last executing test programs:

16.105277936s ago: executing program 1 (id=4502):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$kcm(0x10, 0x400000002, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES16=r1, @ANYRESHEX], 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc0fc4111, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x40000, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
syz_emit_ethernet(0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa8100100086dd60f900f500200600fe8000000000000000000000000000aafe8000000000000000000000000000aafffe4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB], 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x3, 0x3}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0xd87, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

14.137355245s ago: executing program 1 (id=4517):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0xfffffffa, 0x3}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r5=>0x0], &(0x7f0000000280), 0x1, r4})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000380)={0x601, 0x1, &(0x7f00000000c0)=[r4], &(0x7f0000000200), &(0x7f0000000300)=[r5], &(0x7f0000000580)})
r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r7 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r7, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r7, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r6, &(0x7f0000000180)='./file1\x00', 0x4)
renameat2(r6, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r6, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2)
socket$inet6_sctp(0xa, 0x1, 0x84)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001140)='net\x00')
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
fchdir(r8)
r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r9, &(0x7f0000000040)=0x1c8, 0x12)
socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, 0x0)

11.588440008s ago: executing program 1 (id=4529):
r0 = socket(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYRES8=r0, @ANYRESDEC=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000fc35f48aaa50f7e3635c1c4a20412ee600000000000000004841c6efaea0bdcdca71e8618a1a780dccc98a879dc179cd88e5522a642bd0"], 0x48)
r1 = socket(0x200000000000011, 0x2, 0xfdb)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
bind$packet(r1, &(0x7f0000000080)={0x11, 0xf6, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x2)
recvfrom$inet(r1, &(0x7f0000000400)=""/222, 0xde, 0x40002100, &(0x7f00000002c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x35}}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x0, 0x5, 0xfffffffd, 0x0, 0x23db})
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', 0x0})
r4 = io_uring_setup(0x524e, &(0x7f0000000000)={0x0, 0xf001, 0x10000, 0x1, 0x232, 0x0, r2})
io_uring_register$IORING_REGISTER_RING_FDS(r4, 0x1c, &(0x7f0000002940)=[{0x0, 0x1, 0x0, 0x0, 0x0}], 0x1)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x8000}, 0x4)
syz_emit_ethernet(0x32, &(0x7f0000000300)=ANY=[@ANYRESHEX=r2], 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x2c)
r5 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000200), 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000180)={0x0, r5}, 0x8)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r7=>0x0]}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r6, 0x84, 0x19, &(0x7f00000000c0)={r7, 0x4}, 0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000240)={0x59, 0x9000, 0x200, 0x80000001, 0x2127, 0x5, 0x6, 0x0, r7}, &(0x7f0000000280)=0x20)
socket$rxrpc(0x21, 0x2, 0xa)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="180000e150ea9c292e784de8c100000000000000", @ANYRES32=r8, @ANYRESDEC], &(0x7f0000001fc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$FITHAW(r9, 0xc0045878)
setsockopt$inet6_int(r0, 0x29, 0xce, 0x0, 0x0)

9.87266676s ago: executing program 0 (id=4533):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
open(0x0, 0x147842, 0x88)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x10000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa"], 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
timerfd_settime(0xffffffffffffffff, 0x2, &(0x7f0000007000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
shmat(r7, &(0x7f0000ff9000/0x1000)=nil, 0x4000)
shmctl$IPC_RMID(r7, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e000000100"/32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x4, 0x3, 0x641352225ed612c7, 0x1000, &(0x7f0000cb0000/0x1000)=nil})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

8.947198831s ago: executing program 1 (id=4535):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000a40)=@newlink={0x54, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_LINK={0x8}, @IFLA_GRE_ERSPAN_HWID={0x6, 0x18, 0x7b17}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[{{0x9, 0x5, 0x81, 0x3, 0x40}}], {{0x9, 0x5, 0x82, 0x2, 0x0, 0x9}}}}}]}}]}}, 0x0)
syz_usb_ep_read(r4, 0x3, 0x0, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x2000000, &(0x7f0000002140)={{'fd', 0x3d, r5}})
ptrace(0x10, r3)
ptrace$ARCH_SHSTK_STATUS(0x1e, r3, 0x0, 0x5005)
unlinkat(0xffffffffffffff9c, &(0x7f0000000400)='.\x00', 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000e80)=ANY=[@ANYBLOB="120100006fb68440e11d02c1087d0102030109021b000100000000090400000143da9100090504"], 0x0)

7.220082494s ago: executing program 0 (id=4538):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x40, 0x0, 0x200, 0x70bd2d, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_LEN={0x5}, @L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x4}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x7a3c}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0xd6}]}, 0x40}, 0x1, 0x0, 0x0, 0x400d4}, 0x20000000)
unshare(0x2040000)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1)

7.000322287s ago: executing program 3 (id=4541):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, <r0=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r0, {0x7, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x7fff})
io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0)
getdents64(r1, &(0x7f00000063c0)=""/1024, 0x400)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x228, 0x0, 0x0, [{0x806, 0x5, 0xb, 0x2, '#,UK\x80j\x9bO\x8e,-'}, {0x2, 0x5, 0x1d8, 0x0, 'group\x1fidWtv\xf1@M\x13V\xb82\'\x1a\x00t\xae\x18&\xf8\x97\xbe4\xd5P\a\xf4I{\xea\xbf\x8c#\xad\xb9|\xd6\x01\x92a\xd5{\xde`U\xedxt\xd8\xdb\xeeS\xda\x81\xde\x83\xbf)\x8f,R_Hxj]&\xe7\x15\xfa\x02\x91\xa4\xa5\x971\n=\xc6%\xce{\xda\xd5\xd8\xf3\rTr\x8b\x95\xcc>\xaad\xb6\x9d\x13\x11<\xfb[\xd8\x01yG\xd4vt\x00\x02\xaej\x06\x12j&\x05\xb6W\x9b\xa7~2\'\xf2\xca\\\x94Q\"\xda\xfb\x1c\xba\xf7\xbc\v-\xbe[\x84\xfc\xbf*\xc4\x96\x93\xaaL^\xcf\xd6\xb3\\\xcd\x86\'\"fJ\x00j\xf3{\x02\xad\x14\xe2\xc6&\xe9\x18Y\xe8\fNO{\bV\x19\xdb<\x1f\x0e\x19\t\xe8\xed\xc7\xf6=\xa1\xe6Hj\xc2\x80@\to@|\xf9\xeb\x9b\xf4,\fl\x028\x9b\xe7\x05\x90\xb2\xe8N\x9cQ\x81\xf4r \xdd\xb4\xdaT\v\xcb\xbc\xa4\x88%\xb6~@\x1fkov\x9fr[\xca\xd8\x06)\x95\"ll\xd1\x9e\x8b\xf6]\x83b\xeatH \x04~G\xe5t\xe6\xfa\x81@\x8cB\xd6r\xdf\xf1\xd0\xb6Y1\xa2^#\xf6t\x93?\xa8S\x05\xb6J[\x9dJ~\xa4(t(\x80\x85\xc0\x00$\x16\xa0\xbc\xe7V\xc1\xc1\x17\xaeZ\xad\xdf,\xba\xd0\x11\xda\xe3c\x965\x0f\t5Z?\b\xaf\xc5\xc3M\x1e\x1bu\xf3\x06$\' u\xb9\x8f\xa9U\x8c\xd4\xe4\x02\x04\xa6\x83\x16\xea\x1ap<,\xd0\x00\xc7CP!\xe9$y\xde\xa4\x81q\xb6\x89%\xc4\xf9K\xc7&Z3\x84\\Q\xc7\xceo8\xe9\xaa\x89\xc5\x03\xde\xcdn\x7fl\x90\x1b\xec5\x12p&m\x8d\xd1\xce\x86$\xady\xe7-\xf2Q\xf2\x1e?\x8e\x83\xb9s\xea\x04j\xa8o\xe0L\xce5b\x94\x9d\x8b\xeaB\xe5\xb7\x02\x8b\xbd\xd9\x9cd\x13\xf5X\x0e\xda}*\xa0\\\x8d\xd5'}]}, 0x0, 0x0, 0x0, 0x0})

6.864537446s ago: executing program 0 (id=4542):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x230, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1f4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x164, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x64, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x2d, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0xcc, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x99, 0x6, "0ef6a460a5bbda16e826eafe044d3376872c48b74ae60f057b238fb15e2207986c5639bfbc3d91ee00b5a433e95b6b3527d9711d16abc0abaea927bcdffe4d3ec14fb6fca0407429934982873a3f054bcbf1e53f85fe7aee4ccd90229e6ba2b45bd165ebd7929c21abcdf0b8d47ff6a950009bf4b1ef96863b19aaa1c52a12b02f39c0816b2c6136341ed251c3b6f6af9385e3d242"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0x70, 0x1, [@m_ctinfo={0x6c, 0x19, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7fffffff}, @TCA_CTINFO_ZONE={0x6}]}, {0x2f, 0x6, "c04874b4806554224c1d607fce4f3c46819b0f84ba8654e87574ed1da66e458671a5cb17969c51d284950d"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x230}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {0x0}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})

6.76418436s ago: executing program 3 (id=4543):
unshare(0x22020400)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x2, {0x14, 0x1000, 0x2e04, 0x6}})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000400)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x18, 0x3a, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @mcast2, {[], @mld={0x83, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fba85b08e90f71db3e530102030109021200010400200009049c070000000000f87f06235e0053418dec393b74"], 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000000)={'team0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newlink={0x58, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x66016, 0x2021}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x20, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x3}, @IFLA_VLAN_EGRESS_QOS={0x10, 0x3, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc, 0x39, {0x5, 0x3}}]}, @IFLA_VLAN_INGRESS_QOS={0x4}]}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x58}, 0x1, 0x0, 0x0, 0x4001}, 0x8000002)
ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f00000002c0)={'pimreg0\x00', &(0x7f0000000040)=@ethtool_stats={0x1d, 0x4, [0x0, 0xffffffffffffffff, 0xbaf, 0x7fffffffffffffff]}})

6.626379206s ago: executing program 0 (id=4546):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$kcm(0x10, 0x400000002, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES16=r1, @ANYRESHEX], 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r2 = socket(0x10, 0x803, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(0xffffffffffffffff, 0xc0fc4111, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x40000, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r9, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
syz_emit_ethernet(0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa8100100086dd60f900f500200600fe8000000000000000000000000000aafe8000000000000000000000000000aafffe4e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="80020000907801fd1e0c"], 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xfff3}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0x3, 0x3}}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0xd87, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

6.18600576s ago: executing program 4 (id=4548):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r1)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r5, 0x0, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./control\x00', 0x64000ba6)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000180)='./control\x00', 0xa4000960)
r7 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={0x0, 0x6}, 0x8)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100))
socket(0x26, 0x3, 0xfffffffc)
memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'dvmrp0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

5.606571025s ago: executing program 1 (id=4549):
r0 = semget(0x3, 0x2, 0x284)
semctl$IPC_RMID(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x28c81, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x10000, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000280)={0x7, 0x100, "77c638b05041a0115f44304807e55536b7fc5ae52727d800", 0x1ff, 0x5, 0x79, 0xdf4})
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r7, 0x3000)
r8 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000bb1ed136c97b1a4443ae9db8e91b2d81d52b5ca4fb5696d2aaacf66be79f11f997215401e5e7e0feddbf09c99965d5001c53c1ae88683fcc933db327bf2781102bfaac20b9390702f3d4c13dad39a8301328011998ec153e6307d5c50851b8f1124af93a8b5d5712165cdb29fca6a0138404f0fc3d929f7c0049ae2d85ed194f4d78b6", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000000c0)={r8, 0x0, 0x0}, 0x1c)
r9 = syz_open_dev$vbi(0x0, 0x2, 0x2)
ioctl$VIDIOC_G_SLICED_VBI_CAP(r9, 0xc0745645, &(0x7f0000000100)={0x6, [0xff, 0x8, 0x8, 0x7fff, 0x5, 0x800, 0x7, 0xfffa, 0xfc01, 0x201, 0x2, 0x10, 0x1, 0xa, 0x8, 0x2, 0x7, 0x8, 0x7f, 0x0, 0x4, 0x1, 0x97, 0x457f, 0x4, 0x5, 0x3, 0xd712, 0x4, 0x8544, 0xb, 0x5, 0x6, 0x7685, 0x98bd, 0x0, 0x8000, 0x8, 0x5, 0x2, 0x0, 0x5, 0xe9da, 0xf, 0x8, 0x6, 0x2, 0x8], 0x3})
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
syz_io_uring_setup(0xecb, &(0x7f0000000200)={0x0, 0xb6ea, 0x20, 0x0, 0x233, 0x0, r7}, &(0x7f0000000480), &(0x7f0000000300))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x16)
ioctl$KVM_PRE_FAULT_MEMORY(r5, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

5.118529698s ago: executing program 3 (id=4550):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0x4, &(0x7f0000000180)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x99}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setitimer(0x2, &(0x7f0000000580)={{0x77359400}, {0x0, 0xea60}}, 0x0)
setrlimit(0x0, &(0x7f00000000c0)={0x0, 0x1})
syz_clone(0x80, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000006c0), 0x41982)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000040)={0x80, 0x5, 0x10009})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r6, 0x100000)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, 0x0)
readv(r5, &(0x7f0000000240)=[{&(0x7f0000002580)=""/4096, 0x1000}], 0x1)
mlockall(0x2)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$bt_hci(r8, 0x0, 0x3, 0x0, &(0x7f0000000040))
r9 = signalfd4(r3, &(0x7f0000000000)={[0xc]}, 0x8, 0x80000)
accept4$tipc(r9, &(0x7f0000000080)=@id, &(0x7f00000000c0)=0x10, 0x80000)
sendmsg$NL80211_CMD_REGISTER_BEACONS(r3, &(0x7f0000003900)={0x0, 0x0, &(0x7f00000038c0)={&(0x7f0000001500)={0x30, r2, 0x1, 0x70bd07, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x64}, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0xb, 0x4000003f}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x40000a0}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r10, 0xc0cc5605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x30314142, 0x8, 0x6, [{0x0, 0x3}, {}, {}, {0x7d4}, {}, {0xfffffffe}, {0x0, 0x6}, {0x0, 0x7fff}], 0x0, 0x4, 0x4, 0x0, 0x7}})
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_REGISTER_FRAME(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="88000000", @ANYRES16=r2, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="0c00990004000000210000004c005b00a664c03f9d2028631d7bc5b1fca2d7e5787faadd3acd0204fb3e172888731ee1a0987d1a6aa9eeb561f8a177180cb68548ded6ae251016869845f3fb22f7c0e153194d874869dc6311005b00db1ca06213de57548e7c7d8c6d0000"], 0x88}, 0x1, 0x0, 0x0, 0x4008014}, 0xc080)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, 0x0, 0x0)

3.99893828s ago: executing program 3 (id=4551):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2f4, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x230, 0x1, [@m_xt={0x194, 0xa, 0x0, 0x0, {{0x7}, {0x16c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x4d, 0x6, {0xb, 'security\x00', 0xfb, 0xf, "db32b67415a858318ca81432b4dc5d5526738147f0b08da046db93b204b3955fb990fa"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TARG={0x4d, 0x6, {0x2fe, 'nat\x00', 0x7, 0x1000, "32191f502c659f78524cedcb63159b9970fd761bd5a7356aa2eb78ed001acbeda2a4ab"}}, @TCA_IPT_TARG={0x5d, 0x6, {0x8001, 'nat\x00', 0xe, 0x1000, "5b17aa89d80870c15066789ffc3b484ddb037d507299171c05cbd077a4e3492a17ecb2370233755138b3858be560a8a0cb8e4b"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0xfffffffd}, @TCA_IPT_TARG={0x3d, 0x6, {0x22, 'mangle\x00', 0x8, 0x9, "e72647848090e95915f0df84f6bd63debef6ae"}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_csum={0x68, 0x34, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd, 0x6, 0x8, 0x9}, 0x43}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x5, 0x4, 0x0, 0x136bcb9c}, 0x6c}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbmod={0x30, 0xd, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}, {0xb0, 0x1, [@m_gact={0xac, 0x16, 0x0, 0x0, {{0x9}, {0x4}, {0x7d, 0x6, "3b5787a933d0695a3c65e24e5c4c8a9428e87983fcb08e778c4c16d937c9d6cdd2b42f9e24f75184f7dfdc33389e6615d6aa21fe6ee7d9836096a2743418947b1a45472c40db288e9fd9c34c8ceed8fb34c3bb42b89f5d42e9ec5f7e781cf88ee98688cd4e3817aab179991acb608cb1c9d6602df0c66e9c85"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}, 0x2f4}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})

3.794003273s ago: executing program 2 (id=4552):
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r0=>0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000040)='net/netlink\x00')
bind(r1, &(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x6, @dev={0xfe, 0x80, '\x00', 0xb}, 0x1, 0x1}, 0x80)
r2 = eventfd2(0x2, 0x80000)
io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x2, r1, &(0x7f0000000100)="95eccb017eb7bd62b180f92ba2f93d0ddef114601ab6fc6902e2281b1e9498b01a3f9a949f28a7208d8ca10ffea395f11f61eaa25f5c4c9b84fae59f54f1a7372fcc95ae476f55297e69313578ce4ba16708c65a63732cf6a4263f2d78ee2de373cfc363610be2dcfe098a15c941b9eed702f246da7680ff0fb3509f8eb513fac61986820fb79e285ad3b090860879a8cf237ba891dd8b6dae4e4eef0483c4491f2d03d15ca86403b8e2f9ba86", 0xad, 0x1, 0x0, 0x3, r2}, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_GET_LEASE(r1, 0xc01064c8, &(0x7f0000000540)={0x4, 0x0, &(0x7f0000000500)=[<r3=>0x0, 0x0, 0x0, 0x0]})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f0000000580)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000280)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0], 0x7, 0x8, 0x2, 0x0, r3})
write$yama_ptrace_scope(r1, &(0x7f0000000600)='2\x00', 0x2)
prctl$PR_GET_TSC(0x19, &(0x7f0000000640))
writev(r2, &(0x7f0000000800)=[{&(0x7f0000000680)="2a5170a1c4d53d90efaaecd2b7a43aad3b133a2a852ddbdc4e93f9e8c30cd5e6025af240f15f0290cbce5cd19a686da020467f2d16c49a12de6124cdbad45457786791c98bd569d93d9f8478", 0x4c}, {&(0x7f0000000700)="40395746ad86410edd5441f83ba5b2e9b3d2ae73bcffa08d29764ad3bcebe402eea6e7", 0x23}, {&(0x7f0000000740)="4d4e4fd42af2e565b1acc72019effc613af699c5472605c3bf06aeb6fbfda4aea4e8a51747adee01aa184b28ee4c9736a2cca604cb7ffe2dc32a8e6aaa8ae97e1b8f3d25eaadcfeccd57e007611be39ab9d63a583fe15d3e96c3af7006ef06b547e160793823d493061331784a25c33169d71f6093fb0bbf11fb976b859ebd911cad136d02e8922909ec5e5ffbb76bde7c547a76cdd691cf7154b5c788b7a7c425cadf1e85266352916d98d9e398ae", 0xaf}], 0x3)
writev(r2, &(0x7f0000000a80)=[{&(0x7f0000000840)="259fd6dd2b040e828bbe821a6298431a838d", 0x12}, {&(0x7f0000000880)="fb2d955d8dd09dfc6f760dff42e4ca70fe786646a50627dc323edded38cce82cb13db18e93bfa0988908c355abeccb353c70e69ffc3b5416376674333a45b813a9b34757e8898bf0da400f47d36f30fe59fad1290303cd491c77f8b4ec7bb1962f7f8ec8adfeb5fbb8dadd01475e4f294fb5bb69a8590074bb15722332b9a29638cf02761b7d3b1b46e58b266503c7bda79701a3e41521907e356bdfbcd0bd88e8f86dc6ec31a5de7f2b59620009dd68b43744735c53e15698daa4c2ac050a7423648e97587978c0434467fd76d3287a93936f8ae740df32e6", 0xd9}, {&(0x7f0000000980)="1adaafa750afed8c87e89111b6c824e725fb7fcb0191162488ab4ca2513f5d1cfee6555127023a37c30d8a4efadf84009d14908caacd009e0b528ce926c1e6aec418225b5fa86538fe4940d4184579087265a8c47b44369a529f95879ae4fa04460aee5b010accb73965a9f5377de6a14affdfcaf20ad81511bcdde36941d2d9d2a9d9093cf97e49c43e270d8374bea53b2d8a8feb7178ca6d5fe768cd664d9a00e7eb79a0998978558c5bee1aa2ae50d38008f26b62c1e7dbcc2a023b60d48887a0f96182efbe0667a31cd04679330f8e60b963a02fa55cc79749f0076e78f199a3d5836c7f", 0xe6}], 0x3)
add_key(&(0x7f0000000ac0)='pkcs7_test\x00', &(0x7f0000000b00)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
msgget$private(0x0, 0xea)
ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000b40)={0x1, 0x0, [{0x9a1, 0x0, 0x7}]})
sched_getaffinity(r0, 0x8, &(0x7f0000000b80))
setsockopt$RDS_RECVERR(r1, 0x114, 0x5, &(0x7f0000000bc0)=0x1, 0x4)
pselect6(0x40, &(0x7f0000000c00)={0x2, 0x4, 0xfffffffffffffffc, 0x6, 0x8000000000000000, 0x0, 0x4, 0x8}, &(0x7f0000000c40)={0x9, 0x80000000000, 0x8, 0x239, 0x4, 0x9, 0x200, 0xfffffffffffffff8}, &(0x7f0000000c80)={0x4, 0x4f6, 0x10000, 0x1, 0x7, 0x8000000000000000, 0xffffffffffe00000, 0x4}, &(0x7f0000000cc0), &(0x7f0000000d40)={&(0x7f0000000d00)={[0x0, 0x7fff]}, 0x8})
socket$inet_sctp(0x2, 0x1, 0x84)
r4 = openat$autofs(0xffffff9c, &(0x7f0000000d80), 0x105341, 0x0)
r5 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000dc0)={r1, r1, 0x10, 0x0, @void}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_READY(r4, 0xc0189376, &(0x7f0000000e00)={{0x1, 0x1, 0x18, <r6=>r5, {0xa}}, './file0\x00'})
sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000001040)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001000)={&(0x7f0000000e80)={0x180, 0x0, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2a2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7f}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}]}, @TIPC_NLA_BEARER={0xb8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x31c}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x411c, @mcast2, 0x32}}, {0x14, 0x2, @in={0x2, 0x4e23, @private=0xa010100}}}}, @TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'eth', 0x3a, 'veth1_to_hsr\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x60000000, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}}, {0x14, 0x2, @in={0x2, 0x4e21, @private=0xa010101}}}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x10}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x40}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffe}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x10}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xff}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x4}, 0xd0)
write$RDMA_USER_CM_CMD_GET_EVENT(r6, &(0x7f0000001200)={0xc, 0x8, 0xfa00, {&(0x7f0000001080)}}, 0x10)
ioperm(0x6, 0x5aff, 0x8)
r7 = openat$sysfs(0xffffff9c, &(0x7f0000001240)='/sys/power/sync_on_suspend', 0xc802, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r4, 0xc0109428, &(0x7f0000001280)={0x1, 0xcf})
lremovexattr(&(0x7f00000012c0)='./file0\x00', &(0x7f0000001300)=@random={'os2.', '-\x00'})
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x6, &(0x7f0000001340)={<r8=>0x0, @in6={{0xa, 0x4e21, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}}, &(0x7f0000001400)=0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000001440)={r8, @in6={{0xa, 0x4e20, 0x72b, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x61b}}, 0x1, 0xa6c, 0x9, 0x8, 0x51, 0x9, 0xc2}, 0x9c)
ioctl$BLKSECDISCARD(r1, 0x127d, &(0x7f0000001500)=0x5)

