing attributes in process `syz.3.913'.
[  354.167171][ T9064] CPU: 1 UID: 0 PID: 9064 Comm: syz.0.915 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  354.167192][ T9064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  354.167202][ T9064] Call Trace:
[  354.167209][ T9064]  <TASK>
[  354.167215][ T9064]  dump_stack_lvl+0x189/0x250
[  354.167243][ T9064]  ? __pfx_dump_stack_lvl+0x10/0x10
[  354.167263][ T9064]  ? __pfx__printk+0x10/0x10
[  354.167280][ T9064]  ? __pfx___might_resched+0x10/0x10
[  354.167293][ T9064]  ? fs_reclaim_acquire+0x7d/0x100
[  354.167318][ T9064]  should_fail_ex+0x414/0x560
[  354.167345][ T9064]  should_failslab+0xa8/0x100
[  354.167365][ T9064]  __kmalloc_noprof+0xcb/0x4f0
[  354.167382][ T9064]  ? __vb2_queue_alloc+0x29d/0x15a0
[  354.167403][ T9064]  __vb2_queue_alloc+0x29d/0x15a0
[  354.167438][ T9064]  vb2_core_create_bufs+0x765/0xde0
[  354.167475][ T9064]  ? __pfx_vb2_core_create_bufs+0x10/0x10
[  354.167491][ T9064]  ? __mutex_trylock_common+0x153/0x260
[  354.167511][ T9064]  ? vb2_set_flags_and_caps+0x309/0x5f0
[  354.167532][ T9064]  vb2_create_bufs+0x5b9/0xae0
[  354.167553][ T9064]  ? __pfx_vb2_create_bufs+0x10/0x10
[  354.167571][ T9064]  ? vb2_set_flags_and_caps+0x309/0x5f0
[  354.167592][ T9064]  vb2_ioctl_create_bufs+0x285/0x3f0
[  354.167614][ T9064]  v4l_create_bufs+0x190/0x2a0
[  354.167648][ T9064]  __video_do_ioctl+0xc98/0xdb0
[  354.167684][ T9064]  ? __pfx___video_do_ioctl+0x10/0x10
[  354.167716][ T9064]  ? trace_kmalloc+0x1f/0xd0
[  354.167746][ T9064]  video_usercopy+0x86e/0x14f0
[  354.167785][ T9064]  ? __pfx___video_do_ioctl+0x10/0x10
[  354.167812][ T9064]  ? __pfx_video_usercopy+0x10/0x10
[  354.167858][ T9064]  ? __fget_files+0x2a/0x420
[  354.167888][ T9064]  v4l2_ioctl+0x18a/0x1e0
[  354.167918][ T9064]  v4l2_compat_ioctl32+0x1d4/0x260
[  354.167944][ T9064]  __ia32_compat_sys_ioctl+0x551/0x840
[  354.167968][ T9064]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[  354.167990][ T9064]  ? __fget_files+0x3a0/0x420
[  354.168023][ T9064]  ? fput+0xa0/0xd0
[  354.168052][ T9064]  ? ksys_write+0x1f0/0x250
[  354.168072][ T9064]  ? rcu_is_watching+0x15/0xb0
[  354.168110][ T9064]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  354.168136][ T9064]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.168161][ T9064]  __do_fast_syscall_32+0xb4/0x110
[  354.168186][ T9064]  ? lockdep_hardirqs_on+0x9c/0x150
[  354.168213][ T9064]  do_fast_syscall_32+0x34/0x80
[  354.168237][ T9064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  354.168261][ T9064] RIP: 0023:0xf7fd1539
[  354.168278][ T9064] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  354.168294][ T9064] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  354.168315][ T9064] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0f8565c
[  354.168328][ T9064] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  354.168340][ T9064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  354.168351][ T9064] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  354.168363][ T9064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  354.168385][ T9064]  </TASK>
[  355.691764][ T5882] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  355.992059][ T5882] usb 4-1: config 129 has an invalid interface number: 114 but max is 1
[  356.053341][ T5882] usb 4-1: config 129 has an invalid descriptor of length 212, skipping remainder of the config
[  356.118208][ T5882] usb 4-1: config 129 has 1 interface, different from the descriptor's value: 2
[  356.174467][ T5882] usb 4-1: config 129 has no interface number 0
[  356.183553][ T9097] netlink: 72 bytes leftover after parsing attributes in process `syz.2.923'.
[  356.207299][ T5882] usb 4-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  356.238474][ T5882] usb 4-1: config 129 interface 114 altsetting 3 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  356.250762][ T5882] usb 4-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  356.305747][ T5882] usb 4-1: config 129 interface 114 altsetting 3 has 5 endpoint descriptors, different from the interface descriptor's value: 10
[  356.616682][ T5882] usb 4-1: config 129 interface 114 has no altsetting 0
[  356.668063][ T5917] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  356.699987][ T5882] usb 4-1: New USB device found, idVendor=19d2, idProduct=1566, bcdDevice=51.76
[  356.709845][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.726974][ T5882] usb 4-1: Product: п
[  356.732770][ T5882] usb 4-1: SerialNumber: syz
[  356.831225][ T5917] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  356.866147][ T5917] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  357.037798][ T5917] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  357.087221][ T5917] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  357.102401][ T5917] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  357.165831][ T5917] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  357.182826][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  357.195638][ T5917] usb 1-1: Product: syz
[  357.213302][ T5917] usb 1-1: Manufacturer: syz
[  357.263330][ T5917] cdc_wdm 1-1:1.0: skipping garbage
[  357.281448][ T5917] cdc_wdm 1-1:1.0: skipping garbage
[  357.312070][ T5917] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  357.336275][ T5917] cdc_wdm 1-1:1.0: Unknown control protocol
[  357.624871][ T9112] usb usb1: usbfs: process 9112 (syz.4.928) did not claim interface 0 before use
[  358.056625][ T5917] usb 1-1: USB disconnect, device number 45
[  358.312535][   T30] audit: type=1326 audit(1746484402.460:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.390004][   T30] audit: type=1326 audit(1746484402.460:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=322 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.412734][   T30] audit: type=1326 audit(1746484402.460:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.435955][   T30] audit: type=1326 audit(1746484402.460:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.498937][   T30] audit: type=1326 audit(1746484402.460:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=326 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.612049][ T5882] option 4-1:129.114: GSM modem (1-port) converter detected
[  358.650640][ T5882] usb 4-1: USB disconnect, device number 40
[  358.661859][ T5882] option 4-1:129.114: device disconnected
[  358.672868][   T30] audit: type=1326 audit(1746484402.460:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.729130][   T30] audit: type=1326 audit(1746484402.460:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.763331][   T30] audit: type=1326 audit(1746484402.460:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.838587][   T30] audit: type=1326 audit(1746484402.460:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf70be539 code=0x7ffc0000
[  358.863238][   T30] audit: type=1326 audit(1746484402.460:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9120 comm="syz.1.931" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  359.179181][ T9136] netlink: 72 bytes leftover after parsing attributes in process `syz.4.937'.
[  360.219933][ T5880] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  360.420500][ T5880] usb 2-1: config 129 has an invalid interface number: 114 but max is 1
[  360.438166][ T5880] usb 2-1: config 129 has an invalid descriptor of length 212, skipping remainder of the config
[  360.458151][ T5880] usb 2-1: config 129 has 1 interface, different from the descriptor's value: 2
[  360.574951][ T5880] usb 2-1: config 129 has no interface number 0
[  360.592850][ T5880] usb 2-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  360.618142][ T5880] usb 2-1: config 129 interface 114 altsetting 3 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  360.643766][ T5880] usb 2-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  360.692979][ T5880] usb 2-1: config 129 interface 114 altsetting 3 has 5 endpoint descriptors, different from the interface descriptor's value: 10
[  360.757969][ T5917] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  360.815487][ T5880] usb 2-1: config 129 interface 114 has no altsetting 0
[  360.869746][ T5880] usb 2-1: New USB device found, idVendor=19d2, idProduct=1566, bcdDevice=51.76
[  360.881604][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.918237][ T5880] usb 2-1: Product: п
[  361.033254][ T5880] usb 2-1: Manufacturer: з
[  361.040075][ T5880] usb 2-1: SerialNumber: syz
[  361.045383][ T5917] usb 1-1: config 129 has an invalid interface number: 114 but max is 1
[  361.057277][ T5917] usb 1-1: config 129 has an invalid descriptor of length 212, skipping remainder of the config
[  361.157774][ T5878] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  361.186050][ T5917] usb 1-1: config 129 has 1 interface, different from the descriptor's value: 2
[  361.271225][ T5917] usb 1-1: config 129 has no interface number 0
[  361.301128][ T5917] usb 1-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  361.394242][ T5878] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  361.406838][ T5917] usb 1-1: config 129 interface 114 altsetting 3 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  361.418335][ T5878] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  361.437492][ T5878] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  361.447304][ T5917] usb 1-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  361.469222][ T5878] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  361.485069][ T5917] usb 1-1: config 129 interface 114 altsetting 3 has 5 endpoint descriptors, different from the interface descriptor's value: 10
[  361.502465][ T5878] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  361.517547][ T5917] usb 1-1: config 129 interface 114 has no altsetting 0
[  361.531350][ T5878] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  361.546620][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  361.560396][ T5878] usb 5-1: Product: syz
[  361.565661][ T5878] usb 5-1: Manufacturer: syz
[  361.579737][ T5917] usb 1-1: New USB device found, idVendor=19d2, idProduct=1566, bcdDevice=51.76
[  361.589175][ T5917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.597185][ T5917] usb 1-1: Product: п
[  361.604498][ T5917] usb 1-1: SerialNumber: syz
[  361.643071][ T5878] cdc_wdm 5-1:1.0: skipping garbage
[  361.658869][ T5878] cdc_wdm 5-1:1.0: skipping garbage
[  361.676738][ T5878] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  361.697434][ T5878] cdc_wdm 5-1:1.0: Unknown control protocol
[  362.533132][ T5882] usb 5-1: USB disconnect, device number 36
[  362.920436][ T5880] option 2-1:129.114: GSM modem (1-port) converter detected
[  362.975748][ T5880] usb 2-1: USB disconnect, device number 46
[  363.058329][ T5880] option 2-1:129.114: device disconnected
[  363.270992][ T9196] netlink: 72 bytes leftover after parsing attributes in process `syz.3.953'.
[  363.488945][ T5917] option 1-1:129.114: GSM modem (1-port) converter detected
[  363.537600][ T5917] usb 1-1: USB disconnect, device number 46
[  363.568315][    T9] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[  363.577416][ T5917] option 1-1:129.114: device disconnected
[  363.618364][ T5882] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  363.731276][    T9] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  363.747089][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  363.759684][    T9] usb 2-1: config 0 has no interface number 0
[  363.770183][    T9] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  363.780006][ T5882] usb 3-1: Using ep0 maxpacket: 16
[  363.786870][ T5882] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  363.797603][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.806417][ T5882] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  363.818259][    T9] usb 2-1: Product: syz
[  363.822585][    T9] usb 2-1: Manufacturer: syz
[  363.827262][    T9] usb 2-1: SerialNumber: syz
[  363.832715][ T5882] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  363.846150][    T9] usb 2-1: config 0 descriptor??
[  363.852541][ T5882] usb 3-1: config 0 interface 0 has no altsetting 0
[  363.872047][    T9] qmi_wwan 2-1:0.207: bogus CDC Union: master=0, slave=1
[  363.888235][    T9] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  363.898270][ T5882] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  363.907581][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.927450][ T5882] usb 3-1: Product: syz
[  363.940608][ T5882] usb 3-1: Manufacturer: syz
[  363.952901][ T5882] usb 3-1: SerialNumber: syz
[  363.972342][ T5882] usb 3-1: config 0 descriptor??
[  364.278556][ T5882] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input19
[  364.547215][ T5184] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  364.594959][ T5882] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  364.676067][ T5184] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  364.704015][ T5882] input: failed to attach handler mousedev to device input19, error: -5
[  364.767209][ T5184] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  364.802747][ T5184] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  364.931925][ T5879] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  364.997319][ T5184] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  365.043205][ T5184] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  365.779453][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.787475][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.987944][ T5882] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  366.071573][ T5880] usb 2-1: USB disconnect, device number 47
[  366.140138][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  366.167040][ T5882] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8
[  366.244706][ T5882] usb 1-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=4e.18
[  366.254834][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.301230][ T5882] usb 1-1: Product: syz
[  366.325761][ T5882] usb 1-1: Manufacturer: syz
[  366.347789][ T1207] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  366.387370][ T5917] usb 3-1: USB disconnect, device number 36
[  366.423450][ T5882] usb 1-1: SerialNumber: syz
[  366.466185][ T5882] usb 1-1: config 0 descriptor??
[  366.523686][ T1207] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  366.543335][ T9243] netlink: 72 bytes leftover after parsing attributes in process `syz.2.968'.
[  366.568509][ T1207] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  366.626694][ T1207] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  366.636740][ T5880] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  366.682449][ T5882] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  366.706691][ T1207] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  366.723461][ T1207] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  366.771599][ T1207] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  366.794467][ T1207] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  366.804700][ T1207] usb 5-1: Product: syz
[  366.809752][ T1207] usb 5-1: Manufacturer: syz
[  366.837907][ T1207] cdc_wdm 5-1:1.0: skipping garbage
[  366.846692][ T1207] cdc_wdm 5-1:1.0: skipping garbage
[  366.873465][ T5880] usb 2-1: config 129 has an invalid interface number: 114 but max is 1
[  366.882387][ T1207] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  366.889237][ T5882] usb 1-1: USB disconnect, device number 47
[  366.895220][ T5880] usb 2-1: config 129 has an invalid descriptor of length 212, skipping remainder of the config
[  366.935694][ T1207] cdc_wdm 5-1:1.0: Unknown control protocol
[  366.954009][ T5880] usb 2-1: config 129 has 1 interface, different from the descriptor's value: 2
[  366.997597][ T5880] usb 2-1: config 129 has no interface number 0
[  367.055923][ T5880] usb 2-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  367.071356][ T8885] udevd[8885]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  367.116188][ T5880] usb 2-1: config 129 interface 114 altsetting 3 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  367.153230][ T5880] usb 2-1: config 129 interface 114 altsetting 3 has an invalid descriptor for endpoint zero, skipping
[  367.185650][ T5880] usb 2-1: config 129 interface 114 altsetting 3 has 5 endpoint descriptors, different from the interface descriptor's value: 10
[  367.204604][ T5880] usb 2-1: config 129 interface 114 has no altsetting 0
[  367.223654][ T5880] usb 2-1: New USB device found, idVendor=19d2, idProduct=1566, bcdDevice=51.76
[  367.243019][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.253160][ T5880] usb 2-1: Product: п
[  367.257284][ T5880] usb 2-1: SerialNumber: syz
[  367.331336][ T9252] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  367.645629][ T5838] usb 5-1: USB disconnect, device number 37
[  368.077935][ T5882] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  368.239873][ T5882] usb 1-1: Using ep0 maxpacket: 16
[  368.255676][ T5882] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  368.459865][ T5882] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  368.470443][ T5838] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  368.482615][ T9267] sctp: [Deprecated]: syz.4.978 (pid 9267) Use of struct sctp_assoc_value in delayed_ack socket option.
[  368.482615][ T9267] Use struct sctp_sack_info instead
[  368.524126][ T5882] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  368.534436][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.568991][ T5882] usb 1-1: Product: syz
[  368.573230][ T5882] usb 1-1: Manufacturer: syz
[  368.586857][ T5882] usb 1-1: SerialNumber: syz
[  368.601226][ T9269] netlink: 'syz.4.978': attribute type 21 has an invalid length.
[  368.628063][ T5838] usb 3-1: Using ep0 maxpacket: 32
[  368.654425][ T5838] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  368.684190][ T5838] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  368.713026][ T5838] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  368.742141][ T5838] usb 3-1: config 1 has no interface number 0
[  368.928171][ T5917] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  368.976656][ T5838] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  369.147417][ T5838] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  369.284818][ T5880] option 2-1:129.114: GSM modem (1-port) converter detected
[  369.320081][ T5838] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  369.328705][ T5917] usb 5-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice=f5.87
[  369.353549][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.368643][ T5880] usb 2-1: USB disconnect, device number 48
[  369.381738][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.431033][ T5882] usb 1-1: 0:2 : does not exist
[  369.436462][ T5880] option 2-1:129.114: device disconnected
[  369.471005][ T5917] usb 5-1: config 0 descriptor??
[  369.505354][ T5838] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  369.510700][ T5917] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input20
[  369.518740][ T5882] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  369.651732][ T5882] usb 1-1: USB disconnect, device number 48
[  369.701084][ T5184] bcm5974 5-1:0.0: could not read from device
[  369.703946][ T5838] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  369.805608][ T5184] bcm5974 5-1:0.0: could not read from device
[  369.869146][ T5917] usb 5-1: USB disconnect, device number 38
[  369.905769][ T5184] bcm5974 5-1:0.0: could not read from device
[  369.930301][ T8885] bcm5974 5-1:0.0: could not read from device
[  369.931427][ T9279] netlink: 72 bytes leftover after parsing attributes in process `syz.1.980'.
[  370.013977][ T5184] bcm5974 5-1:0.0: could not read from device
[  370.068647][ T8885] udevd[8885]: Error opening device "/dev/input/event4": No such file or directory
[  370.105669][ T8885] udevd[8885]: Unable to EVIOCGABS device "/dev/input/event4"
[  370.147852][ T8885] udevd[8885]: Unable to EVIOCGABS device "/dev/input/event4"
[  370.160766][ T9265] netlink: zone id is out of range
[  370.162685][ T8885] udevd[8885]: Unable to EVIOCGABS device "/dev/input/event4"
[  370.179079][ T8885] udevd[8885]: Unable to EVIOCGABS device "/dev/input/event4"
[  370.304998][ T9283] netlink: 44 bytes leftover after parsing attributes in process `syz.0.982'.
[  370.531059][ T9292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.987'.
[  370.771396][ T5838] snd_usb_pod 3-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22)
[  370.877948][ T5917] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  370.978316][ T5882] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  371.049630][ T5917] usb 1-1: config index 0 descriptor too short (expected 55, got 36)
[  371.067794][ T5917] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  371.082539][ T5917] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  371.095267][ T5917] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  371.106368][ T5917] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  371.120102][ T5917] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  371.141863][ T5882] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  371.143557][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.155454][ T5882] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  371.175363][ T5882] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  371.186340][ T5882] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  371.192509][ T5917] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  371.210634][ T5882] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  371.234590][ T5917] usb 1-1: invalid MIDI out EP 0
[  371.236679][ T5882] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  371.251108][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  371.265448][ T5882] usb 4-1: Product: syz
[  371.274119][ T5882] usb 4-1: Manufacturer: syz
[  371.332846][ T5882] cdc_wdm 4-1:1.0: skipping garbage
[  371.359196][ T5882] cdc_wdm 4-1:1.0: skipping garbage
[  371.383193][ T5882] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  371.392722][ T5882] cdc_wdm 4-1:1.0: Unknown control protocol
[  371.419203][ T5880] usb 3-1: USB disconnect, device number 37
[  371.431560][ T5938] udevd[5938]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  371.521670][ T5917] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  371.544078][ T5880] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  371.708257][ T9310] netlink: 72 bytes leftover after parsing attributes in process `syz.1.993'.
[  371.838077][ T5917] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  372.044543][ T5917] usb 5-1: New USB device found, idVendor=0471, idProduct=0302, bcdDevice=4d.67
[  372.102910][ T5882] usb 4-1: USB disconnect, device number 41
[  372.187704][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.195901][ T5917] usb 5-1: Product: syz
[  372.222261][ T5917] usb 5-1: Manufacturer: syz
[  372.227042][ T5917] usb 5-1: SerialNumber: syz
[  372.243958][ T5917] usb 5-1: config 0 descriptor??
[  372.256654][ T5917] pwc: Philips PCA645VC USB webcam detected.
[  372.603506][ T5917] pwc: send_video_command error -71
[  372.638304][ T5917] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  372.660272][ T5917] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  372.689956][ T9292] ptrace attach of "./syz-executor exec"[5845] was attempted by "./syz-executor exec"[9292]
[  372.723209][ T5917] usb 5-1: USB disconnect, device number 39
[  373.174923][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  373.174943][   T30] audit: type=1326 audit(1746484417.320:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9313 comm="syz.1.995" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x0
[  373.205533][   T30] audit: type=1326 audit(1746484417.320:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9313 comm="syz.1.995" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x0
[  374.485475][ T5917] usb 1-1: USB disconnect, device number 49
[  374.737750][ T1207] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  374.910829][ T1207] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  374.927451][ T1207] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  374.955709][ T1207] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  374.984140][ T1207] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.017868][ T5917] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  375.082849][ T9345] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  375.107403][ T1207] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  375.152731][ T9361] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1005'.
[  375.187845][ T5917] usb 5-1: Using ep0 maxpacket: 32
[  375.227775][ T5880] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  375.293702][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  375.372843][ T9363] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  375.384436][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024
[  375.530735][ T1207] usb 2-1: USB disconnect, device number 49
[  375.540555][ T5917] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  375.551214][ T5880] usb 1-1: Using ep0 maxpacket: 32
[  375.578033][ T5880] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  375.610203][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.664966][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  375.689288][ T5917] usb 5-1: config 0 descriptor??
[  375.694692][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  375.719362][ T5880] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  375.728703][ T5917] hub 5-1:0.0: USB hub found
[  375.733666][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.775353][ T5880] usb 1-1: config 0 descriptor??
[  375.815527][ T9359] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  375.843725][ T5880] hub 1-1:0.0: USB hub found
[  375.921676][ T5917] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  376.362675][ T5880] hub 1-1:0.0: config failed, can't read hub descriptor (err -22)
[  376.447777][    C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  376.668565][ T5917] hid-generic 0003:046D:C31C.000B: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0
[  376.695754][ T9385] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.875840][ T5838] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  376.894086][ T9385] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  377.098393][ T5838] usb 4-1: config 0 has no interfaces?
[  377.140865][ T5838] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  377.151224][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.164671][ T5838] usb 4-1: Product: syz
[  377.174989][ T5838] usb 4-1: Manufacturer: syz
[  377.184494][ T5838] usb 4-1: SerialNumber: syz
[  377.255029][ T5838] usb 4-1: config 0 descriptor??
[  377.289802][ T5880] usbhid 1-1:0.0: can't add hid device: -71
[  377.297242][ T5880] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  377.330449][ T5880] usb 1-1: USB disconnect, device number 50
[  377.866636][   T30] audit: type=1326 audit(1746484422.000:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.3.1008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  378.068208][   T30] audit: type=1326 audit(1746484422.000:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9376 comm="syz.3.1008" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ae539 code=0x7ffc0000
[  378.098208][ T5838] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  378.285807][ T5838] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  378.316163][ T5838] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  378.383015][ T5838] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  378.498322][ T5838] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  378.555935][ T5838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.568294][ T5880] usb 5-1: USB disconnect, device number 40
[  378.615280][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  378.622959][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  378.770492][ T5838] usb 1-1: config 0 descriptor??
[  379.539898][ T5838] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  379.575803][ T5838] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  380.181038][ T9392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.190944][ T9392] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.199155][ T5882] usb 4-1: USB disconnect, device number 42
[  380.483733][ T9413] ttyprintk ttyprintk: ldisc open failed (-12), clearing slot 0
[  380.954087][ T9419] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1017'.
[  381.357925][ T5917] usb 1-1: reset high-speed USB device number 51 using dummy_hcd
[  381.386464][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  381.447794][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  381.518027][ T5917] usb 1-1: device descriptor read/64, error -32
[  381.703856][ T9433] FAULT_INJECTION: forcing a failure.