3.693934385s ago: executing program 3 (id=4553):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x4000000)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20040014)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0x2, 0x0, 0x25dfdbfe, {{@in6=@private0, @in=@remote, 0x0, 0x4, 0x0, 0x0, 0xa, 0x60, 0x80, 0x3b, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, {0xfffffffffffffffe}, 0x9, 0x0, 0x0, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x50)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000100000000000000ac1e00"], 0xb8}}, 0x0)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_xfrm(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc000000000000000000000000000000ac1e000100000000000000000000000000000000000000000a0040", @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB], 0xb8}}, 0x0) (fail_nth: 8)

3.655071528s ago: executing program 0 (id=4554):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000bc0)={0x0, @rand_addr, @local}, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x4)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x2000c900}, 0xc881)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r2 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil)
shmat(r2, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
shmctl$IPC_RMID(r2, 0x0)
write$tcp_mem(0xffffffffffffffff, &(0x7f0000000200)={0x1, 0x20, 0x1, 0x20, 0x8}, 0x48)
ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="a0000000000101040000000000000000020000002400018014000180080001000000000008000200ac1414000c0002800500010000000000240002800c00028005000100000000001400018008000100e0000002080002000000000008000740000000003c0018"], 0xa0}}, 0x0)
syz_usb_connect$uac1(0x0, 0x8a, 0x0, 0x0)
ioctl$TIOCMGET(r3, 0x541e, 0x0)
unshare(0x20000400)
socket$can_raw(0x1d, 0x3, 0x1)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2000001, 0x12, r4, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x40041)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$kcm(0x2c, 0x4, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000a40)="5c00000014006b030231a6080c000af32c00009d31fc00003197250f03000f00e5aa000017d34460bc24ea08000000251e6182949a2756f475ce36c2d1000000000000ecb8f6ece6652894fda67ac7b7630a6e09e61cd53f2fdf2eed", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

3.544921021s ago: executing program 2 (id=4555):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = syz_io_uring_setup(0x239, &(0x7f0000000980)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000000)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x7fff})
io_uring_enter(r3, 0x2def, 0x0, 0x0, 0x0, 0x0)
getdents64(r2, &(0x7f00000063c0)=""/1024, 0x400)
syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x228, 0x0, 0x0, [{0x806, 0x5, 0xb, 0x2, '#,UK\x80j\x9bO\x8e,-'}, {0x2, 0x5, 0x1d8, 0x0, 'group\x1fidWtv\xf1@M\x13V\xb82\'\x1a\x00t\xae\x18&\xf8\x97\xbe4\xd5P\a\xf4I{\xea\xbf\x8c#\xad\xb9|\xd6\x01\x92a\xd5{\xde`U\xedxt\xd8\xdb\xeeS\xda\x81\xde\x83\xbf)\x8f,R_Hxj]&\xe7\x15\xfa\x02\x91\xa4\xa5\x971\n=\xc6%\xce{\xda\xd5\xd8\xf3\rTr\x8b\x95\xcc>\xaad\xb6\x9d\x13\x11<\xfb[\xd8\x01yG\xd4vt\x00\x02\xaej\x06\x12j&\x05\xb6W\x9b\xa7~2\'\xf2\xca\\\x94Q\"\xda\xfb\x1c\xba\xf7\xbc\v-\xbe[\x84\xfc\xbf*\xc4\x96\x93\xaaL^\xcf\xd6\xb3\\\xcd\x86\'\"fJ\x00j\xf3{\x02\xad\x14\xe2\xc6&\xe9\x18Y\xe8\fNO{\bV\x19\xdb<\x1f\x0e\x19\t\xe8\xed\xc7\xf6=\xa1\xe6Hj\xc2\x80@\to@|\xf9\xeb\x9b\xf4,\fl\x028\x9b\xe7\x05\x90\xb2\xe8N\x9cQ\x81\xf4r \xdd\xb4\xdaT\v\xcb\xbc\xa4\x88%\xb6~@\x1fkov\x9fr[\xca\xd8\x06)\x95\"ll\xd1\x9e\x8b\xf6]\x83b\xeatH \x04~G\xe5t\xe6\xfa\x81@\x8cB\xd6r\xdf\xf1\xd0\xb6Y1\xa2^#\xf6t\x93?\xa8S\x05\xb6J[\x9dJ~\xa4(t(\x80\x85\xc0\x00$\x16\xa0\xbc\xe7V\xc1\xc1\x17\xaeZ\xad\xdf,\xba\xd0\x11\xda\xe3c\x965\x0f\t5Z?\b\xaf\xc5\xc3M\x1e\x1bu\xf3\x06$\' u\xb9\x8f\xa9U\x8c\xd4\xe4\x02\x04\xa6\x83\x16\xea\x1ap<,\xd0\x00\xc7CP!\xe9$y\xde\xa4\x81q\xb6\x89%\xc4\xf9K\xc7&Z3\x84\\Q\xc7\xceo8\xe9\xaa\x89\xc5\x03\xde\xcdn\x7fl\x90\x1b\xec5\x12p&m\x8d\xd1\xce\x86$\xady\xe7-\xf2Q\xf2\x1e?\x8e\x83\xb9s\xea\x04j\xa8o\xe0L\xce5b\x94\x9d\x8b\xeaB\xe5\xb7\x02\x8b\xbd\xd9\x9cd\x13\xf5X\x0e\xda}*\xa0\\\x8d\xd5'}]}, 0x0, 0x0, 0x0, 0x0})

3.495433082s ago: executing program 4 (id=4556):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x230, 0x65, 0x2, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0x1}, {0x0, 0xb}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_bpf={{0x8}, {0x1f4, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x164, 0x1, [@m_simple={0x30, 0x1e, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}, @m_simple={0x64, 0x1e, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'bpf\x00'}]}, {0x2d, 0x6, "9787c29d6ac649e7ec160dfef7c4cea330102e688fe12213d2bf7dae04880a34e7bf775010128401ec"}, {0xc, 0x7, {0x0, 0x79d0f023c2b305dd}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_connmark={0xcc, 0x15, 0x0, 0x0, {{0xd}, {0x4}, {0x99, 0x6, "0ef6a460a5bbda16e826eafe044d3376872c48b74ae60f057b238fb15e2207986c5639bfbc3d91ee00b5a433e95b6b3527d9711d16abc0abaea927bcdffe4d3ec14fb6fca0407429934982873a3f054bcbf1e53f85fe7aee4ccd90229e6ba2b45bd165ebd7929c21abcdf0b8d47ff6a950009bf4b1ef96863b19aaa1c52a12b02f39c0816b2c6136341ed251c3b6f6af9385e3d242"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}]}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x3}, @TCA_BPF_ACT={0x70, 0x1, [@m_ctinfo={0x6c, 0x19, 0x0, 0x0, {{0xb}, {0x14, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_CPMARK_MASK={0x8, 0x7, 0x7fffffff}, @TCA_CTINFO_ZONE={0x6}]}, {0x2f, 0x6, "c04874b4806554224c1d607fce4f3c46819b0f84ba8654e87574ed1da66e458671a5cb17969c51d284950d"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x230}, 0x1, 0x0, 0x0, 0x81}, 0x20000080)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {0x0}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})

3.364330024s ago: executing program 2 (id=4557):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x1, 0xfffa}, 0x38, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x40009, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x4640, 0x7, 0x5, 0x8006, 0x4, 0x7, 0x3c5b, 0x9, 0x1db, 0x10, 0x5, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x9, 0x11, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18c, 0x6, 0x6, 0x454f, 0x206, 0x4, 0x4, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8001, 0x8, 0xfffffff3, 0x129432f6, 0xc8, 0xef, 0xe, 0x2bd, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x0, 0x66abcbd2, 0x6, 0x4, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x1, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x8, 0xb, 0x4, 0x9, 0x6, 0x2, 0x6, 0x47, 0x9, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x400000d, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x4, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x9, 0xb, 0x4, 0x33c9, 0x5, 0x0, 0x1ef, 0x5, 0x100008, 0x8001, 0x3, 0x303c, 0xfffffffa, 0x8000000b, 0x9, 0x2, 0x5, 0x400003, 0x8, 0x3, 0x6d01, 0x6, 0x38, 0x800003, 0x202, 0x80, 0x3, 0x0, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x9, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x0, 0xa, 0x3, 0x5, 0x1c, 0x120000, 0x807ff, 0x2006, 0x80a2ef, 0x1, 0x25], [0x9, 0x1, 0x7, 0xb, 0x5, 0x1938, 0x6, 0x6, 0x4, 0xb9, 0x10000, 0x1fb, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x1b57d867, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x106, 0x7, 0xffffffff, 0xfffffffd, 0x2, 0x5, 0xc8, 0x40000001, 0xfffff000, 0xffff, 0x3, 0x7e, 0x100, 0x9622, 0x10a, 0xab, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0x3, 0x200, 0x0, 0x3]}, 0x45c)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000020a000000000000000000000008000400", @ANYRES32=r0, @ANYBLOB="06001500030000000c0016"], 0x38}}, 0x10) (fail_nth: 8)

3.083076874s ago: executing program 4 (id=4558):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x1800)

2.929848009s ago: executing program 3 (id=4559):
socket$inet(0x2, 0x1, 0x0)
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xd)
r3 = syz_io_uring_setup(0xbdc, &(0x7f00000021c0)={0x0, 0x5011, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r4=>0x0, &(0x7f0000002180)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0x847ba, 0x0, 0xe, 0x0, 0x0)

2.627818433s ago: executing program 4 (id=4560):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1, &(0x7f0000000040)=0x100000001, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffe0, 0xa}, {0x1, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0x4010) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r3, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000080), 0x4) (async)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) (async)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a5fd03"}, 0x38) (async)
recvmmsg(r0, &(0x7f0000000b80)=[{{0x0, 0x0, 0x0}, 0xb00}, {{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000940)=""/99, 0x63}], 0x1}, 0xd6}], 0x2, 0x10020, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0xffffffffffffffff, 0x709d27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x40f55, 0x403a2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x51}, 0x20040040) (async)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[<r6=>0x0], &(0x7f0000000180)=[<r7=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r5, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r6, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x1000, 0x101c, 0x10, 0x4, 0x401, 0x100, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f00000003c0)={&(0x7f0000000280)=[r6, r7], 0x2, 0x0, 0x0, <r8=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r8, 0xc06864a2, &(0x7f0000000340)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe, 0x0, 0x0, 0x0, "b1eddb851ba62b00d8730000000000000000000800"}}) (async)
write$FUSE_NOTIFY_INVAL_INODE(r8, &(0x7f0000000140)={0x28, 0x2, 0x0, {0x6, 0x1}}, 0x28)

2.575655308s ago: executing program 2 (id=4561):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000000))
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000200))
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x200000000)
r2 = dup2(r1, r1)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x5)
read$FUSE(r2, &(0x7f0000004d80)={0x2020}, 0x2020)
write$vhost_msg_v2(r2, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000140)=""/128, 0x80, 0x0, 0x0, 0x2}}, 0x48)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x5, 0x7fffffffffffffff, 0x1}}, 0x30)
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x4000)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r5, {0x0, 0xfff0}, {}, {0x3, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x28, 0x2, [@TCA_FW_MASK={0x8, 0x5, 0x3}, @TCA_FW_INDEV={0x14, 0x3, 'team_slave_0\x00'}, @TCA_FW_CLASSID={0xffffffffffffffe1, 0x1, {0x1, 0xe}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x34000844}, 0x200c4094)
getpeername$packet(r3, &(0x7f0000000040)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000001c0)=0x14)
sendmmsg(r0, &(0x7f0000000480)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r6}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000000c0)="8a61f8b4bb3c61c16f4364450629", 0xe}], 0x1}}, {{&(0x7f0000000a40)=@xdp={0x2c, 0x4, r6, 0x8}, 0x80, 0x0}}], 0x2, 0x0)

2.065961192s ago: executing program 4 (id=4562):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
open(0x0, 0x147842, 0x88)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x10000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa"], 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
dup(r5)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
timerfd_settime(0xffffffffffffffff, 0x2, &(0x7f0000007000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
shmat(r7, &(0x7f0000ff9000/0x1000)=nil, 0x4000)
shmctl$IPC_RMID(r7, 0x0)
sendmsg$nl_xfrm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x4, 0x3, 0x641352225ed612c7, 0x1000, &(0x7f0000cb0000/0x1000)=nil})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

1.139071315s ago: executing program 1 (id=4563):
r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
syz_io_uring_setup(0x4cc4, &(0x7f0000001080)={0x0, 0xfffffffd, 0x10100, 0x0, 0x0, 0x0, r0}, &(0x7f0000000000), &(0x7f00000001c0))
socket(0x10, 0x803, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc2c45512, &(0x7f0000000340)={{0x6}, 0x0, [0xfffffffc, 0x3, 0x34fc, 0x0, 0x938, 0x0, 0xffffffff, 0x4, 0x81, 0x3, 0x0, 0x0, 0x0, 0x10001, 0x3, 0x0, 0xfffffffb, 0x10001, 0x0, 0xffff, 0x8, 0x800, 0x0, 0x10000, 0x7, 0x0, 0xfffffffc, 0x18c968c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x4, 0x2, 0x9, 0x0, 0x9, 0x799, 0x0, 0x0, 0x3, 0x8, 0x0, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0xffffffff, 0xfffffffc, 0x0, 0xc729985, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x10000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x6, 0x2, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0xb0, 0xf, 0x0, 0x0, 0xfffffffd, 0x8332, 0x6, 0x0, 0x0, 0x0, 0x0, 0xe38a, 0x6, 0x0, 0x4, 0xffffffff, 0x0, 0x3, 0x5b3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0xfffffffc]})
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002)
r3 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r4 = fcntl$dupfd(r2, 0x0, r3)
write$binfmt_script(r4, &(0x7f0000000100), 0xfffffd9d)
socket$unix(0x1, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="0000dd4d8f1614e5b0a97ada07728463371bfa69a7594e7d32bfc43aa6cec0b29da5e8f8029d90b52678786249ef2f9426f504ae12f0ebffaa6d070166f2077fade5f9813ec49c2d8033486363f7f9b38ea174cec55cdbcf2af09d85ccc6a1116b0095f064451b0ef0f8f9e5cca09063f642f326e59dc4d6c037e7431738d570d51acec28f13063ddecb9f0731eb36c213f0961ca166b25514d8cc4870962e6d"])
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r7, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r7, 0x8)
r8 = accept4(r7, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x1}, 0x8)
r9 = syz_io_uring_setup(0x78a9, &(0x7f0000000200)={0x0, 0x0, 0x40, 0x0, 0x3}, &(0x7f0000002480), &(0x7f00000024c0))
io_uring_register$IORING_REGISTER_BUFFERS2(r9, 0xf, &(0x7f0000002380)={0x1, 0x0, 0x0, &(0x7f00000022c0)=[{0x0}], 0x0}, 0x20)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r9, 0x10, &(0x7f0000004f40)={0x0, 0x0, &(0x7f0000004f00)=[{0x0}], 0xfffffffffffffffe, 0x1}, 0x20)

1.017782708s ago: executing program 2 (id=4564):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x2f4, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x230, 0x1, [@m_xt={0x194, 0xa, 0x0, 0x0, {{0x7}, {0x16c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x4d, 0x6, {0xb, 'security\x00', 0xfb, 0xf, "db32b67415a858318ca81432b4dc5d5526738147f0b08da046db93b204b3955fb990fa"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TARG={0x4d, 0x6, {0x2fe, 'nat\x00', 0x7, 0x1000, "32191f502c659f78524cedcb63159b9970fd761bd5a7356aa2eb78ed001acbeda2a4ab"}}, @TCA_IPT_TARG={0x5d, 0x6, {0x8001, 'nat\x00', 0xe, 0x1000, "5b17aa89d80870c15066789ffc3b484ddb037d507299171c05cbd077a4e3492a17ecb2370233755138b3858be560a8a0cb8e4b"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x4}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}, @TCA_IPT_INDEX={0x8, 0x3, 0xfffffffd}, @TCA_IPT_TARG={0x3d, 0x6, {0x22, 'mangle\x00', 0x8, 0x9, "e72647848090e95915f0df84f6bd63debef6ae"}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_csum={0x68, 0x34, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0xfffffffd, 0x6, 0x8, 0x9}, 0x43}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x5, 0x4, 0x0, 0x136bcb9c}, 0x6c}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbmod={0x30, 0xd, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}, {0xb0, 0x1, [@m_gact={0xac, 0x16, 0x0, 0x0, {{0x9}, {0x4}, {0x7d, 0x6, "3b5787a933d0695a3c65e24e5c4c8a9428e87983fcb08e778c4c16d937c9d6cdd2b42f9e24f75184f7dfdc33389e6615d6aa21fe6ee7d9836096a2743418947b1a45472c40db288e9fd9c34c8ceed8fb34c3bb42b89f5d42e9ec5f7e781cf88ee98688cd4e3817aab179991acb608cb1c9d6602df0c66e9c85"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3}}}}]}]}, 0x2f4}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x8, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400})

657.045339ms ago: executing program 2 (id=4565):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
open(0x0, 0x147842, 0x88)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x10000000)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_emit_ethernet(0x5e, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaa"], 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000004002, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1000000000000112, 0x2000, 0x0, 0x3)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)
timerfd_settime(0xffffffffffffffff, 0x2, &(0x7f0000007000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
shmat(r6, &(0x7f0000ff9000/0x1000)=nil, 0x4000)
shmctl$IPC_RMID(r6, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x4, 0x3, 0x641352225ed612c7, 0x1000, &(0x7f0000cb0000/0x1000)=nil})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

501.954661ms ago: executing program 4 (id=4566):
socket$kcm(0x10, 0x2, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ipv6_route\x00')
pread64(r2, &(0x7f0000000140)=""/250, 0xfa, 0x359)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000001000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000180)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9feb"], 0x0, 0x30}, 0x28)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c9, 0x8000000, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0x0, 0x200})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000001, 0x5, 0xfffffffffffffffe, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r6, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r7 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@mcast2, 0x0, 0x0, 0x1, 0x4, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0xbd1, 0x0, 0x3}, {0x81, 0x2}, 0x1fffffc, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x8000, 0x2b}, 0x0, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1, 0x0, 0x0, 0x7, 0x7, 0x0, 0x2}}, 0xe8)
sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0xffe0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="7800000018002507b9409b14ffff", 0xe, 0x0, 0x0, 0x0)
open(&(0x7f0000000100)='.\x00', 0x591002, 0x50f)

0s ago: executing program 0 (id=4567):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84242, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYBLOB="0e"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000140)={'syztnl0\x00', &(0x7f00000000c0)={'syztnl2\x00', <r2=>0x0, 0x2f, 0x9, 0x2, 0x4, 0x10, @private1={0xfc, 0x1, '\x00', 0x1}, @private2, 0x8, 0x20, 0xf321}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000240)={'tunl0\x00', &(0x7f0000000180)={'syztnl1\x00', <r3=>0x0, 0x20, 0x7, 0xfffffff9, 0x2, {{0x1a, 0x4, 0x3, 0x7, 0x68, 0x65, 0x0, 0x80, 0x29, 0x0, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0x54, 0xf0, 0x3, 0x3, [{@dev={0xac, 0x14, 0x14, 0x24}, 0x2}, {@dev={0xac, 0x14, 0x14, 0x37}, 0x101}, {@remote, 0x40}, {@local, 0xb3}, {@dev={0xac, 0x14, 0x14, 0x42}, 0x3}, {@multicast1, 0x2}, {@broadcast, 0x1}, {@empty, 0x10000}, {@local, 0x6}, {@remote, 0xfff}]}]}}}}})
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000009c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x4, {{@in6=@mcast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, 0x1, 0x2}, [@migrate={0x50, 0x11, [{@in6=@mcast2, @in=@private=0xa010100, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in=@private=0xa010100, 0x3c, 0x0, 0x0, 0xfffffffd, 0xa, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4090}, 0x0)
openat$kvm(0xffffff9c, &(0x7f00000003c0), 0x486000, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=@getlink={0x60, 0x12, 0x400, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r2, 0x10, 0x2480}, [@IFLA_CARRIER_CHANGES={0x8, 0x23, 0xd}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_WEIGHT={0x8, 0xf, 0x8}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x7}, @IFLA_PROTO_DOWN={0x5, 0x27, 0xd}, @IFLA_PHYS_PORT_ID={0x16, 0x22, "ad143655c8655a42eb130cfda864d310125e"}]}, 0x60}, 0x1, 0x0, 0x0, 0x44801}, 0x4000000)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174ff10000000000000010e200"}})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)

kernel console output (not intermixed with test programs):