[  381.703856][ T9433] name failslab, interval 1, probability 0, space 0, times 0
[  381.735400][ T9433] CPU: 1 UID: 0 PID: 9433 Comm: syz.1.1022 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  381.735429][ T9433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  381.735441][ T9433] Call Trace:
[  381.735448][ T9433]  <TASK>
[  381.735457][ T9433]  dump_stack_lvl+0x189/0x250
[  381.735494][ T9433]  ? __pfx_dump_stack_lvl+0x10/0x10
[  381.735523][ T9433]  ? __pfx__printk+0x10/0x10
[  381.735545][ T9433]  ? __pfx___might_resched+0x10/0x10
[  381.735562][ T9433]  ? fs_reclaim_acquire+0x7d/0x100
[  381.735596][ T9433]  should_fail_ex+0x414/0x560
[  381.735633][ T9433]  should_failslab+0xa8/0x100
[  381.735660][ T9433]  __kmalloc_noprof+0xcb/0x4f0
[  381.735683][ T9433]  ? tomoyo_encode+0x28b/0x550
[  381.735712][ T9433]  tomoyo_encode+0x28b/0x550
[  381.735742][ T9433]  tomoyo_realpath_from_path+0x58d/0x5d0
[  381.735782][ T9433]  tomoyo_path2_perm+0x288/0x680
[  381.735802][ T9433]  ? tomoyo_path2_perm+0x235/0x680
[  381.735824][ T9433]  ? __pfx_tomoyo_path2_perm+0x10/0x10
[  381.735901][ T9433]  tomoyo_path_rename+0x141/0x190
[  381.735931][ T9433]  ? __pfx_tomoyo_path_rename+0x10/0x10
[  381.735973][ T9433]  security_path_rename+0x250/0x490
[  381.736004][ T9433]  do_renameat2+0x64d/0xc50
[  381.736051][ T9433]  ? __pfx_do_renameat2+0x10/0x10
[  381.736095][ T9433]  ? strncpy_from_user+0x150/0x290
[  381.736130][ T9433]  ? getname_flags+0x1e5/0x540
[  381.736161][ T9433]  __ia32_sys_renameat2+0xce/0xe0
[  381.736190][ T9433]  __do_fast_syscall_32+0xb4/0x110
[  381.736216][ T9433]  ? lockdep_hardirqs_on+0x9c/0x150
[  381.736244][ T9433]  do_fast_syscall_32+0x34/0x80
[  381.736269][ T9433]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  381.736293][ T9433] RIP: 0023:0xf70be539
[  381.736311][ T9433] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  381.736328][ T9433] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000161
[  381.736353][ T9433] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000240
[  381.736367][ T9433] RDX: 0000000000000007 RSI: 0000000080000080 RDI: 0000000000000004
[  381.736379][ T9433] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  381.736390][ T9433] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  381.736401][ T9433] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  381.736433][ T9433]  </TASK>
[  381.736545][ T9433] ERROR: Out of memory at tomoyo_realpath_from_path.
[  381.981149][ T5917] usb 1-1: reset high-speed USB device number 51 using dummy_hcd
[  382.057768][ T5880] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  382.127801][ T5917] usb 1-1: device descriptor read/64, error -32
[  382.209083][ T9438] FAULT_INJECTION: forcing a failure.
[  382.209083][ T9438] name failslab, interval 1, probability 0, space 0, times 0
[  382.228901][ T9438] CPU: 1 UID: 0 PID: 9438 Comm: syz.1.1024 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  382.228928][ T9438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  382.228940][ T9438] Call Trace:
[  382.228948][ T9438]  <TASK>
[  382.228956][ T9438]  dump_stack_lvl+0x189/0x250
[  382.228991][ T9438]  ? __pfx_dump_stack_lvl+0x10/0x10
[  382.229024][ T9438]  ? __pfx__printk+0x10/0x10
[  382.229049][ T9438]  ? __pfx___might_resched+0x10/0x10
[  382.229066][ T9438]  ? fs_reclaim_acquire+0x7d/0x100
[  382.229098][ T9438]  should_fail_ex+0x414/0x560
[  382.229133][ T9438]  should_failslab+0xa8/0x100
[  382.229176][ T9438]  kmem_cache_alloc_noprof+0x73/0x3c0
[  382.229200][ T9438]  ? skb_clone+0x212/0x3a0
[  382.229231][ T9438]  skb_clone+0x212/0x3a0
[  382.229255][ T9438]  ? nfnetlink_rcv+0x496/0x2530
[  382.229285][ T9438]  nfnetlink_rcv+0x4c4/0x2530
[  382.229313][ T9438]  ? kernel_text_address+0xa5/0xe0
[  382.229342][ T9438]  ? __kernel_text_address+0xd/0x40
[  382.229369][ T9438]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  382.229391][ T9438]  ? arch_stack_walk+0xfc/0x150
[  382.229429][ T9438]  ? stack_trace_save+0x9c/0xe0
[  382.229452][ T9438]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  382.229476][ T9438]  ? stack_depot_save_flags+0x40/0x910
[  382.229544][ T9438]  ? __lock_acquire+0xaac/0xd20
[  382.229580][ T9438]  ? netlink_deliver_tap+0x2e/0x1b0
[  382.229609][ T9438]  ? netlink_deliver_tap+0x2e/0x1b0
[  382.229629][ T9438]  ? netlink_deliver_tap+0x2e/0x1b0
[  382.229656][ T9438]  netlink_unicast+0x758/0x8d0
[  382.229699][ T9438]  netlink_sendmsg+0x805/0xb30
[  382.229730][ T9438]  ? __pfx_netlink_sendmsg+0x10/0x10
[  382.229755][ T9438]  ? __import_iovec+0x5d4/0x7f0
[  382.229779][ T9438]  ? aa_sock_msg_perm+0x94/0x160
[  382.229801][ T9438]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  382.229822][ T9438]  ? __pfx_netlink_sendmsg+0x10/0x10
[  382.229845][ T9438]  __sock_sendmsg+0x219/0x270
[  382.229879][ T9438]  ____sys_sendmsg+0x505/0x830
[  382.229910][ T9438]  ? __pfx_____sys_sendmsg+0x10/0x10
[  382.229953][ T9438]  ___sys_sendmsg+0x21f/0x2a0
[  382.229981][ T9438]  ? __pfx____sys_sendmsg+0x10/0x10
[  382.230050][ T9438]  ? __fget_files+0x2a/0x420
[  382.230075][ T9438]  ? __fget_files+0x3a0/0x420
[  382.230112][ T9438]  __sys_sendmsg+0x164/0x220
[  382.230139][ T9438]  ? __pfx___sys_sendmsg+0x10/0x10
[  382.230180][ T9438]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  382.230206][ T9438]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.230231][ T9438]  __do_fast_syscall_32+0xb4/0x110
[  382.230256][ T9438]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.230282][ T9438]  do_fast_syscall_32+0x34/0x80
[  382.230306][ T9438]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  382.230330][ T9438] RIP: 0023:0xf70be539
[  382.230347][ T9438] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  382.230377][ T9438] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  382.230397][ T9438] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  382.230411][ T9438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  382.230421][ T9438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  382.230432][ T9438] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  382.230443][ T9438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  382.230470][ T9438]  </TASK>
[  382.581219][ T9439] binder: 9436:9439 ioctl 4018620d 0 returned -22
[  382.752273][ T5880] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  382.761309][ T5880] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  382.773006][ T5880] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  382.782152][ T5880] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  382.793149][ T5880] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  382.811910][ T5880] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  382.821046][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  382.829164][ T5880] usb 3-1: Product: syz
[  382.833368][ T5880] usb 3-1: Manufacturer: syz
[  382.842030][ T5880] cdc_wdm 3-1:1.0: skipping garbage
[  382.847280][ T5880] cdc_wdm 3-1:1.0: skipping garbage
[  382.854159][ T5880] cdc_wdm 3-1:1.0: cdc-wdm1: USB WDM device
[  382.860113][ T5880] cdc_wdm 3-1:1.0: Unknown control protocol
[  383.541128][ T9463] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1032'.
[  383.817953][ T5917] usb 1-1: reset high-speed USB device number 51 using dummy_hcd
[  383.857150][ T5917] usb 1-1: device firmware changed
[  383.890838][ T1207] usb 1-1: USB disconnect, device number 51
[  384.187730][ T1207] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  384.343942][ T1207] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  384.374820][ T1207] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  384.411712][ T1207] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  384.423338][ T1207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.445928][ T1207] usb 1-1: config 0 descriptor??
[  384.885420][ T1207] cm6533_jd 0003:0D8C:0022.000D: unknown main item tag 0x0
[  384.902210][ T1207] cm6533_jd 0003:0D8C:0022.000D: unknown main item tag 0x0
[  384.914407][ T1207] cm6533_jd 0003:0D8C:0022.000D: unknown main item tag 0x0
[  384.922342][ T1207] cm6533_jd 0003:0D8C:0022.000D: unknown main item tag 0x0
[  384.930394][ T1207] cm6533_jd 0003:0D8C:0022.000D: unknown main item tag 0x0
[  384.939031][ T1207] cm6533_jd 0003:0D8C:0022.000D: No inputs registered, leaving
[  385.144961][ T1207] cm6533_jd 0003:0D8C:0022.000D: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  385.160718][ T5882] usb 3-1: USB disconnect, device number 38
[  385.269025][ T9457] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  385.380660][ T9457] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  385.432183][    T9] usb 1-1: USB disconnect, device number 52
[  386.013172][ T9497] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1043'.
[  386.057931][ T1207] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  386.067244][ T9499] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1044'.
[  386.233706][ T1207] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  386.250970][ T1207] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  386.271553][ T1207] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  386.295292][ T1207] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  386.310002][ T1207] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  386.344155][ T1207] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  386.360871][ T1207] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  386.377682][ T1207] usb 3-1: Product: syz
[  386.387354][ T1207] usb 3-1: Manufacturer: syz
[  386.393947][ T9509] fuse: Bad value for 'user_id'
[  386.405163][ T9509] fuse: Bad value for 'user_id'
[  386.413210][ T1207] cdc_wdm 3-1:1.0: skipping garbage
[  386.422462][ T1207] cdc_wdm 3-1:1.0: skipping garbage
[  386.425916][ T9511] binder: 9510:9511 ioctl 4018620d 0 returned -22
[  386.431768][ T1207] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  386.441564][ T1207] cdc_wdm 3-1:1.0: Unknown control protocol
[  386.468561][    T9] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  386.557903][ T5917] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  386.630422][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  386.641257][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  386.650826][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  386.666970][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  386.676695][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.685254][    T9] usb 5-1: Product: syz
[  386.690237][    T9] usb 5-1: Manufacturer: syz
[  386.696134][    T9] usb 5-1: SerialNumber: syz
[  386.707320][    T9] usb 5-1: bad CDC descriptors
[  386.717859][ T5917] usb 1-1: Using ep0 maxpacket: 16
[  386.732071][ T5917] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  386.746923][ T5917] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  386.757220][ T5917] usb 1-1: config 0 has no interface number 0
[  386.763916][ T5917] usb 1-1: New USB device found, idVendor=0bd3, idProduct=0555, bcdDevice= 0.5b
[  386.778141][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.788441][ T5917] usb 1-1: config 0 descriptor??
[  386.798795][ T5917] usb 1-1: Found UVC 0.00 device <unnamed> (0bd3:0555)
[  386.805712][ T5917] usb 1-1: No valid video chain found.
[  386.966773][ T9513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1046'.
[  386.977468][ T9513] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1046'.
[  386.990770][ T9513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1046'.
[  386.996354][ T9507] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  387.004593][ T9513] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1046'.
[  387.019978][ T9507] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  387.034197][ T1207] usb 1-1: USB disconnect, device number 53
[  388.027715][ T1207] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  388.211955][ T1207] usb 2-1: config 0 has no interfaces?
[  388.232201][ T1207] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  388.241768][ T1207] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.458245][ T1207] usb 2-1: Product: syz
[  388.462572][ T1207] usb 2-1: Manufacturer: syz
[  388.467410][ T1207] usb 2-1: SerialNumber: syz
[  388.477718][ T1207] usb 2-1: config 0 descriptor??