ging to 10
[  946.578446][   T30] audit: type=1326 audit(1757292674.944:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29542 comm="syz.0.4173" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70de539 code=0x0
[  946.600156][T18437] usb 3-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[  946.619430][T18437] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.633178][T18437] usb 3-1: config 0 descriptor??
[  946.812709][T23235] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  946.966028][T23235] usb 2-1: device descriptor read/64, error -71
[  947.119804][T18437] aquacomputer_d5next 0003:0C70:F011.001D: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.2-1/input0
[  947.233265][T23235] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  947.282887][  T920] usb 5-1: new high-speed USB device number 96 using dummy_hcd
[  947.392812][T23235] usb 2-1: device descriptor read/64, error -71
[  947.447545][  T920] usb 5-1: too many configurations: 183, using maximum allowed: 8
[  947.460807][  T920] usb 5-1: unable to read config index 0 descriptor/start: -61
[  947.478989][  T920] usb 5-1: can't read configurations, error -61
[  947.513798][T23235] usb usb2-port1: attempt power cycle
[  947.623434][  T920] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[  947.686305][T29570] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4176'.
[  947.793581][  T920] usb 5-1: too many configurations: 183, using maximum allowed: 8
[  947.811924][  T920] usb 5-1: unable to read config index 0 descriptor/start: -61
[  947.821761][  T920] usb 5-1: can't read configurations, error -61
[  947.828998][  T920] usb usb5-port1: attempt power cycle
[  947.852912][T23235] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  947.883950][T23235] usb 2-1: device descriptor read/8, error -71
[  948.143084][T23235] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  948.173006][  T920] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[  948.173562][T23235] usb 2-1: device descriptor read/8, error -71
[  948.194887][  T920] usb 5-1: too many configurations: 183, using maximum allowed: 8
[  948.209873][  T920] usb 5-1: unable to read config index 0 descriptor/start: -61
[  948.219413][  T920] usb 5-1: can't read configurations, error -61
[  948.287537][   T44] usb 3-1: USB disconnect, device number 72
[  948.305099][T23235] usb usb2-port1: unable to enumerate USB device
[  948.352674][  T920] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[  948.387042][  T920] usb 5-1: too many configurations: 183, using maximum allowed: 8
[  948.405259][  T920] usb 5-1: unable to read config index 0 descriptor/start: -61
[  948.415088][  T920] usb 5-1: can't read configurations, error -61
[  948.423998][  T920] usb usb5-port1: unable to enumerate USB device
[  948.441034][   T30] audit: type=1326 audit(1757292676.804:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.464792][   T30] audit: type=1326 audit(1757292676.804:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.486981][    C1] vkms_vblank_simulate: vblank timer overrun
[  948.495061][   T30] audit: type=1326 audit(1757292676.834:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=344 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.517394][    C1] vkms_vblank_simulate: vblank timer overrun
[  948.525030][   T30] audit: type=1326 audit(1757292676.834:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.547947][   T30] audit: type=1326 audit(1757292676.834:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.570673][    C1] vkms_vblank_simulate: vblank timer overrun
[  948.579878][   T30] audit: type=1326 audit(1757292676.834:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.602769][    C1] vkms_vblank_simulate: vblank timer overrun
[  948.617873][   T30] audit: type=1326 audit(1757292676.834:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.664126][   T30] audit: type=1326 audit(1757292676.834:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  948.689200][   T30] audit: type=1326 audit(1757292676.834:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29590 comm="syz.2.4180" exe="/root/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[  949.396402][T29620] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  949.693060][   T44] usb 4-1: new full-speed USB device number 98 using dummy_hcd
[  949.856493][   T44] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  949.879195][   T44] usb 4-1: config 0 has no interface number 0
[  949.894929][   T44] usb 4-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  949.923389][   T44] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  949.960147][   T44] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  950.011933][   T44] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.04
[  950.041512][   T44] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  950.069273][   T44] usb 4-1: Product: syz
[  950.076303][   T44] usb 4-1: SerialNumber: syz
[  950.095614][   T44] usb 4-1: config 0 descriptor??
[  950.115273][   T44] cm109 4-1:0.8: invalid payload size 0, expected 4
[  950.144033][   T44] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input28
[  951.885343][T29734] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4197'.
[  952.698009][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.708046][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.715662][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.723088][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.730727][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.738512][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.746877][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.754832][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.762188][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.769518][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[  952.792674][   T44] usb 4-1: USB disconnect, device number 98
[  952.799083][    C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  953.220803][   T44] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  953.242284][T29751] program syz.0.4199 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  953.350642][T29751] binder: 29744:29751 ioctl 40046210 0 returned -14
[  954.437266][T29728] sctp: [Deprecated]: syz.1.4195 (pid 29728) Use of int in maxseg socket option.
[  954.437266][T29728] Use struct sctp_assoc_value instead
[  954.492818][T23235] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[  954.682263][T23235] usb 4-1: Using ep0 maxpacket: 16
[  954.767037][T23235] usb 4-1: config 8 has an invalid interface number: 206 but max is 0
[  954.779310][T23235] usb 4-1: config 8 has no interface number 0
[  954.809197][T23235] usb 4-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87
[  954.869478][T23235] usb 4-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024
[  954.934091][T23235] usb 4-1: config 8 interface 206 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  955.002327][T23235] usb 4-1: config 8 interface 206 altsetting 1 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  955.091744][T23235] usb 4-1: config 8 interface 206 has no altsetting 0
[  955.128553][T23235] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb
[  955.207635][T23235] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.288826][T23235] usb 4-1: Product: syz
[  955.293608][T23235] usb 4-1: Manufacturer: syz
[  955.298251][T23235] usb 4-1: SerialNumber: syz
[  955.589160][T23235] garmin_gps 4-1:8.206: Garmin GPS usb/tty converter detected
[  955.642719][T23235] usb 4-1: Garmin GPS usb/tty converter now attached to ttyUSB0
[  955.767734][T23235] usb 4-1: USB disconnect, device number 99
[  955.814132][T23235] garmin_gps ttyUSB0: Garmin GPS usb/tty converter now disconnected from ttyUSB0
[  955.864201][T23235] garmin_gps 4-1:8.206: device disconnected
[  955.982330][T29807] sctp: [Deprecated]: syz.4.4210 (pid 29807) Use of int in max_burst socket option deprecated.
[  955.982330][T29807] Use struct sctp_assoc_value instead
[  956.007712][T29809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  956.337644][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  956.337665][   T30] audit: type=1326 audit(1757292684.704:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.404019][   T30] audit: type=1326 audit(1757292684.704:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.433228][   T30] audit: type=1326 audit(1757292684.704:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=330 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.456781][   T30] audit: type=1326 audit(1757292684.704:1149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.492672][   T30] audit: type=1326 audit(1757292684.704:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.516025][   T30] audit: type=1326 audit(1757292684.744:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.539468][   T30] audit: type=1326 audit(1757292684.744:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.566200][   T30] audit: type=1326 audit(1757292684.744:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.600377][   T30] audit: type=1326 audit(1757292684.744:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.640367][   T30] audit: type=1326 audit(1757292684.744:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29822 comm="syz.3.4212" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7ffc0000
[  956.882664][T23235] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[  957.118159][T23235] usb 4-1: Using ep0 maxpacket: 8
[  957.133165][T23235] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  957.149700][T23235] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  957.161581][T23235] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.190889][T23235] usb 4-1: Product: syz
[  957.201914][T23235] usb 4-1: Manufacturer: syz
[  957.370089][T23235] usb 4-1: SerialNumber: syz
[  957.465203][T23235] usb 4-1: config 0 descriptor??
[  957.486860][T23235] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  957.512750][T23235] usb 4-1: setting power ON
[  957.556571][T23235] dvb-usb: bulk message failed: -22 (2/0)
[  957.925222][T23235] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  957.943601][T23235] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  957.953493][T23235] usb 4-1: media controller created
[  958.071210][T23235] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  958.366972][T23235] usb 4-1: selecting invalid altsetting 6
[  958.384465][T23235] usb 4-1: digital interface selection failed (-22)
[  958.391402][T23235] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  958.413166][T23235] usb 4-1: setting power OFF
[  958.417871][T23235] dvb-usb: bulk message failed: -22 (2/0)
[  958.424069][T23235] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  958.443566][T23235] (NULL device *): no alternate interface
[  958.490807][T23235] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  958.533891][T23235] usb 4-1: USB disconnect, device number 100
[  958.703638][T29892] program syz.3.4222 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  959.247679][T29905] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  960.152365][T29913] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4226'.
[  960.310325][T29904] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4224'.
[  960.628247][T29925] FAULT_INJECTION: forcing a failure.
[  960.628247][T29925] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  960.739409][T29925] CPU: 1 UID: 0 PID: 29925 Comm: syz.0.4229 Not tainted syzkaller #0 PREEMPT(full) 
[  960.739439][T29925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  960.739450][T29925] Call Trace:
[  960.739458][T29925]  <TASK>
[  960.739468][T29925]  dump_stack_lvl+0x189/0x250
[  960.739500][T29925]  ? __pfx____ratelimit+0x10/0x10
[  960.739533][T29925]  ? __pfx_dump_stack_lvl+0x10/0x10
[  960.739556][T29925]  ? __pfx__printk+0x10/0x10
[  960.739597][T29925]  should_fail_ex+0x414/0x560
[  960.739632][T29925]  _copy_to_user+0x31/0xb0
[  960.739660][T29925]  simple_read_from_buffer+0xe1/0x170
[  960.739693][T29925]  proc_fail_nth_read+0x1b3/0x220
[  960.739726][T29925]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  960.739752][T29925]  ? rw_verify_area+0x2a6/0x4d0
[  960.739773][T29925]  ? __lock_acquire+0xab9/0xd20
[  960.739797][T29925]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  960.739820][T29925]  vfs_read+0x200/0xa30
[  960.739842][T29925]  ? fdget_pos+0x247/0x320
[  960.739865][T29925]  ? __pfx___mutex_lock+0x10/0x10
[  960.739888][T29925]  ? __pfx_vfs_read+0x10/0x10
[  960.739914][T29925]  ? __fget_files+0x2a/0x420
[  960.739933][T29925]  ? __fget_files+0x3a0/0x420
[  960.739948][T29925]  ? __fget_files+0x2a/0x420
[  960.739974][T29925]  ksys_read+0x145/0x250
[  960.740000][T29925]  ? __pfx_ksys_read+0x10/0x10
[  960.740028][T29925]  ? lockdep_hardirqs_on+0x9c/0x150
[  960.740051][T29925]  __do_fast_syscall_32+0xb6/0x2b0
[  960.740073][T29925]  ? lockdep_hardirqs_on+0x9c/0x150
[  960.740096][T29925]  do_fast_syscall_32+0x34/0x80
[  960.740117][T29925]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  960.740139][T29925] RIP: 0023:0xf70de539
[  960.740157][T29925] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  960.740174][T29925] RSP: 002b:00000000f54ce590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[  960.740197][T29925] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54ce620
[  960.740210][T29925] RDX: 000000000000000f RSI: 00000000f7454ff4 RDI: 0000000000000000
[  960.740222][T29925] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  960.740234][T29925] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  960.740245][T29925] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  960.740277][T29925]  </TASK>
[  961.903789][T29922] syz_tun: entered promiscuous mode
[  961.911123][T29922] batadv_slave_0: entered promiscuous mode
[  961.921656][T29922] debugfs: 'hsr1' already exists in 'hsr'
[  961.928005][T29922] Cannot create hsr debugfs directory
[  961.938686][T29922] hsr1: Slave A (syz_tun) is not up; please bring it up to get a fully working HSR network
[  961.956159][T29922] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network
[  962.017447][T29922] hsr1: entered allmulticast mode
[  962.066804][T29922] syz_tun: entered allmulticast mode
[  962.072361][T29922] batadv_slave_0: entered allmulticast mode
[  962.526692][T29968] netlink: 'syz.1.4236': attribute type 32 has an invalid length.
[  962.557181][T29968] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4236'.
[  962.571742][T29968] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  962.742899][  T920] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  962.871774][T29993] syz_tun: entered promiscuous mode
[  962.913884][T29993] batadv_slave_0: entered promiscuous mode
[  962.922071][  T920] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  962.955421][  T920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.980334][  T920] usb 4-1: config 0 descriptor??
[  962.986592][T29993] debugfs: 'hsr1' already exists in 'hsr'
[  963.021842][T29993] Cannot create hsr debugfs directory
[  963.029871][T29993] hsr1: Slave A (syz_tun) is not up; please bring it up to get a fully working HSR network
[  963.035239][  T920] cp210x 4-1:0.0: cp210x converter detected
[  963.040531][T29993] hsr1: Slave B (batadv_slave_0) is not up; please bring it up to get a fully working HSR network
[  963.059235][T29993] hsr1: entered allmulticast mode
[  963.067919][T29993] syz_tun: entered allmulticast mode
[  963.075637][T29993] batadv_slave_0: entered allmulticast mode
[  963.279369][  T920] usb 4-1: cp210x converter now attached to ttyUSB0
[  963.487212][  T920] usb 4-1: USB disconnect, device number 101
[  963.661547][  T920] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  963.671860][  T920] cp210x 4-1:0.0: device disconnected
[  965.558756][T30053] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4241'.
[  966.033590][  T920] usb 1-1: new low-speed USB device number 91 using dummy_hcd
[  966.243635][  T920] usb 1-1: Invalid ep0 maxpacket: 64
[  966.935726][  T920] usb 1-1: new low-speed USB device number 92 using dummy_hcd
[  967.083045][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  967.083065][   T30] audit: type=1800 audit(1757292695.444:1164): pid=30086 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4246" name="SYSV00000000" dev="hugetlbfs" ino=11 res=0 errno=0
[  967.117761][T30086] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4246'.
[  967.183382][   T44] usb 4-1: new full-speed USB device number 102 using dummy_hcd
[  967.242604][  T920] usb 1-1: Invalid ep0 maxpacket: 64
[  967.248311][  T920] usb usb1-port1: attempt power cycle
[  967.322661][   T44] usb 4-1: device descriptor read/64, error -71
[  967.953897][  T920] usb 1-1: new low-speed USB device number 93 using dummy_hcd
[  967.964554][   T44] usb 4-1: new full-speed USB device number 103 using dummy_hcd
[  968.226202][  T920] usb 1-1: Invalid ep0 maxpacket: 64
[  968.312757][   T44] usb 4-1: device descriptor read/64, error -71
[  968.386874][  T920] usb 1-1: new low-speed USB device number 94 using dummy_hcd
[  968.423299][   T44] usb usb4-port1: attempt power cycle
[  968.439084][  T920] usb 1-1: Invalid ep0 maxpacket: 64
[  968.461404][  T920] usb usb1-port1: unable to enumerate USB device
[  968.825050][   T44] usb 4-1: new full-speed USB device number 104 using dummy_hcd
[  968.861355][   T44] usb 4-1: device descriptor read/8, error -71
[  969.048512][T30099] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4249'.
[  969.122852][   T44] usb 4-1: new full-speed USB device number 105 using dummy_hcd
[  969.350593][   T44] usb 4-1: device descriptor read/8, error -71
[  969.363023][T23235] usb 1-1: new full-speed USB device number 95 using dummy_hcd
[  969.463464][   T44] usb usb4-port1: unable to enumerate USB device
[  969.545129][T23235] usb 1-1: config 0 has an invalid interface number: 32 but max is 0
[  969.566116][T23235] usb 1-1: config 0 has no interface number 0
[  969.583168][T23235] usb 1-1: config 0 interface 32 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  969.609685][T23235] usb 1-1: config 0 interface 32 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  969.621526][T23235] usb 1-1: New USB device found, idVendor=256c, idProduct=006e, bcdDevice= 0.00
[  969.636789][T23235] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.660602][T23235] usb 1-1: config 0 descriptor??
[  969.807645][  T920] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[  969.871421][T23235] usbhid 1-1:0.32: can't add hid device: -71
[  969.877956][T18437] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  969.893763][T23235] usbhid 1-1:0.32: probe with driver usbhid failed with error -71
[  969.972905][T23235] usb 1-1: USB disconnect, device number 95
[  969.988628][  T920] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  970.016756][  T920] usb 5-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[  970.026856][  T920] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  970.050672][  T920] usb 5-1: config 0 descriptor??
[  970.056457][T18437] usb 2-1: Using ep0 maxpacket: 16
[  970.114367][T18437] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  970.135859][T18437] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  970.149785][T18437] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  970.167218][T18437] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  970.246355][T18437] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  970.270835][T18437] usb 2-1: config 0 descriptor??
[  970.743339][  T920] aquacomputer_d5next 0003:0C70:F011.001E: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.4-1/input0
[  970.888575][T30158] netlink: 40 bytes leftover after parsing attributes in process `syz.1.4254'.
[  971.007213][T18437] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.001F/input/input29
[  971.194854][T30124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  971.256542][T30124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  971.410716][T18437] microsoft 0003:045E:07DA.001F: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  971.723536][T18437] usb 2-1: USB disconnect, device number 78
[  971.964355][T23237] usb 5-1: USB disconnect, device number 100
[  972.050008][T30168] fido_id[30168]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  972.115873][T30175] fido_id[30175]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  972.202860][T30157] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4256'.
[  972.842562][T30204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4257'.
[  972.893247][  T920] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[  973.070939][  T920] usb 4-1: device descriptor read/64, error -71
[  973.312741][  T920] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[  973.485492][  T920] usb 4-1: device descriptor read/64, error -71
[  973.562429][T30236] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4264'.
[  973.601938][  T920] usb usb4-port1: attempt power cycle
[  973.662867][T18437] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  973.887159][T18437] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  973.898063][T18437] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  973.942770][  T920] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  973.981881][T18437] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  974.005086][T18437] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  974.006022][  T920] usb 4-1: device descriptor read/8, error -71
[  974.063983][   T30] audit: type=1800 audit(1757292702.394:1165): pid=30251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4267" name="SYSV00000000" dev="hugetlbfs" ino=14 res=0 errno=0
[  974.093013][T18437] usb 1-1: SerialNumber: syz
[  974.114616][T30251] netlink: 56 bytes leftover after parsing attributes in process `syz.4.4267'.
[  974.340025][  T920] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  974.368147][  T920] usb 4-1: device descriptor read/8, error -71
[  974.386722][T18437] usb 1-1: skipping empty audio interface (v1)
[  974.484384][  T920] usb usb4-port1: unable to enumerate USB device
[  974.586492][T18437] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  974.609974][T18437] usb 1-1: USB disconnect, device number 96
[  974.724775][T14059] udevd[14059]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  975.128768][T30270] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  975.135360][T30270] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  975.152418][T30250] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(8)
[  975.159097][T30250] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  975.180543][T30250] vhci_hcd vhci_hcd.0: Device attached
[  975.184383][T30270] vhci_hcd vhci_hcd.0: Device attached
[  975.292059][T30250] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  975.319144][T30260] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  975.344736][T30278] vhci_hcd: connection closed
[  975.345043][T30275] vhci_hcd: connection closed
[  975.345235][ T1334] vhci_hcd: stop threads
[  975.364495][ T1334] vhci_hcd: release socket
[  975.375691][ T1334] vhci_hcd: disconnect device
[  975.387782][ T1334] vhci_hcd: stop threads
[  975.399025][ T1334] vhci_hcd: release socket
[  975.404250][ T1334] vhci_hcd: disconnect device
[  975.413140][T18437] usb 35-2: new low-speed USB device number 2 using vhci_hcd
[  975.421020][T18437] usb 35-2: enqueue for inactive port 1
[  975.626416][T30290] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4273'.
[  975.812739][T18437] vhci_hcd: vhci_device speed not set
[  975.813957][   T30] audit: type=1800 audit(1757292703.984:1166): pid=30290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4273" name="SYSV00000000" dev="hugetlbfs" ino=10 res=0 errno=0
[  977.599977][T30301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4274'.
[  978.059959][T30306] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4276'.
[  978.480942][T30315] netdevsim netdevsim0: Direct firmware load for .
[  978.480942][T30315]  failed with error -2
[  978.492807][T30315] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[  978.492807][T30315] 
[  978.532690][T23237] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  978.692593][T23237] usb 2-1: Using ep0 maxpacket: 8
[  978.734384][T23237] usb 2-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  978.802890][T23237] usb 2-1: config 0 interface 0 has no altsetting 0
[  978.809597][T23237] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00
[  978.859987][T23237] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  978.893352][T23237] usb 2-1: config 0 descriptor??
[  978.941225][   T30] audit: type=1326 audit(1757292707.294:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.032933][   T30] audit: type=1326 audit(1757292707.294:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.099090][   T30] audit: type=1326 audit(1757292707.304:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.317440][   T30] audit: type=1326 audit(1757292707.304:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=172 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.354601][   T30] audit: type=1326 audit(1757292707.304:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.388724][T23237] wacom 0003:056A:0094.0020: unknown main item tag 0x6
[  979.398858][T23237] wacom 0003:056A:0094.0020: Using device in hidraw-only mode
[  979.412953][   T30] audit: type=1326 audit(1757292707.304:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.436932][T23237] wacom 0003:056A:0094.0020: hidraw0: USB HID v3.ff Device [HID 056a:0094] on usb-dummy_hcd.1-1/input0