[  388.668749][ T5838] usb 3-1: USB disconnect, device number 39
[  388.746159][   T30] audit: type=1326 audit(1746484432.860:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  388.839668][   T30] audit: type=1326 audit(1746484432.860:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  388.909245][   T30] audit: type=1326 audit(1746484432.870:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be539 code=0x7ffc0000
[  388.981073][   T30] audit: type=1326 audit(1746484432.870:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  389.044901][   T30] audit: type=1326 audit(1746484432.870:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  389.044956][   T30] audit: type=1326 audit(1746484432.870:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf70be539 code=0x7ffc0000
[  389.045001][   T30] audit: type=1326 audit(1746484432.870:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  389.045045][   T30] audit: type=1326 audit(1746484432.870:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  389.045089][   T30] audit: type=1326 audit(1746484432.870:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=363 compat=1 ip=0xf70be539 code=0x7ffc0000
[  389.045132][   T30] audit: type=1326 audit(1746484432.870:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9520 comm="syz.1.1051" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000
[  389.285852][ T9537] tipc: Enabled bearer <udp:syz0>, priority 10
[  389.291929][ T5882] usb 5-1: USB disconnect, device number 41
[  389.556238][ T5878] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  389.677866][ T5917] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  389.744624][ T5878] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  389.755581][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.770243][ T5878] usb 3-1: Product: syz
[  389.774502][ T5878] usb 3-1: Manufacturer: syz
[  389.784405][ T5878] usb 3-1: SerialNumber: syz
[  389.802160][ T5878] usb 3-1: config 0 descriptor??
[  389.871958][ T5917] usb 1-1: Using ep0 maxpacket: 16
[  389.987523][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.008279][ T5917] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  390.042952][ T5917] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  390.076877][ T9541] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1057'.
[  390.115168][ T5917] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  390.206348][ T5917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.267010][ T5917] usb 1-1: config 0 descriptor??
[  390.291364][ T5878] usb 3-1: Firmware version (0.0) predates our first public release.
[  390.308875][ T5878] usb 3-1: Please update to version 0.2 or newer
[  390.582796][ T5878] usb 3-1: USB disconnect, device number 40
[  391.417283][ T9558] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1060'.
[  391.656006][ T5878] usb 2-1: USB disconnect, device number 50
[  391.688310][ T9561] bridge0: port 3(syz_tun) entered blocking state
[  391.688966][ T9561] bridge0: port 3(syz_tun) entered disabled state
[  391.689210][ T9561] syz_tun: entered allmulticast mode
[  391.693116][ T9561] bridge0: port 3(syz_tun) entered blocking state
[  391.693230][ T9561] bridge0: port 3(syz_tun) entered forwarding state
[  392.893702][ T5917] usbhid 1-1:0.0: can't add hid device: -71
[  392.943666][ T5917] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  392.984647][ T5917] usb 1-1: USB disconnect, device number 54
[  393.508515][ T5882] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  393.574382][ T9586] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1068'.
[  393.636728][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  393.645404][ T5838] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  393.659569][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  393.696146][ T5882] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  393.714371][ T5882] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  393.727159][ T5882] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  393.744584][ T5882] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  393.756035][ T5882] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  393.774531][ T5882] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  393.794446][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  393.818262][ T5838] usb 2-1: Using ep0 maxpacket: 32
[  393.828160][ T5882] usb 1-1: Product: syz
[  393.833970][ T5838] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  393.852824][ T5882] usb 1-1: Manufacturer: syz
[  393.858311][ T5838] usb 2-1: config 0 has no interface number 0
[  393.872057][ T5838] usb 2-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  393.886654][ T5882] cdc_wdm 1-1:1.0: skipping garbage
[  393.901460][ T5882] cdc_wdm 1-1:1.0: skipping garbage
[  393.908865][ T5838] usb 2-1: config 0 interface 1 has no altsetting 0
[  393.917286][ T5882] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  393.938568][ T5882] cdc_wdm 1-1:1.0: Unknown control protocol
[  393.947058][ T5838] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  393.965717][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.990538][ T5838] usb 2-1: Product: syz
[  394.003985][ T5838] usb 2-1: Manufacturer: syz
[  394.015180][ T5838] usb 2-1: SerialNumber: syz
[  394.036650][ T5838] usb 2-1: config 0 descriptor??
[  394.057775][ T5878] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  394.267135][ T5838] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  394.278011][ T5878] usb 5-1: Using ep0 maxpacket: 32
[  394.290674][ T5838] cx231xx 2-1:0.1: Failed to read PCB config
[  394.295022][ T5878] usb 5-1: config 0 has no interfaces?
[  394.296754][ T5838] cx231xx 2-1:0.1: probe with driver cx231xx failed with error -71
[  394.331928][ T5878] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  394.342560][ T5838] usb 2-1: USB disconnect, device number 51
[  394.350695][ T9596] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:2
[  394.380878][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.430870][ T5878] usb 5-1: config 0 descriptor??
[  394.692226][ T9591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  394.734034][ T9591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  394.773085][ T5838] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  394.800646][ T5878] usb 5-1: USB disconnect, device number 42
[  394.928527][ T5838] usb 2-1: Using ep0 maxpacket: 32
[  394.953542][ T5838] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  394.970443][ T5838] usb 2-1: config 0 has no interface number 0
[  394.984614][ T5838] usb 2-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  395.002740][ T5838] usb 2-1: config 0 interface 1 has no altsetting 0
[  395.014390][ T5838] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  395.035816][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.084535][ T5838] usb 2-1: Product: syz
[  395.111717][ T5838] usb 2-1: Manufacturer: syz
[  395.116511][ T5838] usb 2-1: SerialNumber: syz
[  395.148299][ T5838] usb 2-1: config 0 descriptor??
[  395.438600][ T5838] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  395.474021][ T5838] cx231xx 2-1:0.1: bad scenario!!!!!
[  395.474021][ T5838] config_info=0
[  395.546056][ T5838] cx231xx 2-1:0.1: Failed to read PCB config
[  395.606284][ T9608] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  395.767088][ T9612] bridge0: port 1(bridge_slave_0) entered disabled state
[  395.858328][ T5838] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  395.992331][ T5838] usb 4-1: device descriptor read/64, error -71
[  396.189510][ T5878] usb 1-1: USB disconnect, device number 55
[  396.239431][ T5838] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  396.382846][ T5838] usb 4-1: device descriptor read/64, error -71
[  396.498548][ T5838] usb usb4-port1: attempt power cycle
[  396.735696][ T5917] usb 2-1: USB disconnect, device number 52
[  396.898419][ T5838] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  396.979073][ T5838] usb 4-1: device descriptor read/8, error -71
[  397.218289][ T5838] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  397.308777][ T5838] usb 4-1: device descriptor read/8, error -71
[  397.448756][ T5838] usb usb4-port1: unable to enumerate USB device
[  398.027765][ T5838] usb 1-1: new low-speed USB device number 56 using dummy_hcd
[  398.210853][ T5838] usb 1-1: unable to get BOS descriptor or descriptor too short
[  398.220286][ T5838] usb 1-1: config 1 interface 0 altsetting 254 endpoint 0x82 is Bulk; changing to Interrupt
[  398.231342][ T5838] usb 1-1: config 1 interface 0 altsetting 254 endpoint 0x82 has invalid wMaxPacketSize 0
[  398.242015][ T5838] usb 1-1: config 1 interface 0 altsetting 254 endpoint 0x3 is Bulk; changing to Interrupt
[  398.274002][ T5838] usb 1-1: config 1 interface 0 altsetting 254 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  398.324013][ T5838] usb 1-1: config 1 interface 0 has no altsetting 0
[  398.414729][ T5838] usb 1-1: string descriptor 0 read error: -22
[  398.421858][ T5838] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  398.447679][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.491368][ T9643] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  398.513526][ T5838] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  398.582842][ T9652] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1089'.
[  398.730304][  T977] usb 1-1: USB disconnect, device number 56
[  398.881095][ T5838] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  399.060382][ T5838] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  399.152471][ T5838] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  399.175643][ T5838] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  399.200096][ T5838] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  399.229589][ T5838] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  399.289794][ T5838] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  399.299648][  T977] usb 5-1: new full-speed USB device number 43 using dummy_hcd
[  399.316566][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  399.335764][ T5838] usb 2-1: Product: syz
[  399.358266][ T5838] usb 2-1: Manufacturer: syz
[  399.384803][ T5838] cdc_wdm 2-1:1.0: skipping garbage
[  399.418228][ T5838] cdc_wdm 2-1:1.0: skipping garbage
[  399.444140][ T5838] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  399.450949][  T977] usb 5-1: device descriptor read/64, error -71
[  399.473181][ T5838] cdc_wdm 2-1:1.0: Unknown control protocol
[  399.609255][ T9663] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1094'.
[  399.718176][  T977] usb 5-1: new full-speed USB device number 44 using dummy_hcd
[  399.878266][  T977] usb 5-1: device descriptor read/64, error -71
[  399.998533][  T977] usb usb5-port1: attempt power cycle
[  400.241839][ T1207] usb 2-1: USB disconnect, device number 53
[  400.408322][  T977] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  400.455446][  T977] usb 5-1: device descriptor read/8, error -71
[  400.708255][  T977] usb 5-1: new full-speed USB device number 46 using dummy_hcd
[  400.731612][  T977] usb 5-1: device descriptor read/8, error -71
[  400.879026][  T977] usb usb5-port1: unable to enumerate USB device
[  401.891961][ T5917] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  402.048264][ T5838] usb 4-1: new full-speed USB device number 47 using dummy_hcd
[  402.069684][ T5917] usb 2-1: Using ep0 maxpacket: 8
[  402.089847][ T5917] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[  402.117666][ T5917] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  402.164647][ T5917] usb 2-1: config 0 has no interface number 0
[  402.202078][ T5917] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  402.209949][ T5838] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  402.214113][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.238690][ T5917] usb 2-1: Product: syz
[  402.247965][ T5917] usb 2-1: Manufacturer: syz
[  402.259248][ T5838] usb 4-1: config 0 has no interface number 0
[  402.265424][ T5838] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  402.274703][ T5917] usb 2-1: SerialNumber: syz
[  402.285015][ T5917] usb 2-1: config 0 descriptor??
[  402.352082][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.403917][ T5838] usb 4-1: config 0 descriptor??
[  402.451747][ T5838] usb 4-1: selecting invalid altsetting 1
[  402.466569][ T5838] dvb_ttusb_budget: ttusb_init_controller: error
[  402.503369][ T5838] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  402.627762][ T5917] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  402.669138][ T9691] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1102'.
[  402.704800][ T5838] DVB: Unable to find symbol cx22700_attach()
[  402.712081][ T9688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  402.725922][ T5878] usb 2-1: USB disconnect, device number 54
[  402.858455][ T5838] DVB: Unable to find symbol tda10046_attach()
[  402.862293][ T5917] usb 5-1: Using ep0 maxpacket: 8
[  402.876933][ T5917] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  402.890882][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.899919][ T5917] usb 5-1: Product: syz
[  402.904172][ T5917] usb 5-1: Manufacturer: syz
[  402.912084][ T5917] usb 5-1: SerialNumber: syz
[  402.921586][ T5917] usb 5-1: config 0 descriptor??
[  402.939843][ T5838] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  402.960071][ T5838] usb 4-1: USB disconnect, device number 47
[  403.339824][ T5917] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  403.357926][ T1207] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  403.372182][ T5917] gspca_sunplus: reg_w_riv err -71
[  403.377399][ T5917] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  403.464878][ T5917] usb 5-1: USB disconnect, device number 47
[  403.559525][ T1207] usb 1-1: Using ep0 maxpacket: 32
[  403.581104][ T1207] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  403.624900][ T1207] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  403.692149][ T1207] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  403.714637][ T1207] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  403.756697][ T1207] usb 1-1: config 0 interface 0 has no altsetting 0
[  403.772155][ T1207] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  403.781592][ T1207] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  403.815165][ T1207] usb 1-1: Product: syz
[  403.820236][ T1207] usb 1-1: Manufacturer: syz
[  403.826173][ T1207] usb 1-1: SerialNumber: syz
[  403.852228][ T1207] usb 1-1: config 0 descriptor??
[  403.916554][ T9718] FAULT_INJECTION: forcing a failure.
[  403.916554][ T9718] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  403.938680][ T1207] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  403.971708][ T1207] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  404.001506][ T9718] CPU: 0 UID: 0 PID: 9718 Comm: syz.2.1112 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  404.001536][ T9718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  404.001548][ T9718] Call Trace:
[  404.001556][ T9718]  <TASK>
[  404.001565][ T9718]  dump_stack_lvl+0x189/0x250
[  404.001596][ T9718]  ? __lock_acquire+0xaac/0xd20
[  404.001626][ T9718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  404.001653][ T9718]  ? __pfx__printk+0x10/0x10
[  404.001672][ T9718]  ? __might_fault+0xb0/0x130
[  404.001707][ T9718]  should_fail_ex+0x414/0x560
[  404.001761][ T9718]  _copy_to_iter+0x575/0x15a0
[  404.001796][ T9718]  ? __pfx__copy_to_iter+0x10/0x10
[  404.001817][ T9718]  ? __skb_try_recv_from_queue+0x2b2/0x730
[  404.001851][ T9718]  ? __skb_try_recv_datagram+0x3da/0x4e0
[  404.001886][ T9718]  __skb_datagram_iter+0x100/0x960
[  404.001915][ T9718]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  404.001952][ T9718]  skb_copy_datagram_iter+0xc5/0x230
[  404.001984][ T9718]  netlink_recvmsg+0x2c9/0xe00
[  404.002017][ T9718]  ? __pfx_netlink_recvmsg+0x10/0x10
[  404.002042][ T9718]  ? __pfx_aa_sk_perm+0x10/0x10
[  404.002058][ T9718]  ? trace_kmalloc+0x1f/0xd0
[  404.002078][ T9718]  ? __kmalloc_noprof+0x29b/0x4f0
[  404.002103][ T9718]  ? aa_sock_msg_perm+0x94/0x160
[  404.002126][ T9718]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  404.002146][ T9718]  ? security_socket_recvmsg+0x7e/0x2e0
[  404.002173][ T9718]  ? __pfx_netlink_recvmsg+0x10/0x10
[  404.002195][ T9718]  sock_recvmsg+0x229/0x270
[  404.002217][ T9718]  ____sys_recvmsg+0x1c9/0x460
[  404.002262][ T9718]  ? __pfx_____sys_recvmsg+0x10/0x10
[  404.002287][ T9718]  ? get_compat_msghdr+0x37e/0x4a0
[  404.002323][ T9718]  ? ktime_get_ts64+0xa2/0x3d0
[  404.002352][ T9718]  ___sys_recvmsg+0x1b5/0x510
[  404.002382][ T9718]  ? lockdep_hardirqs_on+0x9c/0x150
[  404.002408][ T9718]  ? __pfx____sys_recvmsg+0x10/0x10
[  404.002460][ T9718]  ? __fget_files+0x3a0/0x420
[  404.002496][ T9718]  do_recvmmsg+0x36a/0x760
[  404.002532][ T9718]  ? __pfx_do_recvmmsg+0x10/0x10
[  404.002571][ T9718]  ? _copy_from_user+0x94/0xb0
[  404.002615][ T9718]  __sys_recvmmsg+0x127/0x280
[  404.002644][ T9718]  ? __pfx___sys_recvmmsg+0x10/0x10
[  404.002668][ T9718]  ? ksys_write+0x1f0/0x250
[  404.002700][ T9718]  __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0
[  404.002729][ T9718]  __do_fast_syscall_32+0xb4/0x110
[  404.002755][ T9718]  ? lockdep_hardirqs_on+0x9c/0x150
[  404.002781][ T9718]  do_fast_syscall_32+0x34/0x80
[  404.002806][ T9718]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  404.002830][ T9718] RIP: 0023:0xf7f77539
[  404.002846][ T9718] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  404.002863][ T9718] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000151
[  404.002885][ T9718] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800037c0
[  404.002899][ T9718] RDX: 00000000000003b4 RSI: 0000000000000000 RDI: 0000000080003700
[  404.002911][ T9718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  404.002922][ T9718] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  404.002933][ T9718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  404.002961][ T9718]  </TASK>
[  404.321113][    C0] vkms_vblank_simulate: vblank timer overrun
[  404.580859][ T1207] IPVS: starting estimator thread 0...
[  404.620453][ T5917] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  404.722805][ T9721] IPVS: using max 29 ests per chain, 69600 per kthread
[  404.742429][ T9723] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1116'.
[  404.783874][ T9727] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1115'.
[  404.805778][ T9727] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1115'.
[  404.816187][ T9725] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1114'.
[  404.829911][ T5917] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  404.843334][ T9725] fuse: Bad value for 'fd'
[  404.847676][ T5917] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  404.885153][ T5917] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  404.915988][ T5917] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  404.966864][ T5917] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  405.014350][ T5917] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  405.043677][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  405.065679][ T9732] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1119'.
[  405.072754][ T5917] usb 2-1: Product: syz
[  405.096539][ T5917] usb 2-1: Manufacturer: syz
[  405.107329][ T9732] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1119'.
[  405.130898][ T5917] cdc_wdm 2-1:1.0: skipping garbage
[  405.187018][ T5917] cdc_wdm 2-1:1.0: skipping garbage
[  405.207294][ T5917] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device
[  405.215716][ T5917] cdc_wdm 2-1:1.0: Unknown control protocol
[  405.455027][ T9745] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  405.461795][ T9745] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  405.478312][ T9745] vhci_hcd vhci_hcd.0: Device attached
[  405.500914][ T9746] vhci_hcd: cannot find a urb of seqnum 3683 max seqnum 0
[  405.542669][   T36] vhci_hcd: stop threads
[  405.551787][   T36] vhci_hcd: release socket
[  405.566534][   T36] vhci_hcd: disconnect device
[  405.861935][   T63] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  406.146728][ T9758] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1125'.
[  406.267973][ T5878] usb 1-1: USB disconnect, device number 57
[  406.273981][    C1] ldusb 1-1:0.0: usb_submit_urb failed (-19)
[  406.394515][ T9765] fuse: Bad value for 'fd'
[  406.496788][ T9769] FAULT_INJECTION: forcing a failure.
[  406.496788][ T9769] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.542668][ T9769] CPU: 1 UID: 0 PID: 9769 Comm: syz.2.1127 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  406.542695][ T9769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  406.542708][ T9769] Call Trace:
[  406.542727][ T9769]  <TASK>
[  406.542736][ T9769]  dump_stack_lvl+0x189/0x250
[  406.542767][ T9769]  ? __lock_acquire+0xaac/0xd20
[  406.542797][ T9769]  ? __pfx_dump_stack_lvl+0x10/0x10
[  406.542825][ T9769]  ? __pfx__printk+0x10/0x10
[  406.542844][ T9769]  ? __might_fault+0xb0/0x130
[  406.542880][ T9769]  should_fail_ex+0x414/0x560
[  406.542914][ T9769]  _copy_from_iter+0x1db/0x15a0
[  406.542944][ T9769]  ? trace_kmem_cache_alloc+0x1f/0xc0
[  406.542964][ T9769]  ? kmem_cache_alloc_node_noprof+0x217/0x3c0
[  406.542989][ T9769]  ? __pfx__copy_from_iter+0x10/0x10
[  406.543013][ T9769]  ? __build_skb_around+0x257/0x3e0
[  406.543038][ T9769]  ? netlink_sendmsg+0x642/0xb30
[  406.543057][ T9769]  ? skb_put+0x11b/0x210
[  406.543083][ T9769]  netlink_sendmsg+0x6b2/0xb30
[  406.543112][ T9769]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.543135][ T9769]  ? __import_iovec+0x5d4/0x7f0
[  406.543157][ T9769]  ? aa_sock_msg_perm+0x94/0x160
[  406.543178][ T9769]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  406.543198][ T9769]  ? __pfx_netlink_sendmsg+0x10/0x10
[  406.543219][ T9769]  __sock_sendmsg+0x219/0x270
[  406.543251][ T9769]  ____sys_sendmsg+0x505/0x830
[  406.543280][ T9769]  ? __pfx_____sys_sendmsg+0x10/0x10
[  406.543320][ T9769]  ___sys_sendmsg+0x21f/0x2a0
[  406.543346][ T9769]  ? __pfx____sys_sendmsg+0x10/0x10
[  406.543424][ T9769]  ? __fget_files+0x2a/0x420
[  406.543447][ T9769]  ? __fget_files+0x3a0/0x420
[  406.543482][ T9769]  __sys_sendmsg+0x164/0x220
[  406.543508][ T9769]  ? __pfx___sys_sendmsg+0x10/0x10
[  406.543547][ T9769]  ? syscall_enter_from_user_mode_prepare+0x7f/0xe0
[  406.543572][ T9769]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.543596][ T9769]  __do_fast_syscall_32+0xb4/0x110
[  406.543620][ T9769]  ? lockdep_hardirqs_on+0x9c/0x150
[  406.543645][ T9769]  do_fast_syscall_32+0x34/0x80
[  406.543668][ T9769]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  406.543691][ T9769] RIP: 0023:0xf7f77539
[  406.543708][ T9769] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  406.543732][ T9769] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  406.543752][ T9769] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  406.543765][ T9769] RDX: 0000000004008840 RSI: 0000000000000000 RDI: 0000000000000000
[  406.543777][ T9769] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  406.543787][ T9769] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  406.543799][ T9769] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  406.543826][ T9769]  </TASK>
[  406.921408][ T9775] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1131'.
[  407.098607][ T5878] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  407.146693][    T9] usb 2-1: USB disconnect, device number 55
[  407.183162][ T9775] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1131'.
[  407.341521][ T9775] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  407.341613][ T9775] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  407.341650][ T9775] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  407.341680][ T9775] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  407.394285][ T9781] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1133'.
[  407.547758][ T5878] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  407.708314][ T5878] usb 1-1: Using ep0 maxpacket: 32
[  407.719346][ T5878] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  407.742300][ T5878] usb 1-1: config 0 has no interface number 0
[  407.771496][ T5878] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  407.788573][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.823847][ T5878] usb 1-1: Product: syz
[  407.850820][ T5878] usb 1-1: Manufacturer: syz
[  407.855490][ T5878] usb 1-1: SerialNumber: syz
[  407.908918][ T5878] usb 1-1: config 0 descriptor??
[  407.924494][ T5878] smsc95xx v2.0.0
[  407.942949][   T63] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  408.224835][ T9795] dummy0: entered promiscuous mode
[  408.234735][ T9795] macsec1: entered promiscuous mode
[  408.264158][ T9795] dummy0: left promiscuous mode
[  408.303295][ T9802] fuse: Bad value for 'fd'
[  408.517731][ T5917] usb 4-1: new full-speed USB device number 48 using dummy_hcd
[  408.648524][ T9811] netlink: 'syz.4.1144': attribute type 3 has an invalid length.
[  408.700118][ T5917] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[  408.725002][ T5917] usb 4-1: config 0 has no interface number 0
[  408.732427][ T5878] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): EEPROM read operation timeout
[  408.753982][ T5917] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  408.763948][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.777761][ T5917] usb 4-1: Product: syz
[  408.782054][ T5917] usb 4-1: Manufacturer: syz
[  408.824389][ T5917] usb 4-1: SerialNumber: syz
[  408.842156][ T5917] usb 4-1: config 0 descriptor??
[  408.946762][ T5878] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  408.975177][ T5878] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  408.994069][ T5878] usb 1-1: USB disconnect, device number 58
[  409.117924][ T5880] usb 5-1: new low-speed USB device number 48 using dummy_hcd
[  409.158796][    T9] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  409.284780][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  409.299211][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  409.311572][ T5880] usb 5-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  409.325642][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.327180][    T9] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  409.358432][    T9] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  409.414576][ T5880] usb 5-1: config 0 descriptor??