[  979.454930][   T30] audit: type=1326 audit(1757292707.304:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.477975][   T30] audit: type=1326 audit(1757292707.304:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.501023][   T30] audit: type=1326 audit(1757292707.304:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.529887][   T30] audit: type=1326 audit(1757292707.334:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.605541][   T30] audit: type=1326 audit(1757292707.334:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.647277][T23237] usb 2-1: USB disconnect, device number 79
[  979.730764][   T30] audit: type=1326 audit(1757292707.334:1178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30326 comm="syz.4.4279" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  979.837205][T30343] fido_id[30343]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  980.816822][  T920] IPVS: starting estimator thread 0...
[  980.912948][T30376] IPVS: using max 30 ests per chain, 72000 per kthread
[  981.202791][T23237] usb 1-1: new full-speed USB device number 97 using dummy_hcd
[  981.503817][T30387] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4289'.
[  981.517159][T30387] FAULT_INJECTION: forcing a failure.
[  981.517159][T30387] name failslab, interval 1, probability 0, space 0, times 0
[  981.530999][T30387] CPU: 1 UID: 0 PID: 30387 Comm: syz.3.4289 Not tainted syzkaller #0 PREEMPT(full) 
[  981.531026][T30387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  981.531037][T30387] Call Trace:
[  981.531046][T30387]  <TASK>
[  981.531055][T30387]  dump_stack_lvl+0x189/0x250
[  981.531082][T30387]  ? __pfx____ratelimit+0x10/0x10
[  981.531102][T30387]  ? __pfx_dump_stack_lvl+0x10/0x10
[  981.531125][T30387]  ? __pfx__printk+0x10/0x10
[  981.531158][T30387]  ? __pfx___might_resched+0x10/0x10
[  981.531175][T30387]  ? fs_reclaim_acquire+0x7d/0x100
[  981.531210][T30387]  should_fail_ex+0x414/0x560
[  981.531243][T30387]  should_failslab+0xa8/0x100
[  981.531271][T30387]  __kmalloc_cache_noprof+0x70/0x3d0
[  981.531296][T30387]  ? nfnetlink_rcv+0xeff/0x2520
[  981.531339][T30387]  nfnetlink_rcv+0xeff/0x2520
[  981.531402][T30387]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  981.531487][T30387]  ? netlink_deliver_tap+0x2e/0x1b0
[  981.531528][T30387]  netlink_unicast+0x82c/0x9e0
[  981.531562][T30387]  ? __pfx_netlink_unicast+0x10/0x10
[  981.531591][T30387]  ? netlink_sendmsg+0x642/0xb30
[  981.531609][T30387]  ? skb_put+0x11b/0x210
[  981.531634][T30387]  netlink_sendmsg+0x805/0xb30
[  981.531665][T30387]  ? __pfx_netlink_sendmsg+0x10/0x10
[  981.531689][T30387]  ? __import_iovec+0x5d4/0x7f0
[  981.531711][T30387]  ? aa_sock_msg_perm+0xf1/0x1d0
[  981.531733][T30387]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  981.531753][T30387]  ? __pfx_netlink_sendmsg+0x10/0x10
[  981.531775][T30387]  __sock_sendmsg+0x21c/0x270
[  981.531807][T30387]  ____sys_sendmsg+0x505/0x830
[  981.531837][T30387]  ? __pfx_____sys_sendmsg+0x10/0x10
[  981.531881][T30387]  ___sys_sendmsg+0x21f/0x2a0
[  981.531907][T30387]  ? __pfx____sys_sendmsg+0x10/0x10
[  981.531973][T30387]  ? __fget_files+0x2a/0x420
[  981.531989][T30387]  ? __fget_files+0x3a0/0x420
[  981.532019][T30387]  __sys_sendmsg+0x164/0x220
[  981.532045][T30387]  ? __pfx___sys_sendmsg+0x10/0x10
[  981.532089][T30387]  ? lockdep_hardirqs_on+0x9c/0x150
[  981.532113][T30387]  __do_fast_syscall_32+0xb6/0x2b0
[  981.532134][T30387]  ? lockdep_hardirqs_on+0x9c/0x150
[  981.532158][T30387]  do_fast_syscall_32+0x34/0x80
[  981.532179][T30387]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  981.532202][T30387] RIP: 0023:0xf703e539
[  981.532220][T30387] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  981.532237][T30387] RSP: 002b:00000000f542e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  981.532259][T30387] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[  981.532273][T30387] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  981.532285][T30387] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  981.532296][T30387] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  981.532316][T30387] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  981.532348][T30387]  </TASK>
[  981.868066][T23237] usb 1-1: unable to get BOS descriptor or descriptor too short
[  981.877010][T23237] usb 1-1: not running at top speed; connect to a high speed hub
[  981.887995][T23237] usb 1-1: config 5 has an invalid interface number: 246 but max is 0
[  981.900370][T23237] usb 1-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  981.955462][T23237] usb 1-1: config 5 has no interface number 0
[  982.114158][T23237] usb 1-1: config 5 interface 246 altsetting 4 endpoint 0x3 has invalid maxpacket 255, setting to 64
[  982.195352][T23237] usb 1-1: config 5 interface 246 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  982.217662][T23237] usb 1-1: config 5 interface 246 has no altsetting 0
[  982.231128][T23237] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4
[  982.244519][T23237] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  982.253823][T23237] usb 1-1: Product: syz
[  982.258088][T23237] usb 1-1: Manufacturer: syz
[  982.265383][T23237] usb 1-1: SerialNumber: syz
[  982.632325][T30395] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4290'.
[  983.592711][  T920] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[  983.600041][T30416] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4293'.
[  983.853512][  T920] usb 4-1: Using ep0 maxpacket: 32
[  983.857238][T23237] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  983.862409][T21100] usb 1-1: Failed to submit usb control message: -71
[  983.892043][  T920] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  983.912962][  T920] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  983.925648][  T920] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  983.946962][T23237] usb 1-1: USB disconnect, device number 97
[  984.035632][T21100] usb 1-1: unable to send the bmi data to the device: -71
[  984.043677][  T920] usb 4-1: Product: syz
[  984.052957][T21100] usb 1-1: unable to get target info from device
[  984.062964][  T920] usb 4-1: Manufacturer: syz
[  984.067793][  T920] usb 4-1: SerialNumber: syz
[  984.082662][T21100] usb 1-1: could not get target info (-71)
[  984.113988][T21100] usb 1-1: could not probe fw (-71)
[  984.125212][  T920] usb 4-1: config 0 descriptor??
[  984.142743][T30418] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  984.374352][  T920] usb 4-1: USB disconnect, device number 110
[  984.399434][T30465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  984.432090][T30465] netlink: 'syz.2.4298': attribute type 10 has an invalid length.
[  984.457716][T30465] bond0: (slave wlan1): Opening slave failed
[  984.843305][  T920] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[  985.005135][  T920] usb 4-1: Using ep0 maxpacket: 16
[  985.024833][  T920] usb 4-1: config index 0 descriptor too short (expected 8453, got 36)
[  985.039213][  T920] usb 4-1: config 166 has too many interfaces: 181, using maximum allowed: 32
[  985.076745][  T920] usb 4-1: config 166 has an invalid descriptor of length 49, skipping remainder of the config
[  985.205448][  T920] usb 4-1: config 166 has 0 interfaces, different from the descriptor's value: 181
[  985.226570][  T920] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  985.853062][  T920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  985.975635][  T920] usb 4-1: can't set config #166, error -71
[  986.068474][  T920] usb 4-1: USB disconnect, device number 111
[  986.142605][T30506] netlink: 112 bytes leftover after parsing attributes in process `syz.3.4307'.
[  986.174832][T30506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4307'.
[  986.953650][T30522] netlink: 48 bytes leftover after parsing attributes in process `syz.1.4308'.
[  987.906010][T30545] netlink: 'syz.2.4316': attribute type 1 has an invalid length.
[  987.939145][T30545] 8021q: adding VLAN 0 to HW filter on device bond1
[  988.205595][T30545] bond1: (slave veth3): Enslaving as an active interface with a down link
[  988.236926][T30597] netlink: 660 bytes leftover after parsing attributes in process `syz.2.4316'.
[  988.637820][T30597] netlink: 660 bytes leftover after parsing attributes in process `syz.2.4316'.
[  988.659828][T30590] 8021q: adding VLAN 0 to HW filter on device batadv1
[  988.728075][T30590] bond1: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[  988.932469][T30596] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  989.222730][T18437] usb 5-1: new low-speed USB device number 101 using dummy_hcd
[  989.436140][T18437] usb 5-1: Invalid ep0 maxpacket: 64
[  989.484864][T30628] delete_channel: no stack
[  989.795139][T18437] usb 5-1: new low-speed USB device number 102 using dummy_hcd
[  990.430701][T18437] usb 5-1: Invalid ep0 maxpacket: 64
[  990.458870][T18437] usb usb5-port1: attempt power cycle
[  990.748740][  T920] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[  990.882947][T18437] usb 5-1: new low-speed USB device number 103 using dummy_hcd
[  990.945400][T18437] usb 5-1: Invalid ep0 maxpacket: 64
[  991.034748][  T920] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  991.096732][  T920] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  991.103091][T18437] usb 5-1: new low-speed USB device number 104 using dummy_hcd
[  991.141951][  T920] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  991.156964][T18437] usb 5-1: Invalid ep0 maxpacket: 64
[  991.169827][T18437] usb usb5-port1: unable to enumerate USB device
[  991.204873][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  991.204890][   T30] audit: type=1326 audit(1757292719.564:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  991.244031][  T920] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  991.283677][T30633] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  991.296764][   T30] audit: type=1326 audit(1757292719.564:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  991.467627][   T30] audit: type=1326 audit(1757292719.604:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf70de539 code=0x7ffc0000
[  991.499590][  T920] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  991.501728][   T30] audit: type=1326 audit(1757292719.604:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  991.606400][   T30] audit: type=1326 audit(1757292719.604:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  991.655898][   T30] audit: type=1326 audit(1757292719.604:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf70de539 code=0x7ffc0000
[  991.701365][   T30] audit: type=1326 audit(1757292719.604:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de539 code=0x7ffc0000
[  992.088106][   T30] audit: type=1326 audit(1757292719.664:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30665 comm="syz.0.4326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf70de539 code=0x7ffc0000
[  992.472683][T18437] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  992.839873][T18437] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  992.869271][T18437] usb 2-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[  992.921711][T18437] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  992.967538][T18437] usb 2-1: config 0 descriptor??
[  993.463360][T23237] usb 4-1: USB disconnect, device number 112
[  993.586053][T18437] usbhid 2-1:0.0: can't add hid device: -71
[  993.592289][T18437] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  993.668635][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  993.675959][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  993.696955][T18437] usb 2-1: USB disconnect, device number 80
[  994.068442][T30732] FAULT_INJECTION: forcing a failure.
[  994.068442][T30732] name failslab, interval 1, probability 0, space 0, times 0
[  994.220175][T30732] CPU: 1 UID: 0 PID: 30732 Comm: syz.0.4331 Not tainted syzkaller #0 PREEMPT(full) 
[  994.220205][T30732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  994.220217][T30732] Call Trace:
[  994.220226][T30732]  <TASK>
[  994.220235][T30732]  dump_stack_lvl+0x189/0x250
[  994.220265][T30732]  ? __pfx____ratelimit+0x10/0x10
[  994.220285][T30732]  ? __pfx_dump_stack_lvl+0x10/0x10
[  994.220306][T30732]  ? __pfx__printk+0x10/0x10
[  994.220336][T30732]  ? __pfx___might_resched+0x10/0x10
[  994.220355][T30732]  ? fs_reclaim_acquire+0x7d/0x100
[  994.220391][T30732]  should_fail_ex+0x414/0x560
[  994.220434][T30732]  should_failslab+0xa8/0x100
[  994.220465][T30732]  __kmalloc_cache_noprof+0x70/0x3d0
[  994.220491][T30732]  ? flow_init+0x51/0xd0
[  994.220515][T30732]  flow_init+0x51/0xd0
[  994.220535][T30732]  tcf_proto_create+0x245/0x330
[  994.220566][T30732]  tc_new_tfilter+0x11aa/0x15b0
[  994.220620][T30732]  ? __pfx_tc_new_tfilter+0x10/0x10
[  994.220641][T30732]  ? __dev_queue_xmit+0x1d79/0x3b50
[  994.220705][T30732]  ? __pfx_tc_new_tfilter+0x10/0x10
[  994.220727][T30732]  rtnetlink_rcv_msg+0x7cf/0xb70
[  994.220753][T30732]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  994.220773][T30732]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  994.220789][T30732]  ? ref_tracker_free+0x63a/0x7d0
[  994.220808][T30732]  ? __asan_memcpy+0x40/0x70
[  994.220829][T30732]  ? __pfx_ref_tracker_free+0x10/0x10
[  994.220845][T30732]  ? __skb_clone+0x63/0x7a0
[  994.220880][T30732]  netlink_rcv_skb+0x205/0x470
[  994.220902][T30732]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  994.220924][T30732]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  994.220959][T30732]  ? netlink_deliver_tap+0x2e/0x1b0
[  994.220989][T30732]  netlink_unicast+0x82c/0x9e0
[  994.221028][T30732]  ? __pfx_netlink_unicast+0x10/0x10
[  994.221059][T30732]  ? netlink_sendmsg+0x642/0xb30
[  994.221076][T30732]  ? skb_put+0x11b/0x210
[  994.221101][T30732]  netlink_sendmsg+0x805/0xb30
[  994.221134][T30732]  ? __pfx_netlink_sendmsg+0x10/0x10
[  994.221159][T30732]  ? __import_iovec+0x5d4/0x7f0
[  994.221179][T30732]  ? aa_sock_msg_perm+0xf1/0x1d0
[  994.221201][T30732]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  994.221222][T30732]  ? __pfx_netlink_sendmsg+0x10/0x10
[  994.221244][T30732]  __sock_sendmsg+0x21c/0x270
[  994.221276][T30732]  ____sys_sendmsg+0x505/0x830
[  994.221307][T30732]  ? __pfx_____sys_sendmsg+0x10/0x10
[  994.221350][T30732]  ___sys_sendmsg+0x21f/0x2a0
[  994.221376][T30732]  ? __pfx____sys_sendmsg+0x10/0x10
[  994.221452][T30732]  ? __fget_files+0x2a/0x420
[  994.221467][T30732]  ? __fget_files+0x3a0/0x420
[  994.221498][T30732]  __sys_sendmsg+0x164/0x220
[  994.221524][T30732]  ? __pfx___sys_sendmsg+0x10/0x10
[  994.221567][T30732]  ? lockdep_hardirqs_on+0x9c/0x150
[  994.221591][T30732]  __do_fast_syscall_32+0xb6/0x2b0
[  994.221613][T30732]  ? lockdep_hardirqs_on+0x9c/0x150
[  994.221637][T30732]  do_fast_syscall_32+0x34/0x80
[  994.221658][T30732]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  994.221680][T30732] RIP: 0023:0xf70de539
[  994.221698][T30732] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  994.221714][T30732] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[  994.221736][T30732] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000580
[  994.221749][T30732] RDX: 000000002008c010 RSI: 0000000000000000 RDI: 0000000000000000
[  994.221761][T30732] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  994.221772][T30732] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  994.221784][T30732] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  994.221816][T30732]  </TASK>
[  994.602421][    C1] vkms_vblank_simulate: vblank timer overrun
[  995.156363][T30746] netlink: 48 bytes leftover after parsing attributes in process `syz.3.4333'.
[  995.372916][  T920] usb 2-1: new low-speed USB device number 81 using dummy_hcd
[  995.532654][  T920] usb 2-1: Invalid ep0 maxpacket: 64
[  995.933407][  T920] usb 2-1: new low-speed USB device number 82 using dummy_hcd
[  996.112893][  T920] usb 2-1: Invalid ep0 maxpacket: 64
[  996.293273][  T920] usb usb2-port1: attempt power cycle
[  996.762770][  T920] usb 2-1: new low-speed USB device number 83 using dummy_hcd
[  996.812928][  T920] usb 2-1: Invalid ep0 maxpacket: 64
[  996.943025][  T920] usb 2-1: new low-speed USB device number 84 using dummy_hcd
[  996.998252][  T920] usb 2-1: Invalid ep0 maxpacket: 64
[  997.015249][  T920] usb usb2-port1: unable to enumerate USB device
[  997.450130][T30803] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4344'.
[  997.487300][   T30] audit: type=1800 audit(1757292725.804:1197): pid=30803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4344" name="SYSV00000000" dev="hugetlbfs" ino=12 res=0 errno=0
[  997.557901][T30805] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4347'.
[  998.645092][T30840] trusted_key: encrypted_key: master key parameter 'defau�RFe$�)syz' is invalid
[ 1000.503505][  T920] usb 3-1: new full-speed USB device number 73 using dummy_hcd
[ 1000.622887][   T44] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 1000.677370][  T920] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1000.692819][  T920] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1000.716732][  T920] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1000.758799][  T920] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1000.769019][  T920] usb 3-1: Product: syz
[ 1000.773808][  T920] usb 3-1: Manufacturer: syz
[ 1000.783052][   T44] usb 4-1: Using ep0 maxpacket: 8
[ 1000.788707][  T920] usb 3-1: SerialNumber: syz
[ 1000.796576][   T44] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1000.823860][   T44] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[ 1000.832841][   T44] usb 4-1: config 0 has no interface number 0
[ 1000.840387][   T44] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1000.863716][   T44] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1000.898396][   T44] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1000.933096][   T44] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1000.963102][   T44] usb 4-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[ 1000.982842][   T44] usb 4-1: Product: syz
[ 1000.998633][   T44] usb 4-1: Manufacturer: syz
[ 1001.075233][   T44] usb 4-1: config 0 descriptor??
[ 1001.107031][T30869] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1001.227291][  T920] usb 3-1: 0:2 : does not exist
[ 1001.391076][  T920] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[ 1001.471987][  T920] usb 3-1: USB disconnect, device number 73
[ 1001.580683][T14059] udevd[14059]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1002.079862][T30925] FAULT_INJECTION: forcing a failure.
[ 1002.079862][T30925] name failslab, interval 1, probability 0, space 0, times 0
[ 1002.132334][T30925] CPU: 1 UID: 0 PID: 30925 Comm: syz.2.4365 Not tainted syzkaller #0 PREEMPT(full) 
[ 1002.132364][T30925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1002.132375][T30925] Call Trace:
[ 1002.132384][T30925]  <TASK>
[ 1002.132394][T30925]  dump_stack_lvl+0x189/0x250
[ 1002.132421][T30925]  ? __pfx____ratelimit+0x10/0x10
[ 1002.132446][T30925]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1002.132467][T30925]  ? __pfx__printk+0x10/0x10
[ 1002.132491][T30925]  ? crng_make_state+0x3fc/0x700
[ 1002.132517][T30925]  ? crng_make_state+0x13a/0x700
[ 1002.132544][T30925]  should_fail_ex+0x414/0x560
[ 1002.132577][T30925]  should_failslab+0xa8/0x100
[ 1002.132605][T30925]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1002.132630][T30925]  ? sctp_add_bind_addr+0x8c/0x370
[ 1002.132662][T30925]  sctp_add_bind_addr+0x8c/0x370
[ 1002.132693][T30925]  sctp_copy_local_addr_list+0x30b/0x4e0
[ 1002.132724][T30925]  ? sctp_copy_local_addr_list+0x9b/0x4e0
[ 1002.132752][T30925]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[ 1002.132786][T30925]  ? sctp_v4_is_any+0x35/0x60
[ 1002.132805][T30925]  ? sctp_copy_one_addr+0x93/0x360
[ 1002.132837][T30925]  sctp_bind_addr_copy+0xb3/0x3c0
[ 1002.132868][T30925]  ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0
[ 1002.132898][T30925]  sctp_connect_new_asoc+0x2e0/0x690
[ 1002.132925][T30925]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[ 1002.132949][T30925]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1002.132972][T30925]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1002.132992][T30925]  ? sctp_endpoint_lookup_assoc+0x7b/0x260
[ 1002.133015][T30925]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[ 1002.133038][T30925]  ? security_sctp_bind_connect+0x7e/0x2e0
[ 1002.133067][T30925]  sctp_sendmsg+0x155c/0x2810
[ 1002.133103][T30925]  ? __pfx_sctp_sendmsg+0x10/0x10
[ 1002.133130][T30925]  ? aa_sk_perm+0x81e/0x950
[ 1002.133170][T30925]  ? _copy_from_user+0x94/0xb0
[ 1002.133198][T30925]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1002.133231][T30925]  ? sock_rps_record_flow+0x19/0x410
[ 1002.133262][T30925]  ? inet_sendmsg+0x2f4/0x370
[ 1002.133287][T30925]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1002.133312][T30925]  __sock_sendmsg+0x19c/0x270
[ 1002.133346][T30925]  ____sys_sendmsg+0x505/0x830
[ 1002.133376][T30925]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1002.133417][T30925]  ___sys_sendmsg+0x21f/0x2a0
[ 1002.133441][T30925]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1002.133483][T30925]  ? __fget_files+0x2a/0x420
[ 1002.133493][T30925]  ? __fget_files+0x3a0/0x420
[ 1002.133510][T30925]  __sys_sendmsg+0x164/0x220
[ 1002.133525][T30925]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1002.133549][T30925]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1002.133563][T30925]  __do_fast_syscall_32+0xb6/0x2b0
[ 1002.133576][T30925]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1002.133589][T30925]  do_fast_syscall_32+0x34/0x80
[ 1002.133602][T30925]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1002.133616][T30925] RIP: 0023:0xf7ff4539
[ 1002.133628][T30925] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1002.133638][T30925] RSP: 002b:00000000f550655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1002.133652][T30925] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001640
[ 1002.133661][T30925] RDX: 000000002800c051 RSI: 0000000000000000 RDI: 0000000000000000
[ 1002.133755][T30925] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1002.133767][T30925] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1002.133775][T30925] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1002.133799][T30925]  </TASK>
[ 1002.489612][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1002.983088][T18437] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 1003.012324][T30944] FAULT_INJECTION: forcing a failure.
[ 1003.012324][T30944] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1003.033203][T30944] CPU: 0 UID: 0 PID: 30944 Comm: syz.2.4371 Not tainted syzkaller #0 PREEMPT(full) 
[ 1003.033233][T30944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1003.033246][T30944] Call Trace:
[ 1003.033255][T30944]  <TASK>
[ 1003.033265][T30944]  dump_stack_lvl+0x189/0x250
[ 1003.033293][T30944]  ? __pfx____ratelimit+0x10/0x10
[ 1003.033315][T30944]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1003.033337][T30944]  ? __pfx__printk+0x10/0x10
[ 1003.033379][T30944]  should_fail_ex+0x414/0x560
[ 1003.033413][T30944]  _copy_to_user+0x31/0xb0
[ 1003.033438][T30944]  simple_read_from_buffer+0xe1/0x170
[ 1003.033473][T30944]  proc_fail_nth_read+0x1b3/0x220
[ 1003.033499][T30944]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1003.033524][T30944]  ? rw_verify_area+0x2a6/0x4d0
[ 1003.033548][T30944]  ? __lock_acquire+0xab9/0xd20
[ 1003.033570][T30944]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1003.033592][T30944]  vfs_read+0x200/0xa30
[ 1003.033614][T30944]  ? fdget_pos+0x247/0x320
[ 1003.033637][T30944]  ? __pfx___mutex_lock+0x10/0x10
[ 1003.033660][T30944]  ? __pfx_vfs_read+0x10/0x10
[ 1003.033687][T30944]  ? __fget_files+0x2a/0x420
[ 1003.033708][T30944]  ? __fget_files+0x3a0/0x420
[ 1003.033723][T30944]  ? __fget_files+0x2a/0x420
[ 1003.033751][T30944]  ksys_read+0x145/0x250
[ 1003.033780][T30944]  ? __pfx_ksys_read+0x10/0x10
[ 1003.033809][T30944]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1003.033831][T30944]  __do_fast_syscall_32+0xb6/0x2b0
[ 1003.033852][T30944]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1003.033874][T30944]  do_fast_syscall_32+0x34/0x80
[ 1003.033896][T30944]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1003.033919][T30944] RIP: 0023:0xf7ff4539
[ 1003.033939][T30944] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1003.033955][T30944] RSP: 002b:00000000f5506590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1003.033977][T30944] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 00000000f5506620
[ 1003.033991][T30944] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[ 1003.034001][T30944] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1003.034011][T30944] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1003.034022][T30944] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1003.034055][T30944]  </TASK>
[ 1003.332595][T30953] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4370'.
[ 1003.530923][T18437] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1003.543136][T18437] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1003.551710][T18437] usb 5-1: Product: syz
[ 1003.562714][T18437] usb 5-1: Manufacturer: syz
[ 1003.569777][T18437] usb 5-1: SerialNumber: syz
[ 1003.586549][T18437] usb 5-1: config 0 descriptor??
[ 1003.928605][T30931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1003.947829][   T44] usb 4-1: USB disconnect, device number 113
[ 1003.983969][T30931] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1004.652389][T18437] usb 5-1: USB disconnect, device number 105