[  409.440681][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  409.469011][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  409.519146][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  409.536130][    T9] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  409.591246][    T9] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  409.656646][    T9] usb 3-1: Product: syz
[  409.673517][    T9] usb 3-1: Manufacturer: syz
[  409.704004][    T9] cdc_wdm 3-1:1.0: skipping garbage
[  409.711494][    T9] cdc_wdm 3-1:1.0: skipping garbage
[  409.722086][    T9] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  409.745399][    T9] cdc_wdm 3-1:1.0: Unknown control protocol
[  409.936571][ T9837] netlink: 'syz.1.1152': attribute type 8 has an invalid length.
[  409.968882][ T9837] bridge0: entered allmulticast mode
[  410.141496][ T5917] usb 4-1: Firmware version (0.0) predates our first public release.
[  410.170696][ T9837] macvtap1: entered allmulticast mode
[  410.185208][ T5880] usbhid 5-1:0.0: can't add hid device: -71
[  410.213249][ T9837] veth0_macvtap: entered allmulticast mode
[  410.226965][ T5917] usb 4-1: Please update to version 0.2 or newer
[  410.246931][ T5880] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  410.386765][ T5880] usb 5-1: USB disconnect, device number 48
[  410.501808][    T9] usb 3-1: USB disconnect, device number 41
[  410.518400][ T5878] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  410.727697][ T5878] usb 2-1: Using ep0 maxpacket: 16
[  410.742909][ T5878] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  410.751803][ T9846] fuse: Bad value for 'fd'
[  410.765245][ T5878] usb 2-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 6.8a
[  410.787158][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.811804][ T5878] usb 2-1: Product: syz
[  410.834017][ T5878] usb 2-1: Manufacturer: syz
[  410.848388][ T5878] usb 2-1: SerialNumber: syz
[  410.891596][ T5878] usb 2-1: config 0 descriptor??
[  411.039657][ T5878] mcba_usb 2-1:0.0: Can't find endpoints
[  411.268473][ T9837] netlink: 'syz.1.1152': attribute type 2 has an invalid length.
[  411.321994][ T9837] netlink: 'syz.1.1152': attribute type 11 has an invalid length.
[  411.346016][ T9837] __nla_validate_parse: 3 callbacks suppressed
[  411.346036][ T9837] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1152'.
[  411.395492][ T5878] usb 4-1: USB disconnect, device number 48
[  411.418154][ T5917] usb 2-1: USB disconnect, device number 56
[  411.760250][ T9866] binder: 9863:9866 ioctl c0306201 800003c0 returned -14
[  412.165290][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1165'.
[  412.245267][ T9878] fuse: Bad value for 'fd'
[  412.675331][ T9886] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1168'.
[  413.527738][ T5929] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  413.719423][ T5929] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  413.734969][ T5929] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  413.765732][ T5929] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  413.796097][ T5929] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  413.815183][ T5929] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  413.832223][ T5929] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  413.841773][ T5929] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  413.860413][ T5929] usb 3-1: Product: syz
[  413.864859][ T5929] usb 3-1: Manufacturer: syz
[  413.884269][ T5929] cdc_wdm 3-1:1.0: skipping garbage
[  413.895135][ T5929] cdc_wdm 3-1:1.0: skipping garbage
[  413.914284][ T5929] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  413.927735][ T5929] cdc_wdm 3-1:1.0: Unknown control protocol
[  414.008235][  T977] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  414.179239][  T977] usb 2-1: Using ep0 maxpacket: 8
[  414.202976][  T977] usb 2-1: config 0 has an invalid interface number: 31 but max is 0
[  414.226538][  T977] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  414.247141][  T977] usb 2-1: config 0 has no interface number 0
[  414.261664][  T977] usb 2-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  414.272598][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.284667][  T977] usb 2-1: Product: syz
[  414.290065][  T977] usb 2-1: Manufacturer: syz
[  414.295243][  T977] usb 2-1: SerialNumber: syz
[  414.305719][  T977] usb 2-1: config 0 descriptor??
[  414.539565][ T9903] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1176'.
[  414.553737][ T9902] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  414.571077][  T977] usb 2-1: USB disconnect, device number 57
[  414.847190][  T977] usb 3-1: USB disconnect, device number 42
[  415.423740][ T9928] netlink: 'syz.0.1183': attribute type 4 has an invalid length.
[  415.501668][ T9930] FAULT_INJECTION: forcing a failure.
[  415.501668][ T9930] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  415.601860][ T9930] CPU: 0 UID: 0 PID: 9930 Comm: syz.1.1185 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  415.601883][ T9930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  415.601892][ T9930] Call Trace:
[  415.601898][ T9930]  <TASK>
[  415.601904][ T9930]  dump_stack_lvl+0x189/0x250
[  415.601932][ T9930]  ? __pfx_dump_stack_lvl+0x10/0x10
[  415.601958][ T9930]  ? __pfx__printk+0x10/0x10
[  415.601975][ T9930]  ? __might_fault+0xb0/0x130
[  415.601998][ T9930]  should_fail_ex+0x414/0x560
[  415.602025][ T9930]  _copy_from_user+0x2d/0xb0
[  415.602046][ T9930]  move_addr_to_kernel+0x7e/0x160
[  415.602070][ T9930]  get_compat_msghdr+0x3bd/0x4a0
[  415.602092][ T9930]  ? __pfx_get_compat_msghdr+0x10/0x10
[  415.602110][ T9930]  ? rcu_is_watching+0x15/0xb0
[  415.602131][ T9930]  ? ___sys_sendmsg+0x22f/0x2a0
[  415.602155][ T9930]  ___sys_sendmsg+0x193/0x2a0
[  415.602175][ T9930]  ? __pfx____sys_sendmsg+0x10/0x10
[  415.602221][ T9930]  ? __fget_files+0x2a/0x420
[  415.602239][ T9930]  ? __fget_files+0x3a0/0x420
[  415.602265][ T9930]  __sys_sendmmsg+0x28e/0x430
[  415.602288][ T9930]  ? __pfx___sys_sendmmsg+0x10/0x10
[  415.602314][ T9930]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  415.602344][ T9930]  ? ksys_write+0x1f0/0x250
[  415.602368][ T9930]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[  415.602387][ T9930]  __do_fast_syscall_32+0xb4/0x110
[  415.602406][ T9930]  ? lockdep_hardirqs_on+0x9c/0x150
[  415.602425][ T9930]  do_fast_syscall_32+0x34/0x80
[  415.602443][ T9930]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  415.602460][ T9930] RIP: 0023:0xf70be539
[  415.602473][ T9930] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  415.602485][ T9930] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[  415.602501][ T9930] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  415.602511][ T9930] RDX: 0000000004000190 RSI: 0000000000000000 RDI: 0000000000000000
[  415.602520][ T9930] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  415.602528][ T9930] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  415.602536][ T9930] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  415.602556][ T9930]  </TASK>
[  416.051520][ T9937] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1187'.
[  416.063072][ T9937] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1187'.
[  416.112511][ T9939] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1188'.
[  416.273902][ T9939] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1188'.
[  416.294531][ T9947] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1191'.
[  416.348552][ T1162] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  417.268388][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1202'.
[  417.284150][ T9973] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1202'.
[  417.370228][  T977] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  417.387048][ T9973] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1202'.
[  417.421033][ T9973] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1202'.
[  417.570941][  T977] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  417.598263][  T977] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  417.648856][  T977] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  417.701921][  T977] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  417.757218][  T977] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  417.830822][  T977] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  417.863107][  T977] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  417.921861][  T977] usb 5-1: Product: syz
[  417.945429][  T977] usb 5-1: Manufacturer: syz
[  417.992269][  T977] cdc_wdm 5-1:1.0: skipping garbage
[  417.997546][  T977] cdc_wdm 5-1:1.0: skipping garbage
[  418.095099][  T977] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  418.138370][  T977] cdc_wdm 5-1:1.0: Unknown control protocol
[  418.267810][ T5917] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  418.455874][ T5917] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  418.487321][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  418.544081][ T5917] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  418.583776][ T5917] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  418.627923][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.688174][ T5917] usb 4-1: config 0 descriptor??
[  418.844141][  T977] usb 5-1: USB disconnect, device number 49
[  419.129996][ T5917] holtek_kbd 0003:04D9:A055.000E: bogus close delimiter
[  419.155850][ T5917] holtek_kbd 0003:04D9:A055.000E: item 0 4 2 10 parsing failed
[  419.177971][ T5917] holtek_kbd 0003:04D9:A055.000E: probe with driver holtek_kbd failed with error -22
[  419.551042][  T977] usb 4-1: USB disconnect, device number 49
[  419.572350][T10006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1214'.
[  419.625105][T10006] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1214'.
[  419.655833][T10006] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1214'.
[  419.672834][T10006] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1214'.
[  419.885252][T10014] pim6reg0: tun_chr_ioctl cmd 1074025677
[  419.891769][T10014] pim6reg0: linktype set to 780
[  420.067159][T10019] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1217'.
[  420.109372][T10019] netlink: 168 bytes leftover after parsing attributes in process `syz.2.1217'.
[  420.302098][T10019] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  420.749669][T10025] pim6reg0: tun_chr_ioctl cmd 1074025680
[  421.536631][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  421.555319][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  422.267697][ T5917] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  422.540255][ T5917] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  422.549408][ T5917] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  422.587897][ T5917] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  422.632604][ T5917] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  422.659847][ T5917] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  422.745473][ T5917] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  422.755442][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  422.782922][ T5917] usb 2-1: Product: syz
[  422.791323][ T5917] usb 2-1: Manufacturer: syz
[  422.839930][ T5917] cdc_wdm 2-1:1.0: skipping garbage
[  422.875705][ T5917] cdc_wdm 2-1:1.0: skipping garbage
[  422.883389][ T5917] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  422.899561][ T5917] cdc_wdm 2-1:1.0: Unknown control protocol
[  423.819074][  T977] usb 2-1: USB disconnect, device number 58
[  424.110509][T10091] __nla_validate_parse: 6 callbacks suppressed
[  424.110529][T10091] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1236'.
[  424.249474][T10092] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1236'.
[  424.553346][T10099] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1239'.
[  424.564760][T10099] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1239'.
[  424.577908][T10099] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1239'.
[  424.592419][T10099] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1239'.
[  424.749570][T10102] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1238'.
[  425.172799][T10122] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1248'.
[  425.202959][T10122] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1248'.
[  425.213689][   T36] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[  425.657786][ T5917] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  425.669203][T10136] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1251'.
[  425.962472][ T5917] usb 5-1: Using ep0 maxpacket: 16
[  425.994031][ T5917] usb 5-1: config 4 has an invalid interface number: 98 but max is 0
[  426.013796][ T5917] usb 5-1: config 4 has no interface number 0
[  426.031353][ T5917] usb 5-1: config 4 interface 98 has no altsetting 0
[  426.092382][ T5917] usb 5-1: New USB device found, idVendor=093a, idProduct=262a, bcdDevice=2e.17
[  426.142546][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.251790][ T5917] usb 5-1: Product: syz
[  426.314862][ T5917] usb 5-1: Manufacturer: syz
[  426.347678][ T5917] usb 5-1: SerialNumber: syz
[  426.375691][ T5917] gspca_main: gspca_pac7302-2.14.0 probing 093a:262a
[  426.619923][T10127] bridge0: port 3(veth1_to_bridge) entered blocking state
[  426.633551][T10127] bridge0: port 3(veth1_to_bridge) entered disabled state
[  426.691532][T10127] veth1_to_bridge: entered allmulticast mode
[  426.742595][T10127] veth1_to_bridge: entered promiscuous mode
[  426.899946][T10127] bridge0: adding interface veth1_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  426.913803][ T5917] gspca_pac7302: reg_w() failed i: ff v: 01 error -110
[  426.935783][ T5917] gspca_pac7302 5-1:4.98: probe with driver gspca_pac7302 failed with error -110
[  426.953891][T10127] bridge0: port 3(veth1_to_bridge) entered blocking state
[  426.961486][T10127] bridge0: port 3(veth1_to_bridge) entered forwarding state
[  427.038218][ T5929] usb 4-1: new full-speed USB device number 50 using dummy_hcd
[  427.209543][ T5929] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  427.232636][ T5929] usb 4-1: New USB device found, idVendor=0572, idProduct=0320, bcdDevice= 1.85
[  427.253413][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  427.276737][ T5929] usb 4-1: Product: syz
[  427.330378][ T5929] usb 4-1: Manufacturer: syz
[  427.347994][ T5929] usb 4-1: SerialNumber: syz
[  427.396445][ T5882] usb 5-1: USB disconnect, device number 50
[  427.398756][ T5929] usb 4-1: config 0 descriptor??
[  427.520064][ T5929] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  427.578859][ T5929] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  427.601238][ T5929] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  427.722302][ T5929] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  427.751900][ T5929] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  427.812076][T10161] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  427.847723][ T5929] usb 4-1: dvb_usb_v2: found a 'DVBSky T330' in warm state
[  427.868466][T10163] nicvf0: tun_chr_ioctl cmd 1074025676
[  427.879139][T10163] nicvf0: owner set to 0
[  427.889989][ T5929] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  427.962363][ T5929] usb 4-1: USB disconnect, device number 50
[  428.111517][T10163] syzkaller0: entered promiscuous mode
[  428.126891][T10163] syzkaller0: entered allmulticast mode
[  428.852262][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  431.557226][T10202] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  432.098158][ T5882] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  432.268275][ T5838] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  432.307198][T10214] __nla_validate_parse: 6 callbacks suppressed
[  432.307231][T10214] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1269'.
[  432.353024][ T5882] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 196, using maximum allowed: 30
[  432.427940][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  432.448349][ T5838] usb 4-1: Using ep0 maxpacket: 16
[  432.510396][ T5838] usb 4-1: config 4 has an invalid interface number: 98 but max is 0
[  432.523870][ T5882] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 196
[  432.541675][ T5838] usb 4-1: config 4 has no interface number 0
[  432.549760][ T5882] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.00
[  432.559958][ T5838] usb 4-1: config 4 interface 98 has no altsetting 0
[  432.566905][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.580991][ T5838] usb 4-1: New USB device found, idVendor=093a, idProduct=262a, bcdDevice=2e.17
[  432.602799][ T5882] usb 5-1: config 0 descriptor??
[  432.608603][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.617692][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  432.632217][ T5838] usb 4-1: Product: syz
[  432.644251][ T5838] usb 4-1: Manufacturer: syz
[  432.658347][ T5838] usb 4-1: SerialNumber: syz
[  432.701042][ T5838] gspca_main: gspca_pac7302-2.14.0 probing 093a:262a
[  432.912860][T10211] bridge0: port 4(veth1_to_bridge) entered blocking state
[  432.923541][T10211] bridge0: port 4(veth1_to_bridge) entered disabled state
[  432.932428][ T5880] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  432.940574][T10211] veth1_to_bridge: entered allmulticast mode
[  432.958246][T10211] veth1_to_bridge: entered promiscuous mode
[  432.965651][T10211] bridge0: adding interface veth1_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0)
[  433.004630][T10211] bridge0: port 4(veth1_to_bridge) entered blocking state
[  433.011997][T10211] bridge0: port 4(veth1_to_bridge) entered forwarding state
[  433.039245][T10223] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1270'.
[  433.041837][ T5882] holtek_kbd 0003:04D9:A055.000F: bogus close delimiter
[  433.107779][ T5880] usb 1-1: Using ep0 maxpacket: 8
[  433.118164][ T5882] holtek_kbd 0003:04D9:A055.000F: item 0 4 2 10 parsing failed
[  433.131492][ T5880] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  433.165266][ T5838] gspca_pac7302: reg_w() failed i: ff v: 01 error -71
[  433.165633][ T5880] usb 1-1: config 179 has no interface number 0
[  433.208275][ T5882] holtek_kbd 0003:04D9:A055.000F: probe with driver holtek_kbd failed with error -22
[  433.225923][ T5838] gspca_pac7302 4-1:4.98: probe with driver gspca_pac7302 failed with error -71
[  433.241902][ T5880] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  433.315366][ T5838] usb 4-1: USB disconnect, device number 51
[  433.319552][ T5880] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  433.418558][ T5880] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  433.457677][ T5880] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  433.499403][ T5880] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  433.516210][ T5880] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  433.528978][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.553291][T10222] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  433.602895][ T5838] usb 5-1: USB disconnect, device number 51
[  434.014426][T10232] usb usb1: usbfs: process 10232 (syz.1.1272) did not claim interface 0 before use
[  434.102847][ T5838] usb 1-1: USB disconnect, device number 59
[  434.102936][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  434.117272][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  434.126238][    C1] ==================================================================
[  434.134334][    C1] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x23d/0x290
[  434.142201][    C1] Read of size 4 at addr ffff88807bc5185c by task ksoftirqd/1/23
[  434.149948][    C1] 
[  434.152305][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  434.152334][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  434.152354][    C1] Call Trace:
[  434.152363][    C1]  <IRQ>
[  434.152371][    C1]  dump_stack_lvl+0x189/0x250
[  434.152405][    C1]  ? __virt_addr_valid+0x18c/0x540
[  434.152433][    C1]  ? rcu_is_watching+0x15/0xb0
[  434.152468][    C1]  ? __kasan_check_byte+0x12/0x40
[  434.152493][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.152521][    C1]  ? rcu_is_watching+0x15/0xb0
[  434.152552][    C1]  ? lock_release+0x4b/0x3e0
[  434.152582][    C1]  ? __virt_addr_valid+0x18c/0x540
[  434.152608][    C1]  ? __virt_addr_valid+0x469/0x540
[  434.152636][    C1]  print_report+0xb4/0x290
[  434.152660][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  434.152682][    C1]  kasan_report+0x118/0x150
[  434.152708][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  434.152734][    C1]  do_raw_spin_lock+0x23d/0x290
[  434.152757][    C1]  ? __wake_up_common_lock+0x2f/0x1f0
[  434.152783][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  434.152812][    C1]  _raw_spin_lock_irqsave+0xb3/0xf0
[  434.152832][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  434.152853][    C1]  ? kcov_remote_stop+0x78/0x6d0
[  434.152878][    C1]  __wake_up_common_lock+0x2f/0x1f0
[  434.152907][    C1]  __usb_hcd_giveback_urb+0x4d7/0x690
[  434.152927][    C1]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  434.152960][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  434.152983][    C1]  ? usb_hcd_giveback_urb+0x10e/0x420
[  434.153016][    C1]  dummy_timer+0x862/0x4550
[  434.153045][    C1]  ? stack_trace_save+0x9c/0xe0
[  434.153065][    C1]  ? kasan_save_track+0x3e/0x80
[  434.153085][    C1]  ? kasan_save_free_info+0x46/0x50
[  434.153129][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  434.153151][    C1]  ? __lock_acquire+0xaac/0xd20
[  434.153193][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  434.153224][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  434.153253][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  434.153282][    C1]  __hrtimer_run_queues+0x529/0xc60
[  434.153323][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  434.153353][    C1]  ? read_tsc+0x9/0x20
[  434.153370][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  434.153406][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  434.153449][    C1]  handle_softirqs+0x283/0x870
[  434.153484][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  434.153504][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  434.153541][    C1]  __irq_exit_rcu+0xca/0x1f0
[  434.153559][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  434.153583][    C1]  irq_exit_rcu+0x9/0x30
[  434.153599][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  434.153623][    C1]  </IRQ>
[  434.153630][    C1]  <TASK>
[  434.153638][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  434.153661][    C1] RIP: 0010:lock_acquire+0x94/0x360
[  434.153690][    C1] Code: 0f 84 d7 01 00 00 83 3d 99 ea e0 0d 00 0f 84 f0 00 00 00 48 8b b4 24 90 00 00 00 4c 89 ef e8 73 80 83 00 83 3d 7c ea e0 0d 00 <0f> 84 fa 00 00 00 65 8b 05 5f 6e d7 10 85 c0 0f 85 eb 00 00 00 65
[  434.153709][    C1] RSP: 0018:ffffc900001d7cc8 EFLAGS: 00000202
[  434.153730][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: a3f535dee72c5300
[  434.153745][    C1] RDX: 0000000000000001 RSI: ffffffff8b574191 RDI: 1ffffffff1bbefc0
[  434.153760][    C1] RBP: ffffffff8b574171 R08: 0000000000000001 R09: 0000000000000000
[  434.153774][    C1] R10: 0000000000000002 R11: ffffffff8185f730 R12: 0000000000000000
[  434.153788][    C1] R13: ffffffff8ddf7e00 R14: 0000000000000000 R15: 0000000000000001
[  434.153804][    C1]  ? schedule+0x91/0x360
[  434.153824][    C1]  ? __pfx_ksoftirqd_should_run+0x10/0x10
[  434.153848][    C1]  ? schedule+0xb1/0x360
[  434.153869][    C1]  ? lock_acquire+0x8d/0x360
[  434.153899][    C1]  ? schedule+0x91/0x360
[  434.153919][    C1]  ? schedule+0x91/0x360
[  434.153938][    C1]  schedule+0xb1/0x360
[  434.153957][    C1]  ? schedule+0x91/0x360
[  434.153976][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  434.154008][    C1]  smpboot_thread_fn+0x5bd/0xa60
[  434.154041][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  434.154076][    C1]  kthread+0x70e/0x8a0
[  434.154101][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  434.154132][    C1]  ? __pfx_kthread+0x10/0x10
[  434.154156][    C1]  ? __pfx_kthread+0x10/0x10
[  434.154178][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  434.154199][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.154221][    C1]  ? __pfx_kthread+0x10/0x10
[  434.154244][    C1]  ret_from_fork+0x4b/0x80
[  434.154265][    C1]  ? __pfx_kthread+0x10/0x10
[  434.154288][    C1]  ret_from_fork_asm+0x1a/0x30
[  434.154316][    C1]  </TASK>
[  434.154324][    C1] 
[  434.593323][    C1] Allocated by task 5880:
[  434.597670][    C1]  kasan_save_track+0x3e/0x80
[  434.602363][    C1]  __kasan_kmalloc+0x93/0xb0
[  434.606954][    C1]  __kmalloc_cache_noprof+0x230/0x3d0
[  434.612334][    C1]  xpad_probe+0x41c/0x1ed0
[  434.616755][    C1]  usb_probe_interface+0x641/0xbc0
[  434.621894][    C1]  really_probe+0x26a/0x9a0
[  434.626405][    C1]  __driver_probe_device+0x18c/0x2f0
[  434.631696][    C1]  driver_probe_device+0x4f/0x430
[  434.636726][    C1]  __device_attach_driver+0x2ce/0x530
[  434.642103][    C1]  bus_for_each_drv+0x24e/0x2e0
[  434.646972][    C1]  __device_attach+0x2b8/0x400
[  434.651826][    C1]  bus_probe_device+0x185/0x260
[  434.656679][    C1]  device_add+0x7b6/0xb50
[  434.661022][    C1]  usb_set_configuration+0x1a87/0x20e0
[  434.666487][    C1]  usb_generic_driver_probe+0x8d/0x150