[ 1004.750279][T30995] netlink: 'syz.2.4377': attribute type 1 has an invalid length.
[ 1004.795345][T13929] udevd[13929]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1004.802366][T30995] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.4377'.
[ 1004.882747][   T44] usb 4-1: new full-speed USB device number 114 using dummy_hcd
[ 1004.953462][   T30] audit: type=1326 audit(1757292733.324:1198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.067450][T31008] input: syz1 as /devices/virtual/input/input32
[ 1005.107481][   T44] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1005.143177][   T30] audit: type=1326 audit(1757292733.324:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.185876][   T44] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1005.215316][   T30] audit: type=1326 audit(1757292733.354:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.244685][   T44] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1005.263058][   T44] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1005.271503][   T44] usb 4-1: Product: syz
[ 1005.282869][   T44] usb 4-1: Manufacturer: syz
[ 1005.308507][   T44] usb 4-1: SerialNumber: syz
[ 1005.323107][   T30] audit: type=1326 audit(1757292733.354:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.385850][   T30] audit: type=1326 audit(1757292733.354:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.425584][   T30] audit: type=1326 audit(1757292733.354:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.662961][   T30] audit: type=1326 audit(1757292733.354:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.761324][   T30] audit: type=1326 audit(1757292733.354:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.952113][   T30] audit: type=1326 audit(1757292733.354:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1005.993684][   T30] audit: type=1326 audit(1757292733.354:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30993 comm="syz.2.4377" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7ff4539 code=0x7ffc0000
[ 1006.150445][T31038] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4382'.
[ 1006.539147][   T44] usb 4-1: 0:2 : does not exist
[ 1006.607222][   T44] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1006.631937][   T44] usb 4-1: USB disconnect, device number 114
[ 1006.867485][T31062] netlink: 388 bytes leftover after parsing attributes in process `syz.4.4385'.
[ 1007.055779][T14059] udevd[14059]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1007.460147][T23235] usb 5-1: new full-speed USB device number 106 using dummy_hcd
[ 1007.982235][T23235] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[ 1008.003242][T23235] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1008.078967][T23235] usb 5-1: config 0 has no interface number 0
[ 1008.096368][T23235] usb 5-1: config 0 interface 8 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1009.064061][T23235] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1009.074554][T23235] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1009.083371][T23235] usb 5-1: Product: syz
[ 1009.088069][T23235] usb 5-1: SerialNumber: syz
[ 1009.124667][T23235] usb 5-1: config 0 descriptor??
[ 1009.157974][T23235] usbhid 5-1:0.8: couldn't find an input interrupt endpoint
[ 1009.213778][T31112] FAULT_INJECTION: forcing a failure.
[ 1009.213778][T31112] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1009.262715][T31112] CPU: 0 UID: 0 PID: 31112 Comm: syz.3.4392 Not tainted syzkaller #0 PREEMPT(full) 
[ 1009.262744][T31112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1009.262757][T31112] Call Trace:
[ 1009.262766][T31112]  <TASK>
[ 1009.262775][T31112]  dump_stack_lvl+0x189/0x250
[ 1009.262803][T31112]  ? __pfx____ratelimit+0x10/0x10
[ 1009.262821][T31112]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1009.262842][T31112]  ? __pfx__printk+0x10/0x10
[ 1009.262880][T31112]  should_fail_ex+0x414/0x560
[ 1009.262910][T31112]  _copy_to_user+0x31/0xb0
[ 1009.262937][T31112]  simple_read_from_buffer+0xe1/0x170
[ 1009.262968][T31112]  proc_fail_nth_read+0x1b3/0x220
[ 1009.262991][T31112]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1009.263013][T31112]  ? rw_verify_area+0x2a6/0x4d0
[ 1009.263034][T31112]  ? __lock_acquire+0xab9/0xd20
[ 1009.263069][T31112]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1009.263090][T31112]  vfs_read+0x200/0xa30
[ 1009.263112][T31112]  ? fdget_pos+0x247/0x320
[ 1009.263135][T31112]  ? __pfx___mutex_lock+0x10/0x10
[ 1009.263153][T31112]  ? __pfx_vfs_read+0x10/0x10
[ 1009.263178][T31112]  ? __fget_files+0x2a/0x420
[ 1009.263197][T31112]  ? __fget_files+0x3a0/0x420
[ 1009.263211][T31112]  ? __fget_files+0x2a/0x420
[ 1009.263238][T31112]  ksys_read+0x145/0x250
[ 1009.263270][T31112]  ? __pfx_ksys_read+0x10/0x10
[ 1009.263296][T31112]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.263316][T31112]  __do_fast_syscall_32+0xb6/0x2b0
[ 1009.263334][T31112]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1009.263353][T31112]  do_fast_syscall_32+0x34/0x80
[ 1009.263372][T31112]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1009.263394][T31112] RIP: 0023:0xf703e539
[ 1009.263411][T31112] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1009.263426][T31112] RSP: 002b:00000000f542e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1009.263570][T31112] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f542e620
[ 1009.263584][T31112] RDX: 000000000000000f RSI: 00000000f73b4ff4 RDI: 0000000000000000
[ 1009.263596][T31112] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1009.263606][T31112] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1009.263617][T31112] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1009.263647][T31112]  </TASK>
[ 1009.820052][T31123] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4396'.
[ 1009.989127][T31130] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4399'.
[ 1010.112656][T23235] usb 3-1: new low-speed USB device number 74 using dummy_hcd
[ 1010.203130][T18437] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 1010.272785][T23235] usb 3-1: Invalid ep0 maxpacket: 64
[ 1010.362785][T18437] usb 4-1: Using ep0 maxpacket: 32
[ 1010.370495][T18437] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[ 1010.384231][T18437] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[ 1010.393907][   T44] usb 2-1: new high-speed USB device number 85 using dummy_hcd
[ 1010.397371][T18437] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[ 1010.414050][T23235] usb 3-1: new low-speed USB device number 75 using dummy_hcd
[ 1010.432943][T18437] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[ 1010.451805][T18437] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[ 1010.475518][T18437] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1010.486527][T18437] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1010.495362][T18437] usb 4-1: Product: syz
[ 1010.499787][T18437] usb 4-1: Manufacturer: syz
[ 1010.505908][T18437] usb 4-1: SerialNumber: syz
[ 1010.516386][T18437] usb 4-1: config 0 descriptor??
[ 1010.592713][T23235] usb 3-1: Invalid ep0 maxpacket: 64
[ 1010.593933][   T44] usb 2-1: Using ep0 maxpacket: 8
[ 1010.604259][T23235] usb usb3-port1: attempt power cycle
[ 1010.655566][   T10] usb 5-1: USB disconnect, device number 106
[ 1010.682126][   T44] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1010.714439][   T44] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1010.728861][T31128] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4398'.
[ 1010.760028][   T44] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1010.827348][   T44] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1010.923560][   T44] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1010.984691][T23235] usb 3-1: new low-speed USB device number 76 using dummy_hcd
[ 1011.000054][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.004740][   T44] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1011.019331][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.059356][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1011.062588][T23235] usb 3-1: Invalid ep0 maxpacket: 64
[ 1011.114123][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.139931][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.158811][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.196879][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.210521][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.246451][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.277652][T23235] usb 3-1: new low-speed USB device number 77 using dummy_hcd
[ 1011.304074][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.327195][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.343709][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.357786][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.364956][T23235] usb 3-1: Invalid ep0 maxpacket: 64
[ 1011.375430][T23235] usb usb3-port1: unable to enumerate USB device
[ 1011.393222][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.400311][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.420941][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.427931][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.470560][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.487893][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.495334][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.502355][T18437] iforce 4-1:0.0: usb_submit_urb failed: -71
[ 1011.509654][T18437] input input33: Timeout waiting for response from device.
[ 1011.560587][T18437] usb 4-1: USB disconnect, device number 115
[ 1011.815134][T31206] FAULT_INJECTION: forcing a failure.
[ 1011.815134][T31206] name failslab, interval 1, probability 0, space 0, times 0
[ 1011.830022][T31206] CPU: 0 UID: 0 PID: 31206 Comm: syz.3.4412 Not tainted syzkaller #0 PREEMPT(full) 
[ 1011.830051][T31206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1011.830063][T31206] Call Trace:
[ 1011.830073][T31206]  <TASK>
[ 1011.830082][T31206]  dump_stack_lvl+0x189/0x250
[ 1011.830111][T31206]  ? __pfx____ratelimit+0x10/0x10
[ 1011.830132][T31206]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1011.830155][T31206]  ? __pfx__printk+0x10/0x10
[ 1011.830188][T31206]  ? __pfx___might_resched+0x10/0x10
[ 1011.830206][T31206]  ? fs_reclaim_acquire+0x7d/0x100
[ 1011.830240][T31206]  should_fail_ex+0x414/0x560
[ 1011.830283][T31206]  should_failslab+0xa8/0x100
[ 1011.830313][T31206]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1011.830337][T31206]  ? nl80211_prepare_wdev_dump+0x2c3/0x6a0
[ 1011.830373][T31206]  nl80211_prepare_wdev_dump+0x2c3/0x6a0
[ 1011.830410][T31206]  nl80211_dump_station+0x124/0xca0
[ 1011.830435][T31206]  ? __kmalloc_node_track_caller_noprof+0x271/0x4e0
[ 1011.830459][T31206]  ? kmalloc_reserve+0x136/0x290
[ 1011.830477][T31206]  ? __alloc_skb+0x142/0x2d0
[ 1011.830495][T31206]  ? netlink_dump+0x1b7/0xe90
[ 1011.830512][T31206]  ? genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[ 1011.830535][T31206]  ? genl_rcv_msg+0x5da/0x790
[ 1011.830556][T31206]  ? netlink_rcv_skb+0x205/0x470
[ 1011.830572][T31206]  ? genl_rcv+0x28/0x40
[ 1011.830591][T31206]  ? netlink_unicast+0x82c/0x9e0
[ 1011.830614][T31206]  ? netlink_sendmsg+0x805/0xb30
[ 1011.830633][T31206]  ? ___sys_sendmsg+0x21f/0x2a0
[ 1011.830654][T31206]  ? __sys_sendmsg+0x164/0x220
[ 1011.830673][T31206]  ? __do_fast_syscall_32+0xb6/0x2b0
[ 1011.830690][T31206]  ? do_fast_syscall_32+0x34/0x80
[ 1011.830707][T31206]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1011.830732][T31206]  ? __pfx_nl80211_dump_station+0x10/0x10
[ 1011.830801][T31206]  ? trace_kmalloc+0x1f/0xd0
[ 1011.830822][T31206]  ? __kmalloc_node_track_caller_noprof+0x28e/0x4e0
[ 1011.830856][T31206]  ? __build_skb_around+0x257/0x3e0
[ 1011.830883][T31206]  genl_dumpit+0x108/0x1b0
[ 1011.830912][T31206]  netlink_dump+0x6e4/0xe90
[ 1011.830945][T31206]  ? __pfx_netlink_dump+0x10/0x10
[ 1011.830962][T31206]  ? genl_start+0x1c9/0x6c0
[ 1011.831002][T31206]  ? genl_start+0x499/0x6c0
[ 1011.831031][T31206]  __netlink_dump_start+0x5cb/0x7e0
[ 1011.831057][T31206]  genl_family_rcv_msg_dumpit+0x1e7/0x2c0
[ 1011.831081][T31206]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[ 1011.831101][T31206]  ? genl_get_cmd+0x7d9/0x910
[ 1011.831127][T31206]  ? __pfx_genl_start+0x10/0x10
[ 1011.831145][T31206]  ? __pfx_genl_dumpit+0x10/0x10
[ 1011.831163][T31206]  ? __pfx_genl_done+0x10/0x10
[ 1011.831189][T31206]  ? stack_trace_save+0x9c/0xe0
[ 1011.831217][T31206]  genl_rcv_msg+0x5da/0x790
[ 1011.831245][T31206]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1011.831265][T31206]  ? __pfx_nl80211_dump_station+0x10/0x10
[ 1011.831313][T31206]  netlink_rcv_skb+0x205/0x470
[ 1011.831328][T31206]  ? __lock_acquire+0xab9/0xd20
[ 1011.831352][T31206]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1011.831376][T31206]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1011.831415][T31206]  ? down_read+0x1ad/0x2e0
[ 1011.831438][T31206]  genl_rcv+0x28/0x40
[ 1011.831457][T31206]  netlink_unicast+0x82c/0x9e0
[ 1011.831496][T31206]  ? __pfx_netlink_unicast+0x10/0x10
[ 1011.831526][T31206]  ? netlink_sendmsg+0x642/0xb30
[ 1011.831544][T31206]  ? skb_put+0x11b/0x210
[ 1011.831570][T31206]  netlink_sendmsg+0x805/0xb30
[ 1011.831602][T31206]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.831626][T31206]  ? __import_iovec+0x5d4/0x7f0
[ 1011.831647][T31206]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1011.831666][T31206]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1011.831684][T31206]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1011.831704][T31206]  __sock_sendmsg+0x21c/0x270
[ 1011.831732][T31206]  ____sys_sendmsg+0x505/0x830
[ 1011.831763][T31206]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1011.831801][T31206]  ___sys_sendmsg+0x21f/0x2a0
[ 1011.831825][T31206]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1011.831885][T31206]  ? __fget_files+0x2a/0x420
[ 1011.831901][T31206]  ? __fget_files+0x3a0/0x420
[ 1011.831928][T31206]  __sys_sendmsg+0x164/0x220
[ 1011.831951][T31206]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1011.831989][T31206]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.832011][T31206]  __do_fast_syscall_32+0xb6/0x2b0
[ 1011.832031][T31206]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1011.832053][T31206]  do_fast_syscall_32+0x34/0x80
[ 1011.832072][T31206]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1011.832093][T31206] RIP: 0023:0xf703e539
[ 1011.832112][T31206] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1011.832127][T31206] RSP: 002b:00000000f542e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1011.832147][T31206] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280
[ 1011.832160][T31206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1011.832172][T31206] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1011.832182][T31206] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1011.832194][T31206] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1011.832225][T31206]  </TASK>
[ 1012.263159][   T44] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[ 1012.292520][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1012.539582][   T44] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1012.557695][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1012.577487][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1012.590096][   T44] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1012.614613][   T44] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1012.630311][   T44] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1012.651600][   T44] usb 5-1: Manufacturer: syz
[ 1012.676004][   T44] usb 5-1: config 0 descriptor??
[ 1012.742842][  T920] usb 4-1: new full-speed USB device number 116 using dummy_hcd
[ 1012.906742][  T920] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1012.919740][  T920] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1012.935813][  T920] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1012.979244][  T920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1012.989420][  T920] usb 4-1: Product: syz
[ 1012.995308][  T920] usb 4-1: Manufacturer: syz
[ 1013.004231][  T920] usb 4-1: SerialNumber: syz
[ 1013.161179][T18437] usb 2-1: USB disconnect, device number 85
[ 1013.435029][   T44] appleir 0003:05AC:8243.0021: unknown main item tag 0x0
[ 1013.639850][   T44] appleir 0003:05AC:8243.0021: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[ 1013.799470][  T920] usb 4-1: 0:2 : does not exist
[ 1013.871726][  T920] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[ 1013.952290][T31274] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[ 1013.969672][  T920] usb 4-1: USB disconnect, device number 116
[ 1014.103796][T14059] udevd[14059]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1014.488340][T31303] bridge2: entered promiscuous mode
[ 1014.872810][T18437] usb 5-1: reset high-speed USB device number 107 using dummy_hcd
[ 1015.202641][T18437] usb 5-1: device descriptor read/64, error -32
[ 1015.469992][T18437] usb 5-1: reset high-speed USB device number 107 using dummy_hcd
[ 1015.762620][T18437] usb 5-1: device descriptor read/64, error -32
[ 1015.954439][T31324] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.4429'.
[ 1016.267025][T31327] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.4429'.
[ 1016.794351][T23235] usb 5-1: USB disconnect, device number 107
[ 1018.560805][T31390] sctp: [Deprecated]: syz.1.4438 (pid 31390) Use of int in max_burst socket option.
[ 1018.560805][T31390] Use struct sctp_assoc_value instead
[ 1018.612907][   T44] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 1018.677975][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 1018.677997][   T30] audit: type=1326 audit(1757292747.044:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31389 comm="syz.1.4438" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f37539 code=0x0
[ 1018.739127][T31395] netlink: 212408 bytes leftover after parsing attributes in process `syz.2.4440'.
[ 1018.782418][T31395] netlink: zone id is out of range
[ 1018.811614][T31395] netlink: zone id is out of range
[ 1018.825151][   T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[ 1018.832803][T31395] netlink: get zone limit has 8 unknown bytes
[ 1018.847236][   T44] usb 5-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[ 1018.860701][   T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1018.874139][   T44] usb 5-1: config 0 descriptor??
[ 1018.992757][T23235] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[ 1019.144807][T23235] usb 4-1: Using ep0 maxpacket: 32
[ 1019.159430][T23235] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[ 1019.168892][T23235] usb 4-1: config 0 has no interface number 0
[ 1019.178478][T23235] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has an invalid bInterval 97, changing to 7
[ 1019.190597][T23235] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid maxpacket 24929, setting to 1024
[ 1019.208722][T23235] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[ 1019.254854][T23235] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1019.269392][T23235] usb 4-1: Product: syz
[ 1019.274076][T18437] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1019.287636][T23235] usb 4-1: Manufacturer: syz
[ 1019.292907][T23235] usb 4-1: SerialNumber: syz
[ 1019.303420][T23235] usb 4-1: config 0 descriptor??
[ 1019.323583][T23235] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[ 1019.335146][T23235] em28xx 4-1:0.132: Video interface 132 found: isoc
[ 1019.350401][   T44] aquacomputer_d5next 0003:0C70:F011.0022: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.4-1/input0
[ 1019.455572][T18437] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1019.468477][T18437] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1019.496388][T18437] usb 3-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[ 1019.601056][T18437] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1019.614783][T23235] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[ 1019.670286][T18437] usb 3-1: config 0 descriptor??
[ 1019.703236][T23235] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[ 1019.792744][T23235] em28xx 4-1:0.132: board has no eeprom
[ 1019.915181][T23235] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[ 1019.955809][T23235] em28xx 4-1:0.132: analog set to isoc mode.
[ 1019.962472][   T10] em28xx 4-1:0.132: Registering V4L2 extension
[ 1020.354866][T18437] greenasia 0003:0E8F:0012.0023: collection stack underflow
[ 1020.362358][T18437] greenasia 0003:0E8F:0012.0023: item 0 1 0 12 parsing failed
[ 1020.426328][T23235] usb 4-1: USB disconnect, device number 117
[ 1020.538741][T31441] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4442'.
[ 1020.587014][T18437] greenasia 0003:0E8F:0012.0023: parse failed
[ 1020.655181][T23235] em28xx 4-1:0.132: Disconnecting em28xx
[ 1020.708233][T18437] greenasia 0003:0E8F:0012.0023: probe with driver greenasia failed with error -22
[ 1020.894919][T18437] usb 5-1: USB disconnect, device number 108
[ 1020.913466][T31452] geneve1: left promiscuous mode
[ 1020.918603][T31452] geneve1: entered allmulticast mode
[ 1021.372392][   T10] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[ 1021.381526][   T10] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[ 1021.392450][   T10] em28xx 4-1:0.132: No AC97 audio processor
[ 1022.024939][T31470] netlink: 212408 bytes leftover after parsing attributes in process `syz.4.4446'.
[ 1022.099743][T18437] usb 3-1: USB disconnect, device number 78
[ 1022.117277][   T10] usb 4-1: Decoder not found
[ 1022.124086][T31470] netlink: zone id is out of range
[ 1022.129466][T31470] netlink: zone id is out of range
[ 1022.172783][   T10] em28xx 4-1:0.132: failed to create media graph
[ 1022.179310][   T10] em28xx 4-1:0.132: V4L2 device video103 deregistered
[ 1022.210418][T31470] netlink: get zone limit has 8 unknown bytes
[ 1022.267065][T31471] program syz.3.4447 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1022.298134][   T10] em28xx 4-1:0.132: Remote control support is not available for this card.
[ 1022.328830][T31487] FAULT_INJECTION: forcing a failure.
[ 1022.328830][T31487] name failslab, interval 1, probability 0, space 0, times 0
[ 1022.352826][T23235] em28xx 4-1:0.132: Closing input extension
[ 1022.380559][T31487] CPU: 0 UID: 0 PID: 31487 Comm: syz.0.4449 Not tainted syzkaller #0 PREEMPT(full) 
[ 1022.380590][T31487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1022.380602][T31487] Call Trace:
[ 1022.380611][T31487]  <TASK>
[ 1022.380621][T31487]  dump_stack_lvl+0x189/0x250
[ 1022.380650][T31487]  ? __pfx____ratelimit+0x10/0x10
[ 1022.380670][T31487]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1022.380694][T31487]  ? __pfx__printk+0x10/0x10
[ 1022.380722][T31487]  ? __pfx___might_resched+0x10/0x10
[ 1022.380741][T31487]  ? fs_reclaim_acquire+0x7d/0x100
[ 1022.380775][T31487]  should_fail_ex+0x414/0x560
[ 1022.380806][T31487]  should_failslab+0xa8/0x100
[ 1022.380833][T31487]  __kmalloc_node_track_caller_noprof+0xcc/0x4e0
[ 1022.380857][T31487]  ? __request_module+0x2d1/0x5e0
[ 1022.380887][T31487]  kstrdup+0x42/0x100
[ 1022.380908][T31487]  __request_module+0x2d1/0x5e0
[ 1022.381246][T31487]  ? rtnl_link_ops_get+0x23/0x250
[ 1022.381286][T31487]  ? __pfx___request_module+0x10/0x10
[ 1022.381325][T31487]  ? rtnl_link_ops_get+0x23/0x250
[ 1022.381343][T31487]  ? rtnl_link_ops_get+0x23/0x250
[ 1022.381363][T31487]  ? rtnl_link_ops_get+0x215/0x250
[ 1022.381386][T31487]  rtnl_newlink+0x64f/0x1c70
[ 1022.381405][T31487]  ? netlink_sendmsg+0x805/0xb30
[ 1022.381425][T31487]  ? __sys_sendmsg+0x164/0x220
[ 1022.381442][T31487]  ? __do_fast_syscall_32+0xb6/0x2b0
[ 1022.381458][T31487]  ? do_fast_syscall_32+0x34/0x80
[ 1022.381482][T31487]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1022.381522][T31487]  ? kasan_quarantine_put+0xdd/0x220
[ 1022.381543][T31487]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1022.381564][T31487]  ? nlmon_xmit+0xb0/0x100
[ 1022.381583][T31487]  ? kmem_cache_free+0x18f/0x400
[ 1022.381614][T31487]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1022.381632][T31487]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1022.381650][T31487]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1022.381666][T31487]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1022.381688][T31487]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1022.381712][T31487]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1022.381733][T31487]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1022.381758][T31487]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1022.381786][T31487]  ? __lock_acquire+0xab9/0xd20
[ 1022.381839][T31487]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1022.381857][T31487]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1022.381880][T31487]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1022.381898][T31487]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1022.381914][T31487]  ? ref_tracker_free+0x63a/0x7d0
[ 1022.381932][T31487]  ? __asan_memcpy+0x40/0x70
[ 1022.381951][T31487]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1022.381967][T31487]  ? __skb_clone+0x63/0x7a0
[ 1022.382002][T31487]  netlink_rcv_skb+0x205/0x470
[ 1022.382024][T31487]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1022.382047][T31487]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1022.382078][T31487]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1022.382106][T31487]  netlink_unicast+0x82c/0x9e0
[ 1022.382143][T31487]  ? __pfx_netlink_unicast+0x10/0x10
[ 1022.382175][T31487]  ? netlink_sendmsg+0x642/0xb30