[  434.671953][    C1]  usb_probe_device+0x1c1/0x390
[  434.676812][    C1]  really_probe+0x26a/0x9a0
[  434.681329][    C1]  __driver_probe_device+0x18c/0x2f0
[  434.686637][    C1]  driver_probe_device+0x4f/0x430
[  434.691666][    C1]  __device_attach_driver+0x2ce/0x530
[  434.697043][    C1]  bus_for_each_drv+0x24e/0x2e0
[  434.701905][    C1]  __device_attach+0x2b8/0x400
[  434.706690][    C1]  bus_probe_device+0x185/0x260
[  434.711538][    C1]  device_add+0x7b6/0xb50
[  434.715873][    C1]  usb_new_device+0xa39/0x16c0
[  434.720640][    C1]  hub_event+0x2941/0x4a00
[  434.725081][    C1]  process_scheduled_works+0xadb/0x17a0
[  434.730642][    C1]  worker_thread+0x8a0/0xda0
[  434.735235][    C1]  kthread+0x70e/0x8a0
[  434.739306][    C1]  ret_from_fork+0x4b/0x80
[  434.743722][    C1]  ret_from_fork_asm+0x1a/0x30
[  434.748483][    C1] 
[  434.750803][    C1] Freed by task 5838:
[  434.754776][    C1]  kasan_save_track+0x3e/0x80
[  434.759458][    C1]  kasan_save_free_info+0x46/0x50
[  434.764490][    C1]  __kasan_slab_free+0x62/0x70
[  434.769278][    C1]  kfree+0x193/0x440
[  434.773174][    C1]  xpad_disconnect+0x350/0x480
[  434.777951][    C1]  usb_unbind_interface+0x26b/0x8f0
[  434.783171][    C1]  device_release_driver_internal+0x4d6/0x7c0
[  434.789249][    C1]  bus_remove_device+0x34d/0x410
[  434.794188][    C1]  device_del+0x511/0x8e0
[  434.798520][    C1]  usb_disable_device+0x3e9/0x8a0
[  434.803552][    C1]  usb_disconnect+0x330/0x910
[  434.808234][    C1]  hub_event+0x1cdb/0x4a00
[  434.812667][    C1]  process_scheduled_works+0xadb/0x17a0
[  434.818240][    C1]  worker_thread+0x8a0/0xda0
[  434.822833][    C1]  kthread+0x70e/0x8a0
[  434.826904][    C1]  ret_from_fork+0x4b/0x80
[  434.831320][    C1]  ret_from_fork_asm+0x1a/0x30
[  434.836086][    C1] 
[  434.838408][    C1] The buggy address belongs to the object at ffff88807bc51800
[  434.838408][    C1]  which belongs to the cache kmalloc-1k of size 1024
[  434.852468][    C1] The buggy address is located 92 bytes inside of
[  434.852468][    C1]  freed 1024-byte region [ffff88807bc51800, ffff88807bc51c00)
[  434.866301][    C1] 
[  434.868626][    C1] The buggy address belongs to the physical page:
[  434.875041][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bc50
[  434.883800][    C1] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  434.892294][    C1] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  434.900284][    C1] page_type: f5(slab)
[  434.904265][    C1] raw: 00fff00000000040 ffff88801a041dc0 0000000000000000 dead000000000001
[  434.912864][    C1] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  434.921445][    C1] head: 00fff00000000040 ffff88801a041dc0 0000000000000000 dead000000000001
[  434.930116][    C1] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  434.938788][    C1] head: 00fff00000000003 ffffea0001ef1401 00000000ffffffff 00000000ffffffff
[  434.947454][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  434.956117][    C1] page dumped because: kasan: bad access detected
[  434.962542][    C1] page_owner tracks the page as allocated
[  434.968254][    C1] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 12, tgid 12 (kworker/u8:0), ts 108701525890, free_ts 108638330338
[  434.987357][    C1]  post_alloc_hook+0x1d8/0x230
[  434.992179][    C1]  get_page_from_freelist+0x21ce/0x22b0
[  434.997743][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  435.003571][    C1]  alloc_pages_mpol+0x232/0x4a0
[  435.008435][    C1]  allocate_slab+0x8a/0x3b0
[  435.012948][    C1]  ___slab_alloc+0xbfc/0x1480
[  435.017632][    C1]  __kmalloc_noprof+0x305/0x4f0
[  435.022496][    C1]  ieee802_11_parse_elems_full+0x152/0x2b20
[  435.028409][    C1]  ieee80211_ibss_rx_queued_mgmt+0x462/0x2ae0
[  435.034499][    C1]  ieee80211_iface_work+0x806/0xfe0
[  435.039702][    C1]  cfg80211_wiphy_work+0x2dc/0x460
[  435.044817][    C1]  process_scheduled_works+0xadb/0x17a0
[  435.050371][    C1]  worker_thread+0x8a0/0xda0
[  435.054965][    C1]  kthread+0x70e/0x8a0
[  435.059036][    C1]  ret_from_fork+0x4b/0x80
[  435.063452][    C1]  ret_from_fork_asm+0x1a/0x30
[  435.068219][    C1] page last free pid 5883 tgid 5883 stack trace:
[  435.074539][    C1]  __free_frozen_pages+0xb0e/0xcd0
[  435.079655][    C1]  __put_partials+0x161/0x1c0
[  435.084333][    C1]  put_cpu_partial+0x17c/0x250
[  435.089104][    C1]  __slab_free+0x2f7/0x400
[  435.093536][    C1]  qlist_free_all+0x9a/0x140
[  435.098145][    C1]  kasan_quarantine_reduce+0x148/0x160
[  435.103605][    C1]  __kasan_slab_alloc+0x22/0x80
[  435.108460][    C1]  __kmalloc_cache_noprof+0x1be/0x3d0
[  435.113836][    C1]  usb_control_msg+0x73/0x3e0
[  435.118521][    C1]  hub_port_init+0xe24/0x2800
[  435.123202][    C1]  hub_event+0x2518/0x4a00
[  435.127625][    C1]  process_scheduled_works+0xadb/0x17a0
[  435.133190][    C1]  worker_thread+0x8a0/0xda0
[  435.137782][    C1]  kthread+0x70e/0x8a0
[  435.141865][    C1]  ret_from_fork+0x4b/0x80
[  435.146285][    C1]  ret_from_fork_asm+0x1a/0x30
[  435.151049][    C1] 
[  435.153368][    C1] Memory state around the buggy address:
[  435.158999][    C1]  ffff88807bc51700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  435.167058][    C1]  ffff88807bc51780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  435.175117][    C1] >ffff88807bc51800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  435.183213][    C1]                                                     ^
[  435.190162][    C1]  ffff88807bc51880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  435.198236][    C1]  ffff88807bc51900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  435.206301][    C1] ==================================================================
[  435.214408][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  435.221642][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted 6.15.0-rc5-syzkaller #0 PREEMPT(full) 
[  435.231826][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  435.242064][    C1] Call Trace:
[  435.245378][    C1]  <IRQ>
[  435.248238][    C1]  dump_stack_lvl+0x99/0x250
[  435.252845][    C1]  ? __asan_memcpy+0x40/0x70
[  435.257440][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  435.262650][    C1]  ? __pfx__printk+0x10/0x10
[  435.267248][    C1]  panic+0x2db/0x790
[  435.271170][    C1]  ? __pfx_panic+0x10/0x10
[  435.275615][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  435.281511][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  435.287841][    C1]  ? print_memory_metadata+0x314/0x400
[  435.293304][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  435.298346][    C1]  check_panic_on_warn+0x89/0xb0
[  435.303300][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  435.308330][    C1]  end_report+0x78/0x160
[  435.312579][    C1]  kasan_report+0x129/0x150
[  435.317084][    C1]  ? do_raw_spin_lock+0x23d/0x290
[  435.322117][    C1]  do_raw_spin_lock+0x23d/0x290
[  435.326968][    C1]  ? __wake_up_common_lock+0x2f/0x1f0
[  435.332349][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  435.337752][    C1]  _raw_spin_lock_irqsave+0xb3/0xf0
[  435.342964][    C1]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  435.348865][    C1]  ? kcov_remote_stop+0x78/0x6d0
[  435.353809][    C1]  __wake_up_common_lock+0x2f/0x1f0
[  435.359020][    C1]  __usb_hcd_giveback_urb+0x4d7/0x690
[  435.364394][    C1]  ? usb_hcd_unlink_urb_from_ep+0x2c/0x110
[  435.370215][    C1]  ? __pfx___usb_hcd_giveback_urb+0x10/0x10
[  435.376133][    C1]  ? usb_hcd_giveback_urb+0x10e/0x420
[  435.381544][    C1]  dummy_timer+0x862/0x4550
[  435.386070][    C1]  ? stack_trace_save+0x9c/0xe0
[  435.390932][    C1]  ? kasan_save_track+0x3e/0x80
[  435.395788][    C1]  ? kasan_save_free_info+0x46/0x50
[  435.401001][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  435.406375][    C1]  ? __lock_acquire+0xaac/0xd20
[  435.411266][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  435.416244][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  435.421200][    C1]  ? __pfx_dummy_timer+0x10/0x10
[  435.426153][    C1]  __hrtimer_run_queues+0x529/0xc60
[  435.431380][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  435.437115][    C1]  ? read_tsc+0x9/0x20
[  435.441194][    C1]  ? __pfx___local_bh_disable_ip+0x10/0x10
[  435.447017][    C1]  hrtimer_run_softirq+0x187/0x2b0
[  435.452147][    C1]  handle_softirqs+0x283/0x870
[  435.456927][    C1]  ? __irq_exit_rcu+0xca/0x1f0
[  435.461693][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  435.466989][    C1]  __irq_exit_rcu+0xca/0x1f0
[  435.471582][    C1]  ? __pfx___irq_exit_rcu+0x10/0x10
[  435.476792][    C1]  irq_exit_rcu+0x9/0x30
[  435.481032][    C1]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  435.486680][    C1]  </IRQ>
[  435.489614][    C1]  <TASK>
[  435.492545][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  435.498526][    C1] RIP: 0010:lock_acquire+0x94/0x360
[  435.503731][    C1] Code: 0f 84 d7 01 00 00 83 3d 99 ea e0 0d 00 0f 84 f0 00 00 00 48 8b b4 24 90 00 00 00 4c 89 ef e8 73 80 83 00 83 3d 7c ea e0 0d 00 <0f> 84 fa 00 00 00 65 8b 05 5f 6e d7 10 85 c0 0f 85 eb 00 00 00 65
[  435.523340][    C1] RSP: 0018:ffffc900001d7cc8 EFLAGS: 00000202
[  435.529423][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: a3f535dee72c5300
[  435.537392][    C1] RDX: 0000000000000001 RSI: ffffffff8b574191 RDI: 1ffffffff1bbefc0
[  435.545361][    C1] RBP: ffffffff8b574171 R08: 0000000000000001 R09: 0000000000000000
[  435.553339][    C1] R10: 0000000000000002 R11: ffffffff8185f730 R12: 0000000000000000
[  435.561313][    C1] R13: ffffffff8ddf7e00 R14: 0000000000000000 R15: 0000000000000001
[  435.569292][    C1]  ? schedule+0x91/0x360
[  435.573541][    C1]  ? __pfx_ksoftirqd_should_run+0x10/0x10
[  435.579263][    C1]  ? schedule+0xb1/0x360
[  435.583507][    C1]  ? lock_acquire+0x8d/0x360
[  435.588113][    C1]  ? schedule+0x91/0x360
[  435.592365][    C1]  ? schedule+0x91/0x360
[  435.596609][    C1]  schedule+0xb1/0x360
[  435.600682][    C1]  ? schedule+0x91/0x360
[  435.604927][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  435.609957][    C1]  smpboot_thread_fn+0x5bd/0xa60
[  435.614903][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  435.619938][    C1]  kthread+0x70e/0x8a0
[  435.624011][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  435.629484][    C1]  ? __pfx_kthread+0x10/0x10
[  435.634083][    C1]  ? __pfx_kthread+0x10/0x10
[  435.638674][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  435.643872][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  435.649080][    C1]  ? __pfx_kthread+0x10/0x10
[  435.653676][    C1]  ret_from_fork+0x4b/0x80
[  435.658114][    C1]  ? __pfx_kthread+0x10/0x10
[  435.662709][    C1]  ret_from_fork_asm+0x1a/0x30
[  435.667485][    C1]  </TASK>
[  435.670813][    C1] Kernel Offset: disabled
[  435.675142][    C1] Rebooting in 86400 seconds..