[ 1022.382202][T31487]  ? skb_put+0x11b/0x210
[ 1022.382228][T31487]  netlink_sendmsg+0x805/0xb30
[ 1022.382258][T31487]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1022.382282][T31487]  ? __import_iovec+0x5d4/0x7f0
[ 1022.382301][T31487]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1022.382322][T31487]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1022.382342][T31487]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1022.382364][T31487]  __sock_sendmsg+0x21c/0x270
[ 1022.382397][T31487]  ____sys_sendmsg+0x505/0x830
[ 1022.382428][T31487]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1022.382474][T31487]  ___sys_sendmsg+0x21f/0x2a0
[ 1022.382498][T31487]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1022.382554][T31487]  ? __fget_files+0x2a/0x420
[ 1022.382572][T31487]  ? __fget_files+0x3a0/0x420
[ 1022.382600][T31487]  __sys_sendmsg+0x164/0x220
[ 1022.382625][T31487]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1022.382666][T31487]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1022.382689][T31487]  __do_fast_syscall_32+0xb6/0x2b0
[ 1022.382709][T31487]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1022.382731][T31487]  do_fast_syscall_32+0x34/0x80
[ 1022.382753][T31487]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1022.382777][T31487] RIP: 0023:0xf70de539
[ 1022.382795][T31487] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1022.382811][T31487] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1022.382832][T31487] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000200
[ 1022.382845][T31487] RDX: 0000000020048004 RSI: 0000000000000000 RDI: 0000000000000000
[ 1022.382856][T31487] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1022.382867][T31487] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1022.382878][T31487] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1022.382908][T31487]  </TASK>
[ 1022.397989][T31492] Invalid logical block size (33)
[ 1022.417840][T23235] em28xx 4-1:0.132: Freeing device
[ 1022.751220][T31501] FAULT_INJECTION: forcing a failure.
[ 1022.751220][T31501] name failslab, interval 1, probability 0, space 0, times 0
[ 1022.987295][T31501] CPU: 1 UID: 0 PID: 31501 Comm: syz.0.4452 Not tainted syzkaller #0 PREEMPT(full) 
[ 1022.987330][T31501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1022.987343][T31501] Call Trace:
[ 1022.987353][T31501]  <TASK>
[ 1022.987362][T31501]  dump_stack_lvl+0x189/0x250
[ 1022.987395][T31501]  ? __pfx____ratelimit+0x10/0x10
[ 1022.987417][T31501]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1022.987439][T31501]  ? __pfx__printk+0x10/0x10
[ 1022.987469][T31501]  ? __pfx___might_resched+0x10/0x10
[ 1022.987489][T31501]  ? fs_reclaim_acquire+0x7d/0x100
[ 1022.987524][T31501]  should_fail_ex+0x414/0x560
[ 1022.987559][T31501]  should_failslab+0xa8/0x100
[ 1022.987597][T31501]  __kmalloc_noprof+0xcb/0x4f0
[ 1022.987622][T31501]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1022.987655][T31501]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1022.987688][T31501]  genl_family_rcv_msg_doit+0xb8/0x300
[ 1022.987721][T31501]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1022.987751][T31501]  ? __pfx_genl_get_cmd+0x10/0x10
[ 1022.987777][T31501]  ? __pfx_ovs_ct_limit_cmd_get+0x10/0x10
[ 1022.987818][T31501]  genl_rcv_msg+0x60e/0x790
[ 1022.987864][T31501]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1022.987882][T31501]  ? __pfx_ovs_ct_limit_cmd_get+0x10/0x10
[ 1022.987903][T31501]  ? __asan_memcpy+0x40/0x70
[ 1022.987919][T31501]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1022.987941][T31501]  netlink_rcv_skb+0x205/0x470
[ 1022.987956][T31501]  ? __lock_acquire+0xab9/0xd20
[ 1022.987978][T31501]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1022.987997][T31501]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1022.988029][T31501]  ? down_read+0x1ad/0x2e0
[ 1022.988050][T31501]  genl_rcv+0x28/0x40
[ 1022.988067][T31501]  netlink_unicast+0x82c/0x9e0
[ 1022.988106][T31501]  ? __pfx_netlink_unicast+0x10/0x10
[ 1022.988128][T31501]  ? netlink_sendmsg+0x642/0xb30
[ 1022.988141][T31501]  ? skb_put+0x11b/0x210
[ 1022.988162][T31501]  netlink_sendmsg+0x805/0xb30
[ 1022.988187][T31501]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1022.988204][T31501]  ? __import_iovec+0x5d4/0x7f0
[ 1022.988221][T31501]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1022.988239][T31501]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1022.988256][T31501]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1022.988272][T31501]  __sock_sendmsg+0x21c/0x270
[ 1022.988305][T31501]  ____sys_sendmsg+0x505/0x830
[ 1022.988357][T31501]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1022.988390][T31501]  ___sys_sendmsg+0x21f/0x2a0
[ 1022.988409][T31501]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1022.988460][T31501]  ? __fget_files+0x2a/0x420
[ 1022.988473][T31501]  ? __fget_files+0x3a0/0x420
[ 1022.988495][T31501]  __sys_sendmsg+0x164/0x220
[ 1022.988515][T31501]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1022.988547][T31501]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1022.988565][T31501]  __do_fast_syscall_32+0xb6/0x2b0
[ 1022.988583][T31501]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1022.988601][T31501]  do_fast_syscall_32+0x34/0x80
[ 1022.988617][T31501]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1022.988635][T31501] RIP: 0023:0xf70de539
[ 1022.988652][T31501] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1022.988666][T31501] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1022.988686][T31501] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1022.988697][T31501] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1022.988706][T31501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1022.988715][T31501] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1022.988725][T31501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1022.988749][T31501]  </TASK>
[ 1023.421969][T31495] can: request_module (can-proto-4) failed.
[ 1023.662263][T31520] netlink: 'syz.0.4458': attribute type 29 has an invalid length.
[ 1023.687230][T31520] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4458'.
[ 1023.701488][T31525] FAULT_INJECTION: forcing a failure.
[ 1023.701488][T31525] name failslab, interval 1, probability 0, space 0, times 0
[ 1023.773529][T31525] CPU: 0 UID: 0 PID: 31525 Comm: syz.2.4459 Not tainted syzkaller #0 PREEMPT(full) 
[ 1023.773557][T31525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1023.773570][T31525] Call Trace:
[ 1023.773578][T31525]  <TASK>
[ 1023.773587][T31525]  dump_stack_lvl+0x189/0x250
[ 1023.773617][T31525]  ? __pfx____ratelimit+0x10/0x10
[ 1023.773638][T31525]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1023.773661][T31525]  ? __pfx__printk+0x10/0x10
[ 1023.773695][T31525]  ? __pfx___might_resched+0x10/0x10
[ 1023.773713][T31525]  ? fs_reclaim_acquire+0x7d/0x100
[ 1023.773762][T31525]  should_fail_ex+0x414/0x560
[ 1023.773796][T31525]  should_failslab+0xa8/0x100
[ 1023.773826][T31525]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1023.773851][T31525]  ? __kernfs_new_node+0xd7/0x7e0
[ 1023.773887][T31525]  __kernfs_new_node+0xd7/0x7e0
[ 1023.773908][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.773944][T31525]  ? __pfx___kernfs_new_node+0x10/0x10
[ 1023.773968][T31525]  ? kernfs_root+0x1c/0x230
[ 1023.773997][T31525]  ? kernfs_root+0x1c/0x230
[ 1023.774016][T31525]  ? kernfs_root+0x1c/0x230
[ 1023.774034][T31525]  ? kernfs_root+0x1c/0x230
[ 1023.774061][T31525]  kernfs_new_node+0x102/0x210
[ 1023.774090][T31525]  kernfs_create_dir_ns+0x44/0x130
[ 1023.774118][T31525]  internal_create_group+0x419/0x1110
[ 1023.774172][T31525]  ? __pfx_internal_create_group+0x10/0x10
[ 1023.774200][T31525]  ? loop_update_dio+0x256/0x3a0
[ 1023.774232][T31525]  loop_configure+0x99e/0xe50
[ 1023.774273][T31525]  ? __pfx_loop_configure+0x10/0x10
[ 1023.774351][T31525]  lo_ioctl+0x810/0x1c10
[ 1023.774383][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774412][T31525]  ? __pfx_lo_ioctl+0x10/0x10
[ 1023.774435][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774466][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774500][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774549][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774590][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774641][T31525]  ? is_bpf_text_address+0x26/0x2b0
[ 1023.774671][T31525]  ? is_bpf_text_address+0x292/0x2b0
[ 1023.774696][T31525]  ? is_bpf_text_address+0x26/0x2b0
[ 1023.774727][T31525]  ? kernel_text_address+0xa5/0xe0
[ 1023.774762][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774812][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774846][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774886][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774925][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.774974][T31525]  ? is_bpf_text_address+0x26/0x2b0
[ 1023.775007][T31525]  ? is_bpf_text_address+0x292/0x2b0
[ 1023.775031][T31525]  ? is_bpf_text_address+0x26/0x2b0
[ 1023.775061][T31525]  ? kernel_text_address+0xa5/0xe0
[ 1023.775087][T31525]  ? __kernel_text_address+0xd/0x40
[ 1023.775112][T31525]  ? unwind_get_return_address+0x4d/0x90
[ 1023.775133][T31525]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1023.775164][T31525]  ? arch_stack_walk+0xfc/0x150
[ 1023.775202][T31525]  ? stack_trace_save+0x9c/0xe0
[ 1023.775224][T31525]  ? __pfx_stack_trace_save+0x10/0x10
[ 1023.775249][T31525]  ? stack_depot_save_flags+0x40/0x860
[ 1023.775321][T31525]  ? __asan_memset+0x22/0x50
[ 1023.775343][T31525]  ? blk_get_meta_cap+0x140/0x710
[ 1023.775365][T31525]  lo_compat_ioctl+0x298/0x330
[ 1023.775395][T31525]  ? __pfx_lo_compat_ioctl+0x10/0x10
[ 1023.775422][T31525]  ? kasan_quarantine_put+0xdd/0x220
[ 1023.775450][T31525]  ? blkdev_common_ioctl+0xff7/0x2550
[ 1023.775475][T31525]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1023.775503][T31525]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[ 1023.775518][T31525]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1023.775542][T31525]  ? do_vfs_ioctl+0xbe8/0x1430
[ 1023.775566][T31525]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1023.775601][T31525]  ? __lock_acquire+0xab9/0xd20
[ 1023.775642][T31525]  ? __pfx_lo_compat_ioctl+0x10/0x10
[ 1023.775666][T31525]  compat_blkdev_ioctl+0x5ce/0x780
[ 1023.775686][T31525]  ? __fget_files+0x2a/0x420
[ 1023.775707][T31525]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[ 1023.775725][T31525]  ? __fget_files+0x2a/0x420
[ 1023.775743][T31525]  ? bpf_lsm_file_ioctl_compat+0x9/0x20
[ 1023.775772][T31525]  __ia32_compat_sys_ioctl+0x543/0x840
[ 1023.775799][T31525]  ? __pfx___ia32_compat_sys_ioctl+0x10/0x10
[ 1023.775824][T31525]  ? __fget_files+0x3a0/0x420
[ 1023.775848][T31525]  ? fput+0xa0/0xd0
[ 1023.775870][T31525]  ? ksys_write+0x22a/0x250
[ 1023.775904][T31525]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1023.775927][T31525]  __do_fast_syscall_32+0xb6/0x2b0
[ 1023.775949][T31525]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1023.775972][T31525]  do_fast_syscall_32+0x34/0x80
[ 1023.775994][T31525]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1023.776015][T31525] RIP: 0023:0xf7ff4539
[ 1023.776034][T31525] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1023.776049][T31525] RSP: 002b:00000000f550655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[ 1023.776071][T31525] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000004c0a
[ 1023.776085][T31525] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1023.776098][T31525] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1023.776109][T31525] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1023.776120][T31525] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1023.776152][T31525]  </TASK>
[ 1024.356686][T31525] loop6: detected capacity change from 0 to 7
[ 1024.377048][T31525] Dev loop6: unable to read RDB block 7
[ 1024.383946][T31525]  loop6: AHDI p3 p4
[ 1024.388666][T31525] loop6: partition table partially beyond EOD, truncated
[ 1024.397489][T31525] loop6: p3 start 1668575232 is beyond EOD, truncated
[ 1024.543645][T23235] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[ 1024.543750][T31538] FAULT_INJECTION: forcing a failure.
[ 1024.543750][T31538] name failslab, interval 1, probability 0, space 0, times 0
[ 1024.576350][T31538] CPU: 0 UID: 0 PID: 31538 Comm: syz.0.4461 Not tainted syzkaller #0 PREEMPT(full) 
[ 1024.576381][T31538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1024.576392][T31538] Call Trace:
[ 1024.576401][T31538]  <TASK>
[ 1024.576409][T31538]  dump_stack_lvl+0x189/0x250
[ 1024.576443][T31538]  ? __pfx____ratelimit+0x10/0x10
[ 1024.576462][T31538]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1024.576483][T31538]  ? __pfx__printk+0x10/0x10
[ 1024.576514][T31538]  ? __pfx___might_resched+0x10/0x10
[ 1024.576528][T31538]  ? fs_reclaim_acquire+0x7d/0x100
[ 1024.576558][T31538]  should_fail_ex+0x414/0x560
[ 1024.576591][T31538]  ? alloc_netdev_mqs+0xa3/0x11b0
[ 1024.576613][T31538]  should_failslab+0xa8/0x100
[ 1024.576639][T31538]  __kvmalloc_node_noprof+0x161/0x5f0
[ 1024.576664][T31538]  ? alloc_netdev_mqs+0xa3/0x11b0
[ 1024.576687][T31538]  ? snprintf+0xda/0x120
[ 1024.576713][T31538]  alloc_netdev_mqs+0xa3/0x11b0
[ 1024.576735][T31538]  ? __pfx_ip6erspan_tap_setup+0x10/0x10
[ 1024.576766][T31538]  rtnl_create_link+0x31f/0xd10
[ 1024.576800][T31538]  rtnl_newlink_create+0x25c/0xb00
[ 1024.576828][T31538]  ? __lock_acquire+0xab9/0xd20
[ 1024.576858][T31538]  ? __pfx_rtnl_newlink_create+0x10/0x10
[ 1024.576883][T31538]  ? __pfx___mutex_lock+0x10/0x10
[ 1024.576924][T31538]  ? ns_capable+0x8a/0xf0
[ 1024.576948][T31538]  rtnl_newlink+0x16d6/0x1c70
[ 1024.576970][T31538]  ? netlink_sendmsg+0x805/0xb30
[ 1024.577006][T31538]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1024.577054][T31538]  ? kasan_quarantine_put+0xdd/0x220
[ 1024.577077][T31538]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1024.577102][T31538]  ? nlmon_xmit+0xb0/0x100
[ 1024.577120][T31538]  ? kmem_cache_free+0x18f/0x400
[ 1024.577153][T31538]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1024.577170][T31538]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1024.577190][T31538]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1024.577206][T31538]  ? __pfx___local_bh_enable_ip+0x10/0x10
[ 1024.577229][T31538]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1024.577252][T31538]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1024.577271][T31538]  ? __dev_queue_xmit+0x27b/0x3b50
[ 1024.577295][T31538]  ? __dev_queue_xmit+0x1d79/0x3b50
[ 1024.577322][T31538]  ? __lock_acquire+0xab9/0xd20
[ 1024.577378][T31538]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1024.577396][T31538]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1024.577421][T31538]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1024.577440][T31538]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1024.577458][T31538]  ? ref_tracker_free+0x63a/0x7d0
[ 1024.577477][T31538]  ? __asan_memcpy+0x40/0x70
[ 1024.577498][T31538]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1024.577513][T31538]  ? __skb_clone+0x63/0x7a0
[ 1024.577546][T31538]  netlink_rcv_skb+0x205/0x470
[ 1024.577566][T31538]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1024.577589][T31538]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1024.577623][T31538]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1024.577653][T31538]  netlink_unicast+0x82c/0x9e0
[ 1024.577692][T31538]  ? __pfx_netlink_unicast+0x10/0x10
[ 1024.577722][T31538]  ? netlink_sendmsg+0x642/0xb30
[ 1024.577739][T31538]  ? skb_put+0x11b/0x210
[ 1024.577764][T31538]  netlink_sendmsg+0x805/0xb30
[ 1024.577796][T31538]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1024.577819][T31538]  ? __import_iovec+0x5d4/0x7f0
[ 1024.577841][T31538]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1024.577863][T31538]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1024.577884][T31538]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1024.577917][T31538]  __sock_sendmsg+0x21c/0x270
[ 1024.577950][T31538]  ____sys_sendmsg+0x505/0x830
[ 1024.577981][T31538]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1024.578025][T31538]  ___sys_sendmsg+0x21f/0x2a0
[ 1024.578052][T31538]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1024.578118][T31538]  ? __fget_files+0x2a/0x420
[ 1024.578135][T31538]  ? __fget_files+0x3a0/0x420
[ 1024.578163][T31538]  __sys_sendmsg+0x164/0x220
[ 1024.578189][T31538]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1024.578233][T31538]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1024.578256][T31538]  __do_fast_syscall_32+0xb6/0x2b0
[ 1024.578278][T31538]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1024.578302][T31538]  do_fast_syscall_32+0x34/0x80
[ 1024.578324][T31538]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1024.578346][T31538] RIP: 0023:0xf70de539
[ 1024.578365][T31538] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1024.578382][T31538] RSP: 002b:00000000f54ce55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172
[ 1024.578404][T31538] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[ 1024.578418][T31538] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1024.578429][T31538] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1024.578440][T31538] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1024.578450][T31538] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1024.578480][T31538]  </TASK>
[ 1025.152658][T23235] usb 4-1: device descriptor read/64, error -71
[ 1025.771615][T23235] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 1026.017385][T23235] usb 4-1: device descriptor read/64, error -71
[ 1026.134113][T23235] usb usb4-port1: attempt power cycle
[ 1026.701199][T23235] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 1027.097273][T23235] usb 4-1: device descriptor read/8, error -71
[ 1028.402587][T23235] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 1028.474617][T31589] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4471'.
[ 1028.513700][T23235] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[ 1028.537411][T23235] usb 4-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[ 1028.578453][T23235] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1028.638294][T23235] usb 4-1: config 0 descriptor??
[ 1028.822243][   T44] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[ 1029.702880][   T44] usb 2-1: Using ep0 maxpacket: 32
[ 1029.710960][   T44] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[ 1029.722380][   T44] usb 2-1: config 0 has no interface number 0
[ 1029.729118][   T44] usb 2-1: config 0 interface 12 has no altsetting 0
[ 1029.742956][   T44] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[ 1029.754188][   T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1029.777678][   T44] usb 2-1: Product: syz
[ 1029.782792][   T44] usb 2-1: Manufacturer: syz
[ 1029.788660][   T44] usb 2-1: SerialNumber: syz
[ 1029.809082][   T44] usb 2-1: config 0 descriptor??
[ 1029.969615][T23235] aquacomputer_d5next 0003:0C70:F011.0024: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.3-1/input0
[ 1030.230872][T31625] input: syz1 as /devices/virtual/input/input34
[ 1030.451874][T17515] udevd[17515]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory
[ 1030.566767][T17515] udevd[17515]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[ 1030.773064][T23235] usb 3-1: new full-speed USB device number 79 using dummy_hcd
[ 1030.899727][T31625] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4477'.
[ 1030.975430][T23235] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1031.052773][T23235] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1031.064007][T23235] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[ 1031.074720][T23235] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1031.110610][T23235] usb 3-1: config 0 descriptor??
[ 1031.264139][T18437] usb 4-1: USB disconnect, device number 121
[ 1031.627236][T31661] ip6erspan0: entered promiscuous mode
[ 1031.678486][T23235] savu 0003:1E7D:2D5A.0025: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[ 1031.886979][T31601] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1031.914361][T31601] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1033.112138][T31698] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4487'.
[ 1033.141372][   T44] f81534 2-1:0.12: f81534_set_register: reg: 1003 data: 78 failed: -71
[ 1033.156403][   T44] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[ 1033.177481][   T44] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[ 1033.272685][  T920] usb 3-1: reset full-speed USB device number 79 using dummy_hcd
[ 1033.296976][   T44] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[ 1033.398937][   T44] usb 2-1: USB disconnect, device number 86
[ 1033.592608][T23235] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[ 1033.911855][T23235] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1033.923144][T23235] usb 5-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c
[ 1033.950347][T23235] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1033.976613][T23235] usb 5-1: config 0 descriptor??
[ 1034.021320][T23235] usb 5-1: bad CDC descriptors
[ 1034.112704][   T44] usb 2-1: new high-speed USB device number 87 using dummy_hcd
[ 1034.147280][ T5952] usb 3-1: USB disconnect, device number 79
[ 1034.252076][T31708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1034.282776][   T44] usb 2-1: Using ep0 maxpacket: 32
[ 1034.294741][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1034.303226][T31708] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1034.313042][   T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1034.343819][   T44] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1034.348146][T23235] usb 5-1: USB disconnect, device number 109
[ 1034.368602][   T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1034.405133][   T44] usb 2-1: config 0 descriptor??
[ 1034.431868][T31741] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4492'.
[ 1034.455670][   T44] hub 2-1:0.0: USB hub found
[ 1034.647669][   T44] hub 2-1:0.0: 1 port detected
[ 1034.863670][ T5952] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1035.025348][ T5952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[ 1035.044148][ T5952] usb 3-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[ 1035.053939][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1035.074083][ T5952] usb 3-1: config 0 descriptor??
[ 1035.124358][   T44] usb 2-1: USB disconnect, device number 87
[ 1035.176467][T31767] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[ 1035.564510][ T5952] aquacomputer_d5next 0003:0C70:F011.0026: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.2-1/input0
[ 1035.773072][T23235] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[ 1035.960679][T23235] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1035.986386][T23235] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1036.023021][T23235] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1036.048357][T23235] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1036.067858][T23235] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1036.078351][T23235] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1036.137411][T23235] usb 5-1: config 0 descriptor??
[ 1036.223011][T18437] usb 2-1: new full-speed USB device number 88 using dummy_hcd
[ 1036.400708][T18437] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1036.413146][T18437] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1036.466703][T18437] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1036.476526][T18437] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1036.515336][T18437] usb 2-1: Product: syz
[ 1036.521322][T18437] usb 2-1: Manufacturer: syz
[ 1036.526510][T18437] usb 2-1: SerialNumber: syz
[ 1036.569113][T23235] usbhid 5-1:0.0: can't add hid device: -71
[ 1036.575753][T23235] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1036.627186][T23235] usb 5-1: USB disconnect, device number 110
[ 1036.849958][   T10] usb 3-1: USB disconnect, device number 80
[ 1037.161055][T18437] usb 2-1: 0:2 : does not exist
[ 1037.180379][T18437] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[ 1037.281053][T18437] usb 2-1: USB disconnect, device number 88
[ 1037.424741][T14059] udevd[14059]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1038.340112][T31908] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4520'.
[ 1038.425836][T31908] veth0_to_team: entered promiscuous mode
[ 1038.449603][T31908] veth0_to_team: left promiscuous mode
[ 1040.828101][T31942] openvswitch: netlink: Missing key (keys=400040, expected=200000)
[ 1041.947376][   T44] usb 3-1: new low-speed USB device number 81 using dummy_hcd
[ 1042.164050][   T44] usb 3-1: Invalid ep0 maxpacket: 64
[ 1042.299487][T31958] FAULT_INJECTION: forcing a failure.
[ 1042.299487][T31958] name failslab, interval 1, probability 0, space 0, times 0
[ 1042.332916][   T44] usb 3-1: new low-speed USB device number 82 using dummy_hcd
[ 1042.416827][T31958] CPU: 0 UID: 0 PID: 31958 Comm: syz.3.4534 Not tainted syzkaller #0 PREEMPT(full) 
[ 1042.416856][T31958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1042.416869][T31958] Call Trace:
[ 1042.416878][T31958]  <TASK>
[ 1042.416887][T31958]  dump_stack_lvl+0x189/0x250
[ 1042.416914][T31958]  ? __pfx____ratelimit+0x10/0x10
[ 1042.416935][T31958]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1042.416955][T31958]  ? __pfx__printk+0x10/0x10
[ 1042.416981][T31958]  ? __pfx___might_resched+0x10/0x10
[ 1042.416995][T31958]  ? fs_reclaim_acquire+0x7d/0x100
[ 1042.417028][T31958]  should_fail_ex+0x414/0x560
[ 1042.417059][T31958]  should_failslab+0xa8/0x100
[ 1042.417086][T31958]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1042.417108][T31958]  ? mousedev_open+0xd4/0x4a0
[ 1042.417138][T31958]  mousedev_open+0xd4/0x4a0
[ 1042.417165][T31958]  ? do_raw_spin_unlock+0x122/0x240
[ 1042.417192][T31958]  chrdev_open+0x4cc/0x5e0
[ 1042.417223][T31958]  ? __pfx_chrdev_open+0x10/0x10
[ 1042.417253][T31958]  ? fsnotify_open_perm_and_set_mode+0x113/0x610
[ 1042.417287][T31958]  ? __pfx_chrdev_open+0x10/0x10
[ 1042.417312][T31958]  do_dentry_open+0x953/0x13f0
[ 1042.417350][T31958]  vfs_open+0x3b/0x340
[ 1042.417366][T31958]  ? path_openat+0x2ecd/0x3830
[ 1042.417393][T31958]  path_openat+0x2ee5/0x3830
[ 1042.417434][T31958]  ? is_bpf_text_address+0x26/0x2b0
[ 1042.417466][T31958]  ? kernel_text_address+0xa5/0xe0
[ 1042.417519][T31958]  ? __pfx_path_openat+0x10/0x10
[ 1042.417542][T31958]  ? stack_depot_save_flags+0x40/0x860
[ 1042.417579][T31958]  ? kasan_save_track+0x4f/0x80
[ 1042.417611][T31958]  do_filp_open+0x1fa/0x410
[ 1042.417632][T31958]  ? __lock_acquire+0xab9/0xd20
[ 1042.417661][T31958]  ? __pfx_do_filp_open+0x10/0x10
[ 1042.417721][T31958]  ? _raw_spin_unlock+0x28/0x50
[ 1042.417748][T31958]  ? alloc_fd+0x64c/0x6c0
[ 1042.417790][T31958]  io_openat2+0x3e0/0x5c0
[ 1042.417819][T31958]  ? __pfx_io_openat2+0x10/0x10
[ 1042.417854][T31958]  ? io_openat_prep+0x45b/0x5a0
[ 1042.417878][T31958]  __io_issue_sqe+0x181/0x4b0
[ 1042.417902][T31958]  ? __pfx_io_openat_prep+0x10/0x10
[ 1042.417927][T31958]  io_issue_sqe+0x165/0xfd0
[ 1042.417962][T31958]  io_submit_sqes+0xa34/0x1d30
[ 1042.418026][T31958]  __se_sys_io_uring_enter+0x2df/0x2b20
[ 1042.418074][T31958]  ? ksys_write+0x1cb/0x250
[ 1042.418102][T31958]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[ 1042.418127][T31958]  ? __mutex_unlock_slowpath+0x1a1/0x740
[ 1042.418148][T31958]  ? __pfx_vfs_write+0x10/0x10
[ 1042.418176][T31958]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1042.418201][T31958]  ? __fget_files+0x3a0/0x420
[ 1042.418226][T31958]  ? fput+0xa0/0xd0
[ 1042.418246][T31958]  ? ksys_write+0x22a/0x250
[ 1042.418281][T31958]  ? __ia32_sys_io_uring_enter+0x21/0xf0
[ 1042.418321][T31958]  __do_fast_syscall_32+0xb6/0x2b0
[ 1042.418344][T31958]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1042.418368][T31958]  do_fast_syscall_32+0x34/0x80
[ 1042.418389][T31958]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1042.418410][T31958] RIP: 0023:0xf703e539
[ 1042.418428][T31958] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1042.418445][T31958] RSP: 002b:00000000f542e55c EFLAGS: 00000206 ORIG_RAX: 00000000000001aa
[ 1042.418467][T31958] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000007277
[ 1042.418481][T31958] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 0000000000000000
[ 1042.418492][T31958] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1042.418503][T31958] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1042.418514][T31958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1042.418546][T31958]  </TASK>
[ 1043.002781][   T44] usb 3-1: Invalid ep0 maxpacket: 64
[ 1043.033513][   T44] usb usb3-port1: attempt power cycle
[ 1043.253454][T31963] netlink: 'syz.1.4535': attribute type 1 has an invalid length.
[ 1043.385557][T31963] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1043.470227][T31959] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4533'.
[ 1043.583256][   T44] usb 3-1: new low-speed USB device number 83 using dummy_hcd
[ 1043.610822][T31992] bond3: (slave ip6erspan0): making interface the new active one
[ 1043.624482][   T44] usb 3-1: Invalid ep0 maxpacket: 64
[ 1043.861475][T32007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4536'.
[ 1043.952744][   T44] usb 3-1: new low-speed USB device number 84 using dummy_hcd
[ 1043.974729][T31992] bond3: (slave ip6erspan0): Enslaving as an active interface with an up link
[ 1044.058972][   T44] usb 3-1: Invalid ep0 maxpacket: 64
[ 1044.074189][   T44] usb usb3-port1: unable to enumerate USB device
[ 1044.222074][T32007] could not allocate digest TFM handle �
[ 1044.249438][T18437] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1044.632999][T18437] usb 2-1: Using ep0 maxpacket: 16
[ 1044.644450][T18437] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 0
[ 1044.716594][T18437] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1044.801491][T18437] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1044.811315][T32027] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4538'.
[ 1044.847535][T32027] 0�X���: renamed from caif0
[ 1044.851047][T18437] usb 2-1: Product: syz
[ 1044.900601][T18437] usb 2-1: Manufacturer: syz
[ 1044.906101][T32027] 0�X���: entered allmulticast mode
[ 1044.912003][T32027] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[ 1044.959576][T18437] usb 2-1: SerialNumber: syz
[ 1045.033327][T18437] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[ 1045.045111][T32034] fuse: Bad value for 'fd'
[ 1045.452759][T18437] usb 4-1: new full-speed USB device number 122 using dummy_hcd
[ 1045.463650][T31963] fuse: Invalid rootmode
[ 1045.520019][T31963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1045.532127][T31963] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1045.590367][   T44] usb 2-1: USB disconnect, device number 89
[ 1045.693666][   T10] usb 1-1: new full-speed USB device number 98 using dummy_hcd
[ 1045.715649][T18437] usb 4-1: config 4 has an invalid interface number: 156 but max is 0
[ 1045.725336][T18437] usb 4-1: config 4 has no interface number 0
[ 1045.731673][T18437] usb 4-1: config 4 interface 156 has no altsetting 0
[ 1045.774327][T18437] usb 4-1: New USB device found, idVendor=0fe9, idProduct=db71, bcdDevice=53.3e
[ 1045.784970][T18437] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1045.793555][T18437] usb 4-1: Product: syz
[ 1045.826605][T18437] usb 4-1: Manufacturer: syz
[ 1045.834190][T18437] usb 4-1: SerialNumber: syz
[ 1045.855070][   T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1045.866316][   T10] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1045.890077][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1045.900510][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1045.911217][T18437] dvb-usb: found a 'DViCO FusionHDTV DVB-T NANO2 w/o firmware' in warm state.
[ 1045.925118][   T10] usb 1-1: Product: syz
[ 1045.930748][   T10] usb 1-1: Manufacturer: syz
[ 1045.941832][T18437] usb 4-1: setting power ON
[ 1045.949687][   T10] usb 1-1: SerialNumber: syz
[ 1045.959394][T18437] dvb-usb: bulk message failed: -22 (2/0)
[ 1046.051655][T18437] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[ 1046.118162][T18437] dvb-usb: DViCO FusionHDTV DVB-T NANO2 w/o firmware error while loading driver (-19)
[ 1046.157024][T18437] dvb_usb_cxusb 4-1:4.156: probe with driver dvb_usb_cxusb failed with error -22
[ 1046.375046][T32076] sctp: [Deprecated]: syz.4.4548 (pid 32076) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1046.375046][T32076] Use struct sctp_sack_info instead
[ 1046.392498][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1046.463758][T32076] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1046.798893][   T44] usb 4-1: USB disconnect, device number 122
[ 1047.618205][T32070] tipc: Disabling bearer <eth:syzkaller0>
[ 1047.647819][   T10] usb 1-1: 0:2 : does not exist
[ 1047.701701][   T10] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[ 1047.873631][   T10] usb 1-1: USB disconnect, device number 98
[ 1047.984188][T14059] udevd[14059]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1048.350099][T32134] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4553'.
[ 1048.397484][T32134] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4553'.
[ 1048.456026][T32137] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4553'.
[ 1048.697307][T32144] netlink: 56 bytes leftover after parsing attributes in process `syz.0.4554'.
[ 1048.795255][   T30] audit: type=1800 audit(1757292776.994:1211): pid=32144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4554" name="SYSV00000000" dev="hugetlbfs" ino=15 res=0 errno=0
[ 1048.978121][T32148] FAULT_INJECTION: forcing a failure.
[ 1048.978121][T32148] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1049.012237][T32148] CPU: 0 UID: 0 PID: 32148 Comm: syz.2.4557 Not tainted syzkaller #0 PREEMPT(full) 
[ 1049.012266][T32148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1049.012278][T32148] Call Trace:
[ 1049.012286][T32148]  <TASK>
[ 1049.012295][T32148]  dump_stack_lvl+0x189/0x250
[ 1049.012326][T32148]  ? __pfx____ratelimit+0x10/0x10
[ 1049.012345][T32148]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1049.012369][T32148]  ? __pfx__printk+0x10/0x10
[ 1049.012411][T32148]  should_fail_ex+0x414/0x560
[ 1049.012445][T32148]  _copy_to_user+0x31/0xb0
[ 1049.012476][T32148]  simple_read_from_buffer+0xe1/0x170
[ 1049.012505][T32148]  proc_fail_nth_read+0x1b3/0x220
[ 1049.012530][T32148]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1049.012553][T32148]  ? rw_verify_area+0x2a6/0x4d0
[ 1049.012575][T32148]  ? __lock_acquire+0xab9/0xd20
[ 1049.012599][T32148]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1049.012622][T32148]  vfs_read+0x200/0xa30
[ 1049.012644][T32148]  ? fdget_pos+0x247/0x320
[ 1049.012665][T32148]  ? __pfx___mutex_lock+0x10/0x10
[ 1049.012696][T32148]  ? __pfx_vfs_read+0x10/0x10
[ 1049.012722][T32148]  ? __fget_files+0x2a/0x420
[ 1049.012743][T32148]  ? __fget_files+0x3a0/0x420
[ 1049.012758][T32148]  ? __fget_files+0x2a/0x420
[ 1049.012784][T32148]  ksys_read+0x145/0x250
[ 1049.012810][T32148]  ? __pfx_ksys_read+0x10/0x10
[ 1049.012839][T32148]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1049.012862][T32148]  __do_fast_syscall_32+0xb6/0x2b0
[ 1049.012884][T32148]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1049.012924][T32148]  do_fast_syscall_32+0x34/0x80
[ 1049.012946][T32148]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1049.012968][T32148] RIP: 0023:0xf7ff4539
[ 1049.012986][T32148] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1049.013002][T32148] RSP: 002b:00000000f5506590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003
[ 1049.013024][T32148] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5506620
[ 1049.013038][T32148] RDX: 000000000000000f RSI: 00000000f7484ff4 RDI: 0000000000000000
[ 1049.013050][T32148] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1049.013063][T32148] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1049.013073][T32148] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1049.013101][T32148]  </TASK>
[ 1049.845589][T32158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4561'.
[ 1050.766278][T32166] netlink: 48 bytes leftover after parsing attributes in process `syz.4.4562'.
[ 1052.110930][T32185] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4567'.
[ 1052.129958][T32185] loop6: detected capacity change from 0 to 63
[ 1052.150357][T14059] buffer_io_error: 44 callbacks suppressed
[ 1052.150373][T14059] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1052.170406][T14059] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1052.185035][T32185] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1052.194078][T32185] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1052.208563][T14059] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1052.221108][T14059] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1052.240528][T14059] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1052.250956][T32186] ==================================================================
[ 1052.259411][T32186] BUG: KASAN: slab-use-after-free in xfrm_state_find+0x2cf2/0x5400
[ 1052.267498][T32186] Read of size 1 at addr ffff888058b34ff0 by task syz.4.4566/32186
[ 1052.275620][T32186] 
[ 1052.277970][T32186] CPU: 1 UID: 0 PID: 32186 Comm: syz.4.4566 Not tainted syzkaller #0 PREEMPT(full) 
[ 1052.277989][T32186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1052.277997][T32186] Call Trace:
[ 1052.278005][T32186]  <TASK>
[ 1052.278011][T32186]  dump_stack_lvl+0x189/0x250
[ 1052.278029][T32186]  ? __kasan_check_byte+0x12/0x40
[ 1052.278048][T32186]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1052.278061][T32186]  ? lock_release+0x4b/0x3e0
[ 1052.278079][T32186]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1052.278094][T32186]  print_report+0xca/0x240
[ 1052.278106][T32186]  ? xfrm_state_find+0x2cf2/0x5400
[ 1052.278119][T32186]  kasan_report+0x118/0x150
[ 1052.278135][T32186]  ? xfrm_state_find+0x2cf2/0x5400
[ 1052.278151][T32186]  xfrm_state_find+0x2cf2/0x5400
[ 1052.278180][T32186]  ? xfrm_state_find+0x1da/0x5400
[ 1052.278201][T32186]  ? __pfx_xfrm_state_find+0x10/0x10
[ 1052.278219][T32186]  ? ip6_pol_route+0x547/0x1180
[ 1052.278242][T32186]  ? fib6_rule_saddr+0xc0/0x420
[ 1052.278264][T32186]  ? __pfx_ip6_pol_route+0x10/0x10
[ 1052.278282][T32186]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[ 1052.278303][T32186]  ? fib_rules_lookup+0x96/0xe90
[ 1052.278316][T32186]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 1052.278331][T32186]  ? __lock_acquire+0xab9/0xd20
[ 1052.278351][T32186]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1052.278368][T32186]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1052.278383][T32186]  ? xfrm_expand_policies+0x41f/0x6a0
[ 1052.278399][T32186]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[ 1052.278414][T32186]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[ 1052.278430][T32186]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 1052.278444][T32186]  ? txopt_get+0x335/0x3f0
[ 1052.278455][T32186]  ? aa_label_sk_perm+0x4cd/0x630
[ 1052.278471][T32186]  ? __pfx_txopt_get+0x10/0x10
[ 1052.278482][T32186]  xfrm_lookup_route+0x3c/0x1c0
[ 1052.278497][T32186]  rawv6_sendmsg+0xdab/0x1820
[ 1052.278512][T32186]  ? __pfx_rawv6_sendmsg+0x10/0x10
[ 1052.278528][T32186]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1052.278544][T32186]  ? sock_rps_record_flow+0x19/0x410
[ 1052.278559][T32186]  ? inet_sendmsg+0x2f4/0x370
[ 1052.278573][T32186]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1052.278586][T32186]  __sock_sendmsg+0x19c/0x270
[ 1052.278603][T32186]  ____sys_sendmsg+0x52d/0x830
[ 1052.278617][T32186]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1052.278631][T32186]  ? futex_unqueue+0x22/0x240
[ 1052.278642][T32186]  ? futex_unqueue+0x22/0x240
[ 1052.278658][T32186]  ___sys_sendmsg+0x21f/0x2a0
[ 1052.278671][T32186]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1052.278692][T32186]  ? __fget_files+0x2a/0x420
[ 1052.278702][T32186]  ? __fget_files+0x3a0/0x420
[ 1052.278713][T32186]  __sys_sendmmsg+0x28e/0x430
[ 1052.278727][T32186]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1052.278742][T32186]  ? __pfx_do_futex+0x10/0x10
[ 1052.278761][T32186]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1052.278775][T32186]  __do_fast_syscall_32+0xb6/0x2b0
[ 1052.278790][T32186]  do_fast_syscall_32+0x34/0x80
[ 1052.278801][T32186]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1052.278816][T32186] RIP: 0023:0xf70de539
[ 1052.278827][T32186] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1052.278838][T32186] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 1052.278853][T32186] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000480
[ 1052.278861][T32186] RDX: 00000000000002e9 RSI: 000000000000ffe0 RDI: 0000000000000000
[ 1052.278869][T32186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1052.278876][T32186] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1052.278883][T32186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1052.278904][T32186]  </TASK>
[ 1052.278909][T32186] 
[ 1052.660927][T32186] Allocated by task 29362:
[ 1052.665544][T32186]  kasan_save_track+0x3e/0x80
[ 1052.670611][T32186]  __kasan_slab_alloc+0x6c/0x80
[ 1052.676397][T32186]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1052.682230][T32186]  xfrm_state_alloc+0x24/0x2f0
[ 1052.687725][T32186]  __find_acq_core+0x8a7/0x1c00
[ 1052.692953][T32186]  xfrm_find_acq+0x78/0xa0
[ 1052.697570][T32186]  xfrm_alloc_userspi+0x6b3/0xc90
[ 1052.702681][T32186]  xfrm_user_rcv_msg+0x7a0/0xab0
[ 1052.707820][T32186]  netlink_rcv_skb+0x205/0x470
[ 1052.712617][T32186]  xfrm_netlink_rcv+0x79/0x90
[ 1052.717336][T32186]  netlink_unicast+0x82c/0x9e0
[ 1052.722118][T32186]  netlink_sendmsg+0x805/0xb30
[ 1052.727055][T32186]  __sock_sendmsg+0x21c/0x270
[ 1052.731932][T32186]  ____sys_sendmsg+0x505/0x830
[ 1052.736729][T32186]  ___sys_sendmsg+0x21f/0x2a0
[ 1052.741504][T32186]  __sys_sendmsg+0x164/0x220
[ 1052.746337][T32186]  __do_fast_syscall_32+0xb6/0x2b0
[ 1052.751731][T32186]  do_fast_syscall_32+0x34/0x80
[ 1052.756608][T32186]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1052.762937][T32186] 
[ 1052.765268][T32186] Freed by task 23235:
[ 1052.769598][T32186]  kasan_save_track+0x3e/0x80
[ 1052.774658][T32186]  kasan_save_free_info+0x46/0x50
[ 1052.780698][T32186]  __kasan_slab_free+0x5b/0x80
[ 1052.785785][T32186]  kmem_cache_free+0x18f/0x400
[ 1052.790703][T32186]  xfrm_state_gc_task+0x52d/0x6b0
[ 1052.795957][T32186]  process_scheduled_works+0xae1/0x17b0
[ 1052.801741][T32186]  worker_thread+0x8a0/0xda0
[ 1052.806628][T32186]  kthread+0x70e/0x8a0
[ 1052.810818][T32186]  ret_from_fork+0x3fc/0x770
[ 1052.815512][T32186]  ret_from_fork_asm+0x1a/0x30
[ 1052.820348][T32186] 
[ 1052.822681][T32186] The buggy address belongs to the object at ffff888058b34cc0
[ 1052.822681][T32186]  which belongs to the cache xfrm_state of size 928
[ 1052.836998][T32186] The buggy address is located 816 bytes inside of
[ 1052.836998][T32186]  freed 928-byte region [ffff888058b34cc0, ffff888058b35060)
[ 1052.851233][T32186] 
[ 1052.853673][T32186] The buggy address belongs to the physical page:
[ 1052.860108][T32186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888058b34cc0 pfn:0x58b34
[ 1052.870920][T32186] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1052.880132][T32186] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1052.888576][T32186] page_type: f5(slab)
[ 1052.892746][T32186] raw: 00fff00000000040 ffff8880212fca00 dead000000000122 0000000000000000
[ 1052.901553][T32186] raw: ffff888058b34cc0 00000000800f000b 00000000f5000000 0000000000000000
[ 1052.910604][T32186] head: 00fff00000000040 ffff8880212fca00 dead000000000122 0000000000000000
[ 1052.919480][T32186] head: ffff888058b34cc0 00000000800f000b 00000000f5000000 0000000000000000
[ 1052.928419][T32186] head: 00fff00000000002 ffffea000162cd01 00000000ffffffff 00000000ffffffff
[ 1052.937778][T32186] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[ 1052.946660][T32186] page dumped because: kasan: bad access detected
[ 1052.953294][T32186] page_owner tracks the page as allocated
[ 1052.959117][T32186] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6510, tgid 6509 (syz.3.223), ts 122763609697, free_ts 122290001981
[ 1052.980373][T32186]  post_alloc_hook+0x240/0x2a0
[ 1052.985169][T32186]  get_page_from_freelist+0x21e4/0x22c0
[ 1052.991438][T32186]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1052.997534][T32186]  alloc_pages_mpol+0x232/0x4a0
[ 1053.002641][T32186]  allocate_slab+0x8a/0x370
[ 1053.007195][T32186]  ___slab_alloc+0xbeb/0x1420
[ 1053.012727][T32186]  kmem_cache_alloc_noprof+0x283/0x3c0
[ 1053.018306][T32186]  xfrm_state_alloc+0x24/0x2f0
[ 1053.023720][T32186]  xfrm_add_sa+0x17d1/0x4070
[ 1053.028461][T32186]  xfrm_user_rcv_msg+0x7a0/0xab0
[ 1053.033447][T32186]  netlink_rcv_skb+0x205/0x470
[ 1053.038331][T32186]  xfrm_netlink_rcv+0x79/0x90
[ 1053.043300][T32186]  netlink_unicast+0x82c/0x9e0
[ 1053.048181][T32186]  netlink_sendmsg+0x805/0xb30
[ 1053.052956][T32186]  __sock_sendmsg+0x21c/0x270
[ 1053.057922][T32186]  ____sys_sendmsg+0x505/0x830
[ 1053.062975][T32186] page last free pid 5234 tgid 5234 stack trace:
[ 1053.069743][T32186]  __free_frozen_pages+0xbc4/0xd30
[ 1053.075055][T32186]  __slab_free+0x303/0x3c0
[ 1053.079490][T32186]  qlist_free_all+0x97/0x140
[ 1053.084182][T32186]  kasan_quarantine_reduce+0x148/0x160
[ 1053.089638][T32186]  __kasan_slab_alloc+0x22/0x80
[ 1053.094521][T32186]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1053.100084][T32186]  getname_flags+0xb8/0x540
[ 1053.104601][T32186]  do_readlinkat+0xbc/0x500
[ 1053.109153][T32186]  __x64_sys_readlink+0x7f/0x90
[ 1053.114107][T32186]  do_syscall_64+0xfa/0x3b0
[ 1053.118645][T32186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1053.124718][T32186] 
[ 1053.127308][T32186] Memory state around the buggy address:
[ 1053.133217][T32186]  ffff888058b34e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1053.141743][T32186]  ffff888058b34f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1053.150019][T32186] >ffff888058b34f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1053.158174][T32186]                                                              ^
[ 1053.165950][T32186]  ffff888058b35000: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[ 1053.174061][T32186]  ffff888058b35080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1053.182434][T32186] ==================================================================
[ 1053.236716][T32186] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1053.244116][T32186] CPU: 0 UID: 0 PID: 32186 Comm: syz.4.4566 Not tainted syzkaller #0 PREEMPT(full) 
[ 1053.253896][T32186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1053.264331][T32186] Call Trace:
[ 1053.267646][T32186]  <TASK>
[ 1053.270592][T32186]  dump_stack_lvl+0x99/0x250
[ 1053.275471][T32186]  ? __asan_memcpy+0x40/0x70
[ 1053.280058][T32186]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1053.285531][T32186]  ? __pfx__printk+0x10/0x10
[ 1053.290339][T32186]  vpanic+0x281/0x750
[ 1053.294349][T32186]  ? preempt_schedule+0xae/0xc0
[ 1053.299251][T32186]  ? __pfx_vpanic+0x10/0x10
[ 1053.303778][T32186]  ? preempt_schedule_common+0x83/0xd0
[ 1053.309340][T32186]  ? preempt_schedule+0xae/0xc0
[ 1053.314187][T32186]  ? __pfx_preempt_schedule+0x10/0x10
[ 1053.319557][T32186]  panic+0xb9/0xc0
[ 1053.323298][T32186]  ? __pfx_panic+0x10/0x10
[ 1053.327912][T32186]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[ 1053.333823][T32186]  ? xfrm_state_find+0x2cf2/0x5400
[ 1053.338964][T32186]  check_panic_on_warn+0x89/0xb0
[ 1053.343925][T32186]  ? xfrm_state_find+0x2cf2/0x5400
[ 1053.349062][T32186]  end_report+0x78/0x160
[ 1053.353325][T32186]  kasan_report+0x129/0x150
[ 1053.357844][T32186]  ? xfrm_state_find+0x2cf2/0x5400
[ 1053.362969][T32186]  xfrm_state_find+0x2cf2/0x5400
[ 1053.367911][T32186]  ? xfrm_state_find+0x1da/0x5400
[ 1053.373034][T32186]  ? __pfx_xfrm_state_find+0x10/0x10
[ 1053.378694][T32186]  ? ip6_pol_route+0x547/0x1180
[ 1053.383800][T32186]  ? fib6_rule_saddr+0xc0/0x420
[ 1053.389290][T32186]  ? __pfx_ip6_pol_route+0x10/0x10
[ 1053.394898][T32186]  xfrm_resolve_and_create_bundle+0x768/0x2f80
[ 1053.401325][T32186]  ? fib_rules_lookup+0x96/0xe90
[ 1053.406393][T32186]  ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10
[ 1053.413659][T32186]  ? __lock_acquire+0xab9/0xd20
[ 1053.418951][T32186]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1053.424615][T32186]  ? xfrm_sk_policy_lookup+0x9d/0x750
[ 1053.431482][T32186]  ? xfrm_expand_policies+0x41f/0x6a0
[ 1053.437673][T32186]  xfrm_lookup_with_ifid+0x2a7/0x1a70
[ 1053.443081][T32186]  ? __pfx_ip6_dst_lookup_tail+0x10/0x10
[ 1053.448922][T32186]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[ 1053.454931][T32186]  ? txopt_get+0x335/0x3f0
[ 1053.459586][T32186]  ? aa_label_sk_perm+0x4cd/0x630
[ 1053.465171][T32186]  ? __pfx_txopt_get+0x10/0x10
[ 1053.470084][T32186]  xfrm_lookup_route+0x3c/0x1c0
[ 1053.474975][T32186]  rawv6_sendmsg+0xdab/0x1820
[ 1053.479695][T32186]  ? __pfx_rawv6_sendmsg+0x10/0x10
[ 1053.485211][T32186]  ? __pfx_aa_sk_perm+0x10/0x10
[ 1053.490568][T32186]  ? sock_rps_record_flow+0x19/0x410
[ 1053.496258][T32186]  ? inet_sendmsg+0x2f4/0x370
[ 1053.501678][T32186]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1053.507261][T32186]  __sock_sendmsg+0x19c/0x270
[ 1053.512163][T32186]  ____sys_sendmsg+0x52d/0x830
[ 1053.517447][T32186]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1053.522969][T32186]  ? futex_unqueue+0x22/0x240
[ 1053.527707][T32186]  ? futex_unqueue+0x22/0x240
[ 1053.533299][T32186]  ___sys_sendmsg+0x21f/0x2a0
[ 1053.538342][T32186]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1053.544125][T32186]  ? __fget_files+0x2a/0x420
[ 1053.549265][T32186]  ? __fget_files+0x3a0/0x420
[ 1053.554170][T32186]  __sys_sendmmsg+0x28e/0x430
[ 1053.558876][T32186]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1053.564203][T32186]  ? __pfx_do_futex+0x10/0x10
[ 1053.569121][T32186]  __ia32_compat_sys_sendmmsg+0xa2/0xc0
[ 1053.575144][T32186]  __do_fast_syscall_32+0xb6/0x2b0
[ 1053.580391][T32186]  do_fast_syscall_32+0x34/0x80
[ 1053.585289][T32186]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1053.592079][T32186] RIP: 0023:0xf70de539
[ 1053.596430][T32186] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[ 1053.617429][T32186] RSP: 002b:00000000f54ad55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159
[ 1053.627173][T32186] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 0000000080000480
[ 1053.636821][T32186] RDX: 00000000000002e9 RSI: 000000000000ffe0 RDI: 0000000000000000
[ 1053.645228][T32186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1053.653745][T32186] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[ 1053.662179][T32186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1053.670537][T32186]  </TASK>
[ 1053.674223][T32186] Kernel Offset: disabled
[ 1053.678993][T32186] Rebooting in 86400 seconds